Have you ever used an anonymizing overlay network? And even if you haven’t, how much trust would you put in one? The Tor network is getting a large number of users (500,000+), but what are the associated privacy risks?

This paper describes an experiment the authors conducted over a long period of time (30 months), passing unencrypted decoy credentials through all Tor exit nodes (separate credentials per node), using honeypot-like servers to detect any illegitimate use of these credentials.

The paper provides a good background on both anonymizing overlay networks and eavesdropping detection, and describes the experiment in great detail--though maybe too much, with “Introduction,” “Background,” and “System Architecture” sections repeating parts over the first eight pages.

The paper elaborates on the 18 incidents recorded. Interesting insights into how the experiment evolved based on earlier observations are also presented (for example, adding an SSH honeypot after attempts to reuse eavesdropped Internet message access protocol (IMAP) credentials with SSH). There are also interesting behavioral aspects of both the experiment design (realistic use of decoy credentials) as well as the response of malicious node operators (nodes being taken down after decoy credential use); unfortunately, the paper does not elaborate on these further.

Overall, it was an interesting read, though my expectations were higher given the length of the paper.