[September 05 13:36 GMT] Fox-it, an IT security company, has attributed the surge in Tor traffic to a relatively unknown yet huge botnet. Read more about it here.

Original Story

The Tor (The Onion Router) network has witnessed over 100 per cent rise in the number of users connecting to it for the month of August and has reached record levels for the first time since the project has been collecting usage statistics.

The privacy-enhancing network is known for providing anonymous browsing experience through the use of a series of encrypted relays and had as many as 500k users throughout this year so far. But if we check the latest statistics available through Tor Metrics Portal there has been a whopping 100 per cent increase in number of Tor clients and as many as 1,200,000 users are connecting to the network. The previous peak for the network was in January 2012 when it saw as many as 950,000 users.

As Roger Dingledine notes in his mailer, the increase in number of users is probably not a fluke in the metrics data, but he doesn’t negate the fact that there could be a botnet which is inflating the numbers or probably the NSA. Dingledine has urged for some solid facts and figures that could support the spike in number of users.

If we go into country wise stats, US witnessed a jump of over 50k users from 100,000 to 150,000; UK witnessed near 100 per cent jump from 175,000 to 350,000; and Germany registered a rise to 880,000 from 450,000. India and Brazil registered the steepest rise of 426 per cent and 566 per cent respectively.

There have been instances of such burst in number of Tor users before and they were quite short lived, so chances are that the current increase may be a similar one. Exact reasons behind the rise in number of users is not evident, but chances are that recent NSA spying revelations could have forced users to go off the grid by using anonymity networks such as Tor.

Government surveillance and spying activities have taken a toll on some of the privacy oriented services lately and Lavabit and Silent Circle, which were known to provide secure email services, are the latest victims. New Zealand recently passed its controversial spy law which will enable New Zealand’s spy agency to legally support local law enforcement agencies and national defense forces by carrying out surveillance operations on citizens as well as residents.

Privacy oriented services are in demand and Mozilla may probably incorporate Tor as an optional feature in its Firefox browser. The Pirate Bay, on completion of its 10th year, recently announced the Pirate Brower, which will enable users to bypass ISP blockades and allow them to access blacklisted lites like H33T, Fenopy, Kickass Torrents and the likes.

  • Paul Noel

    Tor and any method if you want privacy might be better but it doesn’t lock out the NSA. The NSA is “inside” your computer being able to secure your passwords and encrypt segments for the sums before the encryption. As such this security is at best questionable. The only encryption that can be secure will use a private key and it must be changed frequently. The only way to secure send a message is to do it on a machine not connected to the net and then encrypt the message on that machine and then move that to a net connected machine via physical device. Even this method has some risks.
    The Al Qaeda method is to use a symbolic encrypt private key system so that even the message sent in the clear shows no encryption evidence and carries no value to parties not aware of the private symbols in the transmission. This is why the NSA claims of security enhancement for the USA are just FALSE.

    • Guest

      Go kill yourself already.

      • uuggghh

        gee man

    • SSA_Ed

      Although I agree with everything you say, you omit one simple fact of human nature: Be the most difficult target in sight and NSA will never … bother you. Try a private key system such as “liquid-crypto”.

      • Paul Noel

        No I didn’t omit human nature, I am well aware of it but discussion today has to be a bit brief rather than an dictionary. You are quite right about it. The basic problem with any crypto program for sale or generally available in the USA is that it has to pass muster of the ITAR regulations and (International Traffic in Arms Regulations) and a hard crypto is considered international traffic in Munitions. Unless it is open to the US Government it is ILLEGAL!

        • SSA_Ed

          #1. The feds lost their case against Phil Zimmerman (PGP) back in the mid 90s – he simply printed the source code and called it freedom of speech & press (1st a.) and (thankfully) our courts have continuously favored the amendments (our rights) to rules & regs written by bureaucrats.
          #2. Liquid-crypto (sent to the feds in Oct 1989) and programs like it are just skeletal receptors – the “real meat” must be added by end users. Example, if you use a “shared” password to encrypt a file, then yes, the feds can decrypt in a micro second. Encode without a “shared” password, red-ops can thwart attempts for years (22-char master password); Black-ops on the other hand is in theory unbreakable and if you don’t/can’t remember the 256 byte password, it’s called a “denial of service” loss, your bad. On the other hand, liquid-cypto’s QTCoder function provides a “directed randomizer” in the “– (lots of text)” function that allows us to create repeatable, memorial 256 byte super passwords. Oh, and QTCoder use is free – no key needed.

          If you read enough of Ron Rivest’s (RSA) history, he explains very well why he created the MD5 hash, how it got collided and why he CAN’t prevent future collisions – only users can: Using Pads (salts). Similarly 128-bit “public key” encryptions have a half life which shrink in “tic-toc” time.

          In the end, the law today is meant to prevent “communicating” or “sharing” information the feds can’t understand. And I agree with that, especially today. However, private systems where communication is never intended or desired, has never been can never can be illegal. But if storing my passwords and pin numbers on my computer in a manner that NO ONE ELSE can read, I’m fine with that and so are the courts.

    • By Any

      Just what exactly are you on about? The NSA does not have root backdoor access to our physical computing devices. Such an absurdly obvious and ham-fisted effort to spy would be quickly and easily detected by monitoring traffic to and from your computing device and the Internet. In addition, it is completely unnecessary for the NSA to have root backdoor access to physical devices if they can control the data that is transferred *between* those devices on the Internet.

      That is of course, unless you secure your communications with the appropriate tools and measures. Acquiring a reliable and trustworthy VPN service would be a great start, in addition to using a browser like JonDoFox. Use a secure phone service like Red Phone, and use secure chat programs for instant messaging like CryptoCat. Also, do not trust email, ever, as it is impossible to truly secure given the current methodologies employed in its protocols.

      Beyond these measures, you can personally encrypt files for transfer or storage in places like DropBox using TrueCrypt among other services. You can also hide messages in photos or other files (known as steganography).

      At any rate, do your own research in addition to what I have suggested in order to better understand how all these pieces fit together and what constitutes secure communications. The truth is we are awash in opportunities to secure our communications, but unfortunately due to unwarranted despair or laziness many of us choose not to take advantage of these opportunities.

      • Paul Noel

        The problem here is that you have not seen the Requests for Proposal that the NSA did for their software which years ago were public. I have. I agree that laziness etc has done a lot and much more. Steganography etc works as long as the photo differential is not known, else it is just a code like any other. The issue is private key. The issues of locking up security are deep but the worst of these is that the NSA really does have below root access if they want to decrypt and all of your actions can be tracked including Key Logging and more. Even encrypting and moving between machines is a difficult thing. Using a USB stick isn’t a secure way to do this. I see this because I work for the US Army and they have essentially banned USB sticks because China was setting spyware in the setup chips.

        The only sure way I could be absolutely sure that the document didn’t get cracked and the keys didn’t get logged would be to use something like an Arduino (Very simple device) to handle the data transfer. It could actually be done with one live. You would have to write the firmware, which is actually quite easy.