Over the last week or so the community has been a bit worried about the security of Tor. The reason for this is Operation Onymous that in a concentrated crackdown took down a number of illegal or problematic dark web sites, all of which were hidden behind Tor Hidden Services. In this article I want to quickly talk about whether Tor is broken or not.

First the facts. As far as we know, only 17 persons have been arrested or indicted in this action. The amount of Dark sites taken down were first reported as around 400, but later we have seen that it is more in the range of 27 actual web sites that were taken control of - but many more hidden service addresses, since these sites all presumably ran a large number of hidden services.

The big question is whether it is possible that law enforcement agencies have used a weakness in Tor to find the real location of these servers and taking them down. This is of course not at all impossible. There are some known weaknesses that could have been used for this, although it seems unlikely based on the evidence we currently have. It is also possible that there exists unknown vulnurabilities in Tor that was used to achieve this result. If this is the case the remaining question is why only 17 people were arrested - my assumption here is that these are the ones that had the worst operational security and revealed too much information about themselves in setting up their service. It could also be that the others are known but on the run.

However, all of the scenarios that build on weaknesses in Tor have the problem that it's very easy to imagine alternatives that only rests on patient and effective law enforcement work. There are some indications that many of the taken servers were hosted in the same data center. We know that at least one site had an embedded undercover agent that was also an administrator for the site - and this site had a management protocol that didn't go through a Hidden service. Maybe the strongest indication that this is not a Tor vulnurability is the fact that the largest drug market is still online - and so are several well known child pornography sites, dirty money laundering, grey and black market financial services and so on.

Another circumstancial piece of evidence is looking at the announcements from the security services. The way they hint about a vulnurability in Tor to me reads like an indication that they don't have it. If they really had it I suspect they would continue for much longer, taking down many more of the sites before revealing even a hint that they had this kind of advantage. It seems to me that the likely scenario is that they made a good law enforcement break and decided to use this to scare users of Tor Hidden Services away from trusting Tor, or maybe even shutting down completely.

So what's the verdict? In my book Tor is still the only anonymity tool I trust. Of course, I don't trust it completely, but it still seems to be significantly better than the alternatives.

Incidentally, in this blog I don't want to touch the ethical issues involved in the "dark web". Suffice to say, Tor is used for enough life critical situations around the world that I think it is really important for us to analyze and understand whether there is a real problem here or not.