Is Tor still safe to use? | The Tor Project

The Nugget

  • Tor remains a secure tool for anonymity in browsing, despite a specific case of de-anonymization linked to outdated software. Users are encouraged to stay updated and continue using Tor to protect their privacy.

Make it stick

  • 🔒 Tor Browser users should always update their software to the latest version for maximum security.
  • 💡 The Ricochet application attack illustrates vulnerabilities in outdated systems that lack protective features released since 2022.
  • 🚀 The number of Tor exit nodes has increased significantly, contributing to a healthier network.
  • 💪 Active community involvement can enhance Tor's safety through diversity in relays and bandwidth contributions.

Key insights

Tor's Current Security Status

  • Tor is still considered the best privacy solution for most users worldwide.
  • The recent de-anonymization incident involved a user of the Ricochet application, which is no longer maintained, highlighting the risks of using outdated software.
  • Protecting against guard discovery attacks requires using recent versions of the Tor Browser and additional security tools such as Vanguards-lite.

Understanding the Incident

  • The incident referenced involved a guard discovery attack where an outdated version of Ricochet was exploited due to its lack of protective features introduced in later software updates.
  • The Tor Project is actively seeking more information regarding the de-anonymization cases to provide proper guidance to users.

Network Health and Improvements

  • The Tor network's infrastructure has improved, with over 2,000 exit nodes now in operation.
  • The Network Health team continuously works to identify and remove bad relays, enhancing overall security and distribution within the network.
  • Increased bandwidth and relay diversity contribute to a faster, more resilient Tor network, minimizing the potential for surveillance and abuse.

Key quotes

  • "Tor users can continue to use Tor Browser to access the web securely and anonymously."
  • "We believe that one user of the long-retired application Ricochet was fully de-anonymized through a guard discovery attack."
  • "Responsible Disclosure...left us with uncertainty of the facts, and questions of our own."
  • "If you have any information that can help us learn more about this alleged attack, please email [email protected]."
  • "Tor is one of the few alternatives that provide a vision and actionable model for a decentralized Internet."
This summary contains AI-generated information and may have important inaccuracies or omissions.