Tor coders harden the onion against surveillance by Paul Ducklin.
From the post:
A nonet of security researchers are on the warpath to protect the Tor Browser from interfering busybodies.
Tor, short for The Onion Router, is a system that aims to help you be anonymous online by disguising where you are, and where you are heading.
That way, nation-state content blockers, law enforcement agencies, oppressive regimes, intelligence services, cybercrooks, Lizard Squadders or even just overly-inquisitive neighbours can’t easily figure out where you are going when you browse online.
Similarly, sites you browse to can’t easily tell where you came from, so you can avoid being traced back or tracked over time by unscrupulous marketers, social engineers, law enforcement agencies, oppressive regimes, intelligence services, cybercrooks, Lizard Squadders, and so on.
…
Paul provides a high-level view of Selfrando: Securing the Tor Browser against De-anonymization Exploits by Mauro Conti, et al.
The technique generalizes beyond Tor to GNU Bash 4.3, GNU less 4.58 Nginx 1.8.0, Socat 1.7.3.0, Thttpd 2.26, and, Google’s Chromium browser.
Given the spend at which defenders play “catch up,” there is much to learn here that will be useful for years to come.
Enjoy!