have questions regarding Tor and a possible MiTM attack

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2026 Poal.co

765

•

when connecting to the Tor network a MITM attack, such as by an ISP for instance, can apparently be performed using which can be used to route traffic to compromised nodes in a self-contained network which can then decrypt the traffic.

from the Shadow Simulator GitHub repo:

Shadow is a unique discrete-event network simulator that runs real applications like Tor and Bitcoin, and distributed systems of thousands of nodes on a single machine. Shadow combines the accuracy of emulation with the efficiency and control of simulation, achieving the best of both approaches.

also see https://shadow.github.io/

apparently every connection to Tor first connects to 1 of 10 and several of these are in the U.S.

i just learned of this today and am wondering if anyone has any input

when connecting to the Tor network a MITM attack, such as by an ISP for instance, can apparently be performed using [The Shadow Simulator](https://github.com/shadow/shadow) which can be used to route traffic to compromised nodes in a self-contained network which can then decrypt the traffic. from the Shadow Simulator GitHub repo: > Shadow is a unique discrete-event network simulator that runs real applications like Tor and Bitcoin, and distributed systems of thousands of nodes on a single machine. Shadow combines the accuracy of emulation with the efficiency and control of simulation, achieving the best of both approaches. also see https://shadow.github.io/ apparently every connection to Tor first connects to 1 of 10 [relay authorities](https://metrics.torproject.org/rs.html#search/flag:Authority) and several of these are in the U.S. i just learned of this today and am wondering if anyone has any input

(post is archived)

You are currently inside a comment thread.

Click here to see all the comments (7).

[–] • 0 pt

There has been at least anecedotal evidence that TLAs and ISPs have been 'cooperating' for some time; that ISPs have been watching for TOR use, and informing on users, which the TLAs consider 'persons of interest'. Use of a VPN to connect to TOR is required to keep ISPs in the dark, and their yaps from yapping.

https://resources.infosecinstitute.com/topic/hacking-tor-network-follow/

https://www.techradar.com/news/tor-network-hit-by-two-major-zero-day-attacks

https://www.cvedetails.com/vulnerability-list/vendor_id-12287/product_id-23219/Torproject-TOR.html

link