Thu Sep 19 06:39:06 UTC 2024: ## German Police Allegedly Crack Tor Anonymity, But Tor Project Claims It’s Due to User Error
**Berlin, Germany -** A new report from German news outlets Panorama and STRG_F claims that German authorities have successfully compromised the anonymity of Tor users through a technique called “timing analysis”. However, the Tor Project, the organization behind the privacy-preserving network, insists that this was not a flaw in Tor itself but rather a result of a user utilizing outdated software.
The report states that the German Federal Criminal Police Office (BKA) and the Public Prosecutor General’s Office in Frankfurt were able to identify at least one Tor user through network surveillance. The timing analysis method, which involves tracking the timing of data packets in Tor connections, was used during an investigation into “Andres G,” a suspected operator of a child sex abuse material (CSAM) website called Boystown.
According to the report, “G” used an outdated version of the anonymous messaging app Ricochet, which lacked protection against the timing-based deanonymization methods employed by the police. This allowed the authorities, in collaboration with telecom provider Telefónica, to match Tor traffic data with subscriber information, ultimately leading to “G’s” arrest and conviction in 2022.
The Tor Project, however, argues that “G” was not a victim of a successful attack on the Tor network itself, but rather of an insecure software configuration. They believe that “G” was likely caught through a “guard discovery attack” where the authorities were able to identify the “guard” node used to enter the Tor network. By tracing subscribers connected to that guard, the police could deduce the identity of the Tor user.
The Tor Project acknowledges that their network has seen a recent increase in exit nodes, but emphasizes that this is a normal occurrence and does not indicate a compromised network. They also stress the importance of using updated software and securing proper configurations to maintain anonymity within the Tor network.
Tor users are urged to remain calm and update their software to the latest versions. The Tor Project, however, is requesting further information from the German authorities to understand the specifics of their methods and provide responsible guidance to the Tor community.
First Piper 