- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Tor does not provide bulletproof online anonymity
The Onion Router can obscure your online presence, but don't count on it to completely cover your tracks or hide your identity online.
There has been an avalanche of recent revelations about the NSA spying on virtually all online activity. One possible method to prevent monitoring and obscure your presence online is to use Tor--The Onion Router. A new report, however, shows that Tor is not invulnerable, and that it doesn't take an agency with the resources of the NSA to break it and figure out who and where you are.
In an article written for The Guardian entitled 'NSA surveillance: A guide to staying secure' respected information security expert Bruce Schneier offers a number of tips to stay safe online. The first one is:
Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.
Right off the bat, you should note that while Schneier suggests you use Tor to anonymize your online activities, he also points out right up front that the NSA can peel back the layers and find you still. Schneier is simply recommending that some anonymity is better than no anonymity, and the harder you make it, the less likely your every action will be tracked.
That premise is a truism of security in general--a layered approach is better than a single security solution even though none of the individual layers offers absolute protection in and of itself. So, Tor may not offer complete online anonymity, but the use of Tor still makes it significantly less likely that the NSA or rogue attacker will be able to monitor or track you online.
By all means, use Tor--but make sure you also understand its weaknesses and limitations. A report entitled 'Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries' details research that shows how Tor is susceptible to compromise from even moderately skilled and equipped attackers.
The abstract for the paper states:
We present the first analysis of the popular Tor anonymity network that indicates the security of typical users against reasonably realistic adversaries in the Tor network or in the underlying Internet. Our results show that Tor users are far more susceptible to compromise than indicated by prior work. Specific contributions of the paper include (1) a model of various typical kinds of users, (2) an adversary model that includes Tor network relays, autonomous systems (ASes), Internet exchange points (IXPs), and groups of IXPs drawn from empirical study, (3) metrics that indicate how secure users are over a period of time, (4) the most accurate topological model to date of ASes and IXPs as they relate to Tor usage and network configuration, (5) a novel realistic Tor path simulator (TorPS), and (6) analyses of security making use of all the above. To show that our approach is useful to explore alternatives and not just Tor as currently deployed, we also analyze a published alternative path selection algorithm, Congestion-Aware Tor. We create an empirical model of Tor congestion, identify novel attack vectors, and show that it too is more vulnerable than previously indicated.
Whether you use Tor, or you're considering using Tor, you should take a look at this paper. Whether you choose to read the paper or not, just make sure you're aware that Tor does not provide absolute anonymity--it's just an extra layer of obfuscation.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government