ABSTRACT
As the importance and prevalence of web analytics have increased over the last decade, so has the number of user trying to maintain their online anonymity. The Onion Routing (TOR) system is often seen as the best anonymity tool out there and is used by nearly 2.5 million people daily. For a significant number of these users, many of TOR’s features and terms are rather difficult to comprehend; yet, these users tend to believe that TOR offers more privacy protection than what it is actually intended or able to provide. In this paper, the authors specifically focus on the TOR browser – one of the two key components of the TOR system. In particular, the authors demonstrate that if used in its default settings, the TOR browser provides little if any protection against four most common forms of user tracking. Hence, to achieve true online anonymity, extra efforts and vigilance need to be exercised on the part of the TOR user.
Disclosure statement
No potential conflict of interest was reported by the authors.
Notes
1. Here, by ‘user’s online actions’, we mean the sequence of Web/HTTP requests that the user makes over time; or, in other words, the user’s clickstream sequence.
2. Note, in the research works surveyed in this section, the term deanonymization is used only to refer to the process of revealing the user’s true identity and does not include (i.e. is not concerned with) long-term tracking of the user’s actions/clickstream.
3. Note, though, that it is theoretically possible to change a TOR path, and its individual links, without changing the last/exit relay.
Additional information
Notes on contributors
Natalija Vlajic
Natalija Vlajic is an associate professor in the Lassonde School of Engineering, York University, Toronto. She received a PhD in electrical engineering from University of Ottawa. Her research interests include DDoS, Internet bots and botnets, network and application-layer security, IoT security, machine learning, and user privacy and anonymity.
Pooria Madani
Pooria Madaniis a Ph.D. candidate at the Lassonde School of Engineering, York University, specializing in the areas of computer security and privacy, as well as adversarial machine learning. He obtained his M.Sc. in Artificial Intelligence from University of New Brunswick in 2015.
Ethan Nguyen
Ethan Nguyen is a graduate of the Lassonde School of Engineering, York University, with a specialization in computer security. His research interests include user privacy and anonymity, as well as software and network security.