Articles with headlines such as “Here is how to expose Tor-users” appear regularly in the mainstream press. Most of these articles have nothing to do with Tor itself and everything to do with users who by mistake allow their software to send personal information over the anonymous connection or allow their software to connect to the Internet without going through Tor. Like the recient “Hacker builds tracking system to nab Tor pedophiles” article which outlines how to “expose” the 0.001% of Tor-users who browse with Java enabled in their browser.
The Tor-project have now responded to the “attack” outlined in this article and articles like it: They’ve put up a WARNING!! WARNING!! section on the Tor download page. It outlines what was already clearly stated in the documentation: Tor makes your connection anonymous, but does not make your software act anonymous. This warning is a good move in the right direction:
Anonymous Internet-usage requires you to disable plugins such as flash, java, active x and other plugins who can seriously compromize your anonymity. And every Tor-user should know this. Now it’s not even possible to download the software without getting a basic understanding of the steps you need to take to actually make it work.
The warning should also put a stop to these “Here’s how to attack Tor-users… if they are extremely stupid”-articles since the warning being there makes it very clear that people who claim to be able to attack Tor are either knowingly ignoring that their attack doesn’t apply to anyone who’ve read the documentation or unable to read and/or understand English, in which case it should be apparent that their supposed attack probably ain’t going to work.
Oh, btw. Every Tor-user should take a look at the warning. The information there really is essential to making good decisions regarding which software is and isn’t safe to combine with Tor.
