The problems continue
This researcher has started to demonstrate various problems in Tor, including the ones mentioned here. While the Tor project may have a pedantic way to argue that these aren't zero-days, they aren't doing very much to describe why they aren't problems. For example, I notice that they spent a lot of time stating that the researcher read a paper wrong, but don't spend very much at all showing why the algorithm he provides for detecting traffic doesn't work. They've provided a few arguments for why it might not work at scale, but they have neither disproven his methods nor proven their defense.
It's worth reading the full blog entry, linked from the article, to see the details on detection. I also found a previous entry covering problems in the browser and direct connections to be enlightening. I don't always agree with the severity of things this researcher says--for example, in the previous entry he describes how to detect direct Tor traffic as very problematic when there's already a much easier way to do that, but it also has caused me to be more skeptical of things the Tor project says.
Biting the hand that feeds IT
