Turns out not even one of the most secure transfer protocols on the planet Tor is safe from the all-encompassing wrath of Heartbleed.
Cracking connections in the last place you’d expect, today one of Tor’s three original developers wrote on the Tor mailing list that the relay network could lose up to 12 percent of its overall power thanks to the Heartbleed bug, with thousands of node providers still relying on unstable versions of OpenSSL to encrypt their communications on the computers which help keep the meshnet up and running smoothly.
“I/we should add to this list as we discover other relays that come online with vulnerable openssl versions,” Peter Dingledine writes. He also adds that there are plenty of places for Tor’s operators to look, as to date they have only considered “… the relays with Guard and/or Exit flags, so we should add the other 1000+ at some point soon.”
An analyst at TrendMicro went on to confirm that many of the providers Tor depends on in order to protect the identity of foreign dignitaries, confidential informants, and digital drug dealers from different countries around the world were infected with pieces of software that snuck in on the back of the increasingly ubiquitous bug.
The Deep Web is first and foremost concerned with the security of users and their ability to stay anonymous. Exposure to a hole in OpenSSL holds the terrifying potential that members of this miscreant network could have been subjected to the same levels of surveillance and trackability that the average American has enjoyed under the unrestricted reign of the NSA these past 15 years.
Tor is where people go to get away from these kinds of problems, the last bastion of a truly anonymous Internet, and if something as deviously simple (yet horribly destructive) as Heartbleed can seep through the cracks this easily…maybe it’s just too much responsibility to place the sanctity of that concept on the shoulders of ultimately fallible programmers and a random, openly-sourced code monkey from the net.