Tor HTTP Usage and Information Leakage
نویسندگان
چکیده
This paper analyzes the web browsing behaviour of Tor users. By collecting HTTP requests we show which websites are of interest to Tor users and we determined an upper bound on how vulnerable Tor users are to sophisticated de-anonymization attacks: up to 78 % of the Tor users do not use Tor as suggested by the Tor community, namely to browse the web with TorButton. They could thus fall victim to deanonymization attacks by merely browsing the web. Around 1% of the requests could be used by an adversary for exploit piggybacking on vulnerable file formats. Another 7 % of all requests were generated by social networking sites which leak plenty of sensitive and identifying information. Due to the design of HTTP and Tor, we argue that HTTPS is currently the only effective countermeasure against de-anonymization and information leakage for HTTP over Tor.
منابع مشابه
Compromising Tor Anonymity Exploiting P2P Information Leakage
Privacy of users in P2P networks goes far beyond their current usage and is a fundamental requirement to the adoption of P2P protocols for legal usage. In a climate of cold war between these users and anti-piracy groups, more and more users are moving to anonymizing networks in an attempt to hide their identity. However, when not designed to protect users information, a P2P protocol would leak ...
متن کاملDetecting Information Leakage via a HTTP Request Based on the Edit Distance
Recently, we often face the problem of information leakage. In a lot of routes of leakage, the number of leakage victims via the Internet makes up approximately the half of all leakage victims. The cause of leakage via the Internet is divided into human action and malware such as spyware. For example, it occurs when human writes on the bulletin board and spyware works. Especially a technical co...
متن کاملWhen A Small Leak Sinks A Great Ship: Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis
With the rapid increase of threats on the Internet, people are continuously seeking privacy and anonymity. Services such as Bitcoin and Tor were introduced to provide anonymity for online transactions and Web browsing. Due to its pseudonymity model, Bitcoin lacks retroactive operational security, which means historical pieces of information could be used to identify a certain user. We investiga...
متن کاملHow (Not) to Apply Differential Privacy in Anonymity Networks
Differential privacy is a particularly appealing way of defining privacy due to its ability to handle adversaries with arbitrary auxiliary information at their disposal [1]. In essence, using differential privacy should imply that we do not have to worry about the external databases or specialized knowledge that an attacker has access to. Meanwhile, one of the biggest challenges for anonymity n...
متن کاملImproving Tor security against timing and traffic analysis attacks with fair randomization
The Tor network is probably one of the most popular online anonymity systems in the world. It has been built based on the volunteer relays from all around the world. It has a strong scientific basis which is structured very well to work in low latency mode that makes it suitable for tasks such as web browsing. Despite the advantages, the low latency also makes Tor insecure against timing and tr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010