Disclaimer: I am not encouraging any and every illegal behavior, neither on tor or anywhere else. This is a purely theoretical analysis of the actual strength of The tor network, which is a great tool for anonymity, and is vital for the freedom of the Internet.
Malicious Tor nodes are a problem, and a constant subject of discussion, with many people believing that the Tor network is compromised.
I am here with Facts, Math and Logic to determine how easy/hard it would be to compromise Tor
There are three ways a tor user can be de-anonymized:
- Human Error
- Malicious Nodes
- Traffic Analysis
I will cover 1 in another post, but 2 and 3 here:
Since everyone can contribute tor nodes (you should too), users or even entire government organizations could contribute malicious nodes, which log the activity in the tor network.
If a users circuit is comprised of all malicious nodes, the entity in control knows which IP is connecting to which hidden service.
Please note that IPs are not unique and there is nothing illegal about visiting any hidden service.
Due to encryption, a outside observer cannot see what you are doing at said hidden service. Either your device, or the hidden service has to be compromised by said outside observer for it to know whats going on.
Now that we established, what can happen if your real IP gets linked with your browsing on Tor:
Whats actually the mathematical probability for me to get a bad circuit?
The Math is quite simple actually:
f(x) = x^3 for 3-hop clearnet circuits
f(x) = x^6 for 6-hop .onion circuits
The Orange Line represents a 3 hop clearnet circuit
The Red Line represents a 6 hop .onion circuit
The X axis (left to right) stands for the percentage of bad nodes in the tor network
The Y axis (up and down) stands for the probability of getting a full circuit of bad nodes.
To check the amount of tor nodes go to Tor’s metric page
The Tor network consists of around seven thousand nodes and almost three thousand bridges at the time of typing this, so a malicious entity would have to own 5000 (3500 Nodes + 1500 Bridges) separate computers with individual IP addresses, email addresses, nicknames and configurations, only to get a 1.6% chance of compromising a .onion circuit.
Theoretically a malicious entity could de-anonymize users by comparing the traffic coming into the tor network with the one leaving the tor network.
Instead of a full circuit, they would just need to have control over the first and last node.
The Tor project knows this however, and has implemented security measures to make this harder. You can read about it here, but here’s how I would explain it:
The tor network generates “fake” traffic. You can picture it like trying to decipher morse code while listening to the static of a radio, which sounds exactly like the signal you are trying to hear out for.
Static Guard Nodes:
If you only have one entry node, but do different things, this node will not be able to categorize the traffic, making it virtually useless.
By purposefully delaying your traffic at multiple nodes, the malicious entity cannot determine your traffic by estimating how long its journey through the tor network is. This does make the tor network a little bit slower, but way more secure
The Tor Traffic leaving your machine is encrypted twice. When it comes to the first node, the first layer of encryption is decrypted, and the package plus randomly generated binary is encrypted and sent to the next node, where the process repeats itself.
You can visualize this by imagining the encryption as a box inside a box, and the padding like packing peanuts. The size of the outer Package the mailman sees varies, but the content inside is always the same.
This makes traffic analysis very hard. Its pretty much guesswork, but with these kinds of countermeasures a nearly impossible task.
Keep in mind that all they could do is guess which IP connects to which hidden service. They never know if its a real connection, or just a coincidence.
Again: IPs are not Unique, connecting to any hidden service is not illegal and due to encryption the malicious entity would not even know what you are doing.