What does the 2013 Eldo Kim (Harvard) case teach about the limits of Tor?
Tor hid the content of his threat, but he connected through Harvard's own Wi-Fi — so the university's logs showed he was one of very few people using Tor at that exact time, and correlation did the rest.
In December 2013, Harvard student Eldo Kim e-mailed an anonymous bomb threat (to dodge an exam) over Tor, believing he was fully anonymous. The fatal mistake: he used Harvard's campus Wi-Fi to reach Tor, and the university logged which students connected to the Tor network at the time. Since only a handful of students were using Tor at that moment, the suspect pool collapsed; combined with other clues (who had an exam then?), Kim was identified, arrested, and convicted.
Lessons:
- Contextual metadata kills anonymity: even with encrypted content, when and where you connected can identify you.
- OpSec (operational security) matters more than the tool: Tor alone isn't enough if your surrounding behaviour narrows you down.
Tip: Anonymity tech protects the content and path, not your context. Being the only person doing something unusual at a tracked time and place is itself a fingerprint.