Researchers mount successful attacks against popular
anonymity network — and show how to prevent them.
(July 29, 2015) With
2.5 million daily users, the Tor network is the world’s most popular system for
protecting Internet users’ anonymity. For more than a decade, people living
under repressive regimes have used Tor to conceal their Web-browsing habits
from electronic surveillance, and websites hosting content that’s been deemed
subversive have used it to hide the locations of their servers.
Researchers at MIT and the Qatar Computing Research
Institute (QCRI) have now demonstrated a vulnerability in Tor’s design. At the
Usenix Security Symposium this summer, they will show that an adversary could
infer a hidden server’s location, or the source of the information reaching a
given Tor user, by analyzing the traffic patterns of encrypted data passing
through a single computer in the all-volunteer Tor network.
Fortunately, the same paper also proposes defenses, which
representatives of the Tor project say they are evaluating for possible
inclusion in future versions of the Tor software.
“Anonymity is considered a big part of freedom of speech
now,” says Albert Kwon, an MIT graduate student in electrical engineering and
computer science and one of the paper’s first authors. “The Internet
Engineering Task Force is trying to develop a human-rights standard for the
Internet, and as part of their definition of freedom of expression, they
include anonymity. If you’re fully anonymous, you can say what you want about
an authoritarian government without facing persecution.”