A Comprehensive Evaluation of the Impact on Tor Network Anonymity Caused by ShadowRelay.

As a distributed anonymous network run by volunteers, Tor relays are often manipulated by operators to achieve their goals. Our work reveals that some relays, named ShadowRelay, are bound to hidden nodes and actively forward user traffic to the next-hop relay or target without the user's knowledge. To detect ShadowRelays, we developed HiddenSniffer based on client and Tor relay collusion, and found 162 hidden nodes distributed across 22 countries, along with 85 Shadow Relays which account for 2.08% of the total relay bandwidth. Additionally, there exists a family relationship among the Shadow Relays, with the largest family containing 24 members. The experimental results indicate that ShadowRelays have increased the number of ASes capable of sniffing user traffic by 27.6%, and improved the ability of 14.7% of attackers to launch traffic confirmation attacks. Furthermore, ShadowRelays adversely impact the Tor network's availability by introducing increased transmission delay within the circuits.