Index/Topics/Tor Traffic-correlation Attacks

Tor Traffic-correlation Attacks

Research on traffic-correlation attacks against Tor, including the use of machine learning and netflow-based pipelines to deanonymize users.

Fact-Checks

3 results

Jan 20, 2026

How do traffic-correlation and boundary-monitoring attacks technically work and what countermeasures exist for Tor users?

Traffic-correlation (end-to-end) and boundary-monitoring attacks identify who is communicating through Tor by statistically matching traffic patterns observed near the client (entry) and near the dest...

Jan 20, 2026

How do exit nodes and hidden service design affect anonymity when accessing Tor sites?

Exit (egress) nodes are the Tor network’s interface with the open internet and therefore can observe and manipulate traffic destined for clearnet services, while Tor “onion” or hidden services avoid t...

Jan 15, 2026

How have timing/correlation attacks been used to deanonymize Tor users in real-world cases?

Timing and traffic-correlation attacks have been repeatedly demonstrated in research and used in practice to de‑anonymize Tor users when adversaries can observe or influence both ends of flows, with r...

Your fact-checks

Tor Traffic-correlation Attacks

Fact-Checks

How do traffic-correlation and boundary-monitoring attacks technically work and what countermeasures exist for Tor users?

How do exit nodes and hidden service design affect anonymity when accessing Tor sites?

How have timing/correlation attacks been used to deanonymize Tor users in real-world cases?