From “Onion Not Found” to Guard Discovery

[1] T. G. Abbott, K. J. Lai, M. R. Lieberman, and E. C. Price. Browser-Based Attacks on Tor. In International Workshop on Privacy Enhancing Technologies, pages 184–199. Springer, 2007.10.1007/978-3-540-75551-7_12 Search in Google Scholar

[2] G. Acar. Tor can be forced to open too many circuits by embedding.onion resources (#20212) · Issues · The Tor Project / Core / Tor, 9 2016. URL https://gitlab.torproject.org/tpo/core/tor/-/issues/20212. Search in Google Scholar

[3] G. Acar, M. Juarez, and individual contributors. GitHub: torbrowser-selenium - Tor Browser automation with Selenium, 2020. URL https://github.com/webfp/tor-browser-selenium. [Online, accessed 2021/09/14]. Search in Google Scholar

[4] A. Biryukov, I. Pustogarov, and R.-P. Weinmann. Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization. In 2013 IEEE Symposium on Security and Privacy. IEEE, 2013.10.1109/SP.2013.15 Search in Google Scholar

[5] A. Biryukov, I. Pustogarov, F. Thill, and R.-P. Weinmann. Content and Popularity Analysis of Tor Hidden Services. In 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW). IEEE, 2014.10.1109/ICDCSW.2014.20 Search in Google Scholar

[6] Boing Boing. What happened when we got subpoenaed over our Tor exit node, 8 2015. URL https://boingboing.net/2015/08/04/what-happened-when-the-fbi-sub.html. [Online, accessed 2021/09/14]. Search in Google Scholar

[7] N. Borisov, G. Danezis, P. Mittal, and P. Tabriz. Denial of Service or Denial of Security? In Proceedings of the 14th ACM conference on Computer and communications security. ACM, 2007.10.1145/1315245.1315258 Search in Google Scholar

[8] R. Dingledine. The lifecycle of a new relay, 9 2013. URL https://blog.torproject.org/lifecycle-new-relay. [Online, accessed 2021/09/14]. Search in Google Scholar

[9] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In 13th USENIX Security Symposium. USENIX Association, 2004.10.21236/ADA465464 Search in Google Scholar

[10] R. Dingledine, N. Hopper, G. Kadianakis, and N. Mathewson. One Fast Guard for Life (or 9 months). In 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2014), 2014. Search in Google Scholar

[11] T. Durden. [tor-relays] Subpoena received, 4 2015. URL https://lists.torproject.org/pipermail/tor-relays/2015-April/006804.html. [Online, accessed 2021/09/14]. Search in Google Scholar

[12] T. Elahi, K. Bauer, M. AlSabah, R. Dingledine, and I. Goldberg. Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor. In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society. ACM, 2012.10.1145/2381966.2381973 Search in Google Scholar

[13] N. S. Evans, R. Dingledine, and C. Grothoff. A Practical Congestion Attack on Tor Using Long Paths. In USENIX Security Symposium, 2009. Search in Google Scholar

[14] Federal Communications Commission, Office of Engineering and Technology. Tenth Measuring Broadband America Fixed Broadband Report, 1 2021. URL https://www.fcc.gov/reports-research/reports/measuring-broadband-america/measuring-fixed-broadband-tenth-report. [Online, accessed 2021/09/14]. Search in Google Scholar

[15] D. Goulet. Onion Service version 2 deprecation timeline, 7 2020. URL https://blog.torproject.org/v2-deprecationtimeline. [Online, accessed 2021/09/14]. Search in Google Scholar

[16] D. Goulet. [tor-dev] Onion Service v2 Deprecation Timeline, 6 2020. URL https://lists.torproject.org/pipermail/tor-dev/2020-June/014365.html. [Online, accessed 2021/09/14]. Search in Google Scholar

[17] Hetzner Online GmbH. Hetzner Cloud: Pricing, n.d. URL https://www.hetzner.com/cloud?country=gb#pricing. [Online, accessed 2021/09/14]. Search in Google Scholar

[18] N. Hopper, E. Y. Vasserman, and E. Chan-Tin. How Much Anonymity Does Network Latency Leak? ACM Transactions on Information and System Security (TISSEC), 13(2), 2010.10.1145/1698750.1698753 Search in Google Scholar

[19] isabela. Tor security advisory: exit relays running sslstrip in May and June 2020 | Tor Blog, 8 2020. URL https://blog.torproject.org/bad-exit-relays-may-june-2020. [Online, accessed 2021/09/14]. Search in Google Scholar

[20] R. Jansen and N. Hopper. Shadow: Running Tor in a Box for Accurate and Efficient Experimentation. In Network and Distributed Systems Security (NDSS) Symposium 2012. Internet Society, 2 2012.10.21236/ADA559181 Search in Google Scholar

[21] R. Jansen, F. Tschorsch, A. Johnson, and B. Scheuermann. The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network. In Network and Distributed Systems Security (NDSS) Symposium 2014. Internet Society, 2 2014.10.14722/ndss.2014.23288 Search in Google Scholar

[22] R. Jansen, M. Juarez, R. Galvez, T. Elahi, and C. Diaz. Inside Job: Applying Traffic Analysis to Measure Tor from Within. In Network and Distributed Systems Security (NDSS) Symposium 2018. Internet Society, 2018.10.14722/ndss.2018.23261 Search in Google Scholar

[23] R. Jansen, T. Vaidya, and M. Sherr. Point Break: A Study of Bandwidth Denial-of-Service Attacks against Tor. In 28th {USENIX} Security Symposium ({USENIX} Security 19). USENIX Association, 2019. Search in Google Scholar

[24] R. Jansen, J. Tracey, and I. Goldberg. Once is Never Enough: Foundations for Sound Statistical Inference in Tor Network Experimentation. In 30th USENIX Security Symposium. USENIX Association, 2021. Search in Google Scholar

[25] A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson. Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 2013.10.1145/2508859.2516651 Search in Google Scholar

[26] D. Johnson. Stem: a Python controller library for Tor, n.d. URL https://stem.torproject.org/. [Online, accessed 2021/09/14]. Search in Google Scholar

[27] G. Kadianakis. [tor-dev] [RFC] Proposal 332: Vanguards lite, 6 2021. URL https://lists.torproject.org/pipermail/tor-dev/2021-June/014569.html. [Online, accessed 2021/09/14]. Search in Google Scholar

[28] G. Kadianakis and M. Perry. Mesh-based vanguards, 05 2018. URL https://gitweb.torproject.org/torspec.git/tree/proposals/292-mesh-vanguards.txt. [Online, accessed 2021/09/14]. Search in Google Scholar

[29] A. Kwon, M. AlSabah, D. Lazar, M. Dacier, and S. Devadas. Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services. In 24th USENIX Security Symposium, pages 287–302. USENIX Association, 8 2015. Search in Google Scholar

[30] I. Lovecruft, G. Kadianakis, O. Bini, and N. Mathewson. Tor Guard Specification, n.d. URL https://gitweb.torproject.org/torspec.git/tree/guard-spec.txt. [Online, accessed 2021/09/14]. Search in Google Scholar

[31] A. Mani, T. Wilson-Brown, R. Jansen, A. Johnson, and M. Sherr. Understanding Tor Usage with Privacy-Preserving Measurement. In Proceedings of the Internet Measurement Conference 2018. ACM, 2018.10.1145/3278532.3278549 Search in Google Scholar

[32] P. Mittal, A. Khurshid, J. Juen, M. Caesar, and N. Borisov. Stealthy Traffic Analysis of Low-Latency Anonymous Communication Using Throughput Fingerprinting. In Proceedings of the 18th ACM conference on Computer and Communications Security. ACM, 2011.10.1145/2046707.2046732 Search in Google Scholar

[33] Mozilla and individual contributors. Network Monitor -Firefox Developer Tools | MDN, 2 2021. URL https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor. [Online, accessed 2021/09/14]. Search in Google Scholar

[34] Mozilla and individual contributors. <noscript> - HTML: HyperText Markup Language | MDN, 2 2021. URL https://developer.mozilla.org/en-US/docs/Web/HTML/Element/noscript. [Online, accessed 2021/09/14]. Search in Google Scholar

[35] A. Muffett. GitHub: Real-World Onion Sites, n.d. URL https://github.com/alecmuffett/real-world-onion-sites. [Online, accessed 2021/09/14]. Search in Google Scholar

[36] M. Nasr, A. Bahramali, and A. Houmansadr. DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning. In CCS ’18. ACM, 2018.10.1145/3243734.3243824 Search in Google Scholar

[37] A. Panchenko, F. Lanze, J. Pennekamp, T. Engel, A. Zinnen, M. Henze, and K. Wehrle. Website Fingerprinting at Internet Scale. In Network and Distributed Systems Security (NDSS) Symposium 2016. Internet Society, 2016.10.14722/ndss.2016.23477 Search in Google Scholar

[38] M. Perry. The move to two guard nodes, 3 2018. URL https://gitweb.torproject.org/torspec.git/tree/proposals/291-two-guard-nodes.txt. [Online, accessed 2021/09/14]. Search in Google Scholar

[39] M. Perry, E. Clark, S. Murdoch, and G. Koppen. The Design and Implementation of the Tor Browser [DRAFT], 6 2018. URL https://www.torproject.org/projects/torbrowser/design/. [Online, accessed 2021/09/14]. Search in Google Scholar

[40] M. Perry et al. GitHub: The Vanguards Onion Service Addon, n.d. URL https://github.com/mikeperry-tor/vanguards. [Online, accessed 2021/09/14]. Search in Google Scholar

[41] F. Rochet and O. Pereira. Dropping on the Edge: Flexibility and Traffic Confirmation in Onion Routing Protocols. Proceedings on Privacy Enhancing Technologies, 2018(2), 2018.10.1515/popets-2018-0011 Search in Google Scholar

[42] Shadow Team. GitHub: TGen, n.d. URL https://github.com/shadow/tgen. [Online, accessed 2021/09/14]. Search in Google Scholar

[43] Shadow Team. GitHub: tornettools, n.d. URL https://github.com/shadow/tornettools. [Online, accessed 2021/09/14]. Search in Google Scholar

[44] P. Sirinam, M. Imani, M. Juarez, and M. Wright. Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2018.10.1145/3243734.3243768 Search in Google Scholar

[45] P. Tellis. Analyzing Network Characteristics Using JavaScript And The DOM, Part 1, 11 2011. URL https://www.smashingmagazine.com/2011/11/analyzing-network-characteristics-using-javascript-and-the-dom-part-1. [Online, accessed 2021/09/14]. Search in Google Scholar

[46] The Tor Project. Make it even harder to become HSDir (#19162) · Issues · The Tor Project / Core / Tor, 5 2016. URL https://gitlab.torproject.org/tpo/core/tor/-/issues/19162. [Online, accessed 2021/09/14]. Search in Google Scholar

[47] The Tor Project. #9063 enables Guard discovery in about an hour by websites (#9072) · Issues · Legacy / Trac, 2 2021. URL https://gitlab.torproject.org/legacy/trac/-/issues/9072. [Online, accessed 2021/09/14]. Search in Google Scholar

[48] The Tor Project. Build vanguards lite into little-t-tor (#40363) · Issues · The Tor Project / Core / Tor, 4 2021. URL https://gitlab.torproject.org/tpo/core/tor/-/issues/40363. [Online, accessed 2021/09/14]. Search in Google Scholar

[49] The Tor Project. Introduce vanguards-lite (!408) · Merge requests · The Tor Project / Core / Tor, 7 2021. URL https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/408/diffs#fb72b9489ffeb300a7d2e454d0407f5947ecfdc4_3933_4144. [Online, accessed 2021/09/14]. Search in Google Scholar

[50] The Tor Project. Onion Services | Tor Project | Support, n.d. URL https://support.torproject.org/onionservices/#onionservices-5. [Online, accessed 2021/09/14]. Search in Google Scholar

[51] The Tor Project. Tor directory protocol, version 3, n.d. URL https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt. [Online, accessed 2021/09/14]. Search in Google Scholar

[52] The Tor Project. Tor Metrics: Traffic, n.d. URL https://metrics.torproject.org/bandwidth-flags.html. [Online, accessed 2021/09/14]. Search in Google Scholar

[53] The Tor Project. Relay requirements, n.d. URL https://community.torproject.org/relay/relays-requirements/. [Online, accessed 2021/09/14]. Search in Google Scholar

[54] The Tor Project. Tor Rendezvous Specification, n.d. URL https://gitweb.torproject.org/torspec.git/tree/rend-spec-v2.txt. [Online, accessed 2021/09/14]. Search in Google Scholar

[55] The Tor Project. Tor Rendezvous Specification - Version 3, n.d. URL https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt. [Online, accessed 2021/09/14]. Search in Google Scholar

[56] torservers.net. Coordinated raids of Zwiebelfreunde at various locations in Germany, 7 2018. URL https://blog.torservers.net/20180704/coordinated-raids-ofzwiebelfreunde-at-various-locations-in-germany.html. [Online, accessed 2021/09/14]. Search in Google Scholar

[57] T. Wang and I. Goldberg. On Realistically Attacking Tor with Website Fingerprinting. Proceedings on Privacy Enhancing Technologies, 2016(4), 2016.10.1515/popets-2016-0027 Search in Google Scholar

[58] T. Wang, X. Cai, R. Nithyanand, R. Johnson, and I. Goldberg. Effective Attacks and Provable Defenses for Website Fingerprinting. In 23rd {USENIX} Security Symposium ({USENIX} Security 14). USENIX Association, 2014. Search in Google Scholar

[59] P. Winter, R. Köwer, M. Mulazzani, M. Huber, S. Schrittwieser, S. Lindskog, and E. Weippl. Spoiled Onions: Exposing Malicious Tor Exit Relays. In International Symposium on Privacy Enhancing Technologies Symposium. Springer, 2014.10.1007/978-3-319-08506-7_16 Search in Google Scholar

[60] M. Wright, M. Adler, B. N. Levine, and C. Shields. Defending Anonymous Communications Against Passive Logging Attacks. In 2003 Symposium on Security and Privacy, pages 28–41. IEEE, 2003. Search in Google Scholar

[61] M. K. Wright, M. Adler, B. N. Levine, and C. Shields. The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems. ACM Transactions on Information and System Security (TISSEC), 7(4):489–522, 2004. Search in Google Scholar

• Understanding Privacy-Related Advice on Stack Overflow

• Revisiting Identification Issues in GDPR ‘Right Of Access’ Policies: A Technical and Longitudinal Analysis

• Employees’ privacy perceptions: exploring the dimensionality and antecedents of personal data sensitivity and willingness to disclose

• Visualizing Privacy-Utility Trade-Offs in Differentially Private Data Releases

• Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices

• CoverDrop: Blowing the Whistle Through A News App

• Building a Privacy-Preserving Smart Camera System

• FP-Radar: Longitudinal Measurement and Early Detection of Browser Fingerprinting

• Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps

• How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols

• Editors’ Introduction

• PUBA: Privacy-Preserving User-Data Bookkeeping and Analytics

• Who Knows I Like Jelly Beans? An Investigation Into Search Privacy

• SoK: Plausibly Deniable Storage

• d3p - A Python Package for Differentially-Private Probabilistic Programming

• Updatable Private Set Intersection

• Knowledge Cross-Distillation for Membership Privacy

• RegulaTor: A Straightforward Website Fingerprinting Defense

• Privacy-Preserving Positioning in Wi-Fi Fine Timing Measurement

• Efficient Set Membership Proofs using MPC-in-the-Head

• Checking Websites’ GDPR Consent Compliance for Marketing Emails

• Comprehensive Analysis of Privacy Leakage in Vertical Federated Learning During Prediction

• Understanding Utility and Privacy of Demographic Data in Education Technology by Causal Analysis and Adversarial-Censoring

• User-Level Label Leakage from Gradients in Federated Learning

• Privacy-preserving training of tree ensembles over continuous data

• Differentially Private Simple Linear Regression

• Increasing Adoption of Tor Browser Using Informational and Planning Nudges