Domain name resolution is a Tor attack vector, but don't worry This one needs the words “Don't Panic” in large friendly letters on the cover: privacy researchers have worked out that Tor's use of the domain name system (DNS) can be exploited to identify users. However, they say, right now an attacker with resources to drop Tor sniffers at “Internet scale” can already de-anonymise users. …
Most experienced Tor users know to not stray outside of traffic based solely within the network itself, hidden sites in other words. Also https everywhere included in the tails distro should mitigate this.
Not really much of an attack if you're using Tor to not access the deep web, I don't know many Tor users who use Tor for regular internet use, not to mention anything running cloudflare won't connnect your Tor instance to the website of your choice.
However, it's pretty easy to identify Tor nodes on a network based on the packet size, and the size of packets in certain sequences. I studied Tor for my dissertation and was able to identify Tor nodes within otherwise normal networks with above 90% accuracy.
If you've had the misfortune to read Peter Wright's "Spycatcher" (don't bother, it's awful) you'll know that the Russians knew which of their embassy staff in London were being followed not because they had broken the encrypted MI5 traffic but merely because of the existinace and origination of the traffic.
From the article: … existing research demonstrates that packet length and direction provides a fingerprint that can identify the Website that originated the traffic.
From Website Fingerprinting at Internet Scale (Panchenko et al., 2016) (not cited in TF preprint) [emphasis added]:
webpage fingerprinting does not scale for any considered page in our datasets [which are considerably larger than those used in any previously published research] and any state-of-the-art classifier. Hence, the attack cannot be reliably used to convict users, but it may be used to limit the set of possible suspects.
Well, I suppose that last clause might bring on an attack of the the vapours in some readers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
