Researchers: Identifying Tor users isn't as hard as many think

Another confirmation that Tor isn't as secure as we'd like.

Published
Updated
37 seconds read time

Independent researcher George Tankersley and CloudFlare security team member Filippo Valsorda again showed how Tor users are not as secure as they wish.

Researchers: Identifying Tor users isn't as hard as many think | TweakTown.com

Speaking during the Hack in the Box conference in Amsterdam, the researchers said motivated users can subvert anonymous access to the service. Hackers can identify the original location of users by operating rogue HSDir (hidden service directory) nodes that are required - with two sets of three needed to connect to the hidden service - with four days of operation to be marked as a "trusted" HSDir node.

A malicious HSDir instead of an exit node can be used in the process, making it easy to attack hidden service users.

"If you run a hidden service that does not need location hiding, you are unnecessarily exposing your users to this risk," according to the researchers. "It would probably be better to let them use Tor on your TLS-enabled clearnet site."

NEWS SOURCES:theregister.co.uk, 9p5z91rxsag1usgoc1ctvupb.wpengine.netdna-cdn.com

An experienced tech journalist and marketing specialist, Michael joins TweakTown to cover everything from cars & electric vehicles to solar and green energy topics. A former Staff Writer at DailyTech, Michael is now the Cars & Electric Vehicles News Reporter and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog, AlamedaTech.com, while he looks to remain busy in the tech world.

Newsletter Subscription

Similar News

Related Tags