移动端 | 加入收藏 | 设为首页 | 最新ss | 赞助本站 | RSS
 

freefq.comfree——免费、自由fq——翻墙

困在墙内,请发邮件到freefqcom#gmail.com获得最新免费翻墙方法!
您当前的位置:首页 > 翻墙动态

Is Tor still safe to use?

时间:2024-09-27  来源:torproject  作者: isabela, pavel 条评论

We are writing this blog post in response to an investigative news story looking into the de-anonymization of an Onion Service used by a Tor user using an old version of the long-retired application Ricochet by way of a targeted law-enforcement attack. Like many of you, we are still left with more questions than answers--but one thing is clear: Tor users can continue to use Tor Browser to access the web securely and anonymously. And the Tor Network is healthy.BU3免费翻墙网

Please note, that for the great majority of users worldwide that need to protect their privacy while browsing the Internet, Tor is still the best solution for them. We encourage all Tor users and relay operators to always keep software versions up to date.BU3免费翻墙网

From the limited information The Tor Project has, we believe that one user of the long-retired application Ricochet was fully de-anonymized through a guard discovery attack. This was possible, at the time, because the user was using a version of the software that neither had Vanguards-lite, nor the vanguards addon, which were introduced to protect users from this type of attack. This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet, since version 3.0.12 released in June of 2022.BU3免费翻墙网

Vanguards-lite, released in Tor 0.4.7, protects against the possibility of combining an adversary-induced circuit creation with circuit-based covert channel to obtain a malicious middle relay confirmed to be next to the user's Guard. Once the Guard is obtained, netflow connection times can be used to find the user of interest. In this case, the netflow attack could proceed quickly, because the attacker was able to determine when the user was online and offline due to their Onion Service descriptor being available, combined with the low number of users on the discovered Guard.BU3免费翻墙网

Responsible Disclosure

In contrast to the CCC, Chaos Computer Club, who was provided access to the documents related to the case and was able to analyze and validate the reporter's assumptions, we were only provided a vague outline and asked broad clarifying questions that left us with uncertainty of the facts, and questions of our own. While we appreciate the journalist contacting us, this same access was not given to the Tor Project.BU3免费翻墙网

Given the potential risk to our users, we decided to go public. We requested that anyone with additional information about the case share it with us. This would allow us to conduct our own analysis and determine the best course of action to protect our users.BU3免费翻墙网

To be clear, The Tor Project did not intend to ask for the sources of the story, but sought to understand what evidence existed for a de-anonymization attack to accurately respond to the investigating reporter's questions and assess our disclosure responsibilities. And we continue to have an interest in obtaining more information about how Onion Services users were de-anonymized. If we had access to the same documents as CCC, it would be possible to produce a report with more clarity regarding the actual state of the Tor network and how it affects the great majority of its users.BU3免费翻墙网

We need more details about this case. In the absence of facts, it is hard for us to issue any official guidance or responsible disclosures to the Tor community, relay operators, and users.BU3免费翻墙网

We are calling for more information from you.

If you have any information that can help us learn more about this alleged attack, please email security@torproject.org.BU3免费翻墙网

If you want to encrypt your mail, you can get the OpenPGP public key for this address from keys.openpgp.org. Fingerprint: 835B 4E04 F6F7 4211 04C4 751A 3EF9 EF99 6604 DE41BU3免费翻墙网

Your assistance will help all of us take the necessary steps and precautions to keep Onion Services safe for the millions of users that rely on the protections Tor provides.BU3免费翻墙网

A healthy network

It is important to note that Onion Services are only accessible from within the Tor network, which is why the discussion of exit nodes is irrelevant in this case. But we would like to share that the number of exit nodes has significantly increased over the past two years, with over 2,000 now available. To the best of our knowledge, the attacks happened between 2019-2021.BU3免费翻墙网

While it is fair to question the concentration of these nodes in certain countries or operations, this has very little to do with the described attack from what we learned in the articles published so far. The attacks occurred on an old version of the long-retired application Ricochet that lacked new features The Tor Project has released since to mitigate against the kind of 'timing' analysis described in the articles. The most current versions of Ricochet-Refresh have such protections in place.BU3免费翻墙网

Another important thing to mention is the longevity of the user connection for such 'timing' analysis to be successful. A Tor Browser user that does not maintain its connection for a long time, is less vulnerable to such analyses.BU3免费翻墙网

After the period of the attacks described to us, 2019-2021, our Network Health team has flagged thousands of bad relays which the Directory Authorities then voted to remove. Those included many that would come from a single operator or tried to enter the network in large scales. The Network Health team has implemented processes to identify possible large groups of relays that are suspected to be managed by single operators and bad actors and not allow them to join the network.BU3免费翻墙网

The Tor Project knows that diversity of relays is a pressing issue for the Tor community and we are having many conversations with our community and relay operators about this subject to understand how we can address common pain points together.BU3免费翻墙网

Over the last year alone, we've launched a number of new initiatives such as the EFF's Tor University Challenge and the introduction of the Tor's network health API at DEF CON 32 earlier this year. Tor's bandwidth has actually increased substantially in recent years, as shown in this link: https://metrics.torproject.org/bandwidth.html?start=2013-06-20&end=2024-09-18. This means the Tor network is faster than it has ever been. And we continue to conduct outreach campaigns and efforts to grow the network. BU3免费翻墙网

You can help

We encourage those who can to volunteer and contribute bandwidth and relays to grow and diversify the Tor network. By ensuring hardware, software, and geographic diversity of the Tor network, we can continue to significantly minimize the potential for abuse and surveillance on the Tor network--and make guard attacks even harder to execute. As far as the Tor community is concerned, the best way to ensure network health, protect users and relay operators is keeping Tor software up to date and following the guidance that we publish on the Tor Project's official channels.BU3免费翻墙网

It is important to remember that Tor is one of the few alternatives that provide a vision and actionable model for a decentralized Internet that make this sort of attack impractical for those who seek to surveil a large portion of internet users. Yet, as of today, Tor is still bound by the limitations of an internet ecosystem that is predominantly owned and governed by only a handful of large corporations. BU3免费翻墙网

We will continue to update this blog post as more information becomes available.
来顶一下
返回首页
返回首页
欢迎评论:免登录,输入验证码即可匿名评论 共有条评论
用户名: 密码:
验证码: 匿名发表

推荐资讯

Octohide VPN:快如闪电的免费VPN
Octohide VPN:快如闪
原子网络加速器 - 免费高速VPN 一键链接 方便快捷
原子网络加速器 - 免费
foxovpn绿狐VPN——即连即用、快速、安全
foxovpn绿狐VPN——即
Dubai VPN - Free, Fast & Secure VPN下载
Dubai VPN - Free, Fa
相关文章
栏目更新
栏目热门
墙外新闻
读者文摘

你可以访问真正的互联网了。You can access the real Internet.

管理员精中特别提醒:本网站域名、主机和管理员都在美国,且本站内容仅为非中国大陆网友服务。禁止中国大陆网友浏览本站!若中国大陆网友因错误操作打开本站网页,请立即关闭!中国大陆网友浏览本站存在法律风险,恳请立即关闭本站所有页面!对于您因浏览本站所遭遇的法律问题、安全问题和其他所有问题,本站均无法负责也概不负责。

特别警告:本站推荐各种免费科学上网软件、app和方法,不建议各位网友购买收费账号或服务。若您因付费购买而遭遇骗局,没有得到想要的服务,请把苦水往自己肚子里咽,本站无法承担也概不承担任何责任!

本站严正声明:各位翻墙的网友切勿将本站介绍的翻墙方法运用于违反当地法律法规的活动,本站对网友的遵纪守法行为表示支持,对网友的违法犯罪行为表示反对!

网站管理员定居美国,因此本站所推荐的翻墙软件及翻墙方法都未经测试,发布仅供网友测试和参考,但你懂的——翻墙软件或方法随时有可能失效,因此本站信息具有极强时效性,想要更多有效免费翻墙方法敬请阅读本站最新信息,建议收藏本站!本站为纯粹技术网站,支持科学与民主,支持宗教信仰自由,反对恐怖主义、邪教、伪科学与专制,不支持或反对任何极端主义的政治观点或宗教信仰。有注明出处的信息均为转载文章,转载信息仅供参考,并不表明本站支持其观点或行为。未注明出处的信息为本站原创,转载时也请注明来自本站。

鉴于各种免费翻墙软件甚至是收费翻墙软件可能存在的安全风险及个人隐私泄漏可能,本站提醒各位网友做好各方面的安全防护措施!本站无法对推荐的翻墙软件、应用或服务等进行全面而严格的安全测试,因此无法对其安全性做保证,无法对您因为安全问题或隐私泄漏等问题造成的任何损失承担任何责任!

S. Grand Ave.,Suite 3910,Los Angeles,CA 90071

知识共享许可协议
本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可。