Tor's anonymity is at risk because of a coordinated attack from Russia - The UpStream

Hero Image

Tor's anonymity is at risk because of a coordinated attack from Russia

posted Saturday Dec 11, 2021 by Scott Ertz

Tor's anonymity is at risk because of a coordinated attack from Russia

Tor, the subnet of the internet focused on anonymity and privacy, has seen its share of attacks over the years. Regular raids by law enforcement have shuttered various parts of the network. Now, the network is under attack thanks to a malicious actor taking advantage of the structure of the network in order to undermine its privacy.

What is Tor?

Tor is the public-facing service of The Onion Routing Project. The core concept of the service is to change the way computers communicate over the internet in order to obfuscate a user's identity. This is accomplished by changing the actual network infrastructure.

Normally on the internet, the end-user types in a URL in plain text - like That request is sent to a DNS server which converts the text to an IP address - like Your device is then able to make a request for content from that server, such as the home page of The UpStream ( In between, there are communication systems, all of which can see your traffic and what you have requested.

On Tor, things are a little different. The DNS servers are within the system and convert textual addresses to numerical addresses. But, between the end-user and the server are several routers. The first server knows the user's IP address and can communicate the response back to who needs it. The second server is just a middle man that prevents the two endpoints from knowing anything about one another. The third server knows about the request and who it needs the data from, so it can request it. When it receives the response, it sends it to server 2, which in turn sends it to server 1, which then returns it to the user.

What is breaking the system?

All of this works because no one knows enough information about what is happening to be able to track a user. The servers are all independent and do not know how to trace a user's behavior. Most importantly, there is no way for the routers to know where a user is based, so there is no way to block a user from accessing content blocked by their government.

All of that comes crumbling down when a malicious actor adds servers in positions 1 and 3. Then, that actor is able to infer the information that only server 2 is supposed to know, allowing it to accomplish all kinds of issues. If it were a government agent, such as from Russia, they could connect the servers together and figure out if someone is from Russia and block content that is not supposed to be accessed in the country.

That appears to be exactly what they have done. Some of the malicious relay servers have existed on and off since 2017. However, they occasionally scale up largely, sometimes numbering in the hundreds. That is what was going on recently, until Tor management kicked the new routers off the network. The move seems like a very government-style move, especially from a country like Russia or China.

How to use Tor now

Fortunately for some, the sites that are behind the Tor network (which end in .onion) are not affected by this injection hack. However, for many who use Tor to get around content blocking of regular websites, this is not an option. Fortunately, some big sites do offer Tor variants, including Facebook. But, for most sites, this kind if injection attack can still destroy the overall value of Tor.

If you find yourself getting blocked from content, there are a few things to try. First, try using a new circuit for the site in question. You can do this from the menu by selecting "New Tor Circuit for this Site" or hitting Ctrl+Shift+L on your keyboard. If this doesn't work, try creating a new identity. This can be done from the toolbar with the broom icon at the top of the browser, from the menu by selecting "New Identity" or typing Ctrl+Shift+U on your keyboard. This will require that all tabs are closed, but it will create a new route for all sites.


Login to CommentWhat You're Saying

Be the first to comment!

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats