[Tails-dev] How the traffic confirmation attack on Tor affec…

Delete this message

Reply to this message
Author: Jurre van Bergen
Date:  
To: The Tails public development discussion list
Subject: [Tails-dev] How the traffic confirmation attack on Tor affects Tails
On Wednesday, July 30th, the Tor project released a security advisory[1]
with details about a so called deanonymization attack. Tails has Tor at
it's heart, your traffic goes over Tor when you but not limited to,
browse a website or trying to e-mail a peer. Because of this I wanted to
give an overview of how Tails might be affected by this attack.

Scope and severity
===========

The attack is targeted at people who visit Tor hidden services and
expose the ip-adress of the user. An attacker could run a number of Tor
relays to modify traffic and learn the identity that way. It's not clear
at this point in time how much attackers have learned and what they have
learned. The attackers likely couldn't see full-application traffic like
which websites were visited.

There is a possibility that attackers have learned the ip-address of
Tails users who visited Tor hidden services between January 30 and July
4, when the bad relays have been taken out of the Tor network, should
assume affected.

We recommend you read the full advisory[2] by Tor for the technical
story behind the attack.

Temporary countermeasure
================

Tor has provided an updated version, we recommend you to upgrade to the
latest version of Tor and this is how you do it:

1: Set up an administrative password[3]
2: Connect to the internet
3: Run the following in a "root terminal": apt-get update && apt-get
install tor

You know run the latest version of Tor which mitigates this vulnerability.

[1]
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
[2]
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
[3]
https://tails.boum.org/doc/first_steps/startup_options/administration_password/index.en.html