Law enforcement agencies in Germany have reportedly been using a method called ‘timing analysis’ to surveil Tor network servers and deanonymise users, especially those accessing darknet sites. This method involves monitoring Tor nodes for extended periods, sometimes even years, to track and identify anonymised users by correlating data packets through statistical analysis. The German Federal Criminal Police Office (BKA) successfully applied this method during an investigation into the paedocriminal darknet platform ‘Boystown.’ This approach led to identifying Tor nodes used by the platform’s administrator, Andreas G., and played a pivotal role in his arrest and conviction.
‘Timing analysis’ works by timing the data packets that pass through surveilled Tor nodes. Despite Tor’s multiple layers of encryption designed to protect user privacy, this method allows investigators to correlate specific data points and identify individual users. The more Tor nodes monitored, the higher the likelihood of tracking a user who connects via one of the surveilled nodes. This breakthrough, once believed to be technically unfeasible, has been used effectively in criminal investigations but also raises significant concerns about privacy implications for legitimate users, such as journalists, activists, and whistleblowers.
In addition to the BKA’s success in the ‘Boystown’ case, this method has reportedly been used in several other instances, with increasing international cooperation. Law enforcement in Germany, the Netherlands, and the United States, where most Tor nodes are operated, have worked together to enhance the reach and effectiveness of timing analysis. However, while the BKA has not confirmed or denied the use of timing analysis in specific investigations, independent research supports these claims, with experts from the Chaos Computer Club (CCC) highlighting the implications of this technique for Tor users’ privacy and security.
The revelations about timing analysis pose a significant challenge to the Tor Project, which has long been a champion of anonymous and secure online communication. The Tor Project has stated that it is not aware of documented cases where its browser was compromised by timing analysis, yet experts argue that this method could erode users’ confidence in Tor’s ability to protect privacy. Furthermore, the possibility of repressive regimes using similar techniques to target opposition members and activists has raised alarms about the broader implications of surveillance technology for digital freedom and privacy.
Reference:
