You are viewing a single thread.
View all comments
26 points

2 things:

  1. This seems to be a specific attack for their IM protocol if the entry node was compromised, and could be placed nearby the client. To make this much easier, you’d want to compromise both the entry and exit nodes (in this case exit node is TOR native, so it’s more like internal node).

This has never been unknown, this is one of the fundamental attack vectors against TOR, the IM protocol seemed to make correlation easier due to its real time nature.

They added a protection layer called Vanguard, to ensure the internal exit nodes were fixed to reduce the likelihood that you could track a circuit with a small number of compromised internal exit nodes. This seems like it would help due to reducing likelihood of sampling.

  1. TOR has always been vulnerable, the issue is the resources needed are large, and specifically, the more competition for compromising nodes the more secure it is. Basically now the NSA is probably able to compromise most connections, and they wouldn’t announce this and risk their intelligence advantage unless there was an extremely valuable reason. They definitely wouldn’t do so because a drug dealer was trying to make a sale. Telling normal law enforcement basically ends their advantage, so they won’t.

Other state actors might try, but they’re not in the same league in terms of resources, IIRC there are a LOT of exit nodes in Virginia.

tl;dr - The protocol is mostly safe, it doesn’t matter if people try to compromise it, the nature of TOR means multiple parties trying to compromise nodes make the network more secure as each faction hides a portion of data from the others, and only by sharing can the network be truly broken. Good luck with that.

permalink
report
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 17K

    Monthly active users

  • 12K

    Posts

  • 554K

    Comments