Hiding your tracks with Tor could be risky, say some
Tor, a tool used for hiding Internet traffic often replied upon by dissidents in parts of the world where Internet traffic is commonly filtered or blocked—is quite possibly full of security problems, leaving some to wonder aloud if it’s as safe for use as previously thought.
Tor, as described by the project’s website, is “a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.” Tor does this by hiding your IP address, and the route by which your connection request was transmitted.
The company site goes on to say journalists have used the service to communicate with whistle-blowers, and the Navy still uses it for intelligence gathering.
However, according to web publication Hacker News, French researchers from ESIEA found the network to be vulnerable enough “that we can easily infect and obtain system privileges,” after performing “an inventory of the network.”
According to ESIEA’s findings “it is possible to take control of the network and read all the messages that circulate” -- basically negating the whole purpose of Tor to begin with.
Hacker News was skeptical of the findings, and a recent official blog post by Tor called the ESIEA’s findings “rumors” that are “greatly exaggerated.”
An unnamed source—who identified himself previously to the Daily Dot as an early member of loose-knit hacker collective Anonymous and co-raider with celebrity hacktivist, Internet troll and convicted felon Andrew 'weev' Auernheimer—was not surprised by ESIEA’s findings.
“Tor is … the proxy of choice for novice (and also the majority of) hackers and Anons. We’ve been saying it’s vulnerable and untrustworthy for years, but people typically scoff at that insinuation,” he typed in a private chat with the Daily Dot.
Our own hacker-journalist Grant Robertson, agreed somewhat. “It's only as trustworthy as the exit nodes. If you ran a rogue exit node, you could possibly figure some things out.. but it's still really difficult” said Robertson.
Easy enough for a “novice” hacker? Probably not.