Sciweavers

CMS
2010

Tor HTTP Usage and Information Leakage

13 years 5 months ago
Tor HTTP Usage and Information Leakage
This paper analyzes the web browsing behaviour of Tor users. By collecting HTTP requests we show which websites are of interest to Tor users and we determined an upper bound on how vulnerable Tor users are to sophisticated de-anonymization attacks: up to 78 % of the Tor users do not use Tor as suggested by the Tor community, namely to browse the web with TorButton. They could thus fall victim to deanonymization attacks by merely browsing the web. Around 1% of the requests could be used by an adversary for exploit piggybacking on vulnerable file formats. Another 7 % of all requests were generated by social networking sites which leak plenty of sensitive and identifying information. Due to the design of HTTP and Tor, we argue that HTTPS is currently the only effective countermeasure against de-anonymization and information leakage for HTTP over Tor.
Marcus Huber, Martin Mulazzani, Edgar Weippl
Added 29 Oct 2010
Updated 29 Oct 2010
Type Conference
Year 2010
Where CMS
Authors Marcus Huber, Martin Mulazzani, Edgar Weippl
Comments (0)