What the "Spoiled Onions" paper means for Tor users
Together with Stefan, I recently published the paper "Spoiled Onions: Exposing Malicious Tor Exit Relays". The paper only discusses our results and how we obtained them and we don't talk a lot about the implications for Tor users. This blog post should fill that gap.
First, it's important to understand that 25 relays in four months isn't a lot. It is ultimately a very small fraction of the Tor network. Also, it doesn't mean that 25 out of 1,000 relays are malicious or misconfigured (we weren't very clear on that in the paper). We have yet to calculate the churn rate of exit relays which is the rate at which relays join and leave the network. 1,000 is really just the approximate number of exit relays at any given point in time. So the actual number of exit relays we ended up testing in four months is certainly higher than that. As a user, that means that you will not see many malicious relays "in the wild".
Second, Tor clients select relays in their circuits based on the bandwidth they are contributing to the network. Faster relays see more traffic than slower relays which balances the load in the Tor network. Many of the malicious exit relays contributed relatively little bandwidth to the Tor network which makes them quite unlikely to be chosen as relay in a circuit.
Third, even if your traffic is going through a malicious exit relay, it doesn't mean that everything is lost. Many of the attacks we discovered still caused Firefox' infamous "about:certerror" warning page. As a vigilant user, you would notice that something isn't quite right and hopefully leave the site. In addition, TorBrowser ships with HTTPS-Everywhere which by default attempts to connect to some sites over HTTPS even though you just typed "http://". After all, as we said in the past, "Plaintext over Tor is still plaintext".
Finally, we want to point out that all of these attacks are of course not limited to the Tor network. You face the very same risks when you are connecting to any public WiFi network. One of the fundamental problems is the broken CA system. Do you actually know all the ~50 organisation who you implicitly trust when you start your Firefox, Chrome, or TorBrowser? Making the CA system more secure is a very challenging task for the entire Internet and not just the Tor network.
In essence, that means that all security best practice you already know from Firefox or Chrome also applies to TorBrowser. In particular, I'm referring to Firefox' warning page you might see every now and then. It says something along the lines of "This Connection is Untrusted" or "This is not the site you are looking for". These warning pages should tell users that the connection to the site isn't quite right. When you are using TorBrowser, you could try clicking on the onion at the top left and then click on "New Identity". Afterwards, you could try refreshing the web site where the warning happened.
The important thing to remember is: if that happens when you go to Facebook, Twitter, or your favourite web site, you really shouldn't ignore the warning and try to log in. Otherwise, somebody might have just gotten your password.
Yes but problem with selecting new ID is losing all your tabs. Resets browser (FFox) to clean state. Pre 3.5 you could cycle through new ID as often as you wanted without being reset.
Bookmarks -> Bookmark All Tabs
Then go to that bookmark folder and Open All in Tabs. (Then go to Show All Bookmarks to delete that folder when you're done with it.
Of course not having all the tabs close would be preferable.