Corporate security pros can add a new task to their busy days: handling panicky employees worried about privacy who are using the onion router (Tor) browser as a way to protect their online activity.That practice translates into additional security alerts that require time-consuming manual sorting to determine whether the persons behind Tor sessions are friend or foe, says George Gerchow, vice president of security and compliance\u00a0at Sumo Logic.Ever since congressional action started a few weeks ago to roll back privacy regulations governing ISPs, Gerchow says has seen a dramatic increase in the use of Tor for accessing his company\u2019s services, meaning security analysts have to check out whether the encrypted, anonymized traffic coming through Tor is from a legitimate user.Because the source address is that of a Tor node, it\u2019s difficult to determine whether the sender is actually authorized. These login attempts from Tor could originate from attackers who have stolen a legitimate user\u2019s credentials, he says. So that kicks in an investigation.\u201cWe start forensics right away,\u201d Gerchow says. \u201cIs it really a customer? Is it really the person we think it is?\u201dIn some cases finding out means directly contacting the person whose login was used to confirm that their credentials haven\u2019t been compromised. Tor sessions used to crop up once a week or so, but now they roll in as often as 15 times a day, he says. That means added workload for security analysts.Gerchow says that so far every Tor login session Sumo Logic has come across proved to be a legitimate user who has taken to using the browser on their own initiative to prevent ISPs from selling browsing history to marketers so they can direct ads at them. \u201cPeople are just trying to protect themselves,\u201d he says.But the danger is that if so many of these come in and are found not to be threats then analysts become numb to them. Eventually one of the Tor logins will be an attacker. \u201cWhat if we miss one?\u201d he says.Gerchow\u2019s looking for ways to automate the process in order to reduce the time it takes to check out these logins. He\u2019s also urging universal use of multi-factor authentication to make it that much harder for attackers to compromise credentials.Privacy rollback aftermathUse of Tor and other means to obfuscate who\u2019s using the internet are likely to increase now that President Donald Trump has signed the rollback into law.The law nullifies regulations set by the Federal Communications Commission in December that made ISPs get customer approval before they could sell information about their browsing habits. Now ISPs can sell it by default and customers have to opt out, a more involved process, says Ernesto Falcon, legislative counsel for the Electronic Frontier Foundation.The legislation also bars the FCC from addressing this issue in the future. Enforcing privacy is now shifted to the Federal Trade Commission.+ RELATED: 10 privacy tips for the post-privacy internet +Falcon predicts that at some point ISPs will push the envelope on selling this data and there will be pushback. \u201cThe day will come when the FCC will have to act because something so egregious happens,\u201d he says.Jonathan Hill, dean of the Seidenberg School of Computer Science and Information Systems at Pace University, is similarly concerned. \u201cThe Pandora\u2019s box is now open, and we don\u2019t know what\u2019s going to fly out,\u201d he says.Businesses have other reasons to worry about the new law, Hill says. Most businesses have contracts with their providers that spell out limits on what they can do with browsing histories, but there are cracks that these restrictions could fall through. For example, telecommuters likely use their home internet service, so that consumer account would not be subject to the contract, Hill says.He recommends that businesses review those contracts to be sure they restrict use of these histories.ISPs are not allowed to sell information that is directly linked to an individual\u2019s name, he says, but that data is stored by ISPs. The fear is that the data and the personal identification could somehow be hacked, he says.Training of employees on safe browsing is important in general, he says. Traveling workers should avoid using airport Wi-Fi, he says, because glimpses of browsing and hence what the employee is interested in, can be hacked. Knowing that could be valuable to competitors, he says. \u201cDon\u2019t connect to airport Wi-Fi except with a VPN,\u201d he says.Omer Tene, vice president of research at the International Association of Privacy Professionals, is less concerned that ISPs will actually violate corporate privacy agreements, but he does recommend use of encryption or a VPN when connecting to corporate resources. \u201cThere are bigger threats out there than Verizon,\u201d he says.