Dr. Neal Krawetz has many good discoveries on Tor flaws in his website Hacker Factory.
Useful links: (There might be more, But the search engine is awful so i just posted what i have found)
- Tor 0day: Snowflake
- Tor 0day: Finding Bridges
- Tor 0day: Burning Bridges
- Tor 0day: Stopping Tor Connections
- A New Tor Attack
- Tor Attacks Revisited
- Behind the Tor Attacks
- Stopping Tor Attacks
- Attacked Over Tor
…etc
He gave a reasoning behind why TPO is failing to solve these issues before hand or even not within the right time frame after have been reported: (you find it in Tor 0day: Snowflake)
Tor: State of the Onion
Earlier this year, I attended the Tor Project’s online “State of the Onion” presentation. During the presentation, different members spoke about all of the great things that the Tor Project was doing to advance online privacy, anonymity, and anti-censorship. They even praised snowflake as a success.If you didn’t know the technical details, then you might get the impression that this was very positive and incredible forward movement. The amount of spin from the Tor Project was as good as any nation-state or political announcement.
But behind the scenes? They haven’t addressed any of their core issues. If someone wants to track you through Tor, deanonymize your network activity, or prevent you from accessing Tor, then they can do it and you cannot stop them. And if you do something illegal over Tor and you haven’t been arrested, then it’s only because there are bigger villains than you; you’re not a high priority – yet.
Today, the Tor Project seems to be more focused on fund raising than actual privacy, anonymity, or anti-censorship. I wonder if they will ever start fixing these known issues.