Surfing the Internet anonymously is what "The Onion Router Project" -for short - is supposed to make possible. But since the secret services' interest in users became known, the question has arisen as to how secure or unsafe the anonymization network really is.
Whatdoes a user of the anonymization network need to know and what can or cannot do? Since it became clear that in addition to China, the NSA is also interested in users and infrastructure of the T. project, facts, myths and rumors about the potential security of the network are circulating on the net.
The T. project is intended to make it possible to move anonymously on the Internet. To do this, the user installs either the project's customized Firefox, which comes with some security enhancements, or a special proxy that allows the "normal" browser to retrieve content over the Tor network.
The data traffic is therefore no longer transported on the shortest Internet route, but via the Tor network. If a gate exit node is now under the control of a government agency, it can cut all traffic.
Nodes under government surveillance?
According to rumours about the "Lawful Interception", 50 percent of the T. exit nodes are supposed to be under the control of state bodies, which cut the traffic overit. Data protection compliant measures are unlikely in this context. Criminals can also operate such Gate exit nodes and try to fish credit card information or bitcoins there. Because there are many Tor output nodes, someone who has an interest in the information must also monitor a variety of them – or even more easily operate the nodes themselves. Private or confidential information should not be transmitted via Tor.
In addition to the list of nodes that the client can download from the Directory Server, Tor also provides the function of a dynamic bridge (middle node). Some states that censor Internet use can quickly create a filter list from the Directory Server, thus preventing the use of the tor network. The Bridge feature is designed to configure the Tor client to act as a link between the blocked user and the Tor network and provide the former with access to the anonymization network. However, Deep Packet Inspection (DPI) allows government agencies to find even these dynamic bridges in minutes. A bot then checks whether the Internet computer is using the Tor protocol and also blocks this server.
Another security-related aspect is that Tor does not protect the browser from attacks. With special remote forensic tools you can specifically infect the Tor browser and read the user's behavior including his real IP address. In practice, this is exactly what happened and the data recorded was transmitted anonymously to government agencies. Although they can use such tools to catch up with criminals who abuse the Tor network, the anonymity of non-criminal users is also under threat.
Inferences about the user
A study by researchers at Georgetown University (Washington, D. C.) shows that if an attacker has access to appropriate autonomous systems and Internet exchange nodes, they can deanonymize Tor users with a 95 percent probability. Also, Tor cannot hide the signature of a browser. If a user installs a few toolbars and extensions, they can recognize them by their browser signature even without an IP address.
For example, if a user obtains content hosted in the Amazon cloud via Tor and then does not access Amazon through the anonymization network using the same browser, they can be inferred from their signature. Even the recommended Tor browser with security enhancements delivers a poor result in the Electronic Frontier Foundation's (EFF) "Panopticlick" test, which provides information on the traceability of browser signatures (Fig. 3). It still leaves 12.84 bits, which can lead to the identification of the user.
Anyone who assumes that you can travel anonymously on the Internet after installing a Tor client is mistaken. Tor only partially hides the IP sender address at the IP level. Neither the application nor the browser signature is protected. Encryption is only performed within the Tor network, not necessarily at the output node. Who reads the data there and who runs the exit nodes is unknown. Tor users should not be under any illusions about this.