This site may earn chapter commissions from the links on this page. Terms of use.

The Tor network provides secure communication to political dissidents and journalists effectually the world, but criminals and various net ne'er-practice-wells also brand use of the strong privacy features of the Tor project. That has led police force enforcement to expend considerable resources trying to unmask the users of Tor, and a recent statement from Tor'due south director Roger Dingledine accused researchers at Carnegie Mellon University (CMU) of selling a Tor hack to the FBI for $1 million. The university has at present responded to say they did no such thing.

Tor makes communications private by bouncing each parcel through a network of encrypted machines called relays or nodes. Each relay in the network only knows the IP of the previous relay, then after a few hops, the source of a package is obfuscated. Since no user on the network tin know the consummate path of a packet, the sender can't be identified past their IP address, which is the usual mode online users are identified by law enforcement.

There have been a number of manner to identify Tor users, just none of them are reliable or feasible in practice. In 2022, researchers from Carnegie Mellon abruptly cancelled a talk at Black Hat where they were expected to detail a method to crack Tor'southward anonymity. Tor's Dingledine says that method roughshod into the hands of the FBI and Carnegie Mellon was paid "at to the lowest degree $1 million" to assist in attacking Tor hidden services in early 2022.

tor-workflow

If true, this would be extremely troubling with respect to due process and academic freedom. Carnegie Mellon's new statement on the matter denies that information technology was paid to attack Tor users, simply the linguistic communication still leaves some jerk room. "In the course of its work, the academy from fourth dimension to time is served with subpoenas requesting information about research it has performed. The academy abides by the dominion of police force, complies with lawfully issued subpoenas and receives no funding for its compliance," the statement reads.

So, it sounds plausible that the FBI was able to get a subpoena for CMU's Tor research. Certain kinds of national security orders would also forbid researchers from even discussing the subpoenaed data, which might explain why the Black Hat talk was cancelled without explanation. If the FBI figured out what data CMU had that would exist valuable in breaking Tor, it wouldn't want the exploit to exist exposed and fixed.

Tor patched a protocol vulnerability in mid-2014 that is believed to exist related to the Carnegie Mellon exploit, only there is no confirmation of this. No one from CMU or the FBI is willing to speak on the record beyond the issued statements, so mayhap this will remain a mystery of the cyberspace. Well, unless Tor can get some hard evidence of collusion between the FBI and Carnegie Mellon. In the concurrently, Tor is shoring up its security in the wake of these revelations.