Tor Project Responds to Reports of German Police Deanonymizing Users

• According to the project, the attacks occurred between 2019-2021 on an outdated version of the retired Ricochet application. This version lacked features that The Tor Project released in the Ricochet-Refresh update in June 2022 to counter timing analysis. Current versions of Ricochet-Refresh include these protections.

"From the limited information The Tor Project has, we believe that one user of the long-retired application Ricochet was fully de-anonymized through a guard discovery attack. This was possible, at the time, because the user was using a version of the software that neither had Vanguards-lite, nor the vanguards addon, which were introduced to protect users from this type of attack. This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet, since version 3.0.12 released in June of 2022," said the Tor Project.

• A report by Panorama, with support from the Chaos Computer Club (CCC), claims that law enforcement used timing analysis attacks via numerous Tor nodes to identify and arrest operators of the "Boystown" child abuse platform.
• The report lacks technical details, but it appears German police uncovered a guard node linked to the old Tor messaging service Ricochet, used by Boystown members, by analyzing the timing of data packets between compromised Tor nodes and their source.

A Tor timing attack deanonymizes users by observing data timing. An attacker, controlling or monitoring Tor nodes, compares entry and exit timings to trace traffic to an individual.

"Vanguards-lite, released in Tor 0.4.7, protects against the possibility of combining an adversary-induced circuit creation with circuit-based covert channel to obtain a malicious middle relay confirmed to be next to the user's Guard. Once the Guard is obtained, netflow connection times can be used to find the user of interest. In this case, the netflow attack could proceed quickly, because the attacker was able to determine when the user was online and offline due to their Onion Service descriptor being available, combined with the low number of users on the discovered Guard."

• According to The Tor Project, Onion Services are only accessible within the Tor network, making exit nodes irrelevant in this case. Timing analysis also requires long user connections, making short-term connections less vulnerable. From 2019-2021, Tor's Network Health team flagged and removed thousands of potentially bad relays. They now have processes to detect and block large groups of relays from single operators and bad actors.
• The project also complained about having "very limited information" on the case and encouraged anyone with additional details to come forward to assist with its threat analysis. It also recommended that Tor users patch their applications to the latest releases as soon as possible.

"We need more details about this case. In the absence of facts, it is hard for us to issue any official guidance or responsible disclosures to the Tor community, relay operators, and users. If you have any information that can help us learn more about this alleged attack, please email security@torproject.org," was stated in a blog post.

• "German authorities did not respond to a request for comment seeking further information on the operation. The agency may have invoked the Federal Criminal Police Office Act that allows the German police to employ a range of surveillance measures to track criminals," Dennis-Kenji Kipker, a professor of IT security law at the University of Bremen, told Govinfosecurity.com.

• “For the great majority of users worldwide that need to protect their privacy while browsing the Internet, Tor is still the best solution for them," added the project maintainers.

Tor Blog Post / Archive
Panorama Article / Archive
Gizmodo Article / Archive
Bleeping Computer Article / Archive