"The maintainers of the Tor Project have responded to claims that German law enforcement has devised a technique to deanonymize its users.

According to German media, law enforcement has infiltrated the anonymizing network and in at least one case they unmasked a criminal.

German law enforcement agencies have been surveilling Tor network by operating their own servers for months. Research conducted by ARD’s Panorama and STRG_F revealed that data collected during surveillance is processed using statistical methods, effectively breaking Tor’s anonymity. Reporters uncovered documents showing four successful timing analyses in a single investigation, marking the first documented cases of this technique being used in the Tor network.

“Reporters from Panorama and STRG_F were able to view documents that show four successful measures in just one investigation. These are the first documented cases of these so-called ‘timing analyses’ in the Tor network worldwide. Until now, this was considered practically impossible.” reported the NDR.

“The logic behind the measure, which experts call ‘timing analysis’: The more nodes in the Tor network are surveilled by the authorities, the more likely it is that a user will attempt to disguise their connection via one of the monitored nodes. By timing individual data packets, anonymised connections can be traced back to the Tor user, even though data connections in the Tor network are encrypted multiple times.”

While investigating the pedo-criminal darknet platform “Boystown” between 2019 and 2021, Germany’s Federal Criminal Police Office (BKA) successfully identified Tor nodes used by Andreas G., an administrator of the platform. The BKA tracked Tor nodes and entry servers from the chat service “Ricochet,” which was a significant breakthrough. The district court in Frankfurt ordered Telefónica to trace o2 customers connected to these nodes, leading to Andreas G.’s arrest in North Rhine-Westphalia. In December 2022, he was sentenced to several years in prison, though the verdict is not yet final.

Experts who reviewed the research documents from Panorama and STRG_F confirmed that law enforcement de-anonymized the suspect. Matthias Marx, a spokesperson for the Chaos Computer Club (CCC), stated that the evidence strongly suggests law enforcement has repeatedly and successfully used timing analysis attacks over several years to deanonymize selected Tor users.

“The documents in conjunction with the information described strongly suggest that law enforcement authorities have repeatedly and successfully carried out timing analysis attacks against selected Tor users for several years in order to deanonymise them.” said Marx.

The Tor Project commented on the case in a post published on its website. The maintainers said they have not received the technical details related to the reported deanonymization methods and is seeking the same information given to the Chaos Computer Club (CCC) for further investigation. The organization expressed that it currently has more questions than answers.

The maintainers added that the Tor networks still the best solution to protect users privacy online.

“Like many of you, we are still left with more questions than answers–but one thing is clear: Tor users can continue to use Tor Browser to access the web securely and anonymously. And the Tor Network is healthy.” reads the post on the Tor Project website. “Please note, that for the great majority of users worldwide that need to protect their privacy while browsing the Internet, Tor is still the best solution for them. We encourage all Tor users and relay operators to always keep software versions up to date.”

Maintainers at the Tor Project believe that a user of the now-retired Ricochet application was fully deanonymized through a guard discovery attack. This occurred because the user was using an older version of Ricochet that lacked the Vanguards-lite protection and the vanguards addon, which were designed to prevent such attacks. These protections were introduced in Ricochet-Refresh since version 3.0.12 in June 2022. Vanguards-lite, released with Tor 0.4.7, protects against adversary-induced circuit creation that could lead to identifying a user’s Guard relay. In this case, the attacker exploited the user’s Onion Service descriptor and netflow timing to quickly deanonymize them."