Latest in Anonymity

Image credit:

Your Tor-based email isn't as secure as you think

Share
Tweet
Share
Save

Sponsored Links

A recent security breach just provided a painful reminder that Tor's anonymity network isn't completely foolproof against truly determined intruders. The email service SIGAINT is warning users that someone recently launched a sustained attempt to break into its servers and snoop on messages. While that direct attack wasn't successful, the culprit also tried setting up malicious exit nodes (where data reaches the normal internet) in hopes of spying on messages the moment they left Tor. The chances of actually connecting to one of these rogue routers was slim (about 2.7 percent), but you clearly wouldn't have enjoyed winning this lottery.

The kicker? The campaign was probably avoidable. SIGAINT doesn't encrypt its normal website, which let the perpetrator get away with the impersonation necessary for this campaign. The service tells Motherboard that it doesn't lock this site because it's both a hassle for users and ineffective against fake security certificates, but that's not much consolation if you're affected. SIGAINT hasn't said exactly what it will do, but it's looking at either encrypting its page or pulling the public Tor link to reduce the chances of this kind of assault.

It's not clear who's responsible, and there's no clear evidence that this was a government agency trying to spy on drug dealers and terrorists. Given the low odds of intercepting any useful messages, the attack could just as easily be the work of criminals hoping to get lucky, or even someone holding a grudge. Whoever's at fault, the incident suggests that you'll want to be careful about sending sensitive messages, no matter how secure you think a service might be.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Popular on Engadget

Runkeeper drops its Wear OS app due to a 'buggy experience'

Runkeeper drops its Wear OS app due to a 'buggy experience'

View
Drako's GTE electric supercar will be a four-motor, 1,200HP monster

Drako's GTE electric supercar will be a four-motor, 1,200HP monster

View
Nintendo says there is no Switch exchange program

Nintendo says there is no Switch exchange program

View
IKEA creates a business unit devoted to smart home tech

IKEA creates a business unit devoted to smart home tech

View
US will reportedly give Huawei another temporary reprieve

US will reportedly give Huawei another temporary reprieve

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr