A new report claims that more than 81 per cent of Tor users are identifiable using a method that threatens Internet anonymity.
The study, titled “On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records,” claims that a technique known as traffic confirmation can be used to identify users.
It requires the ability to monitor large amounts of data coming in and out of Tor nodes to determine the IP address of the individual being tracked. According to the report, the technique has been largely successful.
“In experiments that involved data from public Tor relays, using both open source Netflow emulation packages and our institutional Cisco router that monitored traffic using Netflow framework, we were able to correctly identify the source of anonymous traffic in about 81.4 per cent of our experiments, with about 6.4 per cent false positives.”
The Tor Project has responded to the claims via a blog post in which it explains that the network has never been designed to combat a technique such as traffic confirmation.
“The Tor design doesn’t try to protect against an attacker who can see or measure traffic going into the Tor network and also traffic coming out of the Tor network.
“That’s because if you can see both flows, some simple statistics let you decide whether they match up.”
Tor also sought to reassure users that whether they can be identified or not is dependent on “how much of the Internet the adversary is able to measure or control.”
The blog post goes on to praise the fact that additional research is being carried out regarding traffic confirmation attacks, but says users are still able to trust the network, adding that there is no need to “freak out.”