Is Tor still safe to use?

Here is what I don&#x27;t understand: Let&#x27;s say I as a private individual fund 1000 tor nodes (guard and exit nodes included) and have them all log everything. This could cost less than $5000 for a month, with some time needed to get guard node status.<p>I want to find a certain kind of person so I look for people that access a specific hidden service or clearnet url.<p>Surely eventually I&#x27;m going to get a hit where all three nodes in the circuit are my nodes that are logging everything? It will take a long time, and I can&#x27;t target a specific person, but eventually I can find someone who has all three bounces through tor nodes I control, no?

For context, here&#x27;s the NDR report: <a href="https:&#x2F;&#x2F;www.ndr.de&#x2F;fernsehen&#x2F;sendungen&#x2F;panorama&#x2F;aktuell&#x2F;Investigations-in-the-so-called-darknet-Law-enforcement-agencies-undermine-Tor-anonymisation,toreng100.html" rel="nofollow">https:&#x2F;&#x2F;www.ndr.de&#x2F;fernsehen&#x2F;sendungen&#x2F;panorama&#x2F;aktuell&#x2F;Inve...</a><p>And more info here: <a href="https:&#x2F;&#x2F;lists.torproject.org&#x2F;pipermail&#x2F;tor-relays&#x2F;2024-September&#x2F;021855.html" rel="nofollow">https:&#x2F;&#x2F;lists.torproject.org&#x2F;pipermail&#x2F;tor-relays&#x2F;2024-Septe...</a><p>Edit: The NDR alleges a timing attack (no further explanation) that allows &quot;to identify so-called ‘entry servers’&quot; Very little information is actually available on the nature of the attack. The NDR claims this method has already lead to an arrest.

As knowledgeable users of the Internet in 2024, we would do well to assume that <i>nothing</i> is 100% “safe” (I.e. there’s no such thing as perfect security&#x2F;privacy).<p>However, some things, like Tor, can make your use of the Internet <i>safer</i>.<p>If all you’re doing is arguing that Tor shouldn’t be used because it isn’t&#x2F;was never “safe”, then you might as well not use the Internet at all.

Here is an awesome DefCon talk about this topic from the perspective of a darknet vendor. It&#x27;s amazing:<p><a href="https:&#x2F;&#x2F;youtu.be&#x2F;01oeaBb85Xc" rel="nofollow">https:&#x2F;&#x2F;youtu.be&#x2F;01oeaBb85Xc</a>

I remember Adrian Crenshaw doing a speech at Def Con 22 about how people got busted using Tor. Even then he point out in most of the cases, it was bad OpsSec by the person, and had nothing to do with Tor.<p>How applicable do people think this information is now 9-10 years later?<p>DEF CON 22 - Adrian Crenshaw- Dropping Docs on Darknets: How People Got Caught <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=eQ2OZKitRwc" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=eQ2OZKitRwc</a>

Don&#x27;t quite get it - why doesn&#x27;t CCC share information with the Tor Project maintainers?

Federal agencies operate enough exit nodes to make Tor use risky at best. I have no idea if they have since implemented some feature to prevent this but if not I would stay far away from Tor if you&#x27;re planning to do illegal things. There&#x27;s also the risk of trusting service operators to secure any PII you expose on marketplaces.<p>Not that I think the Fed&#x27;s would blow their cover to hunt down people buying drugs but still seems stupid to trust.

If enough governmental bodies can get behind running Tor nodes then couldn&#x27;t we theoretically protect the bulk of humanity from spying on Internet access? Truly an advance in the Internet technology. It&#x27;s kind of like if a single nation does it they control everything, but once all the nations compete then everyone wins.<p>But at planetary scale would Tor scale in an environmentally friendly way?

This isn&#x27;t written in the most confidence inspiring way<p>But the things that do inspire confidence:<p>Tor is updated against vulnerabilities pre-emptively, years before the vulnerability is known to be leveraged<p>Tor Project happens to be investigating the attack vector of the specific tor client, which is years outdated<p>They should have just said “we fixed that vulnerability in 2022”<p>with a separate article about the old software

I am interested in the “legitimate” uses for tor. I have not kept up with this but I understand it was designed by US Navy to make it hard for oppressive regiemes to track their citizens use of web.<p>What do we want Tor for except as a hope that Russian citizens might be able to get to the BBC site?<p>I am asking honestly - and would prefer not to be told my own government is on the verge of a mass pogrum so we had better take precautions.

TOR critics like Len Sassaman said the same years ago, with traffic analysis it is possible to detect where the source is coming from.<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Len_Sassaman" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Len_Sassaman</a>

I’m a tor novice, so please excuse the simplistic question…<p>Couldn’t a national security organization just modify a node to route traffic to other nodes it controls instead of uncontrolled nodes?

I think it&#x27;s prudent to point out that the article&#x27;s title is quite &#x27;clickbaity&#x27;, but to address it directly, the correct answer is (as it usually is) is &#x27;it depends&#x27;. In my view, it depends on the answer to the question &#x27;safe for who?&#x27;, i.e. what is the threat model to which you are trying to guard against? If it&#x27;s the US, then of course not, as the code is well-known to the US and I would expect that they have known vulnerabilities that they can leverage to ascertain the users of their service. The fact that TOR is, &#x27;on paper&#x27;, non-governmental doesn&#x27;t really matter these days with the merging of private and public (and non-affiliated open-source communities) inside the security community. I would say that even the fact that it&#x27;s open source isn&#x27;t much of guard against such attacks, given that it relies on proficient oversight (which many eyes may not guarantee). Against other &#x27;nation state&#x27; type adversaries - I&#x27;d wager that the more prominent who have the capacity to host a large number of relay nodes, and have access to very large computational power, will find it possible to decode portions of the TOR traffic. Against less technically proficient adversaries, such as &#x27;run of the mill&#x27; police forces and minor nation states I&#x27;d go so far as to say it <i>might</i> be secure but only if you are using it for something uninteresting to them, but I ask &#x27;how hard is it really to do a man in the middle a TOR relay?&#x27;, and in terms of the most general case, &#x27;what about the endpoints?&#x27; which of course aren&#x27;t secured via TOR. Ultimately the best defense against &#x27;snooping&#x27; in my view is to use a pre-agreed communication protocol which is undocumented and is known only between the communicators and is unusual enough to be hard to recognize or hard to work out what it means (preferably with a key to those communications known only to the two parties), but then I suppose you could use any communication protocol...

The question is always and forever who are you hiding from and how strong is their will?<p>Assume if the will is strong and the resources are strong you will be eventually identified. If your not worth it then your not worth it.<p>become not worth it

A great history of Tor was recently published (with open access). Super interesting read.<p><a href="https:&#x2F;&#x2F;direct.mit.edu&#x2F;books&#x2F;oa-monograph&#x2F;5761&#x2F;TorFrom-the-Dark-Web-to-the-Future-of-Privacy" rel="nofollow">https:&#x2F;&#x2F;direct.mit.edu&#x2F;books&#x2F;oa-monograph&#x2F;5761&#x2F;TorFrom-the-D...</a>

Remember the Harvard student that emailed in a bomb threat via Tor to get out of a final exam in 2013?<p>He got caught not by the FBI breaking Tor, but just by network analysis of university network traffic logs showing a very narrow list of on-campus people using Tor at the time the threat was communicated. He quickly confessed when interviewed.<p><a href="https:&#x2F;&#x2F;www.washingtonpost.com&#x2F;blogs&#x2F;the-switch&#x2F;files&#x2F;2013&#x2F;12&#x2F;kimeldoharvard.pdf" rel="nofollow">https:&#x2F;&#x2F;www.washingtonpost.com&#x2F;blogs&#x2F;the-switch&#x2F;files&#x2F;2013&#x2F;1...</a><p>Just another factor to consider when using Tor - who&#x27;s network you&#x27;re on.

Old Ricochet used onion v2, that has stopped working long ago as far as I know, or I am missing something

<a href="https:&#x2F;&#x2F;spec.torproject.org&#x2F;vanguards-spec&#x2F;index.html" rel="nofollow">https:&#x2F;&#x2F;spec.torproject.org&#x2F;vanguards-spec&#x2F;index.html</a><p>&gt;A guard discovery attack allows attackers to determine the guard relay of a Tor client. The hidden service protocol provides an attack vector for a guard discovery attack since anyone can force an HS to construct a 3-hop circuit to a relay, and repeat this process until one of the adversary&#x27;s middle relays eventually ends up chosen in a circuit. These attacks are also possible to perform against clients, by causing an application to make repeated connections to multiple unique onion services.

<a href="http:&#x2F;&#x2F;yashalevine.com&#x2F;articles&#x2F;tor-spooks" rel="nofollow">http:&#x2F;&#x2F;yashalevine.com&#x2F;articles&#x2F;tor-spooks</a><p><a href="http:&#x2F;&#x2F;surveillancevalley.com&#x2F;blog&#x2F;fact-checking-the-tor-projects-government-ties" rel="nofollow">http:&#x2F;&#x2F;surveillancevalley.com&#x2F;blog&#x2F;fact-checking-the-tor-pro...</a>

From what little I&#x27;ve heard, de-anonymization of Tor users is largely done by targeting their devices with zero-day exploits. That is still a valid method, I wouldn&#x27;t trust Tor personally, but I&#x27;m with the Tor project that there is no credible evidence of a large scale de-anonymization attack.

Here&#x27;s imaginary attack with adversary. Just push as much traffic as possible from many hosts to the given hidden service. Now observe traffic metadata from high level network operators. With enough filtering it should be possible to detect where traffic spike is terminated.

At the most basic level we&#x27;re talking about a very public service that has been around for a long time that is a potential weakness&#x2F; enormous target for the best funded and most technically proficient intelligence agencies in the world.

Absolutist statements about services like TOR or VPNs are often not helpful. It&#x27;s highly contextual to the threat. If the threat is a state actor it&#x27;s likely nothing, TOR included, can preclude them from determining things about you that you would prefer them not to know.<p>Some specific state actors operate TOR entry and exit routers and can perform analysis which is different to others who just have access to the infra beneath TOR and can infer things from traffic analysis somewhat differently.<p>I have never been in a situation where my life and liberty depended on a decision about a mechanism like TOR. I can believe it is contextually safe for some people and also believe it&#x27;s a giant red flag to a lead pipe and locked room for others.

If your threat model includes western nation states, there are much bigger threats to your opsec than Tor. If your threat model does not include western nation states, Tor is safe to use.

Is it possible to &quot;break&quot; the protocol in such a way that Hidden Services cannot be used without some version of vanguards? It almost seems worth doing?

<a href="https:&#x2F;&#x2F;github.com&#x2F;blueprint-freespeech&#x2F;ricochet-refresh">https:&#x2F;&#x2F;github.com&#x2F;blueprint-freespeech&#x2F;ricochet-refresh</a><p>...We are writing this blog post in response to an investigative news story looking into the de-anonymization of an Onion Service used by a Tor user using an old version of the long-retired application Ricochet by way of a targeted law-enforcement attack.<p>...From the limited information The Tor Project has, we believe that one user of the long-retired application Ricochet was fully de-anonymized through a guard discovery attack. This was possible, at the time, because the user was using a version of the software that neither had Vanguards-lite, nor the vanguards addon, which were introduced to protect users from this type of attack. This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet, since version 3.0.12 released in June of 2022.

I doubt it, it&#x27;s too vulnerable to relay or 50% style attacks. I stopped using it in 2011&#x2F;12-ish.

Sincere question. This was created with US government funding. Is there any reason to believe it is safe?

Was it ever safe? Wasnt it created by the AirForce or something? I’ve always thought of it as a honeypot.

To get past the self signed certificate: <a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20240918195838&#x2F;https:&#x2F;&#x2F;blog.torproject.org&#x2F;tor-is-still-safe&#x2F;" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20240918195838&#x2F;https:&#x2F;&#x2F;blog.torp...</a>

&quot;Safe&quot; doesn&#x27;t have a meaning until you define your threat model.

A safer approach is to treat Tor only as a special obfuscation method.

It depends, are you dealing with Mossad or not Mossad?

Depends on your risk, if are are trying to avoid censorship and political repression in say Iran or china you are probably fine<p>If you are an enemy of the United States you probably aren’t but that’s a high bar

The more privacy the better as far as I&#x27;m concerned, but I&#x27;ve never used tor. What are people using tor for? General comms, piracy (mild illegal), other (very illegal), ...?

not when you consider the level of monitoring at critical internet exchange points..

Representing the letters &quot;nsa&quot; in &quot;unsafe&quot; since 2006.

Was Tor ever safe to use? I don&#x27;t think so.

safe as it ever was

Still?

Agencies operate untold nodes.<p>No.

The best attack against Tor is convincing people not to use it.<p>If anyone tries to convince you Tor is not safe, ask yourself: cui bono?

No. It is not. More than 1&#x2F;3 of the Tor servers are run by US Federal Govt as does other members of the Five Eyes. Israel has a large number as well. Cases are built backwards or in parallel that are from the fruit of the poisonous tree. If you don&#x27;t know what that term means, look it up.<p>Use Tor with extreme caution.

Tor has never been safe to use.

It&#x27;s safe if you ain&#x27;t a pedo or terrorist.<p>Sometimes I wonder wtf y&#x27;all are doing with such crazy security expectations and paranoia.