Researchers Discover 110 Snooping Tor Nodes

Reader Orome1 writes: In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and do not misbehave. Particularly the privacy of the hidden services is dependent on the honest operation of hidden services directories (HSDirs)," Professor Guevara Noubir and Ph.D. student Amirali Sanatinia explained. "Bad" HSDirs can be used for a variety of attacks on hidden services: from DoS attacks to snooping on them.

Tor's fatal flaw

[fustakrakich]

You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

ESPECIALLY Tor and other obvious targets

[raymorris]

> You can't trust anybody, not even Tor.

IMHO, I especially don't trust Tor. It's an obvious place that three-letter agencies would be looking. If I drive down Crack Avenue with a busted taillight, I *expect* that police will be patrolling the area and probably pull me over. It would, imho, be silly to think that authorities aren't patrolling the digital equivalent of Crack Avenue.

Re:So is the bottom line...

[TroII]

If you even search for Tor (or "Linux" or "secure desktop" or "IRC" or "Truecrypt") you get put on an NSA list.