Security Techniques

Persistent adversaries can identify Tor users

Persistent adversaries can identify Tor users: “Our analysis shows that 80% of all types of users may be de-anonymized by a relatively moderate Tor-relay adversary within six months. Our results also show that against a single AS adversary roughly 100% of users in some common locations are de-anonymized within three months (95% in three months for a single IXP),” they shared.

“Further, we find that an adversary controlling two ASes instead of one reduces the median time to the first client de-anonymization by an order of magnitude: from over three months to only 1 day for a typical web user; and from over three months to roughly one month for a BitTorrent user. This clearly shows the dramatic effect an adversary that controls multiple ASes can have on security.

They tested their theories by mimicking the online behavior of a typical user (Gmail, Google Calendar / Docs, Facebook, and web search activity), an IRC and a BitTorrent user, and ones that use services that use ports with the largest and the second-least amount of exit capacity, and have found out that not only do BitTorrent users degrade performance of the Tor network for other users, but also that against a Tor-relay adversary they get significantly less anonymity protection than typical users.

Standard