Here's how his team did it, in simple terms: they repeatedly injected typical HTML files a Tor user would access into a router's connection. Since Netflow was designed to break down and analyze traffic depending on what you use the internet for (say 25 percent email and 50 percent web browsing), they could check who accessed those HTML files and get their IP addresses. He's convinced that a large organization (like, well, the government) can easily uncover the identities of Tor users if it wanted. In fact, he says one doesn't even need the resources of a powerful organization to do so, as a single autonomous system programmed to de-anonymize Tor clients can monitor up to 39 percent of the browser's traffic.

Jayson Street of Pwnie Express advises people to rely not just on one method if they truly want to be anonymous on the internet. As he told International Business Times:

End users don't know how to properly configure it -- they think it's a silver bullet. They think once they use this tool, they don't have to take other precautions. It's another reminder to users that nothing is 100 percent secure. If you're trying to stay protected online, you have to layer your defenses

If you don't mind sifting through scientific lingo and want to know the details about Chakravarty's methods, you can check out a paper (PDF) he published with colleagues while he was still at Columbia.