Tor traffic doubles in a week to reach highest ever level

The NSA effect or something else?

The number of people using the Tor anonymity network has doubled in a single week, reaching the highest levels since the Project starting recording traffic nearly four years ago.

The highly unusual spike began very suddenly on a single day, 19 August, taking the estimated number of clients connecting through a sample of several dozen mirrors to an astonishing 1.2 million per day, figures show.

For comparison, the average for the last year has been around 500,000 per day, with the odd peak of perhaps just under 600,000 users per day. Prior to that, there have been occasional spikes that have temporarily driven traffic beyond 500,000 per day, but the latest surge has proved hard to explain.

The rise doesn't appear to have been driven by a 'censorship event' in one particular country so much a general awareness that Tor exists in the aftermath of the NSA surveillance drama and the closing of Edward Snowden's secure email service Lavabit. A second firm selling privacy services, Phil Zimmermann's Silent Circle, remains very much open but also publically closed the email element of its offering after "seeing the writing on the wall."

A breakdown of the figures supports this hypothesis, showing the number of US clients as having spiked from under 100,000 per day to over 150,000 per day after 19 August. Likewise, in the UK numbers rose in the same period from 15,000 per day to north of 35,000 per day.

Another theory is the recent release of the PirateBrowser, a privacy browser based on Firefox. This software doesn't actually guarantee anonymity but some users might think that it adds to the privacy already on offer through Tor.

Still, Tor's volunteers remain baffled by the suddenness of the rise.

"It's easy to speculate (PirateBrowser publicity gone overboard? People finally reading about the NSA thing? Botnet?), but some good solid facts would sure be useful," said Roger Dingledine.

The extra load doesn't appear to have much effect on the performance of the service either way.

Tor conceals traffic by routing it through a series of encrypted volunteer relays, selected at random, as a way of obscuring the sender's IP address. It was considered highly secure until in early August a Firefox 17 Windows zero-day flaw was revealed to be part of an effort to undermine the security of the network.

That event might (and equally might not) have been connected to law enforcement arrest of a man called Eric Eoin Marques, alleged by the FBI to be running a child porn system through Tor. And that is the risk that a privacy system such as Tor takes; that it will be used as much by the darknet users as people trying to evade detection by totalitarian states.

Certainly Tor is used and abused, sometimes in unexpected ways. In late July ESET researchers reported that it had discovered a bot using the system as an unorthodox command and control network.

Join the CSO newsletter!

Error: Please check your email address.

Tags Silent CirclePersonal TechsecurityLavabit

More about FBINSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place