back to article Domain name resolution is a Tor attack vector, but don't worry

This one needs the words “Don't Panic” in large friendly letters on the cover: privacy researchers have worked out that Tor's use of the domain name system (DNS) can be exploited to identify users. However, they say, right now an attacker with resources to drop Tor sniffers at “Internet scale” can already de-anonymise users. …

  1. Thatguyfromthatforum

    Bit of FUD really

    Most experienced Tor users know to not stray outside of traffic based solely within the network itself, hidden sites in other words. Also https everywhere included in the tails distro should mitigate this.

    Not really much of an attack if you're using Tor to not access the deep web, I don't know many Tor users who use Tor for regular internet use, not to mention anything running cloudflare won't connnect your Tor instance to the website of your choice.

    However, it's pretty easy to identify Tor nodes on a network based on the packet size, and the size of packets in certain sequences. I studied Tor for my dissertation and was able to identify Tor nodes within otherwise normal networks with above 90% accuracy.

    1. Ole Juul

      Re: Bit of FUD really

      It seems to be popular to assume that Tor users are unaware of basic security practice. I guess that makes a more popular story.

  2. Velv
    Big Brother

    If you've had the misfortune to read Peter Wright's "Spycatcher" (don't bother, it's awful) you'll know that the Russians knew which of their embassy staff in London were being followed not because they had broken the encrypted MI5 traffic but merely because of the existinace and origination of the traffic.

  3. Anonymous Coward
    Anonymous Coward

    Another reason not to bring out the smelling salts

    From the article: … existing research demonstrates that packet length and direction provides a fingerprint that can identify the Website that originated the traffic.

    From Website Fingerprinting at Internet Scale (Panchenko et al., 2016) (not cited in TF preprint) [emphasis added]:

    webpage fingerprinting does not scale for any considered page in our datasets [which are considerably larger than those used in any previously published research] and any state-of-the-art classifier. Hence, the attack cannot be reliably used to convict users, but it may be used to limit the set of possible suspects.

    Well, I suppose that last clause might bring on an attack of the the vapours in some readers.

  4. Anonymous Coward
    Anonymous Coward

    inb4 the usual "Tor was already broken" comments.

    See title.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like