https://www.hackerfactor.com/blog/index.php?/archives/896-Tor-0day-Finding-I... https://www.hackerfactor.com/blog/index.php?/archives/890-Tor-0day-Replying-... https://www.hackerfactor.com/blog/index.php?/categories/19-Tor Hackerfactor... " I read off the address: "152 dot" and they repeated back "152 dot". "19 dot" "19 dot" and then they told me the rest of the network address. (I was stunned.) Tor is supposed to be anonymous. You're not supposed to know the IP address of a hidden service. But they knew. They had been watching the Tor-based DDoS. They had a list of the hidden service addresses that were being targeted by the attack. They just didn't know that this specific address was mine. As it turns out, this is an open secret among the internet service community: You are not anonymous on Tor. As mentioned earlier, the Tor Project claims to protect against "an adversary who can observe some fraction of network traffic." I've shown that they do not protect against someone with a God's eye view, or even someone who controls 10% of Tor guards along with some of the exit nodes. So how small does "some fraction" need to be for Tor to actually provide protection? What if the adversary only controls one (1) guard and nothing else? Just because the vendor says an exploit is out of scope, doesn't mean it isn't a problem. (The Tor Project explicitly says that Tor provides protection against "traffic analysis" and "prevents websites and other services from learning your location" from an adversary "who can operate onion routers of his own". So using traffic analysis from one hostile guard to identify the location of a hidden service doesn't seem to be out of scope.) These exploits represent a fundamental flaw in the current Tor architecture. People often think that Tor provides network anonymity for users and hidden services. However, Tor really only provides superficial anonymity. Tor does not protect against end-to-end correlation, and owning one guard is enough to provide that correlation for popular hidden services. " Tor Project ignores, kicks out, and censors people for informing its users and world of embarrassing facts... like this falseness still on the frontpage... " DEFEND AGAINST SURVEILLANCE Tor Browser prevents someone watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you're using Tor. " While Tor Project was partying... https://blog.torproject.org/welcome-new-tor-board-members It did not report that all its mailing lists, blogs, etc are arbitrarily censored... https://blog.torproject.org/anti-censorship-august-2020 https://blog.torproject.org/anti-censorship-challenges-priorities-progress Or tell its funders what tor can and cannot do... https://blog.torproject.org/tor-project-membership-program Many softwares and projects do some things quite well, other things not so well. Be informed on range of all those things.