Your fact-checks will appear here
Methods used by powerful adversaries to correlate ingress and egress activity and potentially deanonymize Tor users.
An Internet service provider can see that a subscriber is making encrypted connections to Tor nodes, and many ISPs routinely log connection metadata for network management or legal compliance . What I...
Timing-correlation (a.k.a. traffic correlation or end-to-end confirmation) attacks match patterns of packet timing and volume observed at the client side with patterns observed at the destination side...
Intelligence agencies have combined traffic-correlation (controlling or observing entry and exit points), active network manipulation (BGP hijacks/interception), targeted malware and “network investig...
Tor onion services can be unmasked not because the protocol is broken in principle but because of real-world mistakes at the service, client, relay and operational layers; common vectors include misco...
Traffic correlation (aka traffic confirmation) links a Tor user to their destination by matching timing and volume patterns observed at the network's entry and exit points, and remains one of the fund...
Tor is a volunteer-run overlay network and browser that aims to obscure who is talking to whom on the Internet by routing traffic through multiple relays and encrypting it in layers — the technique kn...
IP logs and browser-history records held by cloud services are powerful investigative leads that frequently help build child sexual abuse material (CSAM) cases, but by themselves they rarely constitut...
Tor in 2025 remains a powerful tool to conceal which websites a user visits from their ISP by relaying traffic through multiple encrypted nodes, but it is not a silver bullet: ISPs can detect Tor use,...