this post was submitted on 19 Sep 2024
97 points (80.9% liked)

Technology

59495 readers
3135 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 5 comments
sorted by: hot top controversial new old
[–] Cephalotrocity@biglemmowski.win 92 points 2 months ago (1 children)

;tldr Tor is fine as long as you are keeping it, and related tools up-to-date. Dude de-anonymized as using an old tool with known vulnerabilities fixed in later versions

[–] henfredemars@infosec.pub 91 points 2 months ago (1 children)

Important embedded link from Tor about the attack and actions going forward:

https://blog.torproject.org/tor-is-still-safe/

[–] grudan@programming.dev 51 points 2 months ago

Wow what a crappy article, the blog post should be what is posted instead. Not even a mention of out of date software in the article. This is clearly not a Tor issue.

[–] InvertedParallax@lemm.ee 26 points 2 months ago

2 things:

  1. This seems to be a specific attack for their IM protocol if the entry node was compromised, and could be placed nearby the client. To make this much easier, you'd want to compromise both the entry and exit nodes (in this case exit node is TOR native, so it's more like internal node).

This has never been unknown, this is one of the fundamental attack vectors against TOR, the IM protocol seemed to make correlation easier due to its real time nature.

They added a protection layer called Vanguard, to ensure the internal exit nodes were fixed to reduce the likelihood that you could track a circuit with a small number of compromised internal exit nodes. This seems like it would help due to reducing likelihood of sampling.

  1. TOR has always been vulnerable, the issue is the resources needed are large, and specifically, the more competition for compromising nodes the more secure it is. Basically now the NSA is probably able to compromise most connections, and they wouldn't announce this and risk their intelligence advantage unless there was an extremely valuable reason. They definitely wouldn't do so because a drug dealer was trying to make a sale. Telling normal law enforcement basically ends their advantage, so they won't.

Other state actors might try, but they're not in the same league in terms of resources, IIRC there are a LOT of exit nodes in Virginia.

tl;dr - The protocol is mostly safe, it doesn't matter if people try to compromise it, the nature of TOR means multiple parties trying to compromise nodes make the network more secure as each faction hides a portion of data from the others, and only by sharing can the network be truly broken. Good luck with that.