2

Can the police, any spy agency or any government organizations track you on Tor and spy on what you're doing?

Or is the only way to do this hacking the computer or infecting it with a keylogger? If this is the only way, what's the likelihood of any agency doing that to you especially if they know about you and how can you protect yourself so no one hacks or keylogs your computer? Thanks

Chiffa
  • 139
  • 7
Hay
  • 31
  • 1

1 Answers1

1

It is possible (but usually difficult). Other than hacking the computer, there are some ways powerful adversaries could spy on you.

  • Correlation attack: If you are unlucky, you might get an entry node/guard controlled by an adversary. Tor tries to prevent this by making entry nodes semi-permanent, so adversaries get only one (or a few) tries. This does not necessarily compromise the whole circuit, but if you also get an exit node controlled by the same adversary, they will be able to correlate the traffic going into the entry node and coming out of the exit node.
  • MITM (man-in-the-middle) attack: If you use HTTP, an adversary who is able to see the traffic coming out of the exit node will be able to see contents of the connection and modify them. They could also try to attack your browser if they know any vulnerabilities (most common are script exploits, most scripting is disabled in TBB at medium and high security setting). MITM would be much more difficult, but not impossible over HTTPS. This has happened with compromised CAs (certificate authorities) like DigiNotar, which have since been removed by Mozilla and TBB from trusted CAs. If you're concerned about this, check site certificates for anything suspicious.
  • Compromised site: The site could be controlled by an adversary or
    working together with them.
  • Identity correlation: Using any of these attacks to track your behavior and linking it to your real identity.

Usually at least two of these attacks would have to be combined to successfully deanonymize you.

How can you protect yourself so no one hacks or keylogs your computer?

Most difficult question, depends on your threat model.

The basic thing you should do is to use good security practices (full disk encryption, sandboxing/hardening (not to be confused with hardened) Tor Browser) and don't use vulnerable or (up to your research and discretion) untrustworthy software.

Anonymous
  • 138
  • 8