

Shoring up Tor - kn9
https://newsoffice.mit.edu/2015/tor-vulnerability-0729

======
user_235711
Previous discussion here:
[https://news.ycombinator.com/item?id=9967984](https://news.ycombinator.com/item?id=9967984)

------
belorn
I find it a bit telling that neither the paper, the arstechnica nor this
article mentions the most common argument against fingerprint attacks are
describe in the base rate fallacy.

With 12% false positive rate that the paper mention, you still only need to
visit a small number of websites to generate a false positive. I also doubt
that the 12% is actually correct in real life circumstances, since the
research only tested single traffic flows from clients and many website has JS
that trigger simultaneous traffic flows while users browse the web in other
tabs.

~~~
torthrw
Yeah. Browse the web with multiple tabs and every current fingerprinting
attack is useless.

------
dfc
The the discussion of the paper at the tor project or ars technica is much
more informative for the HN crowd; if for no other reason than the simple fact
that they include a link to the paper:

Paper:
[http://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf](http://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf)

TorProject: [https://blog.torproject.org/blog/technical-summary-usenix-
fi...](https://blog.torproject.org/blog/technical-summary-usenix-
fingerprinting-paper)

Ars Technica: [http://arstechnica.com/security/2015/07/new-attack-on-tor-
ca...](http://arstechnica.com/security/2015/07/new-attack-on-tor-can-
deanonymize-hidden-services-with-surprising-accuracy/)

