factually
Index/Topics/Tor Traffic-correlation Attacks

Tor Traffic-correlation Attacks

Traffic-correlation attacks against Tor, which use timing, packet-size, and volume fingerprints to reveal who is talking to whom, despite Tor's layered encryption.

Fact-Checks

4 results
Jan 20, 2026
Most Viewed

How do traffic-correlation and boundary-monitoring attacks technically work and what countermeasures exist for Tor users?

Traffic-correlation (end-to-end) and boundary-monitoring attacks identify who is communicating through Tor by statistically matching traffic patterns observed near the client (entry) and near the dest...

Jan 20, 2026
Most Viewed

How do exit nodes and hidden service design affect anonymity when accessing Tor sites?

Exit (egress) nodes are the Tor network’s interface with the open internet and therefore can observe and manipulate traffic destined for clearnet services, while Tor “onion” or hidden services avoid t...

Feb 4, 2026

How do traffic-correlation and end-to-end timing attacks against Tor work, and which adversaries can realistically execute them?

(end-to-end) and timing attacks against Tor match patterns of traffic entering the network to patterns leaving it to reveal who is talking to whom; Tor’s design deliberately does not defend against ad...

Jan 15, 2026

How have timing/correlation attacks been used to deanonymize Tor users in real-world cases?

Timing and traffic-correlation attacks have been repeatedly demonstrated in research and used in practice to de‑anonymize Tor users when adversaries can observe or influence both ends of flows, with r...