The Tor network is designed to provide anonymity and privacy for its users.
However, various entities, with different motivations and capabilities, pose threats to this system.
Our threat model identifies these entities and provides a foundational understanding of the possible threats faced by the Tor network.
By identifying these attackers, we can better develop strategies to protect the network and its users.
Who is an attacker?
An attacker is any individual, group, or organization that aims to compromise the security, anonymity, or integrity of the Tor network or the Tor Project itself.
These attackers may have various motivations, ranging from surveillance and data theft to disrupting the network’s functionality.
The attackers we are primarily focused on include:
Client-side attackers:
Using a Tor client, these attackers might aim to degrade the network's performance by jamming it with traffic.
Local attackers:
Local attackers, like ISPs or compromised Wi-Fi networks, can monitor and manipulate a user’s traffic,
or disrupt their connection to the Tor network.
Network attackers:
Operating within the Tor Network, they can influence the network by injecting or
manipulating traffic through the relays they run, potentially compromising the anonymity of users.
Project attackers:
Project attackers focus on The Tor Project itself, trying to introduce vulnerabilities or
disrupt operations by targeting Tor software, infrastructure, or key personnel.
Goals of attackers
Understanding what attackers aim to achieve can help users and developers better defend against these threats.
Some of these goals include:
1. Revealing User Identities
One of the main goals of attackers may be to uncover the identities of Tor users.
Tor’s strength lies in providing privacy to its users.
If attackers succeed in deanonymizing users, they can strip away this protection, expose sensitive activities, compromise privacy, and potentially link users to their real-world identities.
2. Exploiting Tor Users
Attackers may seek to exploit Tor users by stealing assets like cryptocurrencies (e.g., Bitcoin) or siphoning off private and confidential information.
By watching and intercepting traffic, these attackers can aim to profit financially or gather sensitive data that can be used for malicious purposes.
3. Disrupting the Network
Another goal may be to disrupt the Tor network, making it unreliable or slowing it down.
Attackers might flood the network with traffic to that slow down the network or reduce the overall reliability of Tor services, making it less effective and accessible for users.
This prevents users from securely accessing the internet, and persistent disruptions can undermine trust in Tor and their privacy protection.
4. Weakening the Tor Project
Attackers may also target the Tor project directly, attempting to undermine its development, credibility, or organizational structure.
This could include introducing vulnerabilities into the software, discrediting the project, or creating conflicts within the community.
By weakening the project, attackers aim to diminish the effectiveness of Tor as a tool for privacy and freedom online.