Newsletter IconFacebook IconX IconThreads IconInstagram IconYouTube IconPinterest Icon
Giveaway: Win an ASRock B850 Riptide WiFi and Phantom Gaming PG-850G PSU

Researchers: Identifying Tor users isn't as hard as many think

Another confirmation that Tor isn't as secure as we'd like.

Comments
Published
Updated
45-second read time
Voice: Default
0:00 / --:--
Use left and right arrow keys to seek audio.

Independent researcher George Tankersley and CloudFlare security team member Filippo Valsorda again showed how Tor users are not as secure as they wish.

Researchers: Identifying Tor users isn't as hard as many think | TweakTown.com

Speaking during the Hack in the Box conference in Amsterdam, the researchers said motivated users can subvert anonymous access to the service. Hackers can identify the original location of users by operating rogue HSDir (hidden service directory) nodes that are required - with two sets of three needed to connect to the hidden service - with four days of operation to be marked as a "trusted" HSDir node.

A malicious HSDir instead of an exit node can be used in the process, making it easy to attack hidden service users.

"If you run a hidden service that does not need location hiding, you are unnecessarily exposing your users to this risk," according to the researchers. "It would probably be better to let them use Tor on your TLS-enabled clearnet site."

Comments

Stay Updated

Follow TweakTown for breaking tech news, reviews, and daily updates.

Add TweakTown as a preferred source on GoogleFind TweakTown on Apple News
Newsletter Subscription