Researchers: large part of Tor users can be identified
Researchers at Columbia University claim that more than 80 percent of Tor traffic can be traced back to an IP address. The network technology Netflow, which is implemented in Cisco routers, is said to offer a helping hand.
The researchers say they have added Tor relays that run on a modified Linux version to the Tor network at several locations. The nodes kept a large amount of Tor traffic under the magnifying glass between 2008 and 2014. For this purpose, data was used from Netflow, a technology from Cisco that can be found in the company’s routers and is used to inspect IP traffic.
By analyzing recognizable objects in the anonymization network, such as html files, at the packet level at an entrance to the Tor network and looking again at the traffic at an exit node, a large part of Tor users could be traced to an ip address. Based on laboratory research, up to 81.4 percent of the analyzed traffic could be traced back to an IP address with a margin of error of 6.4 percent.
According to the researchers, Tor is vulnerable in part because it allows low-priority traffic, giving attackers time to manipulate or investigate the traffic as the packets pass. An attacker, for example a secret service, could also use the described method to identify users of the Tor network, although this would require significant network capacity.