Not too long ago, security researchers discovered a long list of malicious Tor nodes, designed to snoop on Internet traffic. Some node operators were even using their nodes to collect user data, and potentially attack the entire Tor ecosystem. Threats like these should be nipped in the bud at an early stage, and new features will be implemented in future versions of the anonymity software.
Most software projects would face a difficult time when recovering from such a problem, as it is difficult to weed out malicious nodes form a decentralized network. But in the case of Tor, these findings will not affect the project’s anonymity and privacy aspects all that much. In fact, the developers were aware of this problem for some time now, and they have been working on a solution behind the scenes.
Addressing Tor Snooping Through Coding
The upcoming Tor release will feature a new piece of code to eliminate this traffic snooping. Or to be more precise, the developers will battle this malicious behavior as best they can. For the time being, there is no specific release date for this new feature, though.
One thing the Tor developers want to point out is how these malicious network nodes do not unmask the person running a hidden service. Although law enforcement agencies would love nothing more than to see that happen, doing so will require a lot more skill and work than a node behaving badly.
What is rather interesting about these findings is how over 70 percent of the malicious nodes on the network are hosted in the cloud. Additionally, one in four nodes is an exit node, which is an unusual high number. In most cases, only 15 percent of all relays behave as an exit node.
Finding out who is behind these cloud-hosted nodes will be next to impossible, though. There is very little contact information, and a good amount of nodes are paid for with Bitcoin. Even though cryptocurrency is not anonymous – unless one uses a different currency such as Dash, for example – there is no need to transmit personal information when making payments.
Tor developer Sebastian Hahn explained the new code as follows:
“The way we’re working on it for the future is by using a stronger cryptographic protocol that does not allow the Tor servers involved in the regular operation of the network to see a portion of the metadata about hidden services.”
It will be interesting to see how this new code will affect the Tor protocol at a whole. It is good to see the developers taking appropriate action to ensure no one can further snoop on Tor services. This should not affect cryptocurrency users all that much, though. For those looking for more privacy and anonymity, Bitcoin is not a perfect choice. Dash, and some other alternative cryptocurrencies, are privacy centric and provide users with anonymity if they so desire.
Written by JP Buntinx
"Dash, and some other alternative cryptocurrencies, are privacy centric and provide users with anonymity if they so desire."
I've been saying for quite a while that we need easy, out-of-the-box / preset IP obfuscation instead of optional. Let's hope that happens in the future.
Problem is that that quote not 100% true. A private crypto doesn't store transactions on a public blockchain.
If looking at the transaction doesn't make sense (in terms of understanding who sent money to who), it can be considered private enough.
thanks for sharing this!