On 11/25/2019 09:45 PM, Punk-Stasi 2.0 wrote: > On Mon, 25 Nov 2019 20:56:09 -0700 > Mirimir <[email protected]> wrote: > >> On 11/25/2019 08:07 PM, Punk-Stasi 2.0 wrote: >>> On Tue, 26 Nov 2019 00:58:09 +0000 >>> Peter Fairbrother <[email protected]> wrote: >>> >>>> >>>> >>>> It should be noted that NSA do not say they can break TOR in practice, >>>> and afaik there is no evidence that they have. >>> >>> yeah, the NSA can't break tor but some random university can >>> >>> >>> https://www.vice.com/en_us/article/d7yp5a/carnegie-mellon-university-attacked-tor-was-subpoenaed-by-feds >> >> That bug was patched. But there obviously could be others. And the NSA >> does tend to stockpile 0days. >> >> Also, one wonders how long the NSA etc had used the bug that CMU exploited. > > > here, yet another attack > > https://www.freehaven.net/anonbib/cache/circuit-fingerprinting2015.pdf > Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden > Services > > and the introduction to that article states > > "over the past few years, hidden services have witnessed various active > attacks in the wild [12, 28], resulting in several takedowns [28]" > > but hey, the nsa can't break tor..
That's why it's prudent for users and onion sites to hit Tor via nested VPN chains.
