Researchers: Identifying Tor users isn't as hard as many think

Another confirmation that Tor isn't as secure as we'd like.

Published May 31, 2015 1:44 PM CDT   |   Updated Tue, Nov 3 2020 12:06 PM CST

Independent researcher George Tankersley and CloudFlare security team member Filippo Valsorda again showed how Tor users are not as secure as they wish.

Researchers: Identifying Tor users isn't as hard as many think |

Speaking during the Hack in the Box conference in Amsterdam, the researchers said motivated users can subvert anonymous access to the service. Hackers can identify the original location of users by operating rogue HSDir (hidden service directory) nodes that are required - with two sets of three needed to connect to the hidden service - with four days of operation to be marked as a "trusted" HSDir node.

A malicious HSDir instead of an exit node can be used in the process, making it easy to attack hidden service users.

"If you run a hidden service that does not need location hiding, you are unnecessarily exposing your users to this risk," according to the researchers. "It would probably be better to let them use Tor on your TLS-enabled clearnet site."

An experienced tech journalist and marketing specialist, Michael joins TweakTown looking to cover everything from consumer electronics to enterprise cloud technology. A former Staff Writer at DailyTech, Michael is now the West Coast News Editor and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog,, while he looks to remain busy in the tech world.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles