Tor, the sometimes-controversial internet-traffic-anonymising service, is bleeding thanks to Heartbleed.
Roger Dingledine, one of Tor’s three original co-developers and now the project’s leader, director and researcerh, has posted to the Tor relays mailing lists with his assessment that “we’ll lose about 12% of the exit capacity and 12% of the guard capacity.”
The reason for the degradation is that some Tor nodes are running compromised versions of OpenSSL. Tor’s overlords , sensibly, appear to be looking at the service’s participants to check whether they are likely to Heartbleed out if attacked. As they find problems, they exclude the nodes from the network.
“I/we should add to this list as we discover other relays that come online with vulnerable openssl versions,” Dingledine writes. He also adds that there are plenty of places for Tor’s operators to look, as to date they have only considered “… the relays with Guard and/or Exit flags, so we should add the other 1000+ at some point soon.”
Tor’s overseers are doubtless not alone in having a lot of Heartbleed-related work to do. That they have that work to do, and that Tor is degraded by the vulnerability, is more evidence of the very significant impact the problem is causing. ®