Hacker News new | ask | show | jobs
by mike_hock 29 days ago
No, because I don't keep a list of every article I've read over the past decade or so, but there were multiple busts where a regular law enforcement agency (FBI and their international counterparts) were able to prove the identity of a user simply by timing attacks.

The fact that Tor does not intend to tackle the timing problem is plainly stated on the Tor website.
1 comments
lucb1e 29 days ago
I was also curious about a source for this but if you just mean the common knowledge that...

> Tor does not intend to tackle the timing problem [as] plainly stated on the Tor website.

then that's not how I read the above claim about Tor "having been deanonymized". Yes, yes, it strictly fits within the meaning of what you wrote, but it's like saying bread has been made free before because someone found a place where they could plant wheat seeds and chop trees to bake it without having to pay for using the ground and wood: there is a roundabout way of getting there but it's not true in the common case (you can't just do this for everyone at will)

link
mike_hock 28 days ago
"Tor has been successfully deanonymized" = "There are documented cases of successful deanonymization attacks."

https://www.schneier.com/blog/archives/2013/12/tor_user_iden... https://www.schneier.com/blog/archives/2024/10/law-enforceme...

If law enforcement can do it, then intelligence agencies and anyone with a similar budget can do it.

I did not say there is an easy exploit available that anyone can use or that attacks have a 100% success probability.

link
akimbostrawman 25 days ago
First link:

"The FBI didn’t have to break Tor; they just used conventional police mechanisms to get Kim to confess."

Second link:

"From the limited information The Tor Project has, we believe that one user of the long-retired application Ricochet was fully de-anonymized through a guard discovery attack. This was possible, at the time, because the user was using a version of the software that neither had Vanguards-lite, nor the vanguards addon, which were introduced to protect users from this type of attack. This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet, since version 3.0.12 released in June of 2022."

Did you even read those links?

link