Tor is used by dissidents, journalists, whistleblowers, and shadier characters to access the Internet anonymously. Cases where people engaging in activity frowned upon by their government have been caught despite using Tor usually involve one or more of the following factors 1) Tor misconfiguration 2) Not using Tor consistently (Sabu from Lulzsec) 3) OPSEC failures (Dread Pirate Roberts of the Silk Road). Are there ways to catch people who are connecting to specific Tor hidden services even if they are doing everything right?
I will examine a theoretical attack presented in a paper published by a research group at MIT in August 2015. Their claim is that they can identify a users' involvement with hidden services with up to a 99% true positive rate and 0.07% false positive rate, using a passive circuit fingerprinting attack. Furthermore, since the attack is passive, it cannot be detected until nodes have been deanonymized.