Internet anonymity has become difficult to procure as the NSA is doing everything in its power to keep tabs on Internet activity. One way that people have been protecting their anonymity is by using the anonymizing network, Tor. It was popularly used to access dark web sites like Silk Road, but it can also be used for good. For example, people in certain countries without free speech protections could be jailed or worse for disparaging online claims against the government; Tor provides a way to prevent those users’ web activity from being tracked. As it turns out, Tor isn’t as safe from the prying eyes of big government surveillance as we once thought.
Tor anonymizes user data by adding the extra step of routing a user’s signal through different entry and exit relays. This allows a website to know that someone using Tor visited the site, but the site won’t get details identifying the user. Tor uses over 6,000 different nodes around the world, making it nearly impossible to isolate a user’s location. But new adversaries attacking Tor are popping up, threatening anonymity.
According to a research paper from a joint American-Israeli team, hackers with immense resources like the NSA have developed a way to de-anonymize user data using “timing attacks”. In these attacks, all the attackers need to do is take control both the exit and entry points, then using statistical analysis they can deduce a Tor users identity in a matter of minutes.
Thankfully, The research team developed a new Tor client, Astoria, that can prevent these identity revealing attacks. Astoria can take the number of vulnerable connections on the network from 58% down to 5.8%. The researchers state that it would be impossible to completely eliminate the threat of eavesdropping attacks on Tor users, but Astoria uses an algorithm to predict attacks and chooses secure connections, accordingly.
Unfortunately, we have yet to come across a download link for the Astoria Tor client. We will post a link as soon as it’s available, so you can check out the new Tor client for yourself.
Source: The Daily Dot