Purpose ‐ It is increasingly difficult to ignore the importance of anonymity on the internet. Tor has been proposed as a reliable way to keep our identity secret from governments and organizations. This research evaluates its ability to protect our activity on the Web.
Design/methodology/approach ‐ Using traffic analysis over ACK packets among others, fingerprints of websites can be created and later on used to recognise Tor traffic. Findings ‐ Tor does not add enough entropy to HTTP traffic, which allows us to recognise the access
to static websites without breaking Tor's cryptography. Research limitations/implications ‐ This work shows that the method presented behaves well with a limited set of fingerprints. Further research should be performed on its reliability with larger sets. Social implications
‐ Tor has been used by political dissidents and citizens in countries without freedom of speech to access banned websites such as Twitter or Facebook. This paper shows that it might be possible for their countries to know what they have done. Originality/value ‐ This paper
shows that while Tor does a good work keeping the content of our communication, it is weak protecting the identity of the website being accessed.