Is the Tor browser network still safe? – DW – September 28, 2024

What is Gate?

Tor is a network that allows users to surf the Internet anonymously. More than 2 million people worldwide use Tor.

When using the Tor browser, internet data is routed through multiple servers, called “nodes,” before it reaches its destination. Each node only knows the previous and next nodes, but not the entire history, making it impossible to determine a user’s identity or location.

Since this information is no longer recognizable, this area of ​​the Internet is also known as the Dark Web.

The browser does not use conventional websites, but rather so-called “onion pages” that users can only access via the Tor browser.

Why is it so important, especially in authoritarian countries?

Such a system is particularly important for people in countries such as China, Russia or Iran, where governments have installed Internet censorship or surveillance.

The Tor network allows people in these countries to communicate freely on the Internet without fear of being detected by government surveillance systems. This also allows journalists, activists and whistleblowers to protect their sources and share information securely.

In addition, Tor browsers from countries where they are banned can access websites like Deutsche Welle’s. DW has made its website accessible to Tor to allow users to bypass internet censorship and access DW content.

Why are criminal investigators interested in Tor?

It is obvious that authoritarian states want to control the Internet as completely as possible. But investigators in democratic countries also want to monitor what is spread on the Dark Web via the Tor network. This is due to the diverse content about weapons and drugs, as well as pedophiles, that appears on the Dark Web.

Until now, the Dark Web has been a protected space for operators like Tor. However, it was recently announced that the Federal Criminal Police Office tracked down an operator of the pedophile platform Boystown on the Dark Web in 2021.

“These investigators have achieved something that was previously considered practically impossible,” German journalist Daniel Mossbrücker told DW.

Mossbrucker, a reporter for ARD, uncovered the story together with his colleagues.

How did the investigators manage to do that?

The investigators used so-called timing analysis, in which the size of a sent file is recorded and traced through the various nodes to the recipient’s IP address. Although this is extremely time consuming, it was successful in this documented case.

“This requires intensive monitoring of relevant parts of the Tor network, which is why temporal analyzes can probably only be carried out by government authorities,” explained Mossbrucker.

Is Tor still safe to use?

Matthias Marx from the Chaos Computer Club, a hacker association in Europe, sees “no evidence that there is a risk of deanonymization for pure users of the Tor browser.”

Marx had access to secret documents that showed how the police could deanonymize the perpetrator via the Tor network. According to his findings, the previous successful attempts to track down the identity of users relate to so-called onion services and messengers that use this functionality.

“It takes a lot of effort and is apparently only successful in a few cases, not generally,” Marx said in an interview with DW.

Mossbrucker also sees no reason to panic. “The Tor browser is still a very secure means of communication.”

Both experts agree that state surveillance authorities can hardly identify someone who simply surfs the Internet with the Tor browser – for example to access the DW websites. However, they also demand that the Tor project improve anonymity protection.

Are whistleblowers more likely to be affected?

This seems to be the main problem. After Edward Snowden’s revelations about the US Secret Service’s spying activities, many media outlets set up digital mailboxes in which whistleblowers could store confidential information securely and anonymously. These were usually very large files.

“With whistleblowing platforms, little typically happens until a source decides to submit data. In this scenario, timing analyzes generally work better than elsewhere,” said Mossbrucker.

He recommended using a VPN in addition to Tor, a network connection that cannot be viewed from the outside.

What does Tor say about the reports?

The nonprofit Tor Project insists that communications within the network remain anonymous.

“The Onion eliminates the problem of egress monitoring or tampering by keeping communications within the Tor network,” it said in a statement.

“Onion services provide end-to-end encryption. This means that communication between the client and the Onion service is encrypted across all nodes. Both the client and the onion service maintain anonymity.”

However, Mossbrucker and Marx’s research teams have shown that this is no longer true in this absolute sense.

This article was originally published in German.