Tor, short for The Onion Router, is a system that aims to conceal its users' identities and their online activity from surveillance and traffic analysis by separating identification and routing. In simple terms, Tor helps you to be anonymous online by disguising where you are, and where you are heading.
Since the Tor browser runs on your computer, the bowser process can be tricked or abused and could disclose details such as your login name, your computer name, your IP address, which ISP you are using, and much more even before any of your traffic goes into Tor’s anonymising system.
Law enforcement, amongst others, are eager to find such bugs, which can be a huge help in tracking down criminals such as online child abusers, whose odious activities may otherwise be hard to uncover. If law enforcement can find bugs then cybercriminals can also find them.
To help protect Tor users, a team of academics and researchers have come up with a technique called “Selfrando” - which they believe may defend against such attacks. Their paper will be presented in July 2016 at the Privacy Enhancing Technologies Symposium (PETS) in Darmstadt, Germany.
“Selfrando” is applicable to other as well, the GNU Bash (the standard command shell on Mac OS X and many Unix/Linux distros), Google’s Chromium browser (the non-proprietary version of Chrome), and the popular Nginx web server. According to the authors, “Selfrando” is working pretty well already.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street