There is a huge amount of effort behind Tor; however, the results of the studies indicate that there are some possible ways to uncover the real identities of some Tor users. Some of these techniques are easy to leverage, especially the ones arising from user mistakes. Others need advanced technical capabilities and lots of time. Some of these attacks might reveal IP addresses, while others might show what Tor users are doing at some point in time and require deductions and estimations to find the person.
These threats are categorized into three sections: user mistakes, Tor issues, and indirect problems.
Tor provides a different browsing experience. To get the most out of it and make the system work properly, there are a couple of issues that need special attention. The first important issue is the Tor browser, although Tor has other solutions with a complete Operating System.
It is very common to view a document, open a Flash Object, or use an add-on in regular internet browsers. In the Tor browser, such attempts can disrupt the system’s mechanism and reveal a user’s real IP address. The reason behind this is simple. Tor is meant to communicate only with other relays before the exit node. However, some objects or embedded executables in documents can break this chain and lead to leakage. These baits might also be a part of an attacking campaign against some users to learn their true IP addresses.
Using Torrent over Tor is not advised because the logic is similar to the threats mentioned above. Torrent file-sharing applications might ignore the proxy settings of the Tor browser and can create direct connections to other users.
As an example of Tor-related attacks against anonymity, it is being claimed that anonymous payment can be made with cryptocurrencies like Bitcoin. Using Bitcoin over Tor was believed to improve this even more. However, in October 2014, researchers at the University of Luxemburg showed that combining them enables man-in-the-middle (MitM) attacks to gain full control of information flows between users using Bitcoin over Tor.
One last example is using HTTP websites instead of HTTPS. Tor exit nodes can view the internet packages flowing through them. If Tor clients use HTTP, this will make the system prone to wiretapping.
Human nature is always susceptible to errors in the world of cyber. If a user can be tricked into taking an extraordinary action while using Tor, their true identity might be revealed.
The Tor community works on new features, additional security mechanisms, tools, and applications to make the system better. Nevertheless, according to some studies, there are issues with the Tor environment by design, which might leak critical information regarding users’ privacy.
Redirecting users to special servers via telecoms operators can constitute a man-in-the-middle attack, as an example. It can be done by intercepting the traffic between a Tor user and the legitimate server. However, it has been argued that only the US National Security Agency (NSA) has this sort of capability.
In academic research, it has been shown that if someone takes control of one or more of the autonomous systems (ASes) and Internet Exchange Points (IXPs), they can de-anonymize any given user within three months of regular Tor use with over 50% probability, and six months with over 80% probability. This is an example of correlation attacks for the encrypted data in the Tor environment.
Another famous exploitation technique for large-scale peer-to-peer networks is the Sybil attack, which was presented in 2002. According to the study, it is possible to subvert reputation systems of peer-to-peer networks like the Tor environment by forging identities. However, there are also prevention techniques to protect anonymization networks from Sybil.
Accessing Tor bridges is an important first step to circumvent censorship if Tor is being blocked in an environment. In such cases, if the connection between the client and the Tor bridge cannot be detected and blocked, the connection to Tor would be established successfully. Because of this importance, Tor has some additional tools to hide this connection known as Pluggable Transports. Pluggable transports transform the Tor traffic flow between the client and the bridge. This way, traffic between the client and the bridge will see only innocent-looking transformed traffic, like a Skype conversation, instead of the actual Tor network flow. SkypeMorph, Stegotorus, and CensorSpoofer are some of the examples of this approach. Nevertheless, recent studies have shown that such solutions fail to provide privacy all the time because of the success rate of passive and active attacks against the mechanisms of the tools.86
Encrypted connections between randomly chosen relays, updating these relay circuits every 10-15 minutes, and providing hidden bridges to reach Tor networks are only some of Tor’s features to its users. Some indirect problems affect the privacy of users in Tor, such as browser vulnerabilities.
The Tor browser bundle might be a gate for privacy-enabled internet communication, but it is still a browser. As many applications have exploitable vulnerabilities, so does the Tor browser. Essentially, the Tor browser is based on Firefox with some specific configurations, and it has been discovered that some versions have a critical vulnerability. As a result, Tor users are at risk from the exploitation of that vulnerability. This is not directly a Tor architectural issue, but leveraging this attack might allow arbitrary code execution on the victim’s computer. Not only the privacy features but the computer itself can be compromised with these sorts of attacks.
Another recent development in the information security world was the infamous Heartbleed bug, a serious vulnerability in the popular OpenSSL cryptographic software library. Exploiting this vulnerability led to the exfiltration of secret keys used for X.509 certificates, usernames, passwords, and many other critical pieces of data from services that use OpenSSL. Many HTTPS sites also suffered from vulnerability, just like Tor. Tor relays, Tor applications like Orbot, and Tor clients were open to this vulnerability as they were using a vulnerable version of OpenSSL. It was not possible to solve the situation by just patching the client applications which had vulnerable OpenSSL. There were other problems: the bug also affected the Tor relay capacity by up to 12% because the relays, which are the backbones of the architecture, were also vulnerable. The havoc which Heartbleed caused affected Tor and its users, providing a solid example of how indirect problems can lead to serious privacy issues for Tor users.
We shall now move on to discuss several legal issues connected to the use and abuse of Tor.