2

Ok, so let's say exit node has been compromised, or it is run by NSA or whatever. Can they still track you? They obviously can see the last IP address of the server, but what about the one server before, and finally your initial IP address? If I understand correctly, it would still be secure (obviously if you don't send a POST request over HTTP or something saying "hey, my name is bill, and my ip is 811111.1111").

elephant9
  • 21
  • 1
  • 2

2 Answers2

2

In an ideal world, no. If the exit node is compromised it can only see the source tor node, the traffic destination (and potentially the traffic itself, if unencrypted).

However it's not simply a matter of you not sending "stupid" traffic such as logging in your personal e-mail.

For example, consider this scenario: the exit node is compromised, and it modifies the (unencrypted) traffic so that your client receives a payload that causes it to send traffic over the clear internet. For example, a Flash app, or malicious Javascript, or whatnot. See for example here

Of course a nation-state sponsored attacker is likely also to watch (some of) Tor's entry nodes, and in that case there's little you can do.

Nevertheless, if you assume some of the exit nodes of your Tor connections to be compromised you'll probably default to better security practices in your day-to-day Tor browsing, which overall is not a bad thing.

lorenzog
  • 1,911
  • 11
  • 18
0

As long as you use all encrypted traffic, it should not be possible to track you just via the exit node.

However, there are plenty of other attacks on the TOR network that you should note and understand before fully making use of it. E.g. https://nakedsecurity.sophos.com/2015/06/25/can-you-trust-tors-exit-nodes/ (The article contains links to formal POC papers)

Joe
  • 1,214
  • 1
  • 11
  • 16