This attack has been known for years now. And tor is simply not able to defend against it without a complete redesign.
The potential for timing attacks has been known since the beginning of Tor. In other words, more than a decade. But that doesn't mean you can't defend against it. One way to defend against it is by having more nodes. Another way is to write clients that take into account the potential for timing attacks. Both of these were specifically mentioned in the article.
Based on what was in the article and what's in the history books, I'm not sure how to interpret your comment in a constructive way. Is there anything more specific you meant, that isn't contradicted by what's in the article?
Yes, sorry i worded it incorrectly you can try to make it harder but timing attacks are still possible.
Nope, just a summary that this is just old news. There is nothing new in the article.
The TOR network itself is safe - at least assuming the TLAs don't control at least half of the nodes, which is far from impossible. But let's assume...
The weak point comes from the browser: that's how the fuzz deanonymizes users. The only safe browser to use on TOR is the TOR browser, and that's the problem: it disables so many unsafe functionalities that it's essentially unusable on a lot of websites. So people use regular browsers over TOR, the browser leaks identifying data and that's how they get caught.
My understanding is that Tor Browser works fine, there's just some dumb website owners that block Tor traffic by IP address.
And ... guess what ... www.bleepingcomputer.com, the source of the story, is one of those.
Maybe email them and let them know about the misconfiguration
Let them know that tor users can't read their article about Tor
Do you think it's better to use a VPN if you aren't using TOR Browser?
All VPNs do is change who has your browsing data: your ISP or the VPN operator. You may or may not trust either of them not to keep records, in either case you have no way of verifying this.
As I read, they used timing analysis which should be preventable by using an anonymous VPN to connect to tor and streaming something over the VPN connection at the same time. Some of them support multi-hop, like mullvad, which will further complicate the timing analysis because of the aggregated traffic.
