Is Tor Safe? | Assessing 5 Claims About Tor’s SecurityCategory: primers
A 5 Minute Read
09 Mar 2017
Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!
One of the most common questions asked about Tor is whether it is safe enough to be relied upon. While this is a perfectly useful question that should be encouraged, unfortunately it often results in battle-flags being raised and the cavalry being called. On the left are the die-hard Tor supporters, who champion the technology as the liberator of humans, far and wide. On the right are the nay-sayers, the ‘Tor is a honeypot funded by the US navy’ crowd, who cite NSA exploits, correlation attacks, and the evil exit nodes sniffing your traffic and hacking your docs. The reality of the matter is somewhere in the middle.
This article will navigate through these attacks and defenses to clearly convey how safe Tor really is. It will do so by taking several claims about Tor and assessing their validity (in clear and simple terms), before summing up whether Tor is safe to use for two different use-cases (spoiler alert: use-case matters).
Claim: Tor is Funded by the US Navy
While this is true, it takes on a rather simplistic view of government, and any reasonable level of thinking shows it is of little significance. Indeed, governments are hardly ever tightly-knit, and it is not uncommon for several agencies to clash. The US Navy funds Tor because Tor is useful to its operations (its operatives overseas need a secure way to communicate that doesn’t stand out, which Tor provides), as it is to many others, such as law enforcement.
Nevertheless, the core concern here is influence: what if the Navy’s funding compelled Tor to insert a backdoor for only the Navy? The problem with this is that Tor is open source, and putting a backdoor into open source code, never mind the code of a project that is intensely scrutinized by skeptics, is a pretty piss poor idea. If the Navy wanted a honey pot to use for surveillance, it would be far better off setting up a VPN company with highly competitive prices. After all, there’s no way to verify that VPNs aren’t surveilled.
Claim: Tor Exit Nodes Are Evil and Watch Your Traffic
This is a bit of a trickier claim because there’s no way to verify it. As well, we must distinguish between privacy and anonymity: evil exit nodes sniffing internet traffic do not necessarily compromise your anonymity unless you’re sending private, identifiable information. In other words, if they just see a Reddit page loading, they have no way to know who is loading it unless it is accompanied by some piece of identifying information.
Nevertheless, some exit nodes have certainly been caught sniffing traffic, but the vast majority have not, many of which are run by privacy-friendly organizations like Mozilla. As well, the use of SSL/TLS makes it significantly harder to sniff people’s traffic, and attempting to break SSL/TLS radically increases the chance that the malicious exit node will be detected. Finally, traffic to and from hidden services never passes through an exit node, and so the argument simply doesn’t apply here.
Long story short, if you use SSL/TLS wherever you can, and don’t send identifying information without it, the chances of an exit node betraying you are very low.
Claim: Tor is Susceptible to Correlation Attacks
True. Tor is susceptible to correlation attacks. If a single entity controls both the entry (guard) relay, and the exit relay, then they use statistics to potentially identify you. Note that they can’t decrypt the communications; your traffic is still private, but they’ll know your IP address and the IP address of whoever you’re talking to.
This is a very hard problem to solve, but given the number of Tor relays it is unlikely that your traffic would go through both the necessary guard and exit relay. Moreover, these attacks all have false positive rates, meaning that out of one hundred thousand users, they might be able to narrow it down to you and 5,999 others (6%). For all intents and purposes this isn’t very useful, and therefore attacks against Tor typically aim for hacking the Tor Browser itself.
Claim: The Tor Browser Has Been and Can Be Hacked
Claim: You Can Still Be Tracking While Using Tor
So is Tor Safe Enough?
With these points in mind, assessing whether Tor is safe enough for you to use requires some context. Specifically, the decision must consider what you’re using Tor for, what the risks are, how valuable hacking you is, etc. This is a process known as threat modelling, and while several books could be written on the topic, briefly consider the following simplistic examples to get a sense of what I mean when I say context matters:
Lower Risk: Browsing NSFW Websites
For example, someone who is casually browsing some not-safe-for-work websites using Tor is likely not a high value target. The cost of surveilling/deanonymizing them is far too high given the potential reward for doing so. Law enforcement and intelligence agencies prefer to keep their tools as secret as possible; if they have a working attack against the Tor Browser they will only use it if it is warranted, because deploying an attack runs the risk of revealing it to the public. Therefore, if you are using Tor to casually browse online privately and anonymously, there’s little reason for concern. Just turn up your security slider to stop the basic web-trackers and you should be able to sleep easy at night.
Higher Risk: Leaking CIA Tools
On the other hand, if you were leaking the CIA’s hacking tools you would want to take significantly more precautions. Indeed, an act like this would make you a very high value target that a powerful adversary would have an interest in revealing; all of those ‘low probability’ instances I have described might become significantly more probable, never mind the fact that they are offset by significantly higher personal risk.
While I will refrain from giving too much advice on how to do this (please consult people smarter than me), simply turning a security slider to high would be far from enough to ensure your safety. Here you need to begin to consider comprehensive strategies that utilize Tor as a supplementary protection rather than the only protection. In other words, consider Tor a major piece of the anonymity/privacy puzzle, but don’t make it the only thing you’re relying upon. Your strategy should be likely to work with or without Tor.
Tl;dr: Yes, probably, unless you’re Edward Snowden or a drug kingpin.