There’s only been like 3 times mainly that have been found out about publicly at least
OnionDuke Malware (2014)
Operation Onymous (2014)
Tor Exit Node Malware Campaign (2020)
So it can happen but doesn’t happen often and the people who pull it off usually have virtually unlimited funding to do it. For the common person its still safer than rawdogging the internet
I mean, it’s not that expensive to start an exit node, and requires “only” knowhow to mess with someone’s unencrypted browsing, which is what the first and third did. I can’t remember now if Onymous actually managed to break Tor anonymity - I’m pretty sure good-old-fashioned stings turned out to be a big part of it.
IIRC the two-node timing attack I was thinking of was an academic demonstration. Because it’s too non-specific to be very useful.
has this ever been demonstrated in practice?
IIRC only for a tiny, non-selective subset of users unlucky enough to pick your two bad nodes. Otherwise Tor would basically be dead.
There’s only been like 3 times mainly that have been found out about publicly at least
OnionDuke Malware (2014)
Operation Onymous (2014)
Tor Exit Node Malware Campaign (2020)
So it can happen but doesn’t happen often and the people who pull it off usually have virtually unlimited funding to do it. For the common person its still safer than rawdogging the internet
I mean, it’s not that expensive to start an exit node, and requires “only” knowhow to mess with someone’s unencrypted browsing, which is what the first and third did. I can’t remember now if Onymous actually managed to break Tor anonymity - I’m pretty sure good-old-fashioned stings turned out to be a big part of it.
IIRC the two-node timing attack I was thinking of was an academic demonstration. Because it’s too non-specific to be very useful.