Fixes are planned for Internet anonymity tool Tor after researchers showed that national intel­li­gence agen­cies could plau­sibly unmask users.

By Tom Simonite on October 25, 2013

When reports pub­lished ear­lier this month revealed that the U.S. National Secu­rity Agency could reverse the pro­tec­tions of Internet anonymity tool Tor, many activists and others who rely on the tool had little reason to panic. Despite the alarmist tone of some head­lines, the tech­niques revealed relied on attacking soft­ware such as Web browsers rather than Tor itself. After reviewing the leaked NSA doc­u­ments, the Tor Project declared “there’s no indi­ca­tion they can break the Tor protocol.”

All the same, the Tor Project is trying to develop crit­ical adjust­ments to how its tool works to strengthen it against poten­tial com­pro­mise. Researchers at the U.S. Naval Research Lab­o­ra­tory have dis­cov­ered that Tor’s design is more vul­ner­able than pre­vi­ously real­ized to a kind of attack the NSA or gov­ern­ment agen­cies in other coun­tries might mount to deanonymize people using Tor.

Tor pre­vents people using the Internet from leaving many of the usual traces that can allow a gov­ern­ment or ISP to know which web­sites or other ser­vices they are con­necting to. Users of the tool range from people trying to evade cor­po­rate fire­walls to activists, dis­si­dents, crim­i­nals, and U.S. gov­ern­ment workers with more sophis­ti­cated adver­saries to avoid.

Read the article at MIT Technology Review →