9

Given the latest revelations about GCHQ's methods to de-anonymise Tor users, how can I keep myself safe?

From the document:

We will never be able to de-anonymize all Tor users all the time [but] with manual analysis we can de-anonymize a very small fraction of Tor users

Tom Medley
  • 972
  • 2
  • 9
  • 16

2 Answers2

7

Deanonymization can happen in three ways:

  1. You write or do something through Tor that can be linked to your real-life identity. For example, you tell people on Tor that you're in a certain time zone, country, or city.
  2. The browser you are using with Tor is leaking information or can be exploited to leak information. For example, you are using the same browser for Tor that you were using for non-Tor activities, and you didn't clear the cookies. The cookies are tied to your IP address, and are sent back across Tor. Another example would be a browser exploit that reads your IP address and reports it back across Tor, or across the non-Tor Internet.
  3. There is traffic or timing analysis on your Tor usage. For example, an attacker sees that connections to a certain website using a certain account from a Tor exit node always happen at a certain time of day. The attacker observes that there are connections to Tor from a certain home computer at the same times of day, and this is observed for long enough to establish a strong connection. The attacker can conclude that the website connections are from that home computer. This is a timing attack. For an example of a traffic analysis attack, suppose you are downloading a large file on Tor with a high bandwidth Tor circuit. That high bandwidth usage may stand out to an attacker who can observe the connections of both your computer and the exit node you are using.

You can mitigate #1 by developing good habits and discipline when using Tor, saying as little as possible over Tor, and using completely standard non-idiosyncratic English for those times when you must say something; in other words, you want to be as "average" a user as possible. You can mitigate #2 by only using Tor with an up to date Tor Browser Bundle or, even better, only using Tor from an up to date Tails or Liberté, and at a coffee shop or somewhere you can get Internet not tied to your real identity (you will have to reboot to use these). You can mitigate #3 by using Tor as little as possible.

Aaron Miller
  • 198
  • 1
  • 3
2

Run your own tor node (it doesn't have to be exit node) and use it as the first hop.

Tor works in the following way - you computer connects to tor node 1, tor node 1 connects to tor node 2, tor node 2 connects to tor node 3, tor node 3 connects to the target web page.

The government can't decrypt the communication, but it knows how much data was transferred between individual nodes. The government could see that the data flow between your computer and tor node 1 correlates with data flow between tor node 3 and the target web page - so it can suspect that you are viewing the target web page.

Now, if you run the first node on your own network, the government can't sniff data flow between your computer and the first tor node, so the above attack doesn't work.

It is essential that you register your tor node in the tor directory - so that other people can connect to it - so that the government doesn't know if the communication coming from your tor node is initiated by you or others.

user
  • 21
  • 1