Hello, we just published more information on our blog: https://blog.torproject.org/tor-is-still-safe/
On Mon, Sep 16, 2024 at 7:31 AM isabela fernandes <[email protected]> wrote: > Hi Tor, > > I am reaching out to inform you of an upcoming news story concerning a > potential deanonymization attack on Onion Services. > > What is happening? > > On September 9, 2024, The Tor Project received a press inquiry from > Norddeutscher Rundfunk (NDR, part of ARD, a German public broadcaster) with > a request for comment to their upcoming reporting of "investigative > measures by German and international law enforcement agencies in the Tor > network, in particular the localisation and deanonymisation of onion > services." We complied with the outlet's deadline of September 12th and > answered a series of questions. > > The reporter claims to have "evidence that shows that in several cases > German law enforcement authorities were able to locate the Tor entry node > of onion services and thus successfully deanonymise Tor users. V2 and V3 > onion addresses were affected at least between Q3/2019 and Q2/2021." The > reporter further claims that "law enforcement agencies used so-called > timing analyses and broad and long-term monitoring of Tor nodes in data > centres." > > As of today, The Tor Project has not been granted access to supporting > documents, and has not been able to independently verify if this claim is > true, if the attack took place, how it was carried out, and who was > involved. > > In the absence of facts, it is hard for us to issue any official guidance > or responsible disclosures to the Tor community, relay operators, and users > at this time. > > We are calling for more information from you. > > If you have any information that can help us learn more about this alleged > attack, please email [email protected]. > > If you want to encrypt your mail, you can get the OpenPGP public key for > this address from keys.openpgp.org. Fingerprint: 835B 4E04 F6F7 4211 04C4 > 751A 3EF9 EF99 6604 DE41 > > Your assistance will help all of us take the necessary steps and > precautions to keep Onion Services safe for the millions of users that rely > on the protections Tor provides. > > Are Tor users safe? > > Tor users can continue to use Tor Browser to access the web securely and > anonymously. Nothing that the Tor Project has learned about this incident > suggests that Tor Browser was attacked or exploited. We encourage Tor > Browser users and relay operators to keep software versions up to date. > > The reporter's questions focus on the use of onion services and .onion > addresses. Which leads us to assume that the alleged attack was targeting a > specific .onion site. > > > We will continue to share updates on this email as this situation evolves. > > Thank you! > > Isabela > >
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
