this post was submitted on 29 Oct 2024
58 points (74.2% liked)

Privacy

32120 readers
420 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay.
Tor has written about this.
Hacker News thread.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 75 points 3 weeks ago* (last edited 3 weeks ago) (3 children)

Bad post.

A: old news

B: massively misleading headline missing important context

C: Most likely partially fabricated by law enforcement according to many experts and the tor project. They didnt execute a full timing attack because they are not capable of doing that.

From the limited information The Tor Project has, we believe that one user of the long-retired application Ricochet was fully de-anonymized through a guard discovery attack. This was possible, at the time, because the user was using a version of the software that neither had Vanguards-lite, nor the vanguards addon, which were introduced to protect users from this type of attack. This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet, since version 3.0.12 released in June of 2022.

[–] [email protected] 13 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Yeah not sure why OP felt the need to use such a click-bait title.

[–] [email protected] 8 points 3 weeks ago (1 children)

Maybe OP is part of a law enforcement entity!!

[–] [email protected] 4 points 3 weeks ago* (last edited 3 weeks ago)

I doubt it. I think OP wanted upvotes and didn't read carefully. Something like "tor user de-anonymized via retired app" would of been more accurate.

This is another great lesson that even the best privacy tools can't protect a user from their own bad opsec.

It just sucks as a lot of Lemmy users will just read the title and assume its true and then tell their friends tor is no longer safe.

[–] [email protected] 7 points 3 weeks ago

Thanks for this.

[–] [email protected] 2 points 3 weeks ago* (last edited 3 weeks ago)

They say not given full access, so post from tor may not full picture.

In interview daniel moßbrucker say that onion v3 was affect 2 time, so not only ricochet.

Source for expert saying it fabricated?

Source for government not capable of timing attack?

Want to read up on more opinion on this.

edit: if daniel moßbrucker trustworthy. might also fabricate story.