I've talked before about how Tor can protect your anonymity on the Internet only if you use it in the right way. However, how users interact with Tor is not the only possible source of a loss of anonymity. As far back as 2014 the Tor project was looking for "Bad Onions".
As Tor is a system run by volunteers it is possible for people to set up malicious relays. It has been used by researchers trawling for hidden services but it has become clear that the numbers of "spoiled onions" is rather higher than might be explained by purely academic research. Whether it's criminals or governments is irrelevant: what it shows is that Tor is potentially susceptible to people setting up malicious relays (including exit nodes) to unmask users.
Whilst the Tor project is taking steps to root out these spoilers it is also become apparent recently that Tor is vulnerable to attacks such as Sybil attack. The Tor project are obviously aware and so not surprisingly they are looking into how all of these potential vulnerabilities can be countered to protect users anonymity.
Interestingly, researchers from MIT released a proposal for a different network recently. The general structure will not be unfamiliar to those who understand Tor but it appears that it can protect anonymity if only one of the relays in the chain remains uncompromised.
Unlike Tor, which uses onion routing, or the alternatives previously mooted such as Dining-Cryptographer Networks and mixnets , this new network (called Riffle) proposes both a pure new protocol and a hybrid. It is client-server based but in order to maintain bandwidth efficiency it uses symmetric encryption.
The new protocols described in detail in the Riffle research paper appear to be provably secure against precisely the threat model that has caused such concern in Tor. It'll be interesting to see if this causes a rethink in anonymous networking or if there is now so much momentum behind Tor that it continues despite its potential problems.
It has always been the case that traffic analysis has been a means of unmasking even the most protected networks, so the fact Riffle appears to protect against this very powerful technique is likely to find applications in more than just in the Internet. I can imagine it being applied in a range of networking situations, not least radio networks.
Watch that space.
