Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Tor's Privacy Problems
Technology developed to protect privacy may actually threaten it
2 Min Read
4:15 PM -- People have an innate need to feel secure in their privacy. Our founding fathers built the United States on the understanding that people should be able to revolt and overthrow any government that oppresses them. Over time, Americans have lost more and more privacy rights as new laws have crept in. Fear of government, however, has never been lost.
The Internet has evolved in a similar fashion. For years it was unregulated, and largely unwatched. That all changed with the introduction of Echelon, the super-secret global Internet eavesdropping infrastructure purported to be operated by a number of countries. Still, people latched onto the idea that the Internet should be an anonymous network. Then along came Peek-a-booty.
In an effort to rebel against corporate culture -- and even against government's prying eyes -- a small band of hacktivists invented a tool called Peek-a-booty to allow semi-anonymous, point-to-point relay of information, evading IP blocks. This led to the concept of onion routing, now better known as Tor.
Tor is one of the most widely used privacy tools today, because it obfuscates the origins of packets. However, there are many problems with it.
Not only can Tor be de-anonymized, but browsers use cookies that attackers can leverage to identify users who switch back and forth between Tor sessions; for example, users often forget they are sending the same cookies to sites like Google Analytics. Worse yet, there are rumors that a man-in-the-middle attack on the Tor exit nodes caused the recent loss of 100 embassy usernames and passwords. You can bet there are a lot more losses where that came from.
There's also evidence that many free, open proxies found commonly on digg.com are simply logging infrastructures designed to steal personal information from users.
All of these issues suggest a great irony: In an effort to attempt to secure ourselves, we have created "funnels" by which we are easily surveyed and logged. Perhaps it's time to re-think our privacy strategies.
— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
