Rob G. Jansen, PhD

Computer Scientist, Researcher, and Principal Investigator
U.S. Naval Research Laboratory, Washington, DC, USA

Publication Details

  1. Citation

    Giovanni CherubinRob Jansen, and Carmela Troncoso:
    Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World. USENIX Security Symposium, 2022.

    Author Links

    Venue Links


    USENIX Security 2022 Distinguished Paper Award
    2022 Internet Defense 2nd Prize

    Media Mentions



    Website fingerprinting (WF) attacks on Tor allow an adversary who can observe the traffic patterns between a victim and the Tor network to predict the website visited by the victim. Existing WF attacks yield extremely high accuracy. However, the conditions under which these attacks are evaluated raises questions about their effectiveness in the real world. We conduct the first evaluation of website fingerprinting using genuine Tor traffic as ground truth and evaluated under a true open world. We achieve this by adapting the state-of-the-art Triplet Fingerprinting attack to an online setting and training the WF models on data safely collected on a Tor exit relay—a setup an adversary can easily deploy in practice. By studying WF under realistic conditions, we demonstrate that an adversary can achieve a WF classification accuracy of above 95% when monitoring a small set of 5 popular websites, but that accuracy quickly degrades to less than 80% when monitoring as few as 25 websites. We conclude that, although WF attacks may be possible, it is likely infeasible to carry them out in the real world while monitoring more than a small set of websites.


      title = {Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World},
      author = {Cherubin, Giovanni and Jansen, Rob and Troncoso, Carmela},
      booktitle = {USENIX Security Symposium},
      year = {2022},