De-Anonymization, Smart Homes, and Erlang: Tor is Coming to SHA2017
One of the most common questions we get about Tor is some variation of “Is it safe to use?”
To answer the question, we rely on researchers and developers to look at the code and to try and find vulnerabilities and weaknesses in Tor. We just announced a bug bounty campaign for this purpose — literally paying you to hack Tor.
One researcher who’s doing a lot of work on Tor vulnerabilities is Juha Nurmi. Next month, at the SHA2017 hacker camp and conference, he’ll present real world cases where Tor was de-anonymized, including cases of operational security failures, fingerprinting, or traffic analysis.
Tor makes all of its users look the same, which makes them anonymous (learn more). Because of this, any possible correlation attacks require monitoring and compromising the network on a global scale. To say that’s incredibly difficult to achieve is an understatement.
In fact, when users are de-anonymized, it’s usually because they didn’t follow one of the our guidelines (enabling plugins in Tor Browser, for example) and not because of any inherent flaw in the Tor network. We document warnings about common pitfalls, and we’re working on our user interface to provide more alerts when users do something potentially comprising, like adjusting the size of the browser’s window.
More information about the possible pitfalls and how to mitigate them will be available in Nurmi’s upcoming paper that will be published after the conference. It’ll include suggestions for how Tor and Tor users can mitigate these attacks.
But that’s not all — there are several other Tor talks happening at SHA2017.
Smart Home Security with Tor
Most people are familiar with Tor as a network and as a browser, but moving forward, we’d like to include Tor in more parts of the web. To borrow some internet-speak, we want to Tor all the things!
Kalyan Dikshit from Mozilla will speak on one most important uses of Tor in the next decade: securing a plethora of internet-connected “smart home” devices.
Talla: An Erlang Implementation of Tor
Alexander Færøy will provide a technical walk-through of Talla, a third-party implementation of a Tor relay daemon in Erlang. You’ll gain a better understanding of the design, architecture and testing of a highly concurrent, fault-tolerant and complex application in Erlang.
Tor & Configuration Management
Sebastiaan Provost will talk about another area of focus for Tor moving forward: sustainably growing the Tor network.
Join the Tor Meetup
The conference has more than talks, and includes a Tor meetup (details to come!), a Family Area, and a host of interest-specific villages.
SHA2017 will take place in Zeewolde, about 35 miles east of Amsterdam, from 4-8 August. Get your tickets, and we’ll see you there.
I edited the post above for clarity. Thanks for your comment!