You are viewing a read-only archive of the Blogs.Harvard network. Learn more.

The rumors of our demise

anonymous - February 26, 2007 @ 4:50 pm · Filed under Uncategorized

The security community lives on papers that analyze attacks on security tools. Although these are called “attack papers” they are usually done by people who are trying to help and refine the object of the research.

When an attack paper is published, documenting an attack on the Tor network, it’s often with our knowledge. The authors consult with us for inside info. But invariably, someone on slashdot or other blogs will skim the paper and say “OMG, Tor is broken!”

Using Tor is relatively safe. If there were a published way to attack the network that we thought made it less safe to use Tor, we’d tell you first — since, so far, the authors of every genuinely new vulnerability have told us before their work hit the web. We announce security patches and other issues on or-announce@freehaven.net.

The UColorado/Boulder technical paper is an example of the evolving research in anonymity. Refining well-known attacks from several years ago, the researchers better documented what an attack on the network might look and behave like. They combined a bandwidth overstatement attack with a correlation attack.

They consulted with us on the project. We are aware of these kinds of potential attacks — but such a bandwidth overstatement attack, to be successful, would leave fingerprints all over the Tor directories. We have never seen such an attack “in the wild,” and we think it no more likely that this paper would make such an attack easier or more likely than it was a few years ago when another version of it was documented.

The authors of the new paper have published a FAQ addressing how users should think about their research — they expressed their surprise and regrets at the uproar.
It says in part:

Q0. Most importantly, should we stop using Tor?

A0. ABSOLUTELY NOT! Despite our findings, Tor is the most secure and usable privacy enhancing system available. We believe that the system is safe for end-users, however, the system is experimental and the developers make no guarantees about the degree of privacy that it can provide. Let use re-iterate: Concerned users should NOT stop using Tor.

No internet security is 100%. Tor is not perfect — we’re constantly refining it, in a context of a hugely supportive community of researchers. But we believe we are still the best low-latency (i.e. allowing web surfing, not just transferring a file every few hours) anonymity/privacy one can have online without crossing a line of civility. Your only better option is to buy into a botnet, steal an identity, or participate in some other crime with a victim.

We are currently seeking funding that should help us close these vulnerabilities in Tor (and if you would like to donate or fund Tor development, please contact me!). We have plans to close the bandwidth overstatement vulnerability in the coming months. In the meantime, we watch for attacks on the network, and work to be transparent in our operations.

We appreciate that people care about Tor. If in the future you are worried about some issue in Tor, please feel free to contact us directly. If you read speculation about Tor, please encourage the bloggers to check with us — we’re very blogger friendly, and part of our purpose is to protect bloggers where blogging isn’t safe.
Imagine this scenario — a very small risk documented in a technical paper gets sensationalized in the blogosphere. Some number of dissidents and bloggers in places such as China abandon Tor. As a result, they might be arrested, jailed, or disappeared.

Blogstorms can have real world consequences. Please ponder before you write, critically examine what you read, and ask us for updates.

1,732 Comments

  1. topsportsup

    January 8, 2013 @ 3:33 pm

    1

    I really enjoyed reading your blog! I found it not only informational but nice to read as well! I am primarily involed with topsportsup but I really picked up a lot from this. Keep up the good work!

  2. Perth Spray Tan

    January 15, 2013 @ 10:38 am

    2

    Super share it is actually. We have been searching for this information.

  3. security doors

    January 22, 2013 @ 11:25 pm

    3

    I didnt realize they published papers that analyze attacks on security tools and call them “attack papers“. This is a real eye opener.

    Thanks

  4. Bucky Mccarron

    January 31, 2013 @ 3:19 pm

    4

    Hello there! This post couldn’t be written any better! Looking through this article reminds me of my previous roommate! He continually kept preaching about this. I’ll send this information to him.

    Pretty sure he will have a great read. Many thanks for sharing!

  5. קורס בניית ציפורניים

    February 3, 2013 @ 4:41 am

    5

    Well said, I will never stop using TOR.

  6. Sofia

    February 4, 2013 @ 3:47 am

    6

    I think that not everyone will agree on this.

  7. cigarette machine top

    February 8, 2013 @ 3:47 pm

    7

    Keep up the superb work , I read few posts on this website and I conceive that your website is really interesting and holds bands of great info .

  8. Hautelook Discount Code

    February 10, 2013 @ 8:31 pm

    8

    Having read this I believed it was really enlightening.
    I appreciate you spending some time and energy to put
    this informative article together. I once again find myself
    personally spending way too much time both reading and commenting.
    But so what, it was still worthwhile!

  9. lights

    February 16, 2013 @ 9:19 am

    9

    That was a really good post. You made some really good points and I appreciate for your insight! Take care!

  10. Mervin Pulley

    February 18, 2013 @ 9:04 pm

    10

    Wonderful post! We will be linking to this great post on our website. Keep up the great writing.

  11. home remedies for yeast infection

    February 20, 2013 @ 9:45 am

    11

    I thoroughly enjoyed reading your post! I found it not only informative but entertaining also! I am primarily involed with home remedies for yeast infection but I really got a lot from this. Keep up the good work!

  12. Search Engine Optimisation

    February 21, 2013 @ 8:55 am

    12

    Great news indeed. I’ve been waiting for this update.

  13. Sydney window tinting

    February 24, 2013 @ 6:51 pm

    13

    That was an excellent article. You made some exceptional points and I am thankful for your insight! Take care!

  14. kocaali

    February 27, 2013 @ 10:12 am

    14

    That was an informative article. You made some exceptional points and I am thankful for your information! Keep it up!

  15. my blog

    March 2, 2013 @ 9:58 am

    15

    If you are going for most excellent contents like I do, simply
    visit this site all the time because it presents quality
    contents, thanks

  16. Aluminium Shutters Brisbane

    March 21, 2013 @ 9:31 pm

    16

    I really enjoyed reading your post! I found it not only informational but entertaining as well! I am mainly involed with Aluminium Shutters Brisbane but I really got a lot from this. Keep it up!

  17. schoene wohnideen

    March 22, 2013 @ 3:41 pm

    17

    Great post it is really.

  18. hypnotherapy in london

    March 28, 2013 @ 9:39 pm

    18

    I really enjoyed reading your post! I found it not only informational but entertaining as well! I am primarily involed with hypnotherapy in london but I really got a lot from this. Keep up the good work!

  19. Five Star Hotels In Kuwait

    April 5, 2013 @ 9:14 am

    19

    Good job again! Thank you!

  20. Charlotte Amalie

    April 9, 2013 @ 11:33 pm

    20

    I enjoyed visiting your website. I plan to visit again keep up the good work.

  21. ehr reviews

    April 16, 2013 @ 5:13 pm

    21

    I really enjoyed reading your blog! It was not only informative but entertaining as well! I am mainly involed with ehr reviews but I really picked up a lot from this. Take care!

  22. lyoness scam

    April 17, 2013 @ 5:04 pm

    22

    Great information it is surely. Friend on mine has been seeking for this content.

  23. Kadın sitesi

    April 25, 2013 @ 6:07 pm

    23

    Kadın sitesi ve dukan diyeti demek. I plan to visit again keep up the good work.

  24. игровые автоматы играть бесплатно

    April 29, 2013 @ 12:25 pm

    24

    What’s Going down i am new to this, I stumbled upon this I have found It positively helpful and it has aided me out loads. I’m hoping to contribute & help other customers like its aided me. Good job.

  25. Product Reviews

    April 29, 2013 @ 6:32 pm

    25

    That was a really good post. You made some exceptional points and I am thankful for your information! Keep it up!

  26. clash of clans hack 2013 no survey

    May 5, 2013 @ 8:11 am

    26

    Good day very cool web site!! Guy .. Beautiful .. Amazing .. I’ll bookmark your web site and take the feeds also?I’m happy to search out a lot of useful information here in the post, we’d like work out extra techniques on this regard, thanks for sharing. . . . . .

  27. Ken Shipman

    May 6, 2013 @ 11:54 am

    27

    Amazing how timely this is still, looking forward to contributing some more in the future. Thanks for keeping the discussion going!

  28. Частное, гражданское, промышленное, строительство, спортивные сооружения, транспортные терминалы, системы линейного водоотвода, системы т

    May 6, 2013 @ 12:55 pm

    28

    Гидро-маркет

  29. What is SAP

    May 9, 2013 @ 8:53 pm

    29

    Cool story indeed. My teacher has been awaiting for this information.

  30. Üroloji

    May 14, 2013 @ 1:29 pm

    30

    Normally I don’t read article on blogs, however I would like to say that this write-up very pressured me to check out and do it! Your writing style has been surprised me. Thanks, very nice post.

  31. HealthCareLawNet.Com

    May 21, 2013 @ 10:46 am

    31

    Good job once again! Thanks;)

  32. Austin Divorce Lawyer

    May 21, 2013 @ 11:06 am

    32

    Tor is not secure and this is not really news anymore. No internet security precaution is 100% secure. Obvious statements of course.

Log in
Proudly powered by WordPress. Hosted by Pressable.