{"id":52549,"date":"2024-11-07T04:14:46","date_gmt":"2024-11-07T09:14:46","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=52549"},"modified":"2024-11-07T04:35:13","modified_gmt":"2024-11-07T09:35:13","slug":"what-you-need-to-know-about-tor-browser-and-anonymity","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/what-you-need-to-know-about-tor-browser-and-anonymity\/52549\/","title":{"rendered":"Tor Browser and anonymity: what you need to know"},"content":{"rendered":"

The desire to remain anonymous online is as old as the internet itself. In the past, users believed hiding behind a nickname meant they could badmouth their neighbors on local forums with impunity. Now, such trolls can be identified in seconds. Since those early days, technology has taken a quantum leap: distributed networks, anonymous browsers, and other privacy tools have emerged. One of these tools, which was heavily promoted<\/a> a decade ago by former NSA<\/a> contractor Edward Snowden, is the Tor Browser<\/a>, where \u201cTOR\u201d is an acronym for \u201cThe Onion Router\u201d.<\/p>\n

But in today\u2019s world, can Tor truly provide complete anonymity? And if it doesn\u2019t, should we just forget all about anonymity and rely on a regular browser like Google Chrome?<\/p>\n

How Tor users are deanonymized<\/h2>\n

If Tor is new to you, check out our vintage article<\/a> from way back when. There, we answered some common questions: how the browser ensures anonymity, who needs it, and what people usually do on the dark web. In brief, Tor anonymizes user traffic through a distributed network of servers, called nodes. All network traffic is repeatedly encrypted as it passes through a number of nodes between two communicating computers. No single node knows both the origin and destination addresses of a data packet, nor can it access the packet\u2019s content.\u00a0OK, short digression over \u2014 now let\u2019s turn to the real security threats facing anonymity enthusiasts.<\/p>\n

In September, German intelligence services identified<\/a> a Tor user. How did they do it? The key to their success was data obtained through what\u2019s called \u201ctiming analysis\u201d.<\/p>\n

How does this analysis work? Law enforcement agencies monitor Tor exit nodes (the final nodes in the chains that send traffic to its destination). The more Tor nodes the authorities monitor, the greater the chance a user hiding their connection will use one of those monitored nodes. Then, by timing individual data packets and correlating this information with ISP data, law enforcement can trace anonymous connections back to the end Tor user \u2014 even though all Tor traffic is encrypted multiple times.<\/p>\n

The operation described above, which led to the arrest of the administrator of a child sexual abuse platform, was possible partly because Germany hosts the highest number of Tor exit nodes<\/a> \u2014 around 700. The Netherlands ranks second with about 400, and the US comes in third with around 350. Other countries have anywhere from a few to a few dozen. International cooperation among these top exit-node countries played a significant role in deanonymizing the child sexual abuse offender. Logically, the more nodes a country has, the more of them can be state-monitored, increasing the likelihood of catching criminals.<\/p>\n

\"Germany<\/a>

Germany and the Netherlands are among the leaders on the number of Tor exit nodes \u2014 not only in Europe but worldwide. Source<\/a><\/p><\/div>\n

The Tor Project responded<\/a> with a blog post discussing the safety of their browser. It concludes that it\u2019s still safe: the de-anonymized individual was a criminal (why else would authorities be interested?<\/em>), using an outdated version of Tor and the Ricochet<\/a> messaging app. However, Tor noted it wasn\u2019t given access to the case files, so their interpretation regarding the security of their own browser might not be definitive.<\/p>\n

This kind of story isn\u2019t new; the problem of timing attacks has long been known to the Tor Project, intelligence agencies, and researchers. So although the attack method is well-known, it remains possible, and most likely, more criminals will be identified through timing analysis in the future. However, this method isn\u2019t the only one: in 2015, our experts conducted extensive research<\/a> detailing other ways to attack Tor users. Even if some of these methods have become outdated in the forms presented in that study, the principles of these attacks remain unchanged.<\/p>\n

\u201cGenerally it is impossible to have perfect anonymity, even with Tor\u201d.<\/strong><\/h2>\n

This phrase opens the \u201cAm I totally anonymous if I use Tor?\u201d section of the Tor Browser support page<\/a>. Here, the developers provide tips, but these tips can at best only increase the chances of remaining anonymous:<\/p>\n