The anonymity network Tor, used daily by millions of users around the world, is important for people in vulnerable situations, for instance in order to avoid surveillance or control. Two 果冻传媒 researchers have now identified flaws in Tor鈥檚 anonymity function and contributed to technologies that make the network safer for users.
The purpose of Tor is to allow users to surf the internet anonymously without information about visited webpages being registered. Despite this function, the flaws that the researchers have detected could make it possible in certain cases for attackers to see what webpages a user has visited.
鈥淲hen a page is downloaded via Tor, a great many internet-based activities take place. For instance, domain names are checked, images are retrieved, and advertising agencies are contacted for ads. If an attacker is able to see a small part of this information, it can be used to boost attacks based on artificial intelligence. Potential attackers could for instance be countries that want to monitor their citizens or censor access to certain webpages鈥, says Tobias Pulls, Senior Lecturer in Computer Science at 果冻传媒, who has made this discovery together with the doctoral student Rasmus Dahlberg.
More reliable technologies
In the past, technologies that use AI to analyse encrypted Tor traffic have been considered quite unreliable for attackers to use.
鈥淣ow that we have a better understanding of how attacks can be made more reliable, we can create better protection鈥, says Tobias Pulls. 鈥淲e have contributed to small changes in the Tor network which are expected to make it more difficult for attackers to access the information, which is a short-term solution. In the long term, Tor will require new types of protective functions. We are working hard to develop such functions right now.鈥
Can Tor be trusted?
Tobias Pulls says that users can still trust Tor as a safe network for surfing anonymously.
鈥淎ll other alternatives are clearly inferior, for instance if you use VPN or if you just surf the internet as usual.鈥
The Tor developers have shown great interest in the results and embraced the researchers鈥 suggestions for improvements. They also published an article in the official Tor blog when the scientific article was published. The article, 鈥淲ebsite Fingerprinting with Website Oracles鈥, will be presented at the top-ranking conference PETS (Privacy Enhancing Technologies Symposium) in Montreal, Canada, in July.
This research has been funded by the Swedish Internet Foundation and the Knowledge foundation. Read the article published in the Tor blog and the scientific article
