We Mapped 19 Tor Snapshots. Most Exits Are Run by Privacy NGOs. The Commercial-Cloud Tail Is the Story Nobody Wants to Talk About.

We pulled and indexed nineteen Tor consensus snapshots between April 20 and April 26 as the first real dataset for our Tor Infrastructure Attribution Framework. The framework is doing what we built it for — clustering exit relays by operator, ASN, and country to give defenders a picture of who runs the network they sometimes need to make trust decisions about. This post is the first analysis pass against that dataset, and the finding is worth publishing.

A note on what we are and are not doing in this work, because the line matters. We observe public Tor consensus data published by the Tor directory authorities. We cluster it into operator-level intelligence for defenders. We do not run de-anonymization attacks against Tor users. We do not identify specific people behind hidden services. We do not coordinate with law enforcement on prosecution-relevant data. The CERT/CC at Carnegie Mellon University ran a different kind of project in 2014 that crossed those lines — actively attacking relays, feeding identification data to the FBI for Operation Onymous, breaking academic disclosure norms with Tor Project. That project is the line we don't cross. What follows is operator-level public-data analysis, not user-level de-anonymization research.

Here is what the data says.

The top Tor exit operators by relay-instance count across our nineteen-snapshot dataset are dominated by legitimate privacy NGOs. 1337 Services GmbH runs the largest cluster at 13,704 relay-instances. Then DFRI (the Swedish Foreningen för digitala fri- och rättigheter — Foundation for Digital Rights), Artikel10 e.V (German privacy advocacy), Foundation Applied Privacy (Austria), Emerald Onion (US 501(c)3 nonprofit), Digitalcourage e.V (Germany), F3 Netze e.V (Germany), Association Nos Oignons (France), ForPrivacyNET (Germany), FlokiNET Romania. Eight of the top ten ASNs are explicit digital-rights nonprofits or registered privacy advocacy organizations.

That is the part of the network most people don't know about. Tor's exit-relay infrastructure is significantly NGO-funded and NGO-operated, in a way that is structurally aligned with the Tor Project's mission. If you are a defender thinking about Tor exit traffic risk, the baseline is that the network is mostly run by people who care about user privacy as a constitutional or human-rights matter, not by criminals running honeypots.

The interesting tail is the commercial-cloud ASN segment. Contabo GmbH (868 instances), Contabo Inc (352), BuyVM (1,175), Datalix (272). These are commercial hosting providers. Contabo is the well-known cheap-VPS provider out of Munich. BuyVM is a Las Vegas low-cost cloud. Datalix is a German hoster. None of these are NGOs. They are commercial infrastructure and the operators of relays running on their ASNs are paying customers, not member-funded foundations.

The signal there is not "BuyVM is malicious." BuyVM has a stated relay-friendly policy and supports Tor operators legitimately. The signal is that commercial-cloud Tor relay operation has reached the point where individual operators with limited budgets can stand up significant exit-relay capacity using whatever cheap VPS they can find. That changes the threat model.

Patrick raised the right question in the conversation that produced this post: the feasibility of a free or near-free cloud-based Tor de-anonymization attack is probably depressingly simple in 2026.

Here is the math. To control X percent of Tor exit bandwidth, an attacker needs to operate exits that, in aggregate, advertise X percent of the network's total exit bandwidth. The total exit bandwidth in our latest consensus snapshot is approximately eighteen gigabits per second. Five percent of that is nine hundred megabits per second. A cluster of cheap-VPS exit relays with 100Mbps each, twenty machines, advertised correctly, gets you to five percent of exit bandwidth. The cost: roughly two hundred dollars a month at Contabo or BuyVM pricing tiers as of April 2026. Not zero, but inside the budget of a hobbyist threat actor, a small APT operation, or a research project that wanted to demonstrate the concept and be sued by the Tor Project for it.

The bandwidth-control attack is not the only one. Traffic correlation between guard relays and exit relays — the standard attack vector documented since the original Tor design papers — does not require controlling a high percentage of the network if the attacker has visibility into specific guard-exit pairs. Tor's threat model has always assumed that an adversary capable of monitoring both guard and exit nodes can correlate flows. That adversary used to require nation-state intelligence agency budgets. In 2026, with the cloud-tail of exit operators that our data shows, that adversary requires a few hundred dollars and a willingness to ignore the legal and ethical lines.

The defender intelligence that comes out of this dataset.

For SOC teams making trust decisions about Tor exit traffic touching their networks, our snapshot-based ASN clustering is now in a usable shape. Traffic from a Tor exit on an NGO ASN (DFRI, Artikel10, Foundation Applied Privacy, Emerald Onion) carries a different baseline risk profile than traffic from a Tor exit on a generic commercial-cloud ASN with no associated digital-rights mission. Neither is automatically suspicious. Both are policy decisions for the SOC. What we can give you is the data to make the decision deliberately rather than treating "Tor traffic" as a single undifferentiated category.

The specific cluster we documented in our 50 Tor Exit Relays. One Operator. Same ASN as Interlock Ransomware C2. post on April 20 is a different beast. That cluster is an operator running consistent exit infrastructure on an ASN that hosts Interlock's command and control servers. The colocation is the signal. We do not assert that operator IS Interlock — that requires evidence we do not have. We do assert that any traffic from that exit cluster touching defender networks should be treated with elevated scrutiny because the infrastructure-level overlap is not a coincidence we should ignore.

The public-policy question this raises.

Tor's exit-relay operator economics depend on volunteer NGOs covering most of the network for legitimate reasons (anti-censorship, journalist protection, dissident communication). When commercial-cloud operators can stand up meaningful relay capacity for two hundred dollars a month, the equilibrium that keeps the network honest gets harder to maintain. Either the NGO operators scale faster than the commercial tail (which is hard because NGO funding is limited), or commercial-cloud ASNs adopt policies that prevent abuse-class relay setups (which BuyVM-class operators have economic disincentives to do), or the Tor Project develops new mechanisms to weight relay reputation in ways that are robust to cloud-budget attackers (which is an active research area).

Cloud providers reading this should care because the same economics that make low-cost VPS attractive for legitimate Tor operators also make them attractive for de-anonymization research that crosses lines. If your AUP doesn't address Tor relay operation, your platform is already part of this calculus whether you've thought about it or not.

What we do next with this dataset.

We have nineteen snapshots and a working scheduler now collecting four per day. By end of May we will have approximately one hundred twenty snapshots. That is enough data to run real diff analysis against operator stability — which clusters churn, which stay stable, which appear and disappear together. We will publish the diff-analysis post in early June. We will also continue to surface specific operator clusters that warrant defender attention as we identify them, and we will continue to do so at the operator level rather than the user level.

For paying customers of our STIX feed, the Tor exit-relay ASN clusters are now part of the daily indicator stream. If your SIEM scoring is up-to-date on our feed, the clustering is already in your detection logic.

Sources: our own tor_relays index covering nineteen snapshots Apr 20-26 (10,067-10,269 relays per snapshot), public Tor Project documentation on relay flag semantics, Tor Project research papers on traffic correlation attacks, our prior coverage in 50 Tor Exit Relays. One Operator. Same ASN as Interlock Ransomware C2. and Interlock Had a Zero-Day for 36 Days. We Had Their IOCs..

The cheapest, fastest, most accurate threat feed on the internet.

275+ enterprises pulling daily. 1M+ IOCs. 17.4M indexed documents. We beat Zscaler by 43 days on NrodeCodeRAT. Starter tier $9/mo — less than any competitor's sales demo.

Look up an IOC → · Audit your brand on AIPM → · See pricing →

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com