Is Tor compromised?
The Tor Project: "It is clear that the court does not understand how the Tor network works."iStock

In the wake of revelations that the US Department of Defence (DoD) funded research undertaken by Carnegie Mellon University into ways to break the anonymity of the Tor network, many users of the browser will no doubt be asking: Is Tor now vulnerable to police snooping?

The answer is no, according to the Tor Project, which has issued a statement slamming the Carnegie Mellon project, asserting that its network remains secure and has "only rarely" been compromised.

An unsealed document from a Washington District Court confirmed the involvement of the US government in funding the academic research project later used to help locate a suspect in its investigation into the Silk Road 2.0 drug marketplace.

Dark web explained

The dark web is a section of the internet that is not indexed by search engines such as Google, and not easily navigated to using a standard web browser.

Accessing the dark web requires specialised knowledge and software tools. An example of this is content only accessible by using the Tor software and anonymity network, which while protecting privacy, is often associated with illicit activities.

"The Software Engineering Institute (SEI) of Carnegie Mellon University compromised the network in early 2014 by operating relays and tampering with user traffic," the Tor Project said in a statement posted to its website. "That vulnerability, like all other vulnerabilities, was patched as soon as we learned about it. The Tor network remains the best way for users to protect their privacy and security when communicating online."

The Tor Project also hit out at the court ruling itself, claiming that the judge doesn't understand the intricacies of how the anonymity tool actually works after he claimed the IP address used to locate the Silk Road suspect was not classified as private information.

"The entire purpose of the network is to enable users to communicate privately and securely," the statement added. "While it is true that users 'disclose information, including their IP addresses, to unknown individuals running Tor nodes,' that information gets stripped from messages as they pass through Tor's private network pathways.

"The problem is not simply that the attackers learned the user's IP address. The problem is that they appear to have also intercepted and tampered with the user's traffic elsewhere in the network, at a point where the traffic does not identify the user. They needed to attack both places in order to link the user to his destination. This separation is how Tor provides anonymity, and it is why the previous cases about IP addresses do not apply here."

The Tor network remains partly funded by the US government. While boasting a slew of sponsors, from over 4,000 donations from general users to the popular message-board Reddit, it also counts the US Department of State and the National Science Foundation as major contributors – leading to an ironic state of play that leaves the US government both actively funding and actively exploiting the privacy project.