German authorities apparently cracked Tor anonymity, but onion heads say its still safe

One user was identified, and subsequently convicted.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

German police were able to identify individuals using theTor network, link them to certain criminal activity, and have them arrested and later convicted of the crimes. This is according to multiple German media outlets, who recently reported on the law enforcement using so-called “timing analysis” attacks.

Tor’s heads, on the other hand, argue that the network is perfectly fine and safe, and that the person that was arrested was, in fact, using outdated software that exposed its identity to the police,The Registerfound.

The Onion Router (Tor) is a privacy-focused network that enables anonymous communication by routing internet traffic through a series of volunteer-operated servers, or nodes. It hides users' IP addresses and encrypts their data, making it difficult to trace their online activity.

Unmanaged IT

Unmanaged IT

In its writeup, the German outletPanoramabriefly explains the logic behind timing attacks: “By timing individual data packets, anonymised connections can be traced back to the Tor user, even though data connections in the Tor network are encrypted multiple times.” That would presumably require the law enforcement to add, or compromise, the nodes, and use them to observe clues about users sending traffic into the network.

It seems to be a long shot, and the maintainers of the Tor network believe the individual gave themselves away by using outdated third-party software. Namely, an anonymousmessaging appcalled Ricochet, which didn’t have protections against so-called guard attacks. A “guard” is an entry node - the first one to receive data that’s later moved through the Tor network.

By getting a list of all subscribers connecting to a specific guard (in this case, by asking a telecommunications provider for the information), and then cross-referencing this data with Ricochet, the police were able to de-anonymise one user, an individual known as “Andres G”, allegedly operating a website hosting child sex abuse content.

“The claim that the network is ‘not healthy’ is simply not true,” Tor’s PR director Pavel Zoneff toldThe Register.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)