DNS exploit can be used to identify Tor users
Researchers from Princeton University, Karlstad University, and the KTH Royal Institute of Technology have discovered a method that allows attackers to deanonymise Tor users by exploiting the Domain Name System (DNS). The research shows how an attacker can use DNS requests to mount highly precise website fingerprinting attacks: mapping DNS traffic to websites is highly accurate even with simple techniques, and correlating the observed websites with a website fingerprinting attack greatly improves the precision when monitoring relatively unpopular websites. The researchers note that there is no immediate cause of concern for Tor users, as not many entities are in a position to mount such attacks, and considering that The Tor Project is already working on improved website fingerprinting defenses.