How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services

TL;DR

This study analyzes the fingerprintability of Tor onion services, revealing high variability in vulnerability and identifying features that influence detectability, which informs better defenses against fingerprinting attacks.

Contribution

It provides the largest multi-level feature analysis of onion site fingerprintability, highlighting site-specific vulnerabilities and informing countermeasure design.

Findings

High variability in site classification accuracy

Features related to traffic and webpage design influence fingerprintability

Misclassification analysis suggests redesign strategies for less vulnerability

Abstract

Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website fingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site fingerprintability, considering three state-of-the-art website fingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date. Prior studies typically report average performance results for a given website fingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to fingerprinting and which features make them so. We find that there is a high variability in the rate at which sites are classified (and misclassified) by these attacks, implying that average performance figures may not be informative of the risks that website fingerprinting attacks pose to particular sites. We analyze the features exploited by the different website fingerprinting methods and discuss what makes onion service sites more or less easily identifiable, both in terms of their traffic traces as well as their webpage design. We study misclassifications to understand how onion service sites can be redesigned to be less vulnerable to website fingerprinting attacks. Our results also inform the design of website fingerprinting countermeasures and their evaluation considering disparate impact across sites.