Identifying Tor Users Through Insecure Applications

[lotuseclat79]

Identifying Tor Users Through Insecure Applications.

Quote:

Interesting research: "One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users":

Abstract: Tor is a popular low-latency anonymity network. However, Tor does not protect against the exploitation of an insecure application to reveal the IP address of, or trace, a TCP stream. In addition, because of the linkability of Tor streams sent together over a single circuit, tracing one stream sent over a circuit traces them all. Surprisingly, it is unknown whether this linkability allows in practice to trace a significant number of streams originating from secure (i.e., proxied) applications. In this paper, we show that linkability allows us to trace 193% of additional streams, including 27% of HTTP streams possibly originating from ``secure'' browsers. In particular, we traced 9% of Tor streams carried by our instrumented exit nodes. Using BitTorrent as the insecure application, we design two attacks tracing BitTorrent users on Tor. We run these attacks in the wild for 23 days and reveal 10,000 IP addresses of Tor users. Using these IP addresses, we then profile not only the BitTorrent downloads but also the websites visited per country of origin of Tor users. We show that BitTorrent users on Tor are over-represented in some countries as compared to BitTorrent users outside of Tor. By analyzing the type of content downloaded, we then explain the observed behaviors by the higher concentration of pornographic content downloaded at the scale of a country. Finally, we present results suggesting the existence of an underground BitTorrent ecosystem on Tor.

-- Tom

[I no more]

Very interesting attack.

I'll admit that when I torrent, I also access the tracker through Tor and download the content outside of Tor. This is the only application where I have access partially through Tor and partially outside of Tor.

I'm not sure that I care all that much if someone can track my torrent downloads, but the "bad apple" attack also allows my browser usage to be tracked during this period.

I wonder what the Tor developers have to say and if they have a fix in mind.

[lotuseclat79]

Quote:

Originally Posted by I no more

I wonder what the Tor developers have to say and if they have a fix in mind.

That was my first thought about the article! I subscribe to the Tor Blog blogs RSS feed, and recently they did post some reading links, so, when they have something to say about it, I suppose the blog rss feed will let me know.

Reading to the end, the Tor Project lead, Roger Dingledine, is listed in the acknowledgments. Ergo, The Tor Project collaborated in the study.

-- Tom

[markedmanner]

Is this something that JanusVm would take care of?