Tor Could Cut Down on Capacity Due to Heartbleed


Heartbleed, the horrible little security exploit that has caused nearly mass panic and confusion across the entirety of the internet over the past couple of days, has taken another victim – web anonymizing service Tor.

Tor relies on a network of donated servers located across the entire world, and as it turns out, “about 12%” of these servers are running OpenSSL versions 1.0.1 to 1.0.1f – the versions of OpenSSL vulnerable to Heartbleed. As such, these servers are vulnerable to the easily exploitable security issue, which would substantial put at risk any user whose data passes through these servers. Worse, hackers could use these effected servers to discover internal documentation on the Tor network at self, putting the Tor network in its entirety at substantial risk.

That’s why Tor initial developer Roger Dingledine has suggested that these infected servers be kicked off the network, a move that would cut into “about 12% of the exit capacity and 12% of the guard capacity.” Dingledine is willing to let these servers back on the network after they’ve been upgraded, but those who don’t upgrade their servers fast enough might not be back allowed on the network even after an upgrade, likely over potential future security concerns.