When the data leak from the Ashley Madison site was published, it was put on a webpage with the “onion” domain, which meant it was only accessible to those using an anonymous browser such as TOR. But even the TOR broswer isn’t foolproof.
For those who don’t know what the TOR browser is, it’s an internet browser that scrambles user data by sending it through a variety of alternate channels. TOR (which stands for “the onion router”) can bypass otherwise blocked web pages and prevent data from being stolen. TOR even provides a list of things users should do with the browser they normally don’t to prevent being tracked. Seems reasonable, right? And for the most part it is. TOR is without a doubt a legitimately useful piece of software.
However, the anonymity that TOR provides is bound to be exploited. TOR is used to get to onion domain sites most of the time, and not all of those are legal. The infamous “dark web” is more than just shady; it can get anything from a fake passport to drugs to (maybe) a hitman. No doubt some of these things are either jokes or attempts to seperate the gullible from their money, but just as there are many legitimate reasons to use the TOR browser, there are just as many reasons to want to crack who’s using it. The example of the recent sentence of the creator of the infamous “Silk Web” site that sold illegal drugs is evidence that it can be done. And while the Silk Web creator made a number of obvious mistakes, that doesn’t mean it’s going to be an isolated case. MIT researchers have been able to identify sites in the TOR network with an 88 percent rate of accuracy.
While a user might be technically anonymous, that doesn’t mean there’s no way to identify the person in some way. Just like how you might notice that “Santa” has the same writing as one of your parents, patterns and quirks can be noticed in even the most anonymous forum. Handwriting doesn’t come up often on the web, but keystroke patterns can be analyzed from a previous sample. That’s not something most users of TOR that aren’t breaking the law with it would be concerned with, but the fact remains that it is able to defeat the purpose of the browser in the first place.
As the TOR browser has shown its weaknesses, competitors have come up. The HORNET browser is currently only an idea put forward by academic researchers, but it is designed to be both quicker and more secure than TOR. But even if it is, there’s still a good chance someone will figure out how to crack it.
The only way to deal with any of this is to assume that nothing you do is anonymous, TOR browser included. And even to those who aren’t actively breaking the law, that’s not a very reassuring thought. But that’s the reality of the 21st century.
(Image via Wikipedia/Tor Project and Mozilla)