Digital privacy has had a very bad summer. As China and Russia move to block virtual private network services, well over a billion people face losing their best chance at circumventing censorship laws. First, China asked telecom companies to start blocking user access to VPNs that didn't pass government muster by next February. More recently, Russian president Vladimir Putin signed a law to ban VPNs and other anonymous browsing tools that undermine government censorship.

As citizens of these countries and people around the world scramble to understand the repercussions, US-based companies that operate in the countries have been swept up in the controversy. Apple complied with a Chinese government order to remove VPNs from its Chinese iOS AppStore, and the company that runs Amazon's cloud services in China this week said it would no longer support VPN use. Even hotels around China that offered VPN services to foreign visitors are largely curtailing the practice.

China and Russia's recent actions aren't new movements toward censorship, but they are escalations. And they leave citizens with few viable options for accessing the open internet.

While the suppressive efforts share the same end goal, they do take different forms. China has laid the foundation for its "Great Firewall" for more than two decades, attempting to control citizens' internet access on a very large scale. Creating and upgrading such a system over time takes massive resources. While Putin has praised the approach, Russia doesn't have a comparable apparatus. Instead, since about 2012, the Kremlin has gradually built up a web of legislation that shapes and controls the Russian internet through legal force more than technical control.

"These crackdowns and ratcheting up of internet censorship in China tend to ebb and flow, and so it is possible that eventually we may see VPNs sort of silently reappear," says Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation. "In Russia what theyre doing is theyre passing more and more draconian laws that are extremely difficult to implement. The reason for this is it makes sure that at any given time everyone is breaking the lawanyone that the government wants to target and wants to lean on for information is in violation of the law."

Emily Parker

Apple Caved to China, Just Like Almost Every Other Tech Giant

Jeremy Hsu

Why Apple Is Losing Its Shine in China

Julia Greenberg

Netflix May Never Break Into China

Both approaches have made Russia and China insular markets, challenging for international companies to operate in. Apple, which has been accused of hypocrisy for pushing back against government surveillance in the US while complying with VPN takedown requirements in China, worked for years to enter the Chinese market. "We would obviously rather not remove the apps, but like we do in other countries we follow the law wherever we do business," company CEO Tim Cook said in an earnings call on Tuesday. "We strongly believe participating in markets and bringing benefits to customers is in the best interest of the folks there and in other countries as well."

The VPN crackdowns in China and Russia came as no surprise to those who follow digital rights closely. "We expected it at some point, it wasn't like we didnt know where it came from," says Robert Knapp, the CEO of the Romanian VPN provider CyberGhost, which had its app removed from the iOS AppStore in China. "We had seen the Chinese government putting more and more pressure on VPN providers in a technical senseblocking our IPs, blocking the server infrastructure we were using, detecting traffic from certain sources."

After years of investing in technical control, China now seems focused on experimenting with regulatory enforcement as well. In the Xinjiang region of western China, reports indicate that the government is requiring citizens to install spyware on their smartphonesostensibly for anti-terrorism initiativesand is doing random stops to check whether local residents have complied. They have also arrested citizens over conversations in private chatrooms, indicating that the local government may be actively taking advantage of the spyware. "We are extremely alarmed. This is about as far as a nation-state has gone to submit its people to monitoring," Jeremy Malcolm, a senior global policy analyst at EFF, said of the situation in Xinjiang.

For its part, the Russian government has moved swiftly since 2012 to regulate both infrastructure and content such that is has extensive control of the internet at this point. After the Russian government took broad control of television and media in the early 2000s, the internet was the only place left for free communication. "Now the government is trying to close in on that," says Rachel Denber, the deputy director of the Europe and Central Asia division at Human Rights Watch. "Its the logical progression of things. Once you go down the road of trying to expand state control over online communication, [banning VPNs] would be the next post to hit."

The Russian government may also be reacting to the current geopolitical situation, in which the country has been called out for hacking numerous Western countries , particularly leading up to democratic elections. "The authorities may also be looking ahead to the 2018 [Russian] presidential election, and they might want to take preemptive steps to ensure that no opposition mobilization takes place online," Denber notes.

For now there are still some ways around the Chinese and Russian governments' internet barriers, if you're willing to accept the risk. iPhones can only download apps from the App Store (unless a unit is jailbroken, which is not impossible but technically difficult, and introduces a host of security vulnerabilities). Android phones, though, can still sideload VPN apps from third-party app stores, since users aren't required to get apps from the Play Store. Google doesn't even operate its Play Store in China. For now, it's also easier to download desktop VPNs than mobile ones.

Other anonymizing tools besides VPNs remain a viable option as well, like the Tor Browser . That may carry more risk in Russia, though, given the recent arrest of someone who ran an Tor exit nodea gateway between the service and the internetthe country recently [lost a Tor exit node] for participating in protests. Using Tor Browser in China, meanwhile, requires extensive technical skill, to get around the Great Firewall.

It's also possible to install VPNs on devices while in other countries, and then use them in Russia or China. And end-to-end encrypted messaging services like Signal are a totally separate way of communicating and potentially receiving uncensored information without dealing with VPNs at all.

Experts report that both China and Russia may enact anti-VPN enforcement through checkpoints and arrests to intimidate citizens. "We are still used in Russia, we still count downloads, our Russian community is actually still growing," CyberGhost's Knapp says. "But instead of simply blocking VPN traffic, the Russian government is pulling another string now. They forbid it and they are going to enforce itmaybe brutally enforce it."

There could be unforeseen side effects as well. At the same time that eliminating these tools helps governments expand surveillance and control access to information, banning them also has the potential to degrade countries' overall security posture. Institutions that don't have access to VPNs could be at increased risk of being infiltrated or breached by foreign attackers. And if repressive governments set their sights on encryption next, they could undermine the integrity of basic economic drivers like secure digital transactions.

The dangers of banning VPNs are clear and pressing from a human rights standpoint. But countries that pursue it regardless may find they lose more than they intended.

Read more from the original source:

The Attack on Global Privacy Leaves Few Places To Turn - WIRED

Last updated: 01 August 2017

Whether you're just worried about Facebook settings or you want to hide all your online movements, you need a privacy audit.

In an age of mandatory data retentionit's crucial to understand your privacy settings. What are you really sharing and with whom? And how do you hide what you want to hide online? Review the online services you use and work out how much of your personal information is getting out into the online world.

In this article:

So just how worried are you about online privacy? You need some level of concern because not everyone can be trusted online. Young people may not appreciate that what goes online stays online, and older people may have concerns about exposing themselves on the web.

To help guide you, we've created an easy ready reckoner for finding your paranoia level and then understanding what you could be sharing and how to protect yourself whether you're the next Snowden or just a little wary.

The thing to understand with any platform or service is that if it's free, your personal data is the currency. That goes for Facebook, Gmail and other free email services, Google and all its tentacles that follow you from a search all around the web, free public Wi-Fi, the list could go on.

The first place to start is Facebook, but the platform itself will always have dibs on your personal details. It's just the price of doing business with the social media giant. The only way around it is to avoid using it altogether or severely limit how much personal information you put into your profile, such as your school, workplace and country of residence.

If you can't kick the habit altogether, it might be worth reviewing your privacy settings. Log in and go to Settings > Privacy. Here you can restrict who sees your posts, who can contact you for a friend request and who can look up your profile. If you're worried about securing your login, under Security and Login choose two-factor authentication such as password and code, alerts for unrecognised logins and encrypted email notifications.

If you're prone to turning to 140 characters to express yourself, you might want to check your Twitter, particularly given the social media platform's changes to privacy settings. What a surprise, it's taking more of your information in the name of 'personalised' content (read: advertising and marketing using your social life as raw material) and data collection is automatically opted-in on your behalf.

Log in to Twitter, then go to Settings and privacy, then Privacy and safety. Here you can review how much of your personal details are revealed, such as your location, and set up tweet protection so you can approve who sees your tweets. To see how Twitter personalises content and collects and shares your data, go to Personalization and Data. This will tell you what personal information will be used to show you ads and even tap into the apps you have on your mobile device for targeting content.

Paranoia rating: X

If you're conducting a lot of your life online, a password manager will help securely store your passwords and potentially prevent accounts with simple passwords from being hacked. Simple passwords such as your child's name are easy to create and easy to remember, but they can leave you vulnerable to hacking. Our password manager reviews can help you find a program that will create unique, complex passwords that are securely stored so you don't have to remember or worse, write down all these passwords.

If you use Google to search the web a lot and you have one or more Google accounts such as Gmail, you're potentially gifting the search giant a lot of your private details. One way to see how much you've exposed is to review your footprint in Google MyActivity. Click on the Activity Controls tab to review your activity and see how your personal information is handled.

Paranoia rating: XX

If you think that governments around the world are giving themselves a little too much licence to access your personal movements online, it could be time to use a VPN. Virtual private networks (VPNs) help shield your web browsing, identity and location, creating a secure 'digital tunnel' between you and your online destinations. A VPN can also protect you from online identity theft while using a public Wi-Fi connection and is essential if you're doing any kind of shopping, financial or other sensitive transaction on public internet.

Not sure where to start? Our VPN reviewswill show you which services we recommend when it comes to protecting your privacy online.

A messaging app with good security is another way to protect private conversations via the net. Depending on the level of privacy you're looking for, you may want to go with a dedicated security-focused app such as Wickr, Confide or Tunnel, or perhaps one of the more popular apps such as WhatsApp, Facebook Messenger and iOS Messages.

Paranoia rating: XXX

You might be plotting espionage, or you might just want to prevent government and business, as much as possible, from prying into your life online. If you fit this description, then there are a few things you won't want to go online without.

Your privacy toolkit won't be complete without email encryption. Emails aren't usually encrypted, which means that messages and attachments in your inbox and in transit can potentially be read. Luckily there are free email encryption programs that you can use without too much trouble that will protect your messages from prying eyes. Mailvelope works with Chrome and Firefox as a plugin and can work with Gmail, Yahoo Mail and Outlook.com.

Next up in your privacy toolkit will be Tor and the Tor browser. Tor, which is short for The Onion Router, is a network of secure computers provided by individuals to help others stay secure online. It's often used by dissidents, journalists, whistleblowers and activists in countries with hostile governments to hide their activity and communications online. Tor hides the 'header' or metadata that can reveal details such as the source, destination, size and timing of web traffic. There are mobile versions for Android, Orbot, and Onion Browser for iOS. If you need to send large files securely, the Onionshare uses the Tor network for anonymity.

If you would rather leave no trace of your web activity on the computer you're using, you can go one step further with Tails. It's a secure operating system that can run from a USB drive, storage cards or DVD that encrypts all of your files, emails and instant messaging traffic using the Tor network and can just plug in and then be removed after use.

Paranoia rating: XXXX

If after all of these measures you still think your privacy isn't fully protected, you might want to consult a higher source by reading The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data, by Kevin D. Mitnick. He was once a hacker, but has been a long-time security consultant and public speaker on issues of security.

Go here to see the original:

Online privacy protection - Choice - CHOICE

Short Bytes: Talking at the DEF CON convention in Las Vegas, the Tor Project co-founder Roger Dingledine said that the dark web doesnt exist and its just a few web pages. He added that media has wrongly labeled it as a heaven for illegal activities. Also, only 3% of Tor users connect to a hidden .onion website.

At the DEF CON convention in Las Vegas, on Friday, Roger Dingledine, one of the three Tor Project founders, said that there are tons of misconceptions about the same. According to The Register,Dingledine bashed the journalists for giving a bad name to the Tor network by calling it a heaven for pedophiles and terrorists.

There is basically no dark web. It doesnt exist. Its only a very few webpages, he told.

If youre interested in numbers, only 3% of Tor users connect to a hidden .onion website, said Dingledine. This means that majority of users are using it for simply analyzing their activities on the indexed web. They are, most probably, using it for stopping the website owners from tracking them.

According to his data, surprisingly, Facebook is the most popular website visited by Tor users. Today, more than a million people visit Facebook using Tor browser, thanks to the networks hidden service launched in 2014.

Dingledine also made attempts to calm down those who feared that different intelligence agencies have already cracked Tor and compromised the integrity. Intelligence agencies didnt need to set up their own stepping-stone nodes he said, since they could if they wanted to just monitor those who did run them, as reported by The Register.

Did you find this story interesting? Dont forget to share your suggestions, views, and tips!

See original here:

There Is Basically No Dark Web. It's Only A Few Webpages TOR Co-founder - Fossbytes

Congress recently voted to overturn a wide-ranging set of internet privacy laws passed by the Federal Communications Commission in October of last year. And since President Trump has signed the bill into law earlier this year, browsing the internet as we know it even from the comfort of our own homes has become a major liability for those who care about the value of their personal information.

In essence, as of Monday April 3, 2017, our internet service providers (ISPs) now have a free pass to decide what theyll do with our most sensitive data, such as online browsing habits, app usage, location information, vital data like addresses, phone numbers, and even Social Security numbers. Additionally, the law dictates that ISPs are now free to sell their customers information without their consent, either to marketers and marketing agencies, financial firms, or other companies at their discretion.

To be frank, browsing the web has never been more unsafe at any time in history than it is now. But luckily, for those smart enough to protect themselves and their families, theres a silver lining to all of this insanity: Tor Browser.

Unlike popular web browsers such as Safari, Firefox, Chrome, etc., using Tor browser allows you to completely protect your online activity, data, and vital information by bouncing communications around a distributed network of relays run by volunteers all around the world. What that means, in other words, is that Tor browser protects your online identity by preventing people (i.e., your snoopy ISP) from watching your internet connection, logging what websites you visit, registering your location data, and more. Tor even lets you visit websites that have been blocked, according to its developers.

Best of all, you can now download Tor browser for free on your Mac or Windows PC; follow the steps below to download Tor on your Mac.

Read more:

How to Install Tor Browser for Mac and Protect Your Online Activity - iDrop News

SAFACT has reportedly issued ISPs with a request to block numerous piracy sites, sparking fears that certain domains will be blocked in South Africa.

The sites are thought to be torrent indexers, which are popular among online pirates for downloading media and software.

Internet censorship is common in various countries across the world, and usually consists of ISPs blocking access to specific domains or certain types of traffic.

The Great Firewall of China prevents Chinese citizens from accessing the unrestricted Internet, even disrupting many VPN services.

The UK also has a form of Internet censorship, with many major ISPs blocking websites linked to gambling, pornography, and piracy.

It is relatively easy to circumvent an ISP blocking access to certain domains, however, as detailed below.

There are many ways ISPs can block Internet traffic, with one of the most simple methods the blocking of domains at the DNS level.

This is simple to circumvent and requires users to change their clients preferred DNS server.

If you are using a Windows PC, you can do this by following the steps below.

This bypasses the ISPs filtered DNS and uses a service called Google Public DNS.

Another option is to use a proxy website or browser extension to route web traffic through a different domain, circumventing your ISPs domain name blocking.

Proxy websites redirect traffic through their own domain, allowing users to access any site as long as the proxy website is not blocked by the ISP.

If the above is not sufficient and you require greater anonymity online, the Tor network may be the next step.

Tor is a network of distributed relays around the world through which your traffic is routed.

This prevents your connection and online activity from being easily tracked, as it is routed through relays which anonymise web traffic.

It should be noted that operators of exit nodes on the Tor network could eavesdrop on unencrypted communications over the network, though.

Users can download the Tor Browser from the the Tor Project page.

While the Tor network is great for anonymity and general Internet activity, it increases latency and your maximum download speed may degrade if the relays are on slow connections.

It is therefore not suitable for file sharing, and by default, your non-web traffic will not be routed through Tor.

The Tor browser functions like a normal web browser and can be used to access any website on the Internet, including .onion websites on the dark web.

If your ISP is still able to block traffic to certain sites using methods like packet filtering you may have to invest in a VPN service.

A VPN (Virtual Private Network) allows you to browse and access the Internet without your ISP examining your traffic.

An encrypted connection between your computer and the VPN prevents your ISP from accessing data traffic which your VPN sends on your behalf.

While certain services have a free trial offer, VPNs usually require a subscription fee. This gives youmore control over your online security.

The latest Opera browser features a built-in VPN, which can be turned on and off. VPN extensions for Chrome and Firefox are also an option for users.

See the original post:

How to get around an ISP blocking a website - MyBroadband

MDMA, aka ecstasy, aka molly, is popular on dark web drug marketplaces.

Noel Celis/AFP/Getty Images

Last Thursday, the Justice Department announced that it had worked with European authorities to shutter two of the largest destinations on the dark web to buy and sell illegal drugs, AlphaBay and Hansa.

The shutdown followed reports from earlier in the month that AlphaBay, the larger of the two, had mysteriously stopped working, causing users to flock to Hansa. But it turns out that Hansa had been taken over by the Dutch national police, who were collecting information on people using the site to traffic drugs.

European and American law enforcement collaborated to quietly arrest AlphaBays alleged founder Alexandre Cazes in Thailand on July 5. The 25-year-old Cazes later committed suicide in a Thai jail, according to the New York Times.

These dark web drug marketplaces are accessed using a service called Tor, which allows users to browse the internet anonymously. With Tor, you can circumvent law enforcement surveillance as well as internet censorship filters, which are often installed by governments or companies to restrict where people go online. Tor also allows for the creation of anonymously hosted websites or servers that can only be accessed via the Tor Browser. AlphaBay and Hansa were both hosted anonymously on Tor.

Though AlphaBay, Hansa, and, most famously, Silk Road depended on Tor to run their illegal operations, the Tor Project, the nonprofit that maintains the anonymous browser and hosting service, says that only 2 percent of Tor traffic has to do with anonymously hosted websites. The vast majority of Tor traffic is used for browsing the web anonymously. More than 1.5 million people use Tor every day, according to a spokesperson.

The U.S. government has a rather complicated relationship with Tor. On the one hand, documents revealed by Edward Snowden revealed how the National Security Agency had been trying to break Tor for years, searching for security vulnerabilities in browsers that would allow law enforcement to crack the online anonymity service. The Department of Defense has also invested in trying to crack Tor. During the 2016 trial of one of the administrators of Silk Road 2.0, another shuttered dark web drug-trafficking site, it was revealed that DoD hired researchers from Carnegie Mellon University to try to break Tors encryption in 2014.

Yet Tor also wouldnt exist without the U.S. governmentit was originally built as a project out of the U.S. Naval Research Laboratory. The State Department continues to fund Tor (at least someone has told Rex Tillerson about it, presumably) because internet users around the world rely on the anonymity tool to access information and communicate safely online, particularly in countries where the internet is heavily monitored or censored by the government, like in China with its national firewall, or in Thailand, where its illegal to criticize the royal family online.

Cazes, the AlphaBay ring leader, was caught thanks to investigative work, not a break in Tors encryption. Cazes had sent password recovery emails to his email address, which investigators used to find his LinkedIn profile and other identifiers. (And no, the FBI did not dig up an email from Cazes asking to join his professional network on LinkedIn. According to The Verge, Cazes used the same address on a French technology troubleshooting website, which listed his full name, leading investigators to find a LinkedIn profile where he boasted cryptography and web hosting skills, as well as involvement in a drug front.)

And thats good news for the vast majority of Tor users who arent interested in scoring molly. In 2015, a report from the U.N. declared that anonymity tools provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age."

Anonymity tools, like so many technologies, have both good and bad applications. And in the same way cellphones arent evil just because some people use them to make drug deals, its important to not malign anonymity tools just because some people use them to sell drugs, too. If the U.S. government is ever successful in finding a way to disable Tors encryption to find criminals, it could put hundreds of thousands of people who depend on Tor at risk, too.

View original post here:

Don't blame online anonymity for dark web drug deals. - Slate Magazine (blog)

Dive Brief:

The nonprofit Tor Project announced it plans to launch its first public bug bounty project, working with HackerOne, according to VentureBeat. The Tor browser is the controversial program that allows people to troll the internet without being tracked.

The Tor Project wants to find vulnerabilities that could compromise the anti-surveillance network.

Tor launched a private bug bounty program last year. The new program is public, which means anyone can participate. Tor Project said a legitimate bug report could land a researcher up to $4,000.

Bug bounties are growing in popularity among companies looking to keep on top of vulnerabilities. For one thing, such programs are often much cheaper than the cost of recovering from an attack. The average cost of recovery from a single security incident is estimated to be $86,500 for small and medium businesses and $861,000 for enterprises,according to a recent report from Kaspersky Lab.

The number of enterprise bug bounty programs grew more than 300% over the last year, according to the 2017 State of Bug Bounty Reportreleased by BugCrowd earlier this month.

HackerOne is well known for helping big-name companies improve their security posture, and its efforts appear to be paying off. In April, HackerOne announcedit received $40 million in series C funding led by Dragoneer Investment Group and the company said its hacker community tripled to nearly 100,000 last year.

Large companies like Google, General Electric, Microsoft, United Airlines, Western Union, Tesla Motors and Fiat Chryslerhave all participated in bug bounty programs over the last few years.

See the original post here:

Tor Project to launch public bug bounty project | CIO Dive - CIO Dive

HackerOne

The Tor Project has joined with HackerOne to launch a public bug bounty program aimed at finding vulnerabilities which could compromise the anti-surveillance network.

The Tor network is a system of nodes and relays used to mask online activity, as well as access areas of the Internet not indexed by so-called "clear web" search engines.

While sometimes associated with Dark web illegal trading and nefarious goods, Tor is also a key tool for activists, privacy enthusiasts, and journalists looking to keep their online activities private.

Cybercriminals and governments alike are constantly poking the system to find vulnerabilities to exploit for surveillance purposes.

This year, the FBI used a "non-public' vulnerability to unmask individuals connected to child pornography, but as the agency refused to reveal how this was achieved, the case was dropped.

Tor is not 100 percent safe from compromise; no system is. However, to close the net on any bugs which may be used in similar ways in the future -- no matter the cause -- Tor is asking researchers to scour the network for any weak links.

"Millions of people around the world depend on Tor to browse the internet privately and securely every day, so our security is critical," The Tor team says. "Bugs in our code pose one of the biggest threats to our users' safety; they allow skilled attackers to bypass Tor's protections and compromise the safety of Tor users."

On Thursday, Tor launched a public bug bounty program under the moniker #HackTor. Hosted on the HackerOne platform, the scheme is specifically targeting security flaws in the Tor network daemon and Tor browser used to access the network.

In particular, Tor would like to see reports of any remote code execution flaws, local privilege escalation, unauthorized access of user data, or attacks that cause the leakage of crypto material of relays or clients.

Depending on the severity of the issue, researchers can expect to earn up to $4,000 per report.

The public bug bounty follows in the steps of a private program launched in January 2016 which resulted in three denial-of-service flaws and four edge-case memory corruption bugs being discovered, fixed, and rewarded.

See also: The 10 step guide to using Tor to protect your privacy

Tor Browser chief Georg Koppen told HackerOne that the decision to go public was made once the private system allowed the Tor team to better organize their workflow.

"We want to expand relationships with the research community and make our software more secure in the process," Koppen says. "Reported bugs will help us to address issues before they can potentially become a threat to our network of users."

"I can easily see expanding the program's scope beyond Tor and Tor Browser to cover other parts of our software ecosystem or even infrastructure as well," he added.

Go here to see the original:

Tor network will pay you to hack it through new bug bounty program ... - ZDNet

If you think search engines like Google and Bing let you probe the entire web, youre totally wrong. Youre barely scratching the surface of the webliterally. Below the webs outer crustthe one youre accessing right now to read this articleflows other layers of the internet that you cant find through search. But with a little bit of know-how, anyone can dive into the webs deep end to find some hidden treasures (and perhaps a bit more than that). Heres a quick guide to the deep web, the dark web, and what youll find when you get there.

There are basically three parts to the world wide web: surface web, deep web, and dark web.

The surface web is everything thats publicly available and accessible through search or typing a URL into your browser. The deep web, also known as the invisible web, is all the content on the web that is not indexed by standard search engines, such as email clients, online banking websites, or pages that are inaccessible to crawlers, the software that indexes the web for search engines. Some of those pages can still be accessed if you have the URL while others require you to have login credentials. According to expert estimates, the deep web is 500 times larger than the surface web.

The dark web, however, is a totally different beasta tiny fraction of the web that is only accessible through specialized software such as the Tor browser. However, the term dark web is also often used to refer to the darknet, the overlay networks that are used to anonymize communications and obfuscate both the origin and destination of internet traffic. READ MORE:

The main characteristic of the dark web is its anonymity, which makes it appealing to a number of actors. Like all innovative tools, the dark web is an instrument to shady and illegal activities, such as child pornography and the sale of drugs, firearms, and stolen credit card numbers.

One of the most famous cases that involves the dark web is that of Silk Road, the first modern online black market that was created on the dark web. The website was shut down in 2013 and its founder is serving a life sentence in prison. Naturally, many other similar websites have sprouted in recent years. Earlier this month, AlphaBay, another dark web marketplace that made $600,000 and $800,000 a day, was shut down by law enforcement.

However, the dark web is also being used for many other activities that are mostly legitimate (though not necessarily legal, depending on your perspective). Edward Snowden, the famous whistleblower who exposed the U.S. governments mass surveillance program, used the dark web to send information to reporters and media outlets.

Journalists and activists also use the dark web to avoid being traced by autocratic governments or other actors that might want to harm them.

In countries where the government restricts access to specific websites and social media networks such as Facebook, Twitter, and YouTube, dark web tools can help circumvent censorship.

The most famous tool to get on the dark web is the Tor browser. With Tor, you can access websites whose address ends with the .onion extension. These are websites that are exclusively available on the dark web and cant be accessed through normal browsers.

Tor enables you to access all the other surface and deep websites with the added benefit that it anonymizes your browser traffic by encrypting it and deflecting it across several computerscalled Tor nodesbefore sending it to its destination.

However, there are several things you should know about Tor:

With those considerations in mind, have fun surfing the dark web, and stay out of trouble.

Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.

See original here:

How to access the dark web - The Daily Dot

(Charles Krupa / AP Photo)

The Dark Web conjures images of gothic fonts and black backgrounds, like a metal fans MySpace page circa 2001. But this section of the internet looks surprisingly normal. Accessible only through the TOR browser, there are Google-style search engines and Amazon-style marketplaces. Except what theyre selling are mostly illegal thingsstolen passports, hacked account numbers, and drugs. A lot of drugs.

This week, we stress out WNYCS IT department and venture onto the Dark Web. Where you can get heroin, fentanyl, or oxycontin shipped right to your door via USPS. And we talk to Nick Bilton, author of American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road, about how Libertarian philosophy and tech-bro hubris combined to spark an online drug revolutionand an opioid crisis.

Andthe Dark Web community is starting to recognize the role they're playing. Since we recorded this episode, Hansa Market - the verysite we visit in the show - has banned the sale of fentanyl, according to the New York Times.

The rest is here:

Your Mailman Is a Drug Dealer. He Just Doesn't Know It. - WNYC

Until earlier this month, AlphaBay served as a one-stop shop for illicit consumer needs online. Essentially an Internet-based black marketplace stationed on the dark Web and accessible only through an untraceable Tor browser, the platform hosted sales using bitcoin for everything from illegal drugs to stolen credit card data. With up to 300,000 listings, the site was conservatively hosting $600,000 to $800,000 a day in transactions, Wired reported, and was said to host more products than Silk Road, the illicit marketplace closed by U.S. authorities in 2014.

But on July 5, all that back alley commerce stopped when AlphaBay suddenly went dark. The shutdown was reportedly due to an effort by law enforcement across the world to bust the administrators running the website. And now the Bangkok Post and Sydney Morning Herald report that a Canadian national allegedly linked to AlphaBay has died in custody after he was arrested on the same day AlphaBay disappeared.

Canadian-born Alexandre Cazes, 26, was arrested by Thai authorities on July 5 at the request of U.S. authorities, according to the Morning Herald. Known online as DeSnake, Cazes was found last week dead in his cell at the Thai Narcotics Suppression Bureau (NSB) in Laksi district of Bangkok.

The Bangkok Post reportedCazes was discoveredin the bathroom of his cell hanging from a towel. The NSBs Major General Soontorn Chalermkiat told the paper there are no clues that suggest he didnt hang himself. Cazes was reportedly set to meet with an attorney about his extradition to the United States on drug trafficking charges an hour before his reported suicide. Another Thai official, Maj. Gen. Chayapote Hasoonha, told the Bangkok Post Cazes had been living in Thailand for about eight years and had a Thai wife.The official added Cazess spousehas been charged with money laundering.

He was a computer expert involved with international transactions of bitcoins, Chalermkiat told Agence France-Presse.He didnt have any business in Thailand but he had many houses. The Bangkok paper said he also had four Lamborghini sports cars in Thailand.

Cazes father, Martin, told Journal de Montrealhis son was an extraordinary young man, with no history, no judicial record. He never smoked a cigarette, never used drugs.

Neither the Canadian nor U.S. embassies in Thailand responded to The Washington Posts request for further detail on Cazess arrest, extradition and reported death.

The AlphaBay shutteringcomes after an uptick in law enforcement action aimed at the marketplaces users an indication that U.S. policehave figured out how to skillfully mingle within the dark Web bazaar and target users.

AlphaBay is dedicated and designed to facilitate the sale of illegal narcotics, drug paraphernalia, firearms, and counterfeit and fraud-related goods and services, a U.S. Drug Enforcement Administration agent wrote in an August 2016 affidavit related to federal charges against a 50-year-old Detroit man named Robert Kenneth Decker. Illegal drugs, such as methamphetamines, heroin, and cocaine, are openly advertised and sold and are immediately and prominently visible on the Alphabay website.

Operating under the handle DIGITALPOSSI2014, Decker was tied to10,738 transactions on AlphaBay, including deals in whichhe sold and mailed hydrocodone to undercover law enforcement in exchange for bitcoins. After his arrest in late 2016, he pleaded guilty to one count of conspiracy to distribute controlled substances and one of conspiracy to commit money laundering. Decker was sentenced to 140 months in prison.

With the website now dark, illicit e-commerce is struggling to find a new home. Like Silk Road, AlphaBay left a gaping hole in the marketplace when it disappeared.

Its been really chaotic, Nicolas Christin, a Carnegie Mellon professor of computer science and public policy, recently told Wired. When you have asite like AlphaBay going down, it puts a lot of stress on the other players. Its stress-testing their infrastructures.

More from Morning Mix:

FBI agents spent decades searching for a mobster wanted in a cop killing. Then they found his secret room.

View original post here:

Suspected AlphaBay founder dies in Bangkok jail after shutdown of online black market - Washington Post

The Slovak Spectator spent several days on the Darknet.

It is used by the mafia, journalists and activists. Tens of thousands of people do trade there without knowing the identity of their partners while using a currency that does not officially exist. Thus unwritten rules had to be created to ensure the entire system does not collapse.

A darknet or the Dark Web is becoming a widely used because it allows users to hide their tracks on the Internet, according to Tom Zako, the CEO of the Citadelo firm.

This tool is important in countries with strong censorship, Zako told The Slovak Spectator. The original purpose was not to aid criminals.

However, it is obvious that criminals, including Slovaks, have discovered it. Police recently arrested two Slovak citizens for the illegal sale of drugs via the darknet. At the same time they seized the electronic hard-to-track cryptocurrency Bitcoin (BTC) being used as a means of payment on the darknet. This currency hit a historic high on June 11, reaching $3018 per Bitcoin and fell to around $2200 in mid July.

The Slovak Spectator spent several days on the Darknet. It bought bitcoins, visited drugstores, weapons shops and sites with illegal pornography.

A darknet is formed by individual pages which can only be opened if a person knows their exact address and knows which program to use. Guessing a page name is not possible as they look like this: anonywebix6vi6gz.onion.

To open such sites users need the Tor browser originally developed by the US Army for the secure communication of its employees.

Entering a darknet is not difficult. The process can easily be found on the Internet. The user just needs to download Tor for free, find the list of websites working only through this program, and start exploring the dark corners of the Internet.

Soon a person finds that many of the published darknet websites, probably up to 80 percent, do not really work.

It is mostly because they are operated by individuals who have cancelled them for various reasons. Another possibility is that one company is running a number of sites, and when it ends, all of its sites end as well, according Polish internet security expert Marcin Koziej.

Websites accessible through Tor come and go, Koziej told The Slovak Spectator. They are mostly maintained by individuals, and can easily be discontinued.

This is also the case of websites belonging to Slovak drug dealers. Today there was only the announcement that they were locked by the police due to a decision of the Bratislava District Court.

Among those pages whose links are commonly available on the Internet, The Slovak Spectator has found, for example, a child pornography page aimed at the spanking of small children. The operator offers five albums for download, the possibility of commenting on them and discussion of the topic in a forum.

There is a freely available page of a false passport vendor promising that the customer will not only receive ID, but will also be registered in official databases and will be able to travel freely with the document.

On another page, people were offering 92-percent uncut cocaine from Peru for $75 a gram.

On the contrary, sites with crowfunding for an assassin or ordering a hacker attack did not work.

The websites do not always offer illegal activities though. For example, there are forums where people anonymously discuss ongoing protests in their countries.

There are actually many more sites running but people have to learn about them in locked forums or personally from other users.

When surfing a darknet, community and personal references are important, according to Koziej.

The community is also a source of trust in some hidden sites, Koziej says. A trust network is reason to believe a particular site is legit, and not police bait.

In general, dealers ask for bitcoins in exchange for goods. For example, a Walther PPK gun was available for BTC0.434, which is around 852.

The currency is produced by complex mathematical operations under the rule that only 21 million bitcoins can ever be created, preventing its inflation. The process is gradually slowing, which should resemble gold, a precious metal that has become increasingly rare following the start of its mining.

People can access their bitcoin via a unique key granted after creating a virtual wallet.

The Slovak Spectator has downloaded the mobile application that provided the key for BTC. Using this app, the editors bought BTC worth 10 at a special ATM in the centre of Bratislava in mid May.

The entire operation passed quickly and ended without a receipt. The machine only produced a confirmation QR code, which appeared on the display and the amount of 0.005 bitcoin appeared in the mobile wallet. If the transferred euros had immediately disappeared, the police or any bank would not have done anything about it.

All BTC transactions are visible, but the trading parties are anonymous. The trader does not know who is buying the goods, and the customer does not know who is selling it to him. So users therefore have to solve the issue of who has first turn: the one sending the goods or the one sending the money.

For example, a system of intermediaries has been created. The customer first sends the money to a third party they both trust. After the salesperson learns that money has been transferred he or she sends the goods. After the customer receives what they paid for the seller gets their money from that third party.

In order to gain trust, salespeople in a darknet are much more customer-focused than their counterparts in ordinary life, British journalist Jamie Bartlett says in one of his lectures. He spent several months on a darknet, made contacts with the users, and bought marijuana in order to report on how the whole system works.

Now, this kind of consumer-centric attitude is the reason why, when I reviewed 120,000 pieces of feedback that had been left on one of these sites over a three-month period, 95 percent of them were five out of five, said Bartlett. The customer, you see, is king.

The Slovak Spectator did not buy any illegal goods and neither did it use its bitcoins.

Though it could be surprising that the vast majority of goods, even illegal ones, arrive via standard postal service, according to Zako.

People in the European Union only focus on a sender operating in the Schengen area so that the package doesnt go through scanners, Zako said.

18. Jul 2017 at 17:14 |Roman Cuprik

Thank you for singing up. Shortly an email will be sent to the address you provided to verify your e-mail.

Error! Please try to register again later, your e-mail was not registered.

Your email is not in a correct format.

View post:

Assassins and child porn; a darknet offers everything - The Slovak Spectator

Dark Web or Deep Web is the term that you might have heard a lot of times in the recent past. The news publishers have always told you the scary stories about the Dark Web and how it is accessed to carry out the illegal activities. While all that may be true, the news outlets generally interchange the words Dark Web and Deep Web. There is a difference between the two and we need to first understand what makes one different from other to better understand what Dark Web is.

To understand the basic idea, the Deep Web is a much wider concept and the Dark Web is a small part of it. The Deep Web is the portion of the internet that hasnt been listed on the conventional search engines. Deep Web is a significant portion of the internet and many might not believe but we use the Deep Web in our daily lives.

Most of the password protected pages of the websites that you use daily arent listed on any of the search engines, hence are a part of the Deep Web. Your bank page, the editing page of your profile, and even the dashboard of this blog isnt listed on the search engines and is a part of the Deep Web. When you read in the news that 90% of the internet is Dark Web, they really want to say is Deep Web instead of Dark Web. That percentage is, however, more or less accurate.

If you are wondering what is the Dark Web, it is a much smaller part of the Deep Web that can only be accessed with specialized software and authorization, as we mentioned earlier. The Dark Web uses the same internet but exists on darknets and other overlay networks. Since that part of the internet isnt available for all just like any other websites, the Dark Web is host to a lot of illegal activities.

The Dark Web uses a strong encryption and the user needs a software with the same encryption technology to access the content. If both the parties, the content providers and the users, are cautious enough, their identity and location will remain hidden. This is the reason why criminals find the Dark Web a perfect place for carrying out their activities. And if the users identity is revealed, it could lead them to some serious consequences.

By activities, we mean terrorism, hitman services, smuggling, money laundering, child trafficking, drug dealing, forged documents, hacking and phishing attacks, the sale of firearms and ammunitions, illegal pornography, and human organ trade. By now you might have realized what extreme consequences can happen to the users whose identity got leaked.

By now, you probably understood what is the Dark Web. Keep reading if you want to know further about the topic including how to access the Dark Web and whether all the content listed on the Dark Web is bad.

After all this, you might think that accessing the Dark Web would be some kind of rocket science. But it is just the opposite; accessing the Dark Web is as easy as downloading a web browser and entering the website URL you want to visit, at least for the most part. You are indeed required to download a browser for the Dark Web called Tor.

A major portion of the Dark Web is hosted on Tor network and it can only be decrypted and accessed using the Tor browser. The Tor Browser Bundle needs to be downloaded, which contains all the necessary tools, including the Vidalia Control Panel that will automatically configure the browser to exact network setup required to access the Dark Web. The files downloaded can be extracted and installed like you would do with any other software.

Once everything is done, the browser window will open and it will be your gateway to anonymity. Being a part of Deep Web, there is no search engine here, so you need to know the URLs of the websites that you want to access from the Dark Web. The URLs for these websites have .onion top level domain and the URLs are intentionally made lengthy, making them even more difficult to remember.

Grams is a search engine based on Tor but it has a fairly limited approach. However, it can help you with your first ride into the Dark Web, you just need to double check what you are about to click for being safe. Talking about safety, it is always recommended to use a strong VPN service at least while accessing the Dark Web, and maybe cover your webcam with a white tape, in case someone is tracking your activities.

In fact, many users have reported to receive blank calls or being followed physically right after accessing something the Dark Web that they shouldnt have. Forums are filled with such scary stories that will make you think twice before accessing the Dark Web. It is always advisable to stay safe and use all the means available to maintain your anonymity from the surface web as well as the criminals and hackers on the Dark Web.

Now that you know how to access the Dark Web, it is not necessary that you have to access it. Since all the good and informative websites are already available publicly, it is advisable that you should avoid accessing the Dark Web.

Not necessarily. But the most part is. There is a certain section of the society that needs anonymity, like activists, reporters, and whistle-blowers. The best example of this is WikiLeaks, which was started on the Dark Web, and is used by many of the whistle-blowers all around the world to reveal the corrupt side of the governments. Mere accessing the Dark Web isnt illegal but what matters is which websites you visit or what content you access once inside.

This piece is, of course, intended to serve as a guide to what is believed to be unknown by many. We certainly dont endorse or encourage you to access the Dark Web and indulge in any illegal activity. For an individual, there is nothing that the Dark Web can do; a VPN service, along with common sense, should be more than enough to maintain your privacy and other threats on the internet.

See original here:

What is the 'Dark Web' and How to Access this Scary Part of Internet? - MobiPicker

Apple users are being warned about a newly discovered form of Mac malware which is spread via a phishing attack and steals banking credentials.

The malware, dubbed OSX/Dox, was discovered by researchers from Check Point Security and mirrors the websites of some of the worlds leading banks to steal attempt to steal money from users.

The malware is being spread via a combination of phishing and so called Man in the Middle attacks.

Security experts say the Mac malware is extremely difficult to detect as it is able to bypass Apples stringent security measures and spy on all communications from the victim.

Check Point said they have seen a recent surge in the malware being used by hackers who are currently playing a game of cat and mouse with Apple.

Check Point say the hackers are purchasing dozens of Apple certificates to sign on the application bundle and bypass GateKeeper. As soon as Apple revokes one of the certificates the hackers switch to another, with new certificates being used on a daily basis.

They are aiming at the victims banking credentials by mimicking major bank sites. The fake sites prompt the victim to install an application on their mobile devices, which could potentially lead to further infection and data leakage from the mobile platform as well, Check Point said in a blog post.

Once the malware has been installed on a device it downloads the Tor browser and starts to communicate with servers controlled by the hackers. It then records the location of the infected device and customises the fake banking page depending on the location of the victim, making the attack even more convincing.

Image: Check Point. The very convincing but fake banking page by use by OSX/Dox

The malware then asks victims to login into the fake banking page with their banking credentials and also asks for their mobile number to setup SMS authentication.

Victims are then tricked into downloading a malicious app and the Stack encrypted messaging app.

It is not known why victims are made to download Stack but Check Point researchers speculate that it could be used by the hackers to commit more fraud at later date.

Whatever the goal may be, Signal will possibly make it harder for law enforcement to trace the attacker.

Alternatively, the perpetrator might be using Signal temporarily, to acquire install rate statistics and prove the method is working, while planning to install a malicious mobile application with future victims at a later time.

Unfortunately, the OSX/Dok malware is still on the loose and its owners continue to invest more and more in its obfuscation by using legitimate Apple certificates, Check Point researchers wrote.

The fact that the OSX/Dok is ported from Windows may point to a tendency. We believe more Windows malware will be ported to macOS, either due to the lower number of quality security products for macOS compared to the ones for Windows, or the rising popularity of Apple computers.

Jonathan is our Google Nexus and Android enthusiast. He is also fanatical about football which makes it all the more strange that he should support Stockport County. In addition to writing about tech, Jonathan has a passion for fitness and nutrition and has previously written for one the UKs leading watch and horology websites.

Read more here:

Apple users warned of dangerous new Mac malware that steals banking credentials - ThaiVisa News

With so much sensitive information on your Android smartphone, security should always be a priority. Malware, theft, physical access to your phone and eavesdropping are just some of the security troubles that youre up against when youre using your smartphone to connect to the internet.

Below are some of our favorite Android security apps that can help manage and deal with the threats to your phone.

As you take your phone with you everywhere, losing it to theft or your own ignorance is not beyond imagination. There are a number of apps that can help you recover your phone or at least make sure that none of its sensitive data falls into the hands of the wrong people.

One of them is Googles Find My Device, a free app formerly known as Android Device Manager. Once you install and activate Find My Device on your phone, youll be able to remotely perform a number of tasks through the apps website. This includes locating your phone, sounding an alarm, or wiping the data altogether in case you become certain that you can no longer recover your device.

Screengrab via Google Play

An alternative to Find My Device is Cerberus, a paid app that adds extra features such as taking pictures and recording audio and video of the device holder, displaying messages that stay on the screen, and remote shell access to your phone.

Screengrab via Google Play

Most people lend their phone to friends, family, or even strangers who want to make a phone call, oblivious to the fact that by doing so theyre temporarily exposing all their sensitive information.

AppLock is an application thatas the name suggestsenables you to lock down various apps. Once you install and activate it, the selected apps will require a PIN code to open. This can protect you against nosy friends and strangers who want to go through your chat logs and photos, or who might want to change your phone settings.

Screengrab via Google Play

READ MORE:

Cybercriminals are always looking for ways to compromise smartphones and remotely steal information. One of their conventional methods for doing so is to install apps with malicious code on their victims phones and use them to exfiltrate sensitive data. Android phones are especially vulnerable to this scheme because, as opposed to iPhone, its easier to install apps on them that havent been published on Google Play store and havent undergone professional vetting.

GlassWire is the best Android security app for monitoring the data usage of various apps installed on your phone in real time. The app lets you see a live graph of your apps data consumption and will alert you when a specific apps data usage spikes. Its a good tool to detect apps that are conducting unusual and suspicious activities.

Screengrab via GlassWire

If youre a regular user of free Wi-Fi in public locations and malls, you should know that theyre riddled with security threats. If youre not wary, malicious actors can intercept your internet traffic and steal your data or alter it. One of the best methods to protect yourself against theft or manipulation of data is the use of Virtual Private Networks (VPN). A VPN encrypts all your internet traffic, making it undecipherable to eavesdroppers. There are a handful of decent free VPN apps available on Android.

For secure browsing, you can also use Orfox, the mobile version of Tor browser. Like its desktop counterpart, Orfox encrypts your browser traffic and deflects it across several nodes before sending it to its destination, protecting you against both local spies and mass surveillance.

Screengrab via Google Play

There are a number of decent endpoint protection solutions available for Android. The best Android security app for this is arguablyAvast Antivirus and Security, a free app that offers an impressive range of security tools and features. Once installed, Avast will provide antivirus protection, monitor your apps for unusual activity and scan URLs for malware.

Avast also has an app locking feature, though it is limited to two apps when youre on the free plan. You can also block certain apps from using Wi-Fi or network, which can be handy for security.

Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.

Here is the original post:

The best security apps to lock down your Android phone - The Daily Dot

If you follow tech news or my site, you have probably stumbled upon the Firefox uses Google Analytics controversy by now.

Let me refresh your memory if you have not. A user of Firefox discovered that Mozilla Firefox connects to Google Analytics when users of the browser load the Get Add-ons page of about:addons.

That page displays a remote web page on Mozilla's website when loaded, and that's where the Google Analytics connection comes into play.

Mozilla stated in a response that it has brokered a special deal with Google which anonymizes the data, and prevents Google from using it internally or externally.

While that is commendable, it does not touch the core of the issue that privacy-conscious users have with the implementation.

The core issue for users who criticize Mozilla for using Google Analytics is the connection to Google Analytics, or in broader terms to Google, and that Firefox does not inform users about it, or provide the means to block it by default, or that the connection happens at all.

Note: Mozilla reacted quickly to the reported issue, and Firefox users may enable Do Not Track in the browser to disable the Google Analytics script on the Get Add-ons page of the browser.

Firefox users may enable Do Not Track by loading about:preferences#privacy in the browser's address bar, and setting the option to "always". Note End

Mozilla may be right when it states that Google won't touch the data because of the deal. There is no evidence that the company does otherwise, even though it would be difficult to prove that. The whole incident may be blown out of proportions, but that is not what is bothering users who criticize Mozilla for the use of Google Analytics.

Read also: Firefox Add-ons Roadmap for 2017

What Mozilla fails to realize in my opinion is that there is a subset of Firefox users which holds the organization to higher standards than any other browser maker when it comes to privacy (except the Tor Browser guys probably).

This does not come out of the blue, as Mozilla presents itself as an organization that values user privacy and security. The fourth principle of Mozilla confirms this for instance:

Individuals' security and privacy on the Internet are fundamental and must not be treated as optional.

A connection to Google Analytics goes against these privacy principles, at least for Firefox users who take privacy seriously. It does not really matter whether Mozilla brokered a special deal with Google or not, what is collected and what is not, or what happens to the data that gets collected.

The fact that data lands on Google servers, and thus outside of control of Firefox users or Mozilla, is what is bothering users who criticize Mozilla for integrating the script on the page that Firefox loads.

In short: The stance that privacy conscious Firefox users have is that Firefox should never make connections to third-party sources, especially not to Google, Microsoft or any other major player in the advertising world, without user consent.

Summary

Article Name

Mozilla is held to a higher standard

Description

The article discusses why Mozilla is, and should be, held to a higher standard when it comes to user privacy than other browser makers.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

You are here: Home > Firefox > Mozilla is held to a higher standard

You can support us in many ways, for instance by disabling adblockers. Alternatively, you may support us with a PayPal donation.

Please check out our other support options here.

Advertisement

Recent Updates:

Pale Moon 27.4 Remove Intel True Key Firefox 54.0.1 Windows 10 Privacy Software The best Chrome extensions The best Firefox addons Firefox privacy and security preferences Firefox Release Schedule Firefox multi-process information Windows Backup Software overview Anti-Ransomware Software overview The Best Windows Software Firefox Roadmap 2017

Advertisement

Topics

Apple Development Facebook Games Ghacks Hardware Internet Internet Explorer Linux Microsoft Mobile Computing Music And Video Networks Opera Security Tutorials

Advertisement

Latest Downloads:

WinSuperMaximize Fing Network Discovery

The rest is here:

Mozilla is held to a higher standard - Ghacks Technology News

Russia and China are banning the use of virtual private networks, as their governments assert ever greater control over what citizens can see online.

In Russia, the State Duma the lower house of the Federal Assembly of Russia (legislature) unanimously adopted the first reading of new legislation that would ban the use of VPNs as well as online anonymizers like the Tor browser if they don't block access to a government-run list of websites.

That list of websites will include any sites that provide software that can circumvent censorship. And, most insidiously, the law will require search engines to remove references to blocked websites so citizens don't know what it is they are not allowed to see.

The legislation was approved in record time after the director of the FSB intelligence agency, Alexander Bortnikov, gave an hour-long talk to Duma deputies in a closed meeting, in which he said how important it was that the law was passed and passed quickly. Attendees were told not to report that the meeting even took place, apparently.

In a note explaining the law, Duma deputies argue that the law is necessary because the existing censorship apparatus in place is "not effective enough."

A second law that also passed its first reading this month will require mobile phone operators to:

Any companies that fail to comply with the rules can be fined up to one million rubles ($16,500).

Meanwhile, China has started enforcing its rules, approved in January, that do pretty much the same thing.

The Chinese government requires all VPN services to apply for a license, and as part of the license requirements, they are expected to block access to websites and services the Chinese government doesn't approve of.

Now the government has "requested" that the country's three mobile operators block the use of VPN apps on their networks, and have set a hard deadline of February 1 next year. Chinese users in their millions use VPNs as a way of bypassing widespread online censorship that blocks services such as Facebook and Twitter as well as many Western news websites.

The Ministry of Industry and Information Technology said back in January that the VPN and cloud computing market was undergoing "disorderly development," and as such there was an "urgent need for regulation norms."

That followed a largely ineffective effort to kill off VPNs back in 2015. But this time the government seems more determined to enforce censorship.

Earlier this month two VPN services Green VPN and Haibei VPN said they were shutting down their services in mainland China, having received a "notice from regulatory departments."

The government also recently passed new rules that will censor information that does not reflect "core socialist values" in effect banning discussion on topics such as drugs and homosexuality. Previously, Chinese internet users had grown used to a censored version of the internet built largely around protecting the ruling party by limiting political debate.

It's unclear whether the same rules will apply to the political elite, however. The architect of China's Great Firewall himself used one publicly in a presentation last year when he found himself blocked by his own creation.

See more here:

Russia, China vow to kill off VPNs, Tor browser - The Register

SAN FRANCISCOCan something as mundane as modern Web hosting be used to increase consumer privacy? Daniel Kahn Gillmor, a senior staff technologist at the ACLUs Project on Speech, Privacy, and Technology, thinks so. He also believes that the future of consumer privacy depends on technology providers taking bolder steps to protect their users.

At a recent conference held here by the content delivery network company Fastly, Gillmor spent 20 minutes explaining a set of technology proposals that a modern Web host like Fastly can undertake to defend privacywithout burying itself in costly changes.

The adversaries who are doing network monitoring tend to focus on metadata, not on content, he told the crowd of engineers about the essential tracking data created when we write emails, watch cat videos online, or text emojis. The importance of metadata to surveillance was underscored by former National Security Agency Director Michael Hayden in 2014, when he declared, We kill people based on metadata.

Gillmor explained how a content delivery network, or CDN, could combine new Internet traffic analysis countermeasures and Domain Name System obfuscation to help prevent spies from snooping on consumers Internet activities. Gillmors talk was more of a pitch about what a CDN can do than what Fastly is actually doing.

Daniel Kahn Gillmor. Photo courtesy ACLU.

After Gillmors presentation, he and I spoke at length about three of todays biggest challenges to consumer privacy: rising costs, responsibilities of private companies to their users, and struggles to make email more safe and private.

What follows is an edited transcript of our conversation.

Q: There seems to be a growing digital divide over privacy technology. Whats your perspective?

My biggest fear is that were going to accept, as a society, that privacy is a luxury. You see that already, in many situations. Someone who can afford a home has more privacy than someone who cant afford a home. This is not just a digital-divide thing; its a general situation where people buy privacy for themselves. Its unjust.

Some services people buy are intended to help keep you off others radar. (And some of them actually are invasive.) And a lot of people dont even actively consider privacy when making purchasing decisions. So theres not enough of a market, in some sense, for privacy-preserving technologies.

Which ostensibly privacy-preserving technologies are people are buying that might actually be compromising them? Virtual private networks?

If you cant afford a VPN, most of your connections are going out in the clear, which means that your network provider has an opportunity to surveil you and build profiles about you.

But if everyone gets a VPN, all network traffic would get concentrated at a few VPN companies instead of at the various Internet service providers. And you could monitor everybodys traffic just by monitoring the VPNs, instead of all the different on-ramps.

And if you had a big budget and wanted to do a lot of monitoring, you could even set up your own VPN and sell access. Brand and market it, and then maybe Im paying you to harvest my data.

Another consideration: What privacy controls do we have on existing VPN services we might buy? They should be subject to the same constraints that we would like to put on the ISPs, because they are in the position to see all of the different stuff that we do online. Thats a different perspective than a network service that you may or may not decide to use.

Tor is the exception to this rule because its free and designed to reduce tracking, right?

Theres a bunch of mythology around Tor. But if you want to play around with it, its really not that hard. You go to TorProject.org, download the browser, and use it to browse the Web.

Its a little bit slower than what people usually expect from a Web browser. But Tor developers have really thought carefully, not just about how to route network traffic, but also about what browsers do and how they pass traffic. Tor really does provide a significant amount of user privacy.

We have a responsibility as engineers to try to fix the systems people actually use.

In dealing with cookies, for example, it uses double-keyed cookies. The typical browser makes a request, the origin sends back the page, and the page refers to several subresources such as images or video. It sends them with cookies [a small piece of computer data that can track behavior on the Web], which might come from a third party such as an ad server.

So if I visit a site, make a request from a third-party server, then visit another site that uses the same third-party server, that third party can identify me as the same person because of the identical cookies I send.

The Tor browser ensures that the cookies you send different sites dont match. I think it would be better to just not send cookies at all, but the Web has evolved such that there are things like authentication schemes that dont work, if you dont send any cookies to a third party. This is something Tor does through its browser. Its independent from its network traffic obfuscation.

If youre interested in getting the most developed set of privacy preservation tools that have been thought about, researched, and well implemented, Tor is the place to get it. As part of the Tor uplift to integrate features from the Tor browser back into Firefox, Mozilla has added double-keyed cookies into Firefox as an opt-in. This is a good example of how collaboration between noncompany technology providers can add functionality for a wide swath of users.

For instant messaging, people should be using Signal. And if theyre not using Signal, they should use WhatsApp.

What about for email?

Im involved with an effort to try to do a similar thing for email called Autocrypt. We have had email encryption technology available to us for 20 years. But encrypting email is painful.

So painful that the creator of email encryption tells people to stop using email to send sensitive data.

Phil Zimmerman doesnt use it anymore. He says people should stop using it, but the fact is, that wont happen. And he knows that.

We have a responsibility as engineers to try to fix the systems people actually use. Its one thing for us to say, Quit it. And its another thing to say, OK, we get it. You need email because email works in all these different ways.

I think we have a responsibility to try to clean up some of our messes, instead of saying, Well, that was a mistake. All of you idiots who are still doing what we told you was so cool two years ago need to stop doing it.

We need to actually support it. This is a problem that I call the curse of the deployed base. I take it seriously.

I expect to get a lot of shit, frankly, from some other members of the encrypted-email community.

The Autocrypt project is run by a group of email developers who are building a consensus around automated methods to give people some level of encrypted email without getting in their way.

Some of us deeply, intimately know the thousand paper cuts that come with trying to get encrypted email setup. We asked, Whats the right way to get around that for the majority of people? And the answer weve come up with isnt quite as good as traditional encrypted email, from a security perspective. But it isnt bad.

When someone asks me how to use email encryption, Id like to one day be able to tell him to use an Autocrypt-capable mail client, then turn on the Autocrypt feature.

From a solutions perspective, we dont necessarily handle everything correctly. But no one does traditional encrypted email properly. And encrypted email is a two-way street. If you want people to be able to do it, the people with whom you correspond need to also be doing it.

I expect to get a lot of shit, frankly, from some other members of the encrypted-email community. Five years ago, I would have said Autocrypt sounds dangerous because its not as strong as we expect. That is, I might have been inclined to give people shit about aproject like Autocrypt. However, I think that imperfect e-mail encryption with a focus on usability will be better protection than what we currently have, which is actually clear text for everyone, because no one can be bothered to use difficult e-mail encryption.

How important is it for consumers to understand whos targeting them?

This is the other thing that I feel like we dont have enough of a developed conversation around. Im a well-off white guy, working for a powerful nonprofit in the United States. Were not as powerful as wed like to be, and we obviously dont win as many of the fights that we would like to win. But I dont feel that Im personally, necessarily, a target.

Other people I talk to might be more targeted. I am responsible for pieces of infrastructure as a Debian [Linux] developer that other people rely on. They might be targeted. I could be targeted because theyre being targeted.

When we talk about threats, we take an individualistic approach when, in fact, we have a set of interdependencies. You and I exchange emails, and all of a sudden, someone who wants access to your emails can go attack my email.

We havent yet seen a sufficient shift to companies treating user data as a responsibility, instead of just as a future pot of money.

It used to be that I would set up a server, and you would connect to it to view my site. There were network intermediaries, but no CDN. Now there are both, and the CDNs privacy is my privacy is your privacy. All of these things are intermixed.

You have to think about the interdependencies that you have, as well as the threat model of the people who depend on you. Theres responsible data stewardshipI dont think that people think about that actively.

My hope is that every organization that holds someone elses data will see that data as a liability to be cared for, as well as an asset. Most people today see other peoples data as an asset because it will be useful at some point. Companies build venture capital on the basis of their user base, and on the assumption that you can monetize the user base somehow. Most of the time, that means sharing data.

We havent yet seen a sufficient shift to companies treating user data as a responsibility, instead of just as a future pot of money. How do we ensure that organizations in this middleman position take that responsibility seriously? We can try to hold them publicly accountable. We can say, Look, we understand you have access to this data, and we want you to be transparent about whom you leak it to. Or give it to.

Ive been happy to see large companies make a standard operating procedure of documenting all the times theyve had data requested by government agencies, but I dont think its adequate. It doesnt cover who theyve actually sent data to in commercial relationships.

A big challenge to the effort to protect consumers from hacking and spying is the effort to encrypt metadata. Where does it stand today?

Its complicated by a lot of factors.

First, what looks like content to some layers of the communications stack might look like metadata to other layers. For example, in an email, there is a header that says To, and a header that says From. From one perspective, the entire email is content. From another, the To and the From are metadata. Some things are obviously content, and some things are obviously metadata, but theres a vast gray area in the middle.

When youre talking about metadata versus content, it helps to be able to understand that the network operates on all these different levels. And the idea of encrypting metadata doesnt necessarily fit the full bill.

In terms of the size and timing of packets, for example, say you sent K bytes to me. You cannot encrypt the number. But you can obfuscate it.

Take profile pictures. If youre serving up a cache of relatively static data like avatars, you can serve every avatar at the same size.

Can you essentially hide other forms of metadata that cant be encrypted?

You can obfuscate an Internet Protocol address.

When I send you traffic over IP, the metadata at the IP layer is the source and destination address. If you encrypted the destination address, the traffic wouldnt reach the destination. So somebody has to see some of the metadata somewhere. And practically, realistically, I have no hope of encrypting, or protecting, the sending address. But maybe I dont need to present the source address.

Whether youre padding existing traffic to hide the size of the information transferred, or making changes to how domain name servers operate, what are the associated costs? Additional traffic isnt free, right?

Its hard to measure some of the costs. But youd measure padding to defend against traffic analysis in terms of throughput.

Imagine that your DNS was already encrypted. We know how to do it; we have the specification for it. Are we talking about an extra 5 percent of traffic? Or are we talking about an extra 200 percent or 2,000 percent of traffic? And if were talking about DNS, whats the proportion of that traffic relative to the proportion of all of the other traffic?

DNS traffic is peanuts compared to one streamed episode of House of Cards.

Some traffic analysis savant will come along and say, We found a way to attack your padding scheme, which is great. Thats how the science advances. But it might cost your adversary two to three times more to decipher, because of the padding.

If we step back from that, lets ask about other costs. Have you looked at the statistics for network traffic with an ad blocker versus no ad blocker?

Your browser pulls significantly less traffic, if it doesnt pull ads. And yet, as a society, we seem to have decided that the default should be to pull a bunch of ads. Weve decided that the traffic cost of advertising, which is more likely to be privacy-invasive, is worth paying.

So yes, metadata padding will cost something. Im not going to pretend that it doesnt, but we pay for what we value.

And if we dont value privacy, and thus dont pay for it, there will be a series of consequences. As a society, well be less likely to dissent. Well be more likely to stagnate. And, if we feel boxed in by surveillance, well be less likely to have a functioning democracy.

See more here:

ACLU's Gillmor on privacy: 'We pay for what we value' (Q&A) - The Parallax (blog)

The deep web and its inner recess, the dark web those less well-trodden parts of the internet beyond the reach of Google and Bing are not for the faint-hearted or untrained. With the right tools, however, there's little to fear and plenty to discover. Here's how you can start exploring the deep web without having to worry about your digital well-being.

There are a few ways to approach this, but we're going to focus on one of the most straightforward and secure for simplicity's sake. We're going to be usingTails OS, a bootable operating system that includes everything you need to get down to those hidden parts of the web.

Play Video Don't Play

Play Video Don't Play

Previous slide Next slide

You can buy drugs, weapons and even assassins on it, so do we need the deep web?

Play Video Don't Play

Environment Minister Josh Frydenberg declared the decision a 'big win' as the Great Barrier Reef avoids UN 'in danger' list despite mass bleaching.

Play Video Don't Play

Former Richmond hardman Jake King, a friend of Vickery's, has been charged with making threats to kill over an alleged extortion attempt.

Play Video Don't Play

North Korea's new long-range missiles pose "very little risk" to Darwin or Cairns according to the Australian Defence Force.

Play Video Don't Play

An tourist with autism who went missing from a Melbourne beach has returned to the place he was staying with his family. Vision courtesy Seven News, Melbourne.

Play Video Don't Play

North Korea's decision to test an intercontinental ballistic missile has provoked anger and stern words from world leaders.

Play Video Don't Play

As former PM Tony Abbott continues to criticise his party, more are heaping criticism on him. Perhaps he should take some advice from fellow former PM Julia Gillard.

Play Video Don't Play

Coca-Cola Amatil has announced it will close its South Australia manufacturing plant after posting a drop in annual profit.

You can buy drugs, weapons and even assassins on it, so do we need the deep web?

If you're still unclear about what the deep web is, it's any part of the internet that's not indexed by search engines. Anywhere you can't get from just clicking links. A large part of the deep web is made up of.onionsites (likethe infamous Silk Road), which use a special top-level domain only reachable by a special browser called Tor. Technically, the dark web is a more illicit subsection of the deep web, though the terms are often confused.

For the curious or privacy-conscious internet explorer, it's worth checking out to see what lies beyond the internet we interact with on a day to day basis. But please note: you should be extra careful when clicking links on the deep web as some can lead toillegal sites. Browse at your own risk.

Fortunately Tails hasan installation wizardthat guides you step-by-step through the process of setting up the software. If you want to create a bootable USB copy of Tails (which we do), then you need a Windows machine and two 4GB+ USB sticks (the first is for an "intermediary" version of the OS).

You're also going to requireFirefox, theTor Browseror aBitTorrent clientin order to verify the initial download and confirm it is what it says it is. On top of that you need a Universal USB Installer utility, which the installation wizard directs you to, which will take care of creating the first USB stick using your downloaded Tails ISO.

Get the latest news and updates emailed straight to your inbox.

After that's done, boot from this newly created drive to configure the second one.This official guidetakes you carefully through the process. Use the 'Install by cloning' option in the Tails Installer to create your second USB stick, which includes some security enhancements and extras not built into the first one.

Finally, remove the first USB stick, keep the second in place, and boot from it. You're now ready to start venturing out into the deep web. If you run into trouble (and we hit one or two obstacles along the way), then a general web search for your issue orthe official Tails support portalshould get you moving again.

The Tor Browseris your gateway into the dark web. You can actually use it on Mac and Windows too, but Tails OS adds an extra few layers of security, and comes with Tor included. The browser is based on Firefoxso you shouldn't have many problems finding your way aroundand will open the Tails OS homepage by default.

As you might expect, browsing the deep web isn't quite as simple as clicking on a few links or searching Google. The best way in is through 'hidden' wikislike this one(note you won't be able to click through on any onion links without the Tor browser) and various others you can find via Reddit or with some clever web searching on sites likeDuckDuckGo.

Of course the whole point of the deep web is that casual internet users can't simply fire up Google or read a guide like this to get started easily,so finding working, up-to-date links and directories can take some time. Forums, plenty of patience, and occasionallythe Torch search engineare your best bets for finding a way into new communities.

The deep web has a reputation for shady activity, but it's also a place for whistleblowing, bitcoin exchanges, and political discussion away from the glare of the public internet. It's changed a lot in recent years as security agencies have become more aware of its presence, and it will continue to evolve in the future.

The Tor browser protects you by routing your traffic through various different IP locations (and you'll probably notice your web connection slows down a lot as a result).

And as we've already mentioned,Tails OS includes extra security featureslike built-in encryption, and because you're running it on a USB stick you really are leaving no trace. Tails itself stands for The Amnesiac Incognito Live System, which just about sums up why it's one of the best options for some deep web browsing.

Don't compromise that security and anonymity by giving away personal details, including email addresses and so on, and keep downloading to a minimum. Once you've set up Tails, it's generally common sense. But if you're up to something illegal, you can't rely on these security measures to protect you.

As for whether using Tor will get you in trouble with the authorities on its own, it largely depends where in the world you live and what you're doing with it, but it's worth bearing in mind thatnothing is ever 100 per cent anonymous and secure. For the most paranoid, there's always the option of tape over the webcam but sometimes even that might not be enough.

Follow this link:

How to safely search the deep web - The Sydney Morning Herald - The Sydney Morning Herald

Andrew Brookes/Getty Images

Hacked login details. Cybersecurity exploits for hire. Drugs, guns and ammo. If there's something shady going on online, chances are it's happening on the darknet.

When Target was hacked in 2013, customer card details turned up on darknet marketplaces. Hackers have tried to do the same with Yahoo login credentials, and details of O2 phone network customers in the UK.

You'll also find cybercriminals selling security exploits. Ransomware, anyone?

Everything's for sale if you look in the right place. And with the rise of bitcoin, the "currency of choice" on the darknet, virtually anonymous payments are easier than ever.

Just this week in Australia, a news investigation revealed that an anonymous darknet user has offered up access to the Medicare records of "any Australian" for just 0.0089 bitcoin ($22, AU$30, 18).

That's not to mention the things you really don't want to see. Europol says the darknet and other peer-to-peer networks are still the "main platform" for sharing child abuse material.

So for those of us used to opening Chrome or Safari to get online, the darknet is an entirely different beast. How does it work? How is it different from the "surface web" that we all know? And what do you need to know ahead of time, should you choose to wade in?

The first thing to remember: The darknet is not the same as the "deep web."

The deep web refers to any part of the internet that isn't discoverable by a search engine. But that doesn't mean it's suspicious -- there are plenty of sites you visit in your day-to-day browsing that fall into this category.

When you log in to internet banking, you've navigated to a specific location online, but one that's not served up in Google results. The same goes for the different pages that pop up in webmail services, like Gmail, or academic databases on a university network.

It's hard to estimate just how big the deep web is, but the commonly cited research (albeit from 2001) puts the deep web at 400 to 550 times the size of the "surface web."

If the surface web is the tip of the iceberg and the deep web is what's below the water, then the darknet is what you'll find deep in the blackest waters below. The darknet is the network itself, whereas the dark web is the content that is served up on these networks.

This is where you'll find the kind of marketplaces that ply their trade in illicit wares -- what security researcher Brian Krebs calls the "hidden crime bazaars that can only be accessed through special software that obscures one's true location online."

The UN noted last month that although drug trafficking over the darknet is relatively modest, drug transactions increased 50 percent annually from September 2013 to January 2016. And in early 2016, then-US Attorney General Loretta Lynch warned that some gun sales were shifting to the dark web to stay outside the reach of regulations.

Anonymity is the key here. Whistleblowers, activists and political dissidents certainly have good reason to obscure their online location and post with anonymity on the deep web and the darknet, but that level of secrecy is also sought by criminals.

This isn't just a matter of heading to "darknet.com" and having a snoop -- you'll need specific software and a dedicated browser. The Tor software (and its dedicated Tor Browser) is probably the most famous of these, though there are others, including I2P and Freenet.

Using software originally known as The Onion Router (think layers and layers of encryption), Tor secures traffic by routing it through a network of secure relays that anonymize traffic. These relays are run by volunteers around the world who donate their server bandwidth.

Think of it as a network of safe houses: You travel through underground tunnels that run along the lines of the streets above, and you pop out where you want using safe houses donated by fellow network users.

But with links on the darknet typically just alphanumeric strings of nonsense (think kwyjibo.onion) it can be very hard to know what you're getting.

It's important to remember that Tor isn't illegal software, just as torrenting software doesn't do anything illegal until you use it for sharing pirated movies. Tor says plenty of"normal people" use its service, as well as citizen journalists, whistleblowers, law enforcement agencies and, according toHuman Rights Watch, Chinese dissidents. Tor estimates that onlyabout 4 percent of trafficover its network is for hidden services (or dark web content); the rest is people accessing regular internet sites with greater anonymity.

Still, wherever you have anonymous traffic on hidden networks, the criminal activity will follow.

It's the darknet after all -- be careful what you click for.

Tech Culture: From film and television to social media and games, here's your place for the lighter side of tech.

Batteries Not Included: The CNET team shares experiences that remind us why tech stuff is cool.

Originally posted here:

Darknet 101: Your guide to the badlands of the internet - CNET - CNET