Fixes are planned for Internet anonymity tool Tor after researchers showed that national intelligence agencies could plausibly unmask users.

By Tom Simonite on October 25, 2013

When reports published earlier this month revealed that the U.S. National Security Agency could reverse the protections of Internet anonymity tool Tor, many activists and others who rely on the tool had little reason to panic. Despite the alarmist tone of some headlines, the techniques revealed relied on attacking software such as Web browsers rather than Tor itself. After reviewing the leaked NSA documents, the Tor Project declared “there’s no indication they can break the Tor protocol.”

All the same, the Tor Project is trying to develop critical adjustments to how its tool works to strengthen it against potential compromise. Researchers at the U.S. Naval Research Laboratory have discovered that Tor’s design is more vulnerable than previously realized to a kind of attack the NSA or government agencies in other countries might mount to deanonymize people using Tor.

Tor prevents people using the Internet from leaving many of the usual traces that can allow a government or ISP to know which websites or other services they are connecting to. Users of the tool range from people trying to evade corporate firewalls to activists, dissidents, criminals, and U.S. government workers with more sophisticated adversaries to avoid.