>>26446>Do the updates to the Tor protocols mentioned actually address the problem?It seems like the vanguards thing should make it a lot harder for feds to pull off, but it doesn't "fix" it. Though with privacy this is usually the best you get, a lot is just stacking odds in your favor so much that it is effectively safe. Same with cryptograhy. That said, a real fix could be a random delay added every hop, and maybe packet padding if this is the type of timing attack they pulled off.
Steps they could have taken to mitigate vulnerability: (first of all - it's hard to tell if they got deanonymized via the server, as a server admin or smth, or as a user?) 1. not connect directly to the Tor network, connect to a proxy/VPN (that you own and run, and set up anonymously, and which you use for other activities as well; e.g. route all traffic on a multi-use device thru VPN) first. 2. control the first tier of guard nodes (as hidden service), set them up anonymously and everything, in a country not friendly to your gov. This isn't a 100% fix but the article mentions coercing the guard node owner… if it's you then just pack it up at that point and they have nothing. 3. not showing online status on the fucking app lol, it seems like that might be what really got them in the end
Downsides to these mitigations: 1. they could have the company that owns the server your proxy runs on snitch on connections and de-anonymize you (just the fact that you connected to a Tor node and when), or they could attempt to hack it and take it over even. 2. Again they could just ask the company to monitor the servers and snitch on you. Putting it in an unfriendly country might remove some of LE power, and you owning the server means they would have to escalate beyond just asking nicely and would give you a heads up potentially, but this isn't a total fix. 3. They still had to find the guy's IP first. They could have attempted escalating to other methods to correlate that he was the one posting, when and where. But it would deprive them of an easy thing to bring to the courts.
Overall, Tor isn't suited for use against an imperialist state actor. It's security thru obscurity, plus encryption. Vast majority of nodes are in 14 eyes. Nym net is a cool project trying to fix that (read the Sphynx protocol white paper it's really cool, they employ it), tho it is new and therefore less tested, comes off shady to me personally since it incorporates cryptocurrency (could be a get rich really slow and with lots of coding and shit scheme), and has an inherent barrier because of that fact (pay to use). But the reason for the crypto integration is nominally to incentivize and facilitate mix nodes to be ran in any country, in order to not replicate the petite-bourg hobbyist, drug dealer, and state actor monopoly on mix nodes within Tor. They're openly anti-imperialist, it's cool.