2

I was reading about vulnerabilities of onion routing and stumbled across correlation attack. From what I understand, it's possible for authorities to setup some effective analysis program, and de-anonymize most of the onion routing.

For example, I submit this question in 12:00 AM, the exit node sends it at 12:00 AM, the stackexchange server lists it as "questioned in Saturday - 12:00 AM". If I do this with multiple accounts, in multiple places, the authorities can gain confidence that it's my IP behind user Best Quality Vacuum.

What I want to know is: Has it ever happened severely, like spying effectively on most Tor users out there? Do criminals who're being constantly watched by the FBI get de-anonymized that way? Does one country have the power to do it, or does it need the permission from the rest?

Best Quality Vacuum
  • 21
  • 1

1 Answers1

0

With the spy agencies, I think you would never know unless there's a leak. For criminals in the countries with public court records, you may see some. The biggest known real-world "correlation attack" on Tor was perhaps:

https://en.wikipedia.org/wiki/Tor_(network)#Relay_early_traffic_confirmation_attack

For an individual user, there was a Harvard student who sent an Bomb email who got caught. Tor didn't prevent him from getting caught because 1) email has some info (such as timestamp) 2) authority suspected it was from internal source 3) Harvard kept logs.

https://www.forbes.com/sites/runasandvik/2013/12/18/harvard-student-receives-f-for-tor-failure-while-sending-anonymous-bomb-threat/?sh=41e49f6b5457

  1. spying, we don't know
  2. monitoring criminals on Tor on a mass scale with technical means, probably not. They usually caught suspects using some combinations of traditional/technical means which tend to target specific subgroups.
  3. to do correlation attack, the organization just needs to have resources to put as many relays as possible in the Tor network. Anybody with enough resources and clever about hiding their malicious intent can do it. No permission required.
Afterglow5348
  • 1
  • 1