It is often asked facetiously that if one has nothing to hide, then why worry about privacy. A sharp retort might be to ask whether such people would be content to have no blind at the bathroom window. We all reserve the right to privacy in our lives. At a time when books are once again being blacklisted, banned, and burned, minority voices gagged, and conflicts multiply around the world with righteous certainties on all sides, the question of privacy is once again high on the agenda.
Against this backdrop, the Tor Browser brings new complexities to the debate and to the field of digital forensics. Tor, short for “The Onion Router” is a web browser designed specifically to anonymise a user’s internet activity. It essentially routes traffic through a layered network of encrypted relays. It can be coupled with a virtual private network (VPN), but even without it, Tor can conceal a user’s internet protocol (IP) address, their whereabouts, and the trail of sites they have visited.
The Tor Browser makes it almost impossible for conventional tracking tools to link online actions to a specific individual. This makes it an important tool for those people who are being banned, gagged, and censored. It can be a critical part of working for journalists reporting under authoritarian regimes, political dissidents, whistleblowers, and vulnerable groups. It allows users to reduce the risk of surveillance, persecution, and retaliation.
Unfortunately, as with every tool since the dawn of humanity from the hand axe onwards, it can be used for illicit purposes. As such, cybercriminals have embraced Tor. It allows access to the so-called dark web, an unindexed part of the internet that hosts both lawful and unlawful content. As such, investigators attempting to trace illegal activity on the dark web now face a technological stalemate. Traditional forensic tools, designed with everyday web browsers in mind, are wholly ineffective when faced with the Tor Browser’s obfuscating characteristics.
Research in the International Journal of Electronic Security and Digital Forensics, introduces “DarkExtract”, an open-source forensic tool aimed at bridging the gap between the needs of security and the demands of accountability.
DarkExtract can find host-based artefacts, fragments of data left behind on a user’s device even after a purportedly anonymous browsing session ends. Such data fragments, found in computer memory, virtual caches, and even the operating system’s files, could offer useful leads, providing sufficient evidence to reconstruct user activity and support a broader criminal investigation.
Of course, the success of a tool for countering other tools that protect a person’s privacy are important in addressing criminality. But, given the existence of rogue regimes and bad actors, they also raise the issue of that bathroom blind and the privacy of innocent users hoping to hide their decency, as it were.
Mandela, N., Mahmoud, A.A.S., Agrawal, A.K. and Mistry, N.R. (2025) ‘DarkExtract: tool for extracting and analysing Tor Browser host-based activities’, Int. J. Electronic Security and Digital Forensics, Vol. 17, No. 5, pp.563–581.
No comments:
Post a Comment