Security and anonymity vulnerabilities in Tor


First slide of slides-25c3.pdf


25th Chaos Communication Congress


There have been a number of exciting bugs and design flaws in Tor over the years, with effects ranging from complete anonymity compromise to remote code execution. Some of them are our fault, and some are the fault of components (libraries, browsers, operating systems) that we trusted. Further, the academic research community has been coming up with increasingly esoteric – and increasingly effective! – attacks against all anonymity designs, including Tor.

Roger will walk through some of the most egregious bugs and design flaws we've had, and give some intuition about lessons learned building and deploying the largest distributed anonymity network ever. Then he'll outline the wide variety of current vulnerabilities we have, explain what they mean for our users, and talk about which ones we have a plan for and which ones will continue to be a pain for the coming years. Last, we'll speculate about categories and topics that are likely to introduce new problems in the future.