The NSA Tracks Tor Users Entry and Exit Nodes Using Fake Google Ads

The system that the NSA uses to locate and identify Tor users begins, at least sometimes, with the buying of ads on networks like Google’s AdSense.

“Just because you’re using Tor doesn’t mean that your browser isn’t storing cookies,” said Jeremiah Grossman, a colleague of Hansen’s who also specializes in browser vulnerabilities.

As Grossman described the procedure to CNET, the NSA is aware of Tor’s entry and exit nodes because of its Internet-wide surveillance.


“The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users,” he wrote.


The NSA buys ads from ad display companies like Google and seeds them around Tor’s access points.

Not all Tor installations are created equal, added Hansen, who has an unusual pedigree in the browser vulnerability field because he’s also a veteran of the ValueClick ad network, which was later bought by DoubleClick, which subsequently was purchased by Google.

“It depends on whether you’re using Tor Button or Tor Browser,” he said. “The Tor Button tends to be more secure because as you jump in and out of the Tor Browser, it tracks cache and cookies.”

However, since the Tor Project now includes a patched version of Firefox, it recommends not using the Tor Button and only using the standard Tor Browser Bundle instead.

More secure than either, Hansen said, was to run Tor on a virtual machine so that cookies and cache are dumped when the machine is closed, and the kind of man-in-the-middle and man-on-the-side attacks described by Schneier are avoided.

“If you don’t take the critical steps to protect your privacy, you will be de-cloaked if you’re doing something interesting,” Hansen said.


“The NSA then cookies that ad, so that every time you go to a site, the cookie identifies you. Even though your IP address changed [because of Tor], the cookies gave you away,” he said.


5 responses to “The NSA Tracks Tor Users Entry and Exit Nodes Using Fake Google Ads

  1. Pingback: Nexus 5 - Noticias y fotos de teléfonos móviles, tabletas android, IOS y Windows phone » Social Password Decryptor: Recupera las contraseñas olvidadas de redes sociales

  2. Pingback: Tech News Thursday | W3 V2

  3. Pingback: #NSA Tracks Google Ads – Using A Little Jiu-jitsu – To Find Tor Users | Ace Worldwide Services

  4. Pingback: Blast from the past: How I knew that TOR had been hacked*, and more–it’s not JUST Fox Acid they are on | more useful than suicide

  5. Pingback: The Internet Browser NSA Doesn’t Want You To Use | TheSurvivalPlaceBlog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s