>25% of the Tor network’s exit capacity has been attacking Tor users In August 2020 I reported about “How Malicious Tor Relays are Exploiting Users in 2020 (Part I)”. Back then I made the hypothesis that the entity behind these malicious tor relays is not going to stop its activities…

>23% of the Tor network’s exit capacity has been attacking Tor users — In December 2019 I wrote about The Growing Problem of Malicious Relays on the Tor Network with the motivation to rise awareness and to improve the situation over time. Unfortunately instead of improving, things have become even worse, specifically when it comes to malicious Tor exit relay activity. Tor exit…

Since there have been some speculations and questions around why all of a sudden I disappeared from twitter I’d figure I give you with my side of the story. TLDR: I don’t know why my account got suspended and my appeal was turned down. Initially I created my twitter account…

Background I’ve a long standing interest in the state of the Tor network. In 2015 I started OrNetRadar to help detect new relay groups and possible Sybil attacks that could pose a risk to Tor users. In 2017 I was asked to join a closed Tor Project mailing list to help…

“Who controls Tor’s DNS traffic?” revisited Over a year ago, in April 2018, we looked into Tor’s DNS landscape and confirmed previous observations from 2016 that a significant fraction of tor exit relays make use of public DNS resolvers like Google’s 8.8.8.8. Now 15 months later, its time to revisit this issue again to find out…

Mapping the RPKI unreachable IP address space. In the previous post (see that for some more context) we analyzed RPKI INVALID IP address prefixes that are unreachable (no alternative route available) and used number of prefixes-origin pairs as primary metric, but argued that prefix-origin-pair-counts are not the best metric (many…

Up until not too long ago basically no network operator actually protected herself by implementing route origin validation (ROV) to make BGP hijacking attacks harder. Implementing ROV means that BGP prefix-origin pairs are validated against route origin authorizations (ROAs) before they are considered. …

Privacy adversaries may use BGP hijacking attacks to gain access to a bigger portion of Tor traffic than they would be able to see otherwise. …

An Analysis of the Tor DNS Landscape. Unlike other relays, tor exit relays also take care of name resolution for tor clients. Their DNS configuration actually determines where the tor network’s DNS traffic is send to. Ever since the tor-dns paper I wanted to take a look at the current state of DNS resolver distributions on the…