In the past an organisation would alter the website to compromise the systems of its users, secretly installing malicious code on them to track them. https://www.helpnetsecurity.com/2016/11/30/exploited-de-anonymize-tor-browse... This involves retaining a set of dangerous and publicly usable security vulnerabilities that are not reported to developers of the systems used (such as Firefox), and possibly even influencing the development communities so that the security vulnerabilities are not fixed. This produces a situation where a global body of users have their systems open to being taken over by anybody else who discovers the vulnerability. Nowadays analyticl server farms are smarter, people more knowledgeable, and operating systems more backdoored, and that may not be needed, I don't know. On Mon, May 3, 2021, 10:00 PM grarpamp wrote:

---------- Forwarded message ---------- From: Seth David Schoen Date: Sun, 2 May 2021 23:20:05 -0700 Subject: [tor-talk] Looking for information about onion site user deanonymization To: tor-talk@lists.torproject.org

Hi tor-talk,

I'm working as a consultant to a criminal defense lawyer who's representing a defendant in a case involving Tor and an investigation by U.S. law enforcement and foreign law enforcement.

In 2019 a foreign law enforcement agency claimed to identify the clearnet IP addresses of a large number of people who were accessing an onion site that the agency itself was monitoring or had taken control of. We know of various methods by which this might be done, but I'm wondering whether anyone has heard concretely about law enforcement capabilities or practices in this area if users have not de-anonymized themselves, or rumors or reports of this being done about two years ago.