Tor guard nodes are the most important part or Tor user anonymity. It is required for them to be run by independent operators without malicious intent. Many Tor user’s have no sufficient technical skills to run their own entry nodes, so Tor network distributes them for free and relies on voluntary operators. A different approach is, for example, practiced by Monero network where user’s are encouraged to run and use their own nodes despite Dandelion++ anonymizing protocol.
Flow correlation attacks such as DeepCorr (far more efficient than RAPTOR) are performed when attacker can observe traffic at both ends of Tor circuit. Either both guard and exit nodes of user connection to a clearnet website, both guard node and target webserver, as well as both guard node and any proxy part of target website infrastructure (eg. Cloudflare). In case of connection to an Onion Service, this would require observation of both user’s and hidden server’s guard nodes. Then, a cooperation with ISP’s can yield results which point to a particular Tor user. Hence guard nodes should be out of reach for an attacker, to not meet criteria required by a flow correlation attack to occur.
Unfortunately, by design, Tor chooses a random node as a primary guard and rotates them few times a year. Attacker may control hundreds of “Unnamed” nodes (why bother with characteristic naming schemes), bypassing any country or IP range limits through distribution in various data centers (which often offer colocation in many countries), and leverage bandwidth inflation attacks such as MirageFlow to attract as much user traffic to adversarial relays as possible. As it has been observed in KAX17 case, these botnets are not just a theory and occur in practice. Many of them have been running for over a year until recently, just before a big DNM being shut down (correlation does not imply causation, right).
This may be controversial as it is in many aspects against Tor Project narrative, but I would like to describe the point of view from different communities. As I’ve read, these issues are known to communities and there are many different self-developed approaches to mitigation, as Tor Project in their opinion still, in 2025, ignores fact of this attacks being a real threat. Users often decide to use a VPN before Tor, and to choose obfs4 bridges instead of a direct connection. Why VPN+OBFS4?
VPN: because adversary ISP would only be able to see connections to VPN servers, not Tor nodes. It would require to run complex DPI to detect hidden Tor connection by analysis of packets size (mitigating attacker’s ability to confirm Tor connections). Many VPN companies do cooperate with LE but it is rather on demand IP log sharing than real-time metadata access. Covering all network traffic by a VPN, including non-Tor also protects against pattern-of-life analysis. Lastly, VPN usage is far more popular than Tor due to aggressive marketing, making it easier to blend in.
Bridges: to force use of specific nodes, often hosted by users on anonymously bought VPS, eliminating malicious guard node scenario (accidental connection to KAX17-like botnets). Users can choose country (outside of USA and EU), data center (one that does not actively help LE to attack it’s own customers like Hetzner), configuration (such as anti-DDoS firewall rules, more control for advanced users), pay hosting fees in Monero and manage VPS anonymously through SSH over Tor. Users also publish their bridges to BridgeDB for other users to mix in.
Obfs4: although outdated, iat-mode=2 add delays and is proven by DeepCorr researchers to mitigate flow correlation attacks. It is also believed to break detection of Tor packets hidden in VPN tunnel through DPI inspection (as it splits data into variable-length packets).
Should WebTunnel provide advanced configuration options to make modern flow correlation attacks difficult (“Safest” mode with added delays and randomized packet length) for those who do not seek performance over security? Should torrc have a setting to consider only nodes following ContactInfo Information Sharing Specification (CIISS) as guards? What is your opinion on VPN+OBFS4 in the following use case? What is your opinion on running own guard node and Monero community approach?
DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning https://people.cs.umass.edu/~amir/papers/CCS18-DeepCorr.pdfMirageFlow: A New Bandwidth Inflation Attack on Tor https://www.ndss-symposium.org/wp-content/uploads/2024-1133-paper.pdfLaw enforcement undermines Tor Hide Tor use from the Internet Service Provider Tor obfs4 bridge with iat-mode=2 Tor obfs4 bridge with iat-mode=2