Tor Implements Improved Anonymity Protection - How Secure is Tor Now?

Tor has been long focused on improving its security features to ensure users benefit from the privacy levels they are looking for, many have been trying to crack these security measures in an attempt to locate users. The FBI, for example, has been abusing bugs in the underlying Firefox browser to compromise the anonymity of Tor users, but that might no longer be possible soon. Researchers from the University of California, Irvine (UCI), say that an enhanced and practical load-time randomization technique can be used in Tor to defend against exploits. Called Selfrando, the solution should improve security over standard address space layout randomization (ASLR) techniques employed by Firefox and other mainstream browsers at the moment. “We collaborated closely with the Tor Project to ensure that selfrando is fully compatible with AddressSanitizer (ASan), a compiler feature to detect memory corruption. ASan is used in a hardened version of Tor Browser for test purposes. The Tor Project decided to include our solution in the hardened releases of the Tor Browser, which is currently undergoing field testing,” the security researchers say. According to them, Selfrando is meant to counter code reuse exploits, which involve an attacker trying to exploit a memory leak to reuse code libraries that already exist in the browser. The exploit allows an attacker to rearrange code in the application’s memory to have the malware up and running. Will these security enhancements prove to strengthen Tor's anonymity shortcomings? Share your comments with the Cloud and Cyber Security Center.