The adversary's primary goal is direct compromise and bypass of Tor, causing the user to directly connect to an IP of the adversary's choosing.
The adversary's primary goal is to de-anonymise the user by compromising or bypassing Tor, causing the user to directly connect to an IP of the adversary's choosing.
2.**Correlation of Tor vs Non-Tor Activity**
2.**Correlation of Tor vs non-Tor activities**
If direct proxy bypass is not possible, the adversary will likely happily settle for the ability to correlate something a user did via Tor with their non-Tor activity.
This can be done with cookies, cache identifiers, JavaScript events, and even CSS.
Sometimes the fact that a user uses Tor may be enough for some authorities.
Sometimes, the fact that a user uses Tor may be enough for some authorities.
3.**History disclosure**
The adversary may also be interested in history disclosure: the ability to query a user's history to see if they have issued certain censored search queries, or visited censored sites.
The adversary may also be interested in a user's browsing history.
They may wish to determine whether if and when a user has visited a censored or illegal site.
They may wish to learn search queries or the other contents of a user's browsing session.
4.**Correlate activity across multiple websites or services**
4.**Correlation of activity across multiple site or services**
The adversary may want to correlate user identities or sessions across multiple remote services.
For instance, advertising networks may wish to know that a user who visited `site-x.com` is the same user that visited `site-y.com` to serve them targeted ads while law-enforcement may wish to associate anonymous activity on `site-b.com` with a known identity on `size-a.com` to build a criminal case.
