For folks interested in alternative protocols with improved security, I2P has been lauded as an alternative to TOR that is immune to the vulnerabilities that TOR has been shown to have in recent years. This blog discusses specifics about the newly discovered exploit that can "de-anonymize i2p hidden services with a message replay attack".
While it's not something that affects me personally and directly, by compromising I2P sites, it does indirectly affect me, and everyone else interested in free speech. There is a fix for the problem, so if you are using I2P, or know someone that is, I strongly recommend going to the above link and patching your system.
"If you host eepsites with Java i2p and are running older than i2p 2.3.0, update it as soon as possible."
I hope everyone affected directly by this exploitable vulnerability updates their I2P to 2.3.0 without delay.
Edit: while scrolling around to learn more about these issues I found the following solution to 'correlation attacks' that creepy stalkers with deep pockets may be using on the TOR network.
Noisy is a command-line tool for generating random DNS and HTTP/S internet traffic noise.
A "correlation attack" is a way that powerful adversaries can deanonymize Tor users. The traffic that goes "in" and "out" of the Tor network can be correlated to break Tor's anonymity, and this risk is all the more realistic with advances in Machine Learning.
The Tor Project officially recommends to "do multiple things at once with your Tor client" to counter correlation attacks: "an adversary that externally observes Tor client traffic to a Tor Guard node will have a significantly harder time performing classification if that Tor client is doing multiple things at the same time." An analysis of how a correlation attack was used in a trial notes "create random internet traffic when using Tor — ideally by running a script."
On Whonix Workstation, type (or copy paste) exactly the following command into the terminal:
python3 noisy.py --config config.json
This will run the noisy script based on the default configuration file provided, over the Tor network. Output will list the websites that are being visited, and look something like:
INFO:root:Visiting https://mx.ebay.com
INFO:root:Visiting https://ve.ebay.com
INFO:root:Visiting https://do.ebay.com