Like, obviously, if you write 60.4938994, 25.8841835 on Techlore Discussions and then go buy drugs on the same circuit it wouldn’t help you. I’m talking about actual cases where it was possible to trace a client (without compromising it) to a server through TOR.
Yes there are confirmed cases.
In the Snowden documents from way back in the day, NSA says they can deanonymize a small amount of users.
There was a case that is always talked about in which some pedophile who was using Tails got hacked by the feds + facebook, which resulted in leaking his ip address. But I suppose that does not count for what you are looking for, since the criminal got hacked.
There was a more recent case of the Europeans using some compromised tor nodes + exploiting some sort of insecure chat software to deanonymize another pedophile. I do not remember the details. I do not think they caught him with malware that time.
I am too lazy to look up citations for any of this, but if you do some research it becomes obvious that yes, there have been confirmed cases. Despite it all, however, tor is still by far the best option probabilistically. It is not a magic bullet though.
edit- see
https://cyberinsider.com/tor-project-reassures-users-amid-claims-of-de-anonymization-attack/
for information on the recent pedophile case.
Actually it wasn’t a de-anonymization attack via Tor. The FBI managed to load malware onto a video that was then executed in the Gnome video player (Totem), and either gained access to the clearnet or root user.
Yes, as an example the German police was able to deanonymize a user, but this was caused by an outdated software.
So far I get the impression that if a person uses up-to-date Tor Browser and doesn’t bring data from it to the outside world, they’re safe
So far I get the impression that if a person uses up-to-date Tor Browser and doesn’t bring data from it to the outside world, they’re safe
I would say it depends, since there are also attacks outside the Tor-Browser.
So if you are targeted by a state level attacker, you should try TailOS instead of the normal Tor browser.
they’re safe
I believe that if you are a potential target of a state actor, it’s better to use Tor cautiously rather than assume you are completely safe. Additionally, remember that when we discuss attacks on Tor, we often focus solely on technical attacks. However, deanonymizations of specific targets can also involve “non-technical” efforts that may help exposing you as well.
-
Check out the Harvard Tor bomb threat. Tor anonymization relies on many people using the service simultaneously (similar to a cryptocurrency tumbler service). In this case, the visibility of the end result (an email with a timestamp sent from a Tor exit node) and the readily available surveillance of the suspected IP addresses led to the student’s identification.
-
Check out the Relay Early traffic confirmation attack. In this case, a 0-day vulnerability in the relaying software was exploited to deanonymize the suspects’ IP addresses.
-
The Ricochet attack mentioned above was a technical attack on outdated software, but remember that it is generally a correlation attack that Tor is not designed to prevent, even if the attack cannot currently be executed on a large scale. If you are connected to a state actor’s entry node, you can already be “monitored” on one end. If they gain visibility into your activities on the end service (either through the exit node or on the service itself), they may eventually be able to correlate your IP address as well.
1 Like
To be honest, the possibility of that is extremely low, as I’m not doing anything illegal. I just really don’t want this information being passively obtained