Compromising Tor Anonymity Exploiting P2P Information Leakage

TL;DR

This paper demonstrates how P2P protocols like BitTorrent can leak user identities on Tor, compromising anonymity and risking privacy beyond the protocol itself, by analyzing specific attacks and usage patterns.

Contribution

It introduces three novel attacks on BitTorrent over Tor, analyzes user behavior, and highlights broader privacy risks affecting multiple protocols.

Findings

Identified three attacks revealing real IPs of BitTorrent users on Tor

Compared Tor usage in BitTorrent with non-Tor usage revealing patterns

Showed privacy violations extend beyond BitTorrent to other protocols like HTTP

Abstract

Privacy of users in P2P networks goes far beyond their current usage and is a fundamental requirement to the adoption of P2P protocols for legal usage. In a climate of cold war between these users and anti-piracy groups, more and more users are moving to anonymizing networks in an attempt to hide their identity. However, when not designed to protect users information, a P2P protocol would leak information that may compromise the identity of its users. In this paper, we first present three attacks targeting BitTorrent users on top of Tor that reveal their real IP addresses. In a second step, we analyze the Tor usage by BitTorrent users and compare it to its usage outside of Tor. Finally, we depict the risks induced by this de-anonymization and show that users' privacy violation goes beyond BitTorrent traffic and contaminates other protocols such as HTTP.