Is Tor still safe to use?

Agreed – you can never truly be completely "safe", but Tor remains the most privacy-preserving tool we've got.

When people say they're distrustful of Tor (for various reasons) to the extent they refuse to use it, they seldom suggest alternative tools/measures that provide anywhere near the level of safety offered by Tor.

Well, for the sake of clarity I would say Tor is safer only if it’s not a honey trap. That is not knowable as a user, but I think that suspicion is well-deserved.

I think the Middle East gave us a very clear example of how state actors may target channels in unexpected ways.

>If all you’re doing is arguing that Tor shouldn’t be used because it isn’t/was never “safe”, then you might as well not use the Internet at all.

Exactly, and this same form of spurious argument came up in an hn post yesterday about cavity prevention, centering on an argument that a new advance in cavity treatment "cannot guarantee" to end cavities forever. [0]

I feel as though I've never been fooled by these arguments, although surely I have different types of weaknesses that are unique to me. But it seems to stand out as a form of argument that somehow has persuasive power among intelligent types whom I would never expect to fall for other forms of obviously fallacious arguments.

0. https://news.ycombinator.com/item?id=41573550

I wish the people back in the 90s understood this when trying to set up encrypted email.

This misses the point, the user in question was fully deanonymized. This blog post is saying that those successful techniques are no longer usable.

It's entirely appropriate to pursue a defense in depth strategy while questioning any particular layer.

But that's half the point. If someone has an intention to undergo some illegal activities with full intention not to be caught, only 100% "safe" solution works for them. Normally we talk about risk tolerance, but this particular use case is a bit special.

>This could cost less than $5000 for a month

I ran a bunch of nodes for a couple years and that's optimistic by perhaps an order of magnitude. No $5 a month VPS provides enough bandwidth to sustain the monthly traffic of a Tor node, and nodes need to be continuously online and serving traffic for about 2-3 months[1] before they will be promoted to guard relays. Throttling traffic to stay in your bandwidth allocation will just get you marked as a slow node and limit the number of connections you get. Sustaining just 1 Mbps will blow your monthly transfer allocation on the cheap tiers of both Digital Ocean or Linode.

[1] https://blog.torproject.org/lifecycle-of-a-new-relay/

>Surely eventually I'm going to get a hit where all three nodes in the circuit are my nodes that are logging everything?

The word "eventually" is doing a lot of heavy lifting here. Let's say you actually manage to add 1000 servers to the tor network somehow without getting detected. The network currently sits at just under 8000 nodes. For simplicity, lets also ignore that there are different types of nodes and geographical considerations and instead just ask what is the probability that someone randomly chooses three nodes that you own. The answer is less than 0.14%. If that someone decided to use 4 nodes to be extra-safe, that number goes down to 0.015%. And it decreases exponentially for every additional relay he adds. Combine this with the fact that tor nodes are actively monitored and regularly vetted for malicious behaviour[1], and these attacks become increasingly difficult. Could someone like the NSA with limitless resources do it? Quite probably, sure. But could you or any other random guy do it? Almost certainly not.

[1] https://gitlab.torproject.org/tpo/network-health/team/-/wiki...

Edit: For all the cynics and doomsayers here, consider this: Tor has been around for a long time, but there has never been an uptick in arrests that could be correlated to cracking the core anonymity service. If you look closely at the actual high profile cases where people got busted despite using tor, these people always made other mistakes that led authorities to them.

Yes it’s 100% going to be compromised if you are an enemy of the US government.

The primary purpose of tor is for their own use, which is why they have developed and funded it. So the underlying principle is secure, but they’ll definitely be paying for enough of the nodes to compromise it for you.

This came out yesterday: https://www.youtube.com/watch?v=Gs0-8ZwZgwI

Apparently in germany they caught a pedo like that. Watching certain nodes and the sizes of files that are sent between them to identify the admin of a pedophile image sharing forum. Took them 1 1/2 years to identify the specific person, but they got him.

Considering this I would imagine it's pretty safe for the average user since they have to specifically target you for a long time, however it seems like with enough effort it's possible to identify someone even without Clearnet slip-ups like it was the case with Silkroad.

Once they have your address they will just storm your house and catch you on the computer, then you are done for.

You only need to control the entry and exit node - since you know the next and previous hop for all traffic you touch, and default chains are 3 long. With circuits changing every 10 mins, within a few days you would have deanonymized at least some percentage of traffic for nearly every user.

I'd call tor broken against any adversary with a little technical skill and willingness to spend $5000.

I'm 80% sure Tor is designed as a US supported project to focus those needing anonymity into a service only governments with global security apparatus (who can grab a good chunk of internet traffic) can access.

Using Tor, like all security and privacy tools, must be balanced against what it is being used for. We will always live in a world of limited resources for policing, and systems of privacy work by increasing the difficulty and cost to deanonymize someone. They don't have to be perfect, they just have to be expensive.

If you want basic anonymity while researching someone powerful or accessing information, it's extremely unlikely anyone is going to go the lengths people are bringing up here as a way to compromise Tor. The intersection of expertise, funding and time required is too great for such a low value target.

If you're an international terrorist leader wanted in multiple countries, a prolific criminal, or enemy #1 of an authoritarian state though? Those who can go to those lengths absolutely will go to those lengths.

Tor Project has a team that looks at relays and checks if relays are engaging in bad practices or any suspicious activity like a lot of nodes run by one operator.

https://community.torproject.org/relay/governance/

If your nodes disclose their affiliation that's fine but the client will avoid using multiple. If you try to do this in secret the tor project will attempt to catch you by looking for suspicious nodes that use the same isp and update their tor version at the same time and things like that, to questionable success.

Yes, there aren’t that many tor nodes. It’s not the safe haven protocol or transport suite people make it out to be.

I wholeheartedly agree, the 'dragnet' methodology is already documented and well-known and that should factor into your security assessments.

> Surely eventually I'm going to get a hit where all three nodes in the circuit are my nodes that are logging everything?

If you're looking for static assets, why would you need to see the whole chain? Wouldn't a connection to a known website (page) have a similar fingerprint even if you wrap it in 3 layers of encryption? Does Tor coalesce HTTP queries or something to avoid having someone fingerprint connections based on the number of HTTP requests and the relative latency of each request?

I've always assumed that, if a global adversary attack works, you'd only need to watch one side if you're looking for connections to known static content.

I don't know much beyond the high level idea of how Tor works, so I could be totally wrong.

I think so.

And of course for a state-level actor, they can afford a couple orders of magnitude more spend prob too.

The issue that TOR has is that it's a layered routing concept that won't respect ASN based spreading/scattering of traffic.

Circuits are temporary but the traffic is not scattered across the network to make MITM fingerprinting of request/payload sizes/timestamps impossible.

A typical MITM like the FBI surveillance van next door can identify you by observing the network packets and by _when_ they were requested and by _how large_ the payloads were. There was a famous court case where this was enough evidence to identify a user of an onion service, without the FBI having access to the Wi-Fi of the user. But they had access to the exit node logs that were encrypted, the pcap logs to the onion service from that exit node, and the encrypted Wi-Fi packets of the user.

(Also TLS lower than 1.3 and SNI related problems are relevant here, because DNS TTL 0 effectively makes everyone's privacy compromised, shame on you if you set a DNS TTL to 0)

My point is that with more randomized hops across the network and across ASNs it would be less likely that a threat actor can control both guard and exit nodes.

(Assuming that they parse RIR datasets to map organizations across ASNs, which the datasets already provide)

With v3 hidden services, relays can no longer see the plaintext of the hidden service's url.

Wasn't there a thing years ago where the NSA only needed 2 out of the 3 nodes if they got the right ones? Not sure if that was fixed with guard nodes or is still a thing.

You didn't think someone would notice if the Tor network has 1000 new nodes setup similarly? Or, I suppose, if you find enough heterogenous people and pay them to log their nodes, you're not going to get noticed?

Your 1000 Tor nodes would quickly be detected as bad relays and be removed from the network. It would also cost you far more than $5,000 a month.

This attack is quite practical. In 2007 I controlled a huge chunk of Tor traffic from 2 racks of cheap servers in a basement on Folsom Street in SF. It was easy to arrange and nobody noticed. Yeah those were early days for Tor but I don't think scale changes anything. If you're using Tor because you think it is private, you have fooled yourself.

The skilled labor to set that all up, especially in a way that TOR won't notice and shut you down will be worth much much more than $5k.

People that have such a sophisticated and resourced team actively hunting them down, likely know about it, and are using many additional layers of security on top of TOR. Even just for personal use out of curiosity to "see what the darkweb is," I used 1-2 additional methods on top of TOR.

If you thought of this in 10 minutes (or 6 months, or...) as one smart individual, I'd assume any government of any country you've heard of has been doing this for a while.

But the more who use it and/or host tor nodes...

It'd be ten times that cost, easily. You have to buy data volume.

Also since you aren't targetting specific people, rather specific interests, it'd be easier to setup an irresistible site serving content of the vice of interest. It can even be a thin wrapper on existing sites. Do you only need to control entry nodes in that case? You'll return user-identifying data in headers or steganographically encoded in images and since you control the entry node you can decrypt it. It doesn't work for a normal (unaffiliated) entry node but since your entry node is in collusion with the server I think this works.

Might one mitigating possibility be to use a VPN that uses padded and rate limited packets, so that it is always sending and receiving user_defined bit rate and your real traffic would be traffic shaped to take priority but not exceed the padded streams? Maybe this assumes one is running their own tor daemon on a server somewhere and the vpn terminates on that node. I assume this could be done with tc sch_htb class shaping or perhaps sch_cake and tagging packets with iptables mangle rules and two never-ending bi-directional rsync streams reading /dev/urandom or big random files.

e.g.

    Port 873 (native rsync) bulk traffic, low priority
    Port 3128 (squid mitm ssl-bump proxy) high priority

Also relevant - wikipedia for Boystown, the pedo site in question

https://en.wikipedia.org/wiki/Boystown_(website)

This should be the article linked at the top.

Nice presentation. Ironically the ?si= parameter is for tracking. You should remove it.

I suspect that the reporter has a bone to pick with Tor and the CCC members that were given the documents were compelled legally or socially to not share them further.

The information comes from the NDR (link im neighboring thread), not the CCC. The CCC only got to see the documents via the NDR.

Maybe they want to reveal it on the CCC in december?

curious about this as well

“The western governments run most of the exits” is one of those things everybody “knows” but rarely backs up.

The list of all relays is public knowledge by design. There’s contact information attached to relays. The big operators are known individuals and organizations. They contribute. Interact.

Which ones are actually the governments doing bad things against their citizens? It’s hard to tell? Then why do you make such claims?

Relays that observably do bad things are removed from the network all the time. Are those ones the government? Tor seemingly has a reasonable handle on the situation if that’s the case.

If the fed is doing correlation attacks, why would they run relays at all? “Just” tap the IXPs near major hubs of relays. Or heck, get data from the taps you already had. Silent and more widespread.

Pushing people away from tor potentially makes it even easier to deanonymize them, depending on the adversary model assumed.

You'd be surprised how much crime goes on in plain sight. There are literally people on Instagram making stories of themselves showing off their drugs and stacks of money.

Given that a lot of law enforcement doesn't even bother with the low hanging crimes, the chance of them prosecuting anyone using Tor is extremely low unless you get big enough or go far enough to warrant the attention.

This brings up a couple questions I've always had about Tor. I played around with it a bit maybe a decade ago and it seemed it was used for drugs, CSAM, and getting yourself honeypotted trying to buy illegal guns or murder-for-hire.

I always assumed if you were doing things where your threat model included governments trying to kill you that Tor wouldn't be all that useful even if it was secure.

Please read the blog post:"It is important to note that Onion Services are only accessible from within the Tor network, which is why the discussion of exit nodes is irrelevant in this case."

Monitoring exit nodes does not necessarily reveal hidden services, though.

Edit: Never does, exit nodes are not part of the circuit, thanks to commenter below.

If they run just the exit node they still can’t de-anonymize you right?

Most governments value their law enforcement obligations and/or desire for surveillance more strongly than an Internet that is protected from spying, so good luck with that.

Timing attacks are a well-known weakness. There's a lot of research into timing attacks and proposed countermeasures.

Also, it's just Tor – not 'TOR'.

>Note: even though it originally came from an acronym, Tor is not spelled "TOR". Only the first letter is capitalized. In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.

https://support.torproject.org/about/why-is-it-called-tor/

For the same reason we have SSL on this site, despite the fact that it has no sex, no storefront, nor any access to my banking or private information.

If everything is SSL secured, then we don't have to explain why any specific thing is SSL secured. The same reason can be applied to use of TOR.

How would you feel if a stranger came up to you in the street and said they appreciated the wiki article you were reading last night?

I think everyone wants “privacy by default”, they just don’t make the connection between this hypothetical and real life. In real life you’re still spied but nobody confronts you directly.

I browse social media sites like Facebook and Reddit using their onion services. I was sick of seeing ads pop up that were clearly based on tracking my general browsing activity through IP correlation, tracking pixels and embedded “like” buttons. So now I block all cleartext Facebook/Reddit traffic completely.

Using Tor this way doesn’t anonymize me—on Facebook at least, I’m logged in under my own account—but it limits the profile Meta builds on me to the union of what it directly observes on Facebook and what it can purchase through data brokers. Ever since I started doing this, I’ve noticed a huge drop in relevance in my Facebook ads, so apparently it’s working. When the ads become suddenly relevant again (which has happened a few times), it exposes an information leak: usually a credit card purchase that Meta must have obtained from either my bank or the shop vendor and tied to my identity.

Using a VPN could theoretically provide the same benefit, but in practice Facebook tended to temporarily lock my account when using a VPN and Reddit blocks VPN traffic completely. So I stick to the onion services, which are run by the websites themselves and so are less likely to be treated as malicious traffic.

If you use these platforms, I recommend bookmarking their onion sites in Tor Browser and using it as your primary interface to them for a while. Then, if you don’t find it too inconvenient, start blocking the non‐onion versions of the sites on your network.

https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqn...

https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg...

(P.S.: You shouldn’t trust the links I just posted; I could have posted fake ones! I recommend double‐checking against https://github.com/alecmuffett/real-world-onion-sites which links to proofs of onion site ownership under their usual domain names.)

>This is a collection of anonymous user stories from people who rely on Tor to protect their privacy and anonymity. We encourage you to share their experiences with your network, friends and family, or as part of your work to promote the use of privacy-preserving technologies like ours and help us defend strong online protections.

https://community.torproject.org/outreach/stories/

Are there legitimate arguments in favour of privacy, and private communications? It seems to be largely the same issue.

We've come to accept (as a normal mainstream thing) end to end encryption in several popular messaging apps (which seems to be largely thanks to WhatsApp?), but the same idea applied to web browsing is still considered fringe for some reason. That distinction seems arbitrary to me, like just a cultural thing?

It might be a UX thing though. WhatsApp is pleasant. Trying to use the internet normally over Tor is horrendous (mostly thanks to Cloudflare either blocking you outright, or sending you to captcha hell).

Let's not discount the validity of making it easier for Russians, or Chinese, or North Koreans, to get western media.

Don't know if it is still used much. There is SecureDrop to facilitate communication between investigative journalists and sources/whistleblowsers via Tor that was at some point deployed by several prominent news organizations.

https://en.wikipedia.org/wiki/SecureDrop

most governments retaliate to some degree against journalists, whistleblowers, etc. - no pogrom needed

NAT traversal, on both sides!

Anonymous publishing

No!

The client controls path selection, and each hop is verified using its encryption keys.

I recall this situation well as it interrupted an exam of mine. iirc, it was the MAC address of his machine being known/registered to the Campus network that nailed him.

If he simply didn’t confess, they likely could not have proven it was him - but yes, it is best to avoid suspicion altogether.

based on the article I think this is old news just now being reported

You are right. The lack of details or time window when this happened make it difficult to know what the actual compromise was, or if it is still something that can be used. However, if they compromised a Ricochet user, then this attack was a long time ago, and from what Tor's blog says that client didn't have the defenses that would have prevented the attack they think it is. Without the actual details, it seems like this attack was mitigated some time ago and is no longer something that can be done in the same way.

AFAIK v2 has stopped working. Iirc were up to v3 or something.

It would be "terminated" at all the points that can't keep up, way ahead of the hidden service (or even rendez-vous node).

[dead]

Why wouldn't you trust Tor? Do you mean you wouldn't trust it at all, or wouldn't trust it completely?

I'm being pedantic but it's simply just Tor, not TOR.

https://support.torproject.org/about/why-is-it-called-tor/

>Note: even though it originally came from an acronym, Tor is not spelled "TOR". Only the first letter is capitalized. In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.

The certificate for blog.torproject.org should not be self-signed. For me it is an extended validation certificate issued by DigiCert Inc.

I don’t think you should be seeing a self-signed certificate? I’m getting a valid Digicert-signed certificate on my end.

You're MitM'd yo.

It isn't a self-signed cert.

> confidence inspiring

I don't want them to try to sell me something. If they were making bold claims as you suggest I would be more concerned.

To quote the article. " To the best of our knowledge, the attacks happened between 2019-2021." and " This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet, since version 3.0.12 released in June of 2022."

While it has been fixed for years it was not a case of using old software from what I am reading.

The vulnerability is mitigated by shifting the economic incentives, not fixed by making it impossible. It can't be fixed without a completely different network design, like in Mixminion or Katzenpost. Someone suggested I2P, but it's mostly fundamentally the same as Tor. It uses unidirectional tunnels, which might help.

Yeah, but the problem is that they cannot say that with 100% confidence, because the details were not shared with them (why, I have no idea)

So was the Internet at DARPA (or its modern foundation). And the WWW at CERN.

Tor's development team aren't on the payroll of the US gov't, and their funding comes from many sources.

If having received funding from a government agency is enough to earn your distrust, you'd quickly become a paranoid schizophrenic.

Even if you had your own SMT how can you be sure no one fiddled with your lab? If you can't trust your own stack 100% how can you trust ANYTHING else then?

So my answer to your sincere question: no reason to believe it is safe, no.

> Wasnt it created by the AirForce or something?

No, don't be silly, that's ridiculous! It was the Navy.

"Safe for what?" has always been a valid question.

Yes. Why wouldn't it be?

The fact that adversaries need to rely on zero-days, or people running massively outdated and unsupported software, strongly suggests the network is safe and robust.

>other (very illegal), ...?

I will be waiting patiently for people to admit that they do very illegal things over Tor.

Besides regular browsing (basically a free VPN), a pretty nice use case of Tor is that some news sites have non-paywalled onion addresses.

The Guardian: https://www.guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3...

New York Times: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2l...

BBC: https://www.bbcweb3hytmzhn5d532owbu6oqadra5z3ar726vq5kgwwn6a...

Maybe. I think the real distinction is reach. Are you consuming content passively, or are you creating content for many people? If you're creating content on torture China's doing, they absolutely will track you down. If you're in North Korea and revealing what life is really like in South Korea, or in Russia exposing the realities of the Ukraine war, Tor is probably unsafe.

But there is also an element of resources. Even if you're sowing distrust in, say, the Comorian government, I don't think they have the resources to go after you unless you are truly destabilizing and not just annoying.

You’re leaving out one very important class of actors, which I will call the NSA: The NSA, and others like them, unlike Mossad, are not after you personally, in that they don't want to do anything to you. Not immediately. Not now. They simply want to get to know you better. They are gathering information. All the information. What you do, what you buy, how you vote, what you think. And they want to do this to everybody, all the time. This might or not bite you in the future. You seems to imply that since nothing immediately bad is happening by using slightly bad security, then it’s OK and we shouldn’t worry about it, since Mossad is not after us. I think that we should have a slightly longer view of what allowing NSA (et al.) to know everything about everybody would mean, and who NSA could some day give this information to, and what those people could do with the information. You have to think a few steps ahead to realize the danger.

(This has been a partial repost of a comment written four years ago: <https://news.ycombinator.com/item?id=23572778>)

Hah, I was reminded of that essay while reading about recent events.

"If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone."

That's why we need more bittorrent-like decentralized internet, like they were making on the show Silicon Valley.

After the Snowden revelations regarding FOXACID and QUANTUM going largely undressed in the tor project, people have every right to feel sketched out with using ToR for anything. "We're still helping people" just isn't a good enough argument for most people.

https://www.schneier.com/blog/archives/2013/10/how_the_nsa_a... https://blog.torproject.org/yes-we-know-about-guardian-artic...

> If anyone tries to convince you Tor is not safe, ask yourself: cui bono?

It could be for insidious reasons, or because the speaker legitimately believes it. "If anyone tries to convince you you shouldn't use Rot13 as an encryption scheme, ask yourself- cui bono?" Silly example, but the point is, just about *everything* could be explained equally by either evil lies or honest warnings.

Same was true of Truecrypt.

After the core team disbanded there was a full security audit which uncovered some very minor issues.

People never really trusted Veracrypt though. Quite interesting how that turned out.

I'll ask the inverse: if Tor is unsafe, who benefits from telling you to use it?

The best attack against Tor is creating entrance and exit nodes that monitor traffic. That was the biggest risk factor when Tor was invented and it still is today.

Someone tries to convince you a room totally isn't bugged and that you should have private conversations in it. (A room designed by the US military, incidentally...)

> cui bono?

You look for the person who will benefit, and uhh...uhh you know, uhh, you know, you'll uhh, uhh. Well, you know what I'm trying to say.

- VI Lenin

A question before I enter your Manichean universe:

Does Tor Browser Bundle currently ship with Ublock Origin installed and on by default?

Society benefits when people refrain from illegal and immoral activities.

>More than 1/3 of the Tor servers are run by US Federal Govt

Source? People repeat this claim and nobody every provides evidence.

Or just hit onion services that don’t require exit nodes.

Bulgarian made, through a one-person trade intermediary for a Taiwanese company. The Bulgarian co is owned by a Norwegian btw.

Not only that, today there was another round of walkie talkie explosions, same type of targets, similar results. How dumb you have to be in this situation...

Taiwanese made

Its just an address in Hungary

Which can be decoupled from where the company was incorporated, or where any shipment, manufacturing, or tampering occurred

1. It's fun. Playing with these technologies is entertaining and will learn you some good stuff about the networking and the encryption and what not.

2. Tor allows reception of unsolicited TCP/IPv4 traffic if you are behind a NAT you can't open ports for, because your connection to the network is initiated on your side. This is nice, especially with increasing prevalence of CGNAT.

3. Something my niece stated when I talked to her about it, who I disagree with: Many countries have a notion of upstanding citizen enforced by well funded and maintained violence-monopoly actors (R) that are not equivalent to what the majority of citizens actually do (S). R minus S is T - the tolerance gap. Things that allow T to exist include lack of will to prosecute, general social acceptance of things that were not acceptable years ago, etc. All things that are quite mutable. If your activities fall into T, privacy-enforcement tech benefits you if R and S might change in the future.

FWIW I am firmly in the "if you have nothing to hide you have nothing to fear" camp and I looked at her funny when she said this. Maybe she is a criminal or just crazy, idk.

The implication of the right to privacy being unnecessary because you have nothing to hide is akin to declaring the right to free speech unnecessary because you have nothing to say.

The ability to maintain privacy and anonymity is not for today, it's for tomorrow.

Not everyone lives in a country where government is a friend