Recent revelations about the National Security Agency's PRISM operations have made privacy a top concern for both businesses and general web users. As a result many members have begun moving to use secure, privacy-focused communications and web-browsing solutions.
The Tor project has traditionally been viewed as one of the most secure options currently available in this endeavour. Tripwire security researcher Craig Young noted: "Every day millions of users participate in the Tor network allowing uncensored free speech from all corners of the globe."
From a technology perspective there is good reason for this. Tor, an acronym for The Onion Router, is a network of virtual tunnels powered by a series of voluntary relays. The tunnels and relays are designed to mask web users' movements and offer people a safe way to browse the web anonymously and host services without having them indexed on the regular open internet.
However, a recent attack that successfully compromised an unknown number of Tor hidden services has led to fresh concerns within the security community that the network may not be as safe from hackers and snooping intelligence agencies as people first thought.
The Tor Project issued a security advisory on Wednesday, warning that it has detected evidence hackers have hit Tor with "traffic confirmation" cyber attacks that could de-anonymise hidden services, and potentially individual users on the network.
Anonymizer.com chief scientist and founder Lance Cottrell cited the use of Tor's public relays as evidence that the platform is fundamentally insecure.
"This is just another vulnerability that allows hostile Tor node operators to compromise user anonymity. It's inevitable given the architecture. Tor attempts to improve user privacy by having a large number of volunteers running their servers, and sending traffic through chains of three servers so no one person need be trusted," he said.
"Unfortunately anyone can set up servers, and well-funded attackers could set up large numbers of them. Using vulnerabilities in the Tor protocol and modified servers these attackers have and will continue to be able to unmask Tor users and hidden Tor services."
CTO of Imperva Amichai Shulman mirrored Cottrell's sentiment arguing the Tor Project's open nature is overly idealistic and will always be abused by cyber criminals, making it an ongoing target for law enforcement and intelligence agencies across the world.
"Sadly the ideal of having a distributed, crowd-based network for protecting free speech is largely abused by pirates (software and content) as well as evil-doers – from child pornography to drug trafficking and terrorism," he said.
"This in turn makes the Tor network a target for all intelligence agencies as well as some domestic security organisations. I suspect the reported attack, targeted mostly at people who operate and access Tor hidden service, is of that origin."
AppRiver manager of security research Fred Touchette added weight to Shulman's claim, highlighting the FBI's 2013 Silk Road takedown operation as proof that Tor users will be a constant target of enforcement agencies.
"Ever since its conception people have been trying to find a way to de-anonymise the users of Tor. Oftentimes this was done to make it a stronger network and repair its issues, but other times it was in order to out its users," he said.
"One such situation comes to mind and that's the takedown of The Silk Road. The Feds spent plenty of time trying to crack the code before they were able to simply take control of the servers that hosted the site."
Silk Road is a deep web black marketplace only accessible through the Tor network, known to facilitate the trade of illegal substances, such as class A drugs. It was shut down in October 2013 when the FBI arrested 29-year-old Ross William Ulbricht, who is believed to have created Silk Road.
The researchers' comments run contrary to Tor's official advisory about who is responsible for the recent cyber attack. The Tor Project believes the attacks were mounted as a part of a "research" project, run by Carnegie Mellon University's Computer Emergency Response Team (CERT).
Tripwire's Young said, if the CERT did mount the attacks, it were operating outside of standard research ethics guidelines.
"If this was in fact a university research project, it was conducted without appropriate regard to users of the Tor network," he said.
"Tor protects a lot of people for a lot of different reasons, however, and even this level of detail would likely be more than enough for an oppressive regime to start hunting down dissidents. If this was in fact the work of CMU researchers, I would hope that in the future they choose to contribute to security knowledge without jeopardising public safety."
Whatever the actual source of the recent attack, it is likely Tor will face ongoing pressure from a variety of groups. The Russian government offered a reward of up to four million roubles (£65,000) for anyone who can help crack Tor in July.
Hopefully the Tor Project will use the $1.8m in funding it received from the US government to improve its security and protect its legitimate users from attack.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance