Tor browser will rely on more Rust code – Cloud Pro

Posted on April 8, 2017 by Dook Domini

Tor, once known only by network nerds, has now become something of a hot topic. This is thanks largely to the anonymous network's reputation for hosting drug marketplaces like Silk Road, and other unsavoury sites.

But what exactly is Tor? What is it good for? Does it have any legitimate uses? And how can those not versed in the finer details of network technologies actually access it?

03/04/3017:The Tor browser will take greater advantage of the Rust programming language developed by Mozilla to keep user interactions more secure, it has been revealed.

Although Tor developers have been gunning for the news for a long time (since 2014, in fact), the Mozilla-powered code will play a bigger role in the secretive browser's future.

According to Bleeping Computer, Tor developers met last week to discuss the future of the private browser and decided to use more of the C++-based code in future, hoping to replace the majority of its legacy C and C++ base in the coming months or years.

"We didn't fight about Rust or Go or modern C++. Instead, we focused on identifying goals for migrating Tor to a memory-safe language, and how to get there," Tor developer Sebastian Hahn said.

"With that frame of reference, Rust emerged as a extremely strong candidate for the incremental improvement style that we considered necessary."

The reason why it decided to make such a big change was because a tiny mistake in the C programming language used in the current version of Tor could have a huge impact on users, Tor developer Isis Agora Lovecruft said on Twitter.

"A tipping point in our conversation around 'which safe language' is the Tor Browser team needs Rust because more & more Firefox is in Rust. Also the barrier to entry for contributing to large OSS projects written in C is insanely high."

13/12/2016:The first sandboxed version of the Tor Browser was released in alpha last weekend, bringing privacy fans one step closer to secure browsing.

Version 0.0.2 of the software was released by Tor developer Yawning Angel on Saturday, who is tackling the project largely single-handed. Official binaries are yet to be released, but early adopters can take it for a spit by compiling the code themselves from GitHub.

The project has been a labour of love for Yawning Angel. "We never have time to do this," he said back in October. "We have a funding proposal to do this but I decided to do it separately from the Tor Browser team. I've been trying to do this since last year."

The efforts have been given new urgency by a zero-day vulnerability in Firefox. Discovered last month, the error was being used to de-anonymise Tor users, as the browser is heavily based on Firefox code.

Sandboxed instances of Tor are different from the normal version in that they run in a self-contained silo. This means that if an attacker uses an exploit against the browser, the amount of data it can collect through it from the rest of the machine and operating system is limited.

However, Yawning Angel has stressed that the software is still a very early alpha, and cannot be trusted to be entirely secure. "There are several unresolved issues that affect security and fingerprinting," he wrote as part of the software's README.

01/12/2016:A zero day vulnerability found in both Firefox and Tor web browsers has been exploited in the wild, allowing attackers to target users for their IP and MAC addresses.

Internet security firm Malwarebytes first discovered the flaw, which was shown to be almost identical to the one used by the FBI to expose Tor browser users in 2013.

"The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code," said Daniel Veditz, security lead at Mozilla, in a blog post on Wednesday.

Hackers were able to exploit Tor and Firefox browsers to send user hostnames and IP and MAC addresses to a remote server identified as 5.39.27.226, which has now been taken down.

"The goal is to leak user data with as minimal of a footprint as possible. There's no malicious code downloaded to disk, only shell code is ran directly from memory," said Jerome Segura, lead malware intelligence analyst at Malwarebytes.

"Browsers and their plugins remain the best attack vector to deliver malware or leak data via drive-by attacks," added Segura.

Malwarebytes recommend users adjust the security settings of their Tor browser to 'High' within the privacy settings, which will thwart any similar attacks of this kind. Users running the Malwarebytes Anti-Exploit tool will already by protected from the vulnerability. Both Mozilla and Tor have released patches to address the security flaw.

08/11/2016:FBI illegally used malware against innocent people, say privacy experts

Privacy experts have accused the FBI of overstepping its legal bounds and hacking innocent dark web users, as part of its investigation into child pornography sites using Tor's hidden services.

Unsealed court documents from 2013 reveal that as part of an operation to identify visitors to sites owned by Freedom Hosting - which the FBI had seized earlier that year - the agency obtained a warrant to use a piece of malware called a 'network investigative technique' (NIT) against around 300 specific users of the TorMail secure webmail service, all of whom were allegedly linked to child porn.

However, users who were affected by the NIT told Motherboard that the malware was deployed before users even reached the login page, meaning that it would have been impossible for the FBI to determine who its malware was actually targeting.

The American Civil Liberties Union's principal technologist Christopher Soghoian has condemned this illegal hacking of innocent users, telling Motherboard that "while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade".

"The warrant that the FBI returned to the court makes no mention of the fact that the FBI ended their operation early because they were discovered by the security community," Soghoian continued, "nor does it acknowledge that the government delivered their malware to innocent TorMail users."

"This strongly suggests that the FBI kept the court in the dark about the extent to which they botched the TorMail operation."

The FBI has denied that it acted outside its remit, stating that "as a matter of practice the FBI narrowly tailors warrants, and we do not exceed the scope of those warrants."

07/11/2016: If you think the dark web is nothing more than a wretched hive of scum and villainy, think again - research has shown that the majority of content hosted on it is perfectly legal.

A new report from security firm Terbian Labs reveals that while most people associate the dark web with questionable pornography, exotic narcotics and unlicensed arms deals, the reality is actually quite dull, with over 50% of all domains and URLs in the survey's sample comprised of legal content.

"These Tor Hidden Services play host to Facebook, European graphic design firms, Scandinavian political parties, personal blogs about security, and forums to discuss privacy, technology, even erectile dysfunction," the report explains. "Anonymity does not equate criminality, merely a desire for privacy."

However, the report also conceded that illegal content was also rampant on the dark web. Drugs make up 12.3% of total content on the dark web (and a whopping 45% of all illicit content), while hacking and fraud-related content is also common.

"The dark web receives a fair amount of negative attention because of the anonymity it provides. To outside observers, the desire for anonymity goes handin-hand with criminal activity, and many summaries of the dark web focus exclusively on this criminal activity," the report said. "Most discussions of the dark web entirely gloss over the existence of legal content."

18/10/2016: The Tor Project has released a major update for the Tor software to fix a vulnerability which allows remote attackers to crash Tor servers.

According to a blog post on the Tor Project, Tor 0.2.8.9 backports a fix for a security hole in previous versions of Tor that would allow a remote attacker to crash a Tor client, hidden service, relay, or authority.

It said the update prevents a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string.

At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur, said the blog post.

The project urged all Tor users to upgrade to this version, or to 0.2.9.4-alpha. Patches will be released for older versions of Tor.

31/09/2016:The Tor Project has unveiled a new release: Tor Browser 6.0.5, arriving with a host of updates and improvements. Available for Windows, Linux, and Mac OS X, the new release isself-contained software that can run off a USB flash drive to ensure the anonymity of the user.

Another major change coming to this release is the important security updates that fix the newly revealed extension update vulnerability. According to FossBytes, this loophole allows a hacker to obtain a valid certificate for addons.mozilla.org to imitate Mozillas servers and serve a malicious update.

The new Tor Browser 6.0.5 also comes with updated HTTPS-Everywhere and a new Tor stable version 0.2.8.7.

16/09/2016:The Tor Project has criticised moves by the US government that would enable the FBI to hack computers and conduct surveillance on electronic devices.

It made a public plea against plans to amend Rule 41 of the Federal Rules of Criminal Procedure, which is due to take effect on 1 December.

The amendments would allow the Department of Justice to hack computers and conduct surveillance with a single search warrant, regardless of where the device is located.

It specifies that computers using technology to conceal data, such as encryption or using a Tor browser, would fall inside the scope of changes.

The broad search warrants allowable under these new rules will apply to people using Tor in any country - even if they are journalists, members of a legislature or human rights activists, the Tor Project said in a blog post.

The FBI will be permitted to hack into a persons computer or phone remotely and to search through and remove their data. The FBI will be able to introduce malware into computers. It will create vulnerabilities that will leave users exposed.

In the US Senate, Democrat senator Ron Wyden said that Congress should debate these changes.

If the Senate does nothing, if the Senate fails to act, whats ahead for Americans is a massive expansion of government hacking and surveillance powers, he said.

The Tor Project added: We are at a critical point in the United States regarding surveillance law. Some public officials, like those at the US Department of Justice understand very well how surveillance technology works and the implications of the Rule 41 changes.

31/08/2016: Tor has published its new Social Contract in a bid to improve member conduct and pledged against introducing backdoors into the tool.

In a blog post, the Tor Project has collated the six-point social contract pledging to adhere to standards of conduct, being more transparent and honest about technological capabilities as well as advancing human rights.

The last of the clauses underlined the projects commitment to not harm users, even when pressured to do so by external forces.

We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users. We will never implement front doors or back doors into our projects. In our commitment to transparency, we are honest when we make errors, and we communicate with our users about our plans to improve, said the project.

The standards have been brought about after a number of sexual misconduct allegations against some Tor developers.

16/08/2016: One of the Silk Road's ex-administrators is to be extradited to the US on Friday, following a ruling by Ireland's High Court.

27-year-old Gary Davis, of County Wicklow, was allegedly one of the black market site's chief administrators, going by the name of "Libertas".

According to Davis' legal counsel, the fact that he suffers from Asperger's Syndrome made him unsuitable for incarceration in a US facility, and that the potentially harsh treatment meant he could pose a suicide risk.

In his ruling, Justice Paul McDermott expressed his faith that "the United States authorities will act to protect his mental and physical health and take the appropriate steps to address any symptoms of depression of continuing anxiety by appropriate treatment".

US authorities claim that Davis was a paid employee of the dark web marketplace, which sold large amounts of drugs alongside other illegal goods and services. Site founder Ross Ulbright wasconvicted last yearof various offences relating to the site's operation and is currently serving life without parole.

Davis was charged by the federal government in 2013, alongside two other suspected admins who were supposedly known as "inigo" and "Samesamebutdifferent" on the site.

The trio has been charged with computer hacking conspiracy, money laundering conspiracy and narcotics trafficking conspiracy, charges which could net each suspect life in prison.

According to the 2013 Silk Road indictment, Davis' main role centred around customer satisfaction, and the indictment claimed he was tasked with "responding to customer service inquiries and resolving disputes between buyers and vendors".

15/08/2016:One of Nigel Farage's most trusted political confidantes has been caught using Tor to offer money laundering services on the dark web.

22-year-old George Cottrell was arrested in an FBI sting, The Telegraph reports, after allegedly advertising on the dark web under the pseudonym of "Bill".

An FBI team posing as a cadre of drug traffickers contacted the young aristocrat in 2014, whereupon - according to court documents - he promised to funnel their dirty money through his offshore accounts in order to launder it with "complete anonymity and security".

Cottrell organised for the 'drug traffickers' to send him an initial payment of 15,500 after a meeting in Las Vegas. However, he later attempted to extort the supposed criminals, threatening to turn them over to law enforcement if they did not transfer him 62,000 in bitcoin.

Cottrell faces 21 charges, including money laundering, fraud and attempted extortion, and was arrested at Chicago's O'Hare airport whilst travelling with chief Brexiteer and ex-UKIP leader Nigel Farage.

The authorities have frozen Cottrell's email and financial accounts, The Telegraph has claimed, which has resulted in Farage being unable to access his calendar.

26/07/2016: O2 customers have found their details being sold on the dark web after criminals used logins stolen from other sites to obtain access to their accounts.

The BBC's Victoria Derbyshire show learned of the sale after being contacted by an ethical hacker and found that names, passwords, email addresses and telephone numbers were all available to buyers.

O2 was quick to point out that its systems had not been breached, and that the attackers accessed customer data through password reuse attacks - also known as 'credential stuffing'.

"Credential stuffing is a challenge for businesses and can result in many company's customer data being sold on the dark net," an O2 spokesperson said.

"We have reported all the details passed to us about the seller to law enforcement and we continue to help with their investigations."

Following a joint investigation with O2, the Victoria Derbyshire programme learned that the credentials used to access the site had most likely come from games streaming site XSplit, which was hacked back in 2013.

The news underlines how easy it can be for criminals to use one hack to complete another, daisy-chaining breaches together.

"The problem with reusing passwords," says ESET security specialist Mark James, "is when a location gets breached that does not have very good security, the criminals will take that data and use it to attempt to log into websites for monetary gain."

"It makes no difference how good the security is for PayPal if you use the same username (often your email address) and password on a smaller not so well protected site."

15/07/2016:The Tor Project's entire board of directors has stepped down, following the scandal over alleged rapist Jacob Appelbaum's employment by the organisation.

"I think this was an incredibly brave and selfless thing for the board to do," said Tor's executive director Shari Steele as part of a blog post. "They're making a clear statement that they want the organisation to become its best self."

Wendy Seltzer, Ian Goldberg, Meredith Hoban Dunn, Rabbi Rob Thomas, Julius Mittenzwei, Nick Mathewson and Roger Dingledine have all agreed to leave their posts, stating "it is time that we pass the baton of board oversight".

Co-founders Dingledine and Mathewson will continue to lead the project's technical research and development efforts, however.

The outgoing directors have elected as their replacements six leading lights from the security and privacy communities. These include the Electronic Frontier Foundation's executive director Cindy Cohn, executive director of the Human Rights Data Analysis Group Megan Price, and security and cryptography guru Bruce Schneier.

The mass departure comes on the heels of a high-profile incident involving Tor Project developer Jacob Appelbaum, who has been accused of numerous counts of sexual harassment and rape.Appelbaum has vehemently denied the allegations.

However, testimony from one of his alleged victims has indicated that the organisation's board knew about the claims against him for over a year.

The board's perceived inaction against Appelbaum, who remained a public figure within the Tor community until his departure, drew substantial criticism from community members who thought they should have acted sooner.

08/07/2016:Malware that uses the Tor network to communicate with its command and control (C2) servers and is able to steal credentials stored in Mac OS X's keychain credentials and maintain a backdoor into the system has been discovered.

Keydnap, as it has been called, is delivered to a computer as a compressed Mach-O file, which is disguised as a benign extension, such as .jpg or .txt. However, there is an additional space at the end of these extensions, causing the file to launch in Terminal when double clicked, not in Preview or TextEdit.

However Gatekeeper, one of OS X's inbuilt security features that stops machines launching programmes in the Mac operating system has prevented the malware from spreading far and wide. Although it could become a problem if users have opted for the operating system to launch anything, regardless of the source.

If a user does allow all requests to pass, they could be at risk of letting the malware in via the persistent backdoor known as icloudsyncd and the keychain password stealer.

"[Keydnap] is equipped with a mechanism to gather and exfiltrate passwords and keys stored in OS Xs keychain," Eset researcher Marc-Etienne M.Leveille said.

He examined the malware attack, which was apparently stolen from a Github proof of concept created by software developer Juuso Salonen.

"The author simply took a proof-of-concept [that] reads securityds memory and searches for the decryption key for the users keychain," he explained in his report.

29/06/2016: The FBI is choosing not to divulge the Tor Browser exploit used to track and arrest 1,500 users of a dark web child pornography site last month, reports Engadget.

Mozilla requested that the FBI reveal the exploit used to track users' PCs with location-tracking malware, but the request was thrown out after being approved citing national security concerns.

"The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," the attorneys wrote in a filing this month.

20/06/2016:The Tor Project is building a special 'hardened' browser to prevent it being hacked by the FBI.

Security researchers have published a paper outlining how their newly-developed 'selfrando' technique is being used to protect against code reuse attacks that could bedeployed by US law enforcementagainst the browser.

See more here:

Tor browser will rely on more Rust code - Cloud Pro

What is the Dark Web and Deep Web? – PC Advisor

Posted on April 8, 2017 by Dook Domini

We explain the Dark Web, how it differs from the Deep Web, and how to access the Dark Web using Tor. We explain the Dark Web and Deep Web, plus how to access them

By Matt Egan | 06 Apr 17

The Dark Web is a term that refers specifically to a collection of websites that exist on an encrypted network andcannot be found by using traditional search engines or visited by using traditional browsers.

Almost all sites on the so-called Dark Web hide their identity using the Tor encryption tool. You may know Tor for its ability to hide your identity and activity. You can use Tor to spoof your location so it appears you're in a different country to where you're really located, making it much like using a VPN service.

When a website is run through Tor it has much the same effect.

Indeed, it multiplies the effect. To visit a site on the Dark Web that is using Tor encryption, the web user needs to be using Tor. Just as the end user's IP address is bounced through several layers of encryption to appear to be at another IP address on the Tor network, so is that of the website.

There are several layers of magnitude more secrecy than the already secret act of using Tor to visit a website on the open internet - for both parties

Thus, sites on the Dark Web can be visited by anyone, but it is very difficult to work out who is behind the sites. And it can be dangerous if you slip up and your identity is discovered. Talking of identity, you can find outwhat Google knows about youand alsodelete your Google location history.

You can also read our in-depth guide to using Torif you want to know more about using the web anonymously and sending messages securely.

Not all Dark Web sites use Tor. Some use similar services such as I2P, such as the Silk Road Reloaded. But the principle remains the same. The visitor has to use the same encryption tool as the site and - crucially - know where to find the site, in order to type in the URL and visit.

Infamous examples of Dark Web sites include the Silk Road and its offspring. The Silk Road was (and maybe still is) a website for the buying and selling of recreational drugs. But there are legitimate uses for the Dark Web.

People operating within closed, totalitarian societies can use the Dark Web to communicate with the outside world. And given recent revelations about US- and UK government snooping on web use, you may feel it is sensible to take your communication on to the Dark Web. (I'll stick to Facebook, but I like the attention.)

The DarkWeb hitthe headlines in August 2015after it wasbeen reported that 10GB of data stolen from Ashley Madison, a site designed to enablebored spouses to cheat on their partners, was dumped on to the DarkWeb.

Hackers stole the data and threatened to upload it to the web if the site did not close down, and it has now acted on that threat. Now the spouses of Ashley Madison users have begun to receive blackmail letters demanding they pay $2500 in Bitcoin or have the infidelity exposed.

In March 2015 the UK government launched a dedicated cybercrime unit to tackle the Dark Web, with a particular focus on cracking down on serious crime rings and child pornography.The National Crime Agency (NCA) and UK intelligence outfit GCHQ are together creatingthe Joint Operations Cell (JOC).

Although all of these terms tend to be used interchangeably, they don't refer to exactly the same thing. An element of nuance is required. The 'Deep Web' refers to all web pages that search engines cannot find.

Thus the 'Deep Web' includes the 'Dark Web', but also includes all user databases, webmail pages, registration-required web forums, and pages behind paywalls. There are huge numbers of such pages, and most exist for mundane reasons.

We have a 'staging' version of all of our websites that is blocked from being indexed by search engines, so we can check stories before we set them live. Thus for every page publicly available on this website (and there are literally millions), there is another on the Deep Web.

The content management system into which I am typing this article is on the Deep Web. So that is another page for every page that is on the live site. Meanwhile our work intranet is hidden from search engines, and requires a password. It has been live for nearly 20 years, so there are plenty of pages there.

Use an online bank account? The password-protected bits are on the Deep Web. And when you consider how many pages just one Gmail account will create, you understand the sheer size of the Deep Web.

This scale is why newspapers and mainstream news outlets regularly trot out scare stories about '90 percent of the internet' consisting of the Dark Web. They are confusing the generally dodgy Dark Web with the much bigger and generally more benign Deep Web.

Mixing up the act of deliberately hiding things, with that of necessarily keeping pages away from search engines for reasons of security or user experience.

Confusingly, 'Dark Internet' is also a term sometimes used to describe further examples of networks, databases or even websites that cannot be reached over the internet. In this case either for technical reasons, or because the properties contain niche information that few people will want, or in some cases because the data is private.

A basic rule of thumb is that the phrases 'Dark Web' or 'Deep Web' are typically used by tabloid newspapers to refer to dangerous secret online worlds, the 'Dark Internet' is a boring place where scientists store raw data for research.

The Deep Web is a catch-all term for all web pages that are not indexed for search, the others refer to specific things. (See also: Take precautions when using public Wi-Fi networks.)

Technically, this is not a difficult process. You simply need to install and use Tor. Go to http://www.torproject.org and download the Tor Browser Bundle, which contains all the required tools. Run the downloaded file, choose an extraction location, then open the folder and click Start Tor Browser. That's it.

The Vidalia Control Panel will automatically handle the randomised network setup and, when Tor is ready, the browser will open; just close it again to disconnect from the network.

Depending on what you intend to do on the Dark Web, some users recommend placing tape over your laptop's webcam to prevent prying eyes watching you. A tinfoil hat is also an option.If you're reading this to find out about torrent files, check out our separate guide on how to use torrent sites in UK.

The difficult thing is knowing where to look on the Dark Web. There, reader, we leave you to your own devices and wish you good luck and safe surfing. And a warning before you go any further. Once you get into the Dark Web, you *will* be able to access those sites to which the tabloids refer. This means that you could be a click away from sites selling drugs and guns, and - frankly - even worse things.

Aggregation sites such as Reddit offer lists of links, as do several Wikis, including http://thehiddenwiki.org/ - a list that offers access to some very bad places. Have a quick look by all means, but please don't take our linking to it as an endorsement. It really isn't.

Also, Dark Web sites do go down from time to time, due to their dark nature. But if you want good customer service, stay out of the dark!

And do heed our warning: this article is intended as a guide to what is the Dark Web - not an endorsement or encouragement for you to start behaving in illegal or immoral behaviour.

Read the original post:

What is the Dark Web and Deep Web? - PC Advisor

A new law allow ISPs to sell your data without your consent. Here’s how to shield your privacy – Technical.ly

Posted on April 8, 2017 by Dook Domini

Editors note: This post is a companion piece to this guide on how to take action and protect your privacy in light of the bill that President Trump recently signed into law that allows internet service providers (ISPs) to sell consumers browsing data.

Picking a good, secure VPN even for tech-savvy people can be difficult.

Im not a lawyer and someone with legal background should examine this, but something people need to understand is that VPN providers can also be classified as ISPs as theyre providing an internet service. And if theyre based in the U.S. or their servers are in the U.S. or in a country with similar anti-privacy laws, they may still be able to monetize your browsing habits. So basically by picking a bad VPN service, you might make the problem in hand even worse.

There are very very few service providers whom I know and trust that dont have any interest in the users data and take active measures to either not to have access to it in the first place or secure it if they have. Riseup.net and Calyx.net are two of them.

For more technical users, here are some tools I recommend. Each have their own pros and cons.

To be perfectly clear, Tor is NOT a VPN and is not even remotely comparable. Apples and oranges. But its probably your best shot at protecting your privacy. Tor Browser is a hardened browser built on top of Firefox. It makes it harder for sites and adversaries to track you by anonymizing your path to the website you visit. If this is the first time hearing about Tor, I encourage you to watch this short animation.

While Tor Browser is my primary browser these days, I dont use it for my banking, for example. They might freak out as your IP address changes from one country to another roughly every 10 minutes. Using Tor makes it extremely difficult for anyone to see or collect your online behavior.

Full disclosure, Im a volunteer and core member of The Tor Project.

Pros

Cons

[Related: A beginners guide to Tor.]

Once setup, Algo is probably the easiest and one of the most secure way to get a VPN up and running to be used on MacOS or iOS. If youve ever used the command line, setting up an instance of Algo should be fairly easy for you. Just be mindful, if youre using Algo for your privacy against the recent deregulation in the U.S., you might want to pick a data center that resides in a privacy- friendly jurisdiction. Another thing you might want to consider is that Algo uses Google DNS by default. If youre worried about this recent deregulation, you should as well be worried about the visibilities the Silicon Valley companies such as Google have on your traffic.

Pros

Cons

The design of Bitmask is based on OpenVPN and you can easily hook it up with Riseup or Calyx servers. In fact, theyre both already two of the built-in service providers. I hear from the developers that the MacOS version is on its way, but if youre like me and cant wait to see it, you could chip in with your money or skills to speed up the development process.

Also find it here.

Pros

Cons

A separate operating system housed on a USB stick, DVD or SD card that includes a suite of privacy-ninja applications built in. Everything runs over Tor. Tails is built and maintained by a mostly anonymous, international collective of highly respected developers (yes, all of those things). It can be tricky to set up the USB stick, but once you have it set up, Tails is easy to use. The best part about Tails is that it doesnt touch your currently running operating system. Whether you have Windows or MacOS or Linux, you can install Tails on a USB, reboot and do your work in Tails and when youre done, reboot and unplug the USB stick.

Neither your computer nor Tails would have any memory of what articles you read online or which newspaper you leaked documents to.

Pros

Cons

This new operating system, currently in alpha release, is based on Debian and not only sends all of your traffic over Tor by default, but also protects you from zero-day attacks by taking advantage of grsecurity patches. And on top of that, it has some amazing sandboxing features. If youre a little more savvy and want to try things at the bleeding edge, definitely give it a shot. Imagine Tails but built to be your primary OS.

Pros

Cons

Nima Fatemi is an independent security researcher and core member of Tor.

Read the original post:

A new law allow ISPs to sell your data without your consent. Here's how to shield your privacy - Technical.ly

OMG! Is Facebook Messenger Day a Total Ripoff of Snapchat? – CIO Today

Posted on March 12, 2017 by Dook Domini

Child Porn Case Dropped as U.S. Refuses To Show Software code

. Updated March 09, 2017.

Charges against Vancouver, Washington, teacher Jay Michaud in U.S. District Court in Seattle were dismissed Monday.

In 2015, Michaud was arrested and accused of downloading child pornography. During the child porn investigation, the FBI allowed a secret child porn website on the largely anonymous Tor network to run for two weeks while it tried to identify users by hacking into their computers.

The child porn website, called Playpen, operated on Tor, which provides users anonymity by routing their communications through numerous computers around the globe, and it had more than 150,000 members. The Tor browser is based on Firefox. While the network is used for various reasons -- including circumventing free-speech restrictions in some parts of the world -- it has also provided sanctuary for child pornography, drug trafficking and other criminality.

After arresting Playpen's operator in Florida in early 2015, the FBI let the website continue running for two weeks while trying to identify users, a move the agency said was necessary to apprehend those posting and downloading images of children being sexually abused. Defense attorneys criticized the tactic as unethical.

A magistrate in Virginia issued a search warrant allowing the agency to deploy what it calls a "network investigative technique": code that prompted the computers that signed into Playpen to communicate back to the government certain information, including IP addresses, despite the anonymity normally afforded by Tor.

The FBI then obtained further warrants to search suspects' homes. At least 137 people were charged. Defendants have challenged the FBI's hacking on numerous grounds.

A federal judge in Washington state threw out the government's evidence against Michaud last year, saying that unless the FBI detailed the vulnerability it exploited, the man couldn't mount an effective defense.

The DOJ said previously the information is not relevant. Defendants have been offered or provided all the evidence they need, including limited source code and data streams showing what the program did, the FBI has argued.

Michaud's lawyer, Colin Fieman, said in an email to The Associated Press that they are relieved and grateful his case is done but that many unanswered questions remain about the FBI's investigation, known as Operation Pacifier.

"Mr. Michaud maintained his innocence from the outset, and the dismissal is a result of the FBI's overreaching and misuse of its computer hacking capabilities, including its operation of the world's largest child pornography web site and attacks on computers in over 120 countries," Fieman said. "It remains to be seen whether the FBI will ever be held fully accountable for those aspects of its investigation that put core privacy rights at risk and violated common standards of decency when it comes to how law enforcement agencies do their job."

A school district spokeswoman says Michaud hasn't returned to work, KGV-TV reported.

Read this article:

OMG! Is Facebook Messenger Day a Total Ripoff of Snapchat? - CIO Today

Vancouver child-porn case dropped as US refuses to show software code – Q13 FOX

Posted on March 12, 2017 by Dook Domini

Q13 FOX

Vancouver child-porn case dropped as US refuses to show software code
Q13 FOX
The child porn website, called Playpen, operated on Tor, which provides users anonymity by routing their communications through numerous computers around the globe, and it had more than 150,000 members. The Tor browser is based on Firefox. While the ...
Vancouver man's child porn charges dropped as feds refuse to disclose hacking techniquesKING5.com

all 12 news articles »

Excerpt from:

Vancouver child-porn case dropped as US refuses to show software code - Q13 FOX

Europe-Wide Raids Against Cybercrime Networks | NewsFactor … – NewsFactor Network

Posted on March 11, 2017 by Dook Domini

Child Porn Case Dropped as U.S. Refuses To Show Software code

Charges against Vancouver, Washington, teacher Jay Michaud in U.S. District Court in Seattle were dismissed Monday.

The FBI then obtained further warrants to search suspects' homes. At least 137 people were charged. Defendants have challenged the FBI's hacking on numerous grounds.

A school district spokeswoman says Michaud hasn't returned to work, KGV-TV reported.

View post:

Europe-Wide Raids Against Cybercrime Networks | NewsFactor ... - NewsFactor Network

Vancouver man’s child porn charges dropped as feds refuse to disclose hacking techniques – KING5.com

Posted on March 11, 2017 by Dook Domini

John Tierney, KGW 1:05 PM. PST March 09, 2017

. (Photo: Justin Sullivan, Getty Images)

TACOMA, Wash. -- Federal prosecutors decided to drop child pornography charges against a Vancouver, Wash. teacher rather than give up classified information about the hacking techniques they used to gather evidence in the case.

The case involves a teacher named Jay Michaud who was arrested in July 2015 and accused of downloading child pornography from a website called Playpen. While users on that website, which was actually operated by the FBI, used a special web browser called Tor to protect their identities, FBI agents exploited unknown weaknesses in that browser to identify suspects.

The FBI's Playpen website ran for two weeks while it gathered evidence of illegal activity.

A judge in Michauds case ordered the FBI to disclose to the defense parts of their hacking process, known as a network investigative technique. But the government refused to give up their secrets and determined the better alternative was simply dropping the case against Michaud.

Because the government remains unwilling to disclose certain discovery related to the FBIs deployment of a Network Investigative Technique (NIT) as part of its investigation into the Playpen child pornography site, the government has no choice but to seek dismissal of the indictment, U.S. Attorney Annette Hayes wrote in a court filing.

Hayes said the government faced only two options: disclose classified information or drop the case.

Disclosure is not currently an option, she wrote.

U.S. District Judge Robert Bryan on Monday agreed to dismiss the case without prejudice, meaning charges could be re-filed at some point in the future.

Michauds attorney Colin Fieman said his client always maintained his innocence and was relieved by the decision to drop charges.

He said the case also points to larger issues about the governments hacking abilities, including using techniques found in national security investigations for domestic criminal cases.

Fieman said defendants have a right to challenge evidence in any case, even when the government uses sensitive methods to collect that evidence.

There are fundamental rights for a defendant at stake when the government is trying to prosecute someone on what is essentially secret evidence, Fieman said.

Fieman said it was highly unusual for a judge to force the governments hand like this. In most cases, federal agents arent required to disclose classified methods used to gather this type of evidence.

With a criminal case, the government needs to be prepared to display all the evidence against that person to ensure a fair trial, Fieman said. If they cant do that, maybe its time for the FBI and others to start re-thinking the measures theyre using.

This is only the second time federal prosecutors have dropped charges rather than expose secret techniques, according to Wired magazine. The magazine reports that federal investigators have exploited vulnerabilities in the Tor browser to identify suspects.

Michaud did not return a message seeking a comment for this story. He previously worked at the Vancouver School District but was placed on administrative leave when the allegations surfaced.

A school district spokeswoman said Michaud has not returned to working at the district.

2017 KGW-TV

Read this article:

Vancouver man's child porn charges dropped as feds refuse to disclose hacking techniques - KING5.com

What is Tor and how do I use it? – International Business Times UK

Posted on March 11, 2017 by Dook Domini

When the revelations about government mass surveillance were disclosed by NSA whistleblower Edward Snowden in 2013, the issue irrevocably changed how the world saw online privacy. Suddenly the general public started to think a lot more about how safe it is to post all their activities online, and to question how safe their data is on the internet.

One way many people now stay safe online is to make use of the Tor anonymising network.

The Tor anonymity network (named after The Onion Router project) consists of software that shields and redirects internet traffic through a worldwide network of relays. It is comprised of volunteers who set up their computers as Tor exit nodes, in order to offer at least three layers of encryption, whereby the source and the final destination of the Tor path is completely anonymised.

The network is used both by people who have privacy concerns and don't want governments and internet service providers (ISP) to be able to spy on their activities online, as well as by others who have nefarious purposes in mind for example, people who want to obtain firearms, narcotics and counterfeit goods from secret underground marketplaces on the Dark Web.

How do I use Tor?

It's fairly simple to get started with Tor. Simply go to the Tor Project website and download the Tor Browser here. The Tor Browser is available for Windows, Mac OS X and Linux, and it has been translated into 15 other popular languages besides English.

Step One: Select the Tor Browser in the language and operating system of your choice and click on the link in the table on the download page, then safe the file to your desktop.

Step Two: Install the software and make sure that it is updated to the latest version.

Step Three: Every time you want to go on the internet, from now on you should only do so by launching the Tor Browser. Sometimes it takes several seconds for websites to load, but this is normal the extra time is due to the fact your internet traffic is bouncing around the Tor relays so that it becomes untraceable to you. Use Tor for all websites, including Facebook.

Step Four (optional): If you want to further encrypt your web traffic so it makes it impossible for it to be traced, then you should use Tor together with a virtual private network (VPN). VPNs are premium paid subscription tunnel services that route internet traffic through a private server to hide your traffic and geographic location. There are tons of VPN providers online, offering a range of different prices, so check out this VPN comparison guide before purchasing.

Advice: We know that illegally downloading pirated content via torrents is popular, but although it is tempting, you shouldn't do so on the Tor network, as it will slow down and jam up the network for everyone else. So please don't do this. Also, again, remember that it is illegal.

See the original post here:

What is Tor and how do I use it? - International Business Times UK

Child porn case dropped as US refuses to show software weakness it exploited – Chicago Tribune

Posted on March 9, 2017 by Dook Domini

Federal prosecutors have dropped child pornography charges against a Washington teacher after the U.S. Justice Department refused to disclose information about a software weakness it exploited during an investigation last year.

Charges against Vancouver, Washington, teacher Jay Michaud in U.S. District Court in Seattle were dismissed Monday.

The child porn website, called Playpen, operated on Tor, which provides users anonymity by routing their communications through numerous computers around the globe, and it had more than 150,000 members. The Tor browser is based on Firefox. While the network is used for various reasons including circumventing free-speech restrictions in some parts of the world it has also provided sanctuary for child pornography, drug trafficking and other criminality.

The FBI then obtained further warrants to search suspects' homes. At least 137 people were charged. Defendants have challenged the FBI's hacking on numerous grounds.

A school district spokeswoman says Michaud hasn't returned to work, KGV-TV reported.

See the original post:

Child porn case dropped as US refuses to show software weakness it exploited - Chicago Tribune

Firefox 52 Brings New ESR Version, Security Upgrades, And WebAssembly Support – Tom’s Hardware

Posted on March 8, 2017 by Dook Domini

Mozilla released version 52 of Firefox, which brings new security features, as well as support for WebAssembly, a low-level programming language for the web. The new version of Firefox also coincides with a new Firefox Extended Support Release (ESR), which means the Tor Browser will soon benefit from all the security features that have been added to Firefox over the past year, including the browsers new sandboxing architecture.

Firefox 52 brought quite a few new features, especially in the security department.

WebAssembly

One of the most important features added to Firefox 52 is support for WebAssembly, a low-level programming language that can make web apps run at near-native speed.

This will make WebAssembly especially more useful for browser games, advanced web apps, and software libraries. Mozilla has been one of the primary developers of the language, as it wanted to offer a standardized alternative to Googles Native Client API, which boasts similar performance. The organization seems to have succeeded in that goal, as WebAssembly should soon be adopted by all the major browsers.

Strict Secure Cookies

Firefox 52 also supports Strict Secure Cookies, a policy that forbids HTTP websites from setting cookies with the secure attribute.

(Non-) Security Warnings

Google and Mozilla have promised for many months a new This connection is not secure warning that will appear in login boxes on pages that use HTTP, rather than HTTPS.

Both Google and Mozilla will progressively ramp up their warnings until all HTTP web pages are greeted by big red notifications that they are not secure. However, for now, the two companies are only warning about pages that require passwords or credit card information.

An Untrusted Connection error will also appear when Firefox 52 users visit a website whose certificate is chained to a root certificate that still uses the SHA-1 algorithm (such as those imported by the user). All the major browser vendors have had plans to deprecate SHA-1 for a couple of years now. With Google researchers proving that a collision attack on SHA-1 is now practical, there are even more reasons to avoid connections based on SHA-1 algorithms. However, for now, Mozilla will still allow users to bypass this warning.

Improved Multi-process, Sync Support

The multi-process architecture has also been enabled for Windows users that use touchscreen devices. The browser also got an enhanced sync feature to enable users to send and open tabs from one device to another.

Dropping NPAPI, Battery Status API Support

Support for the Netscape Plugin API (NPAPI) has been removed for virtually all plugins with the exception of Flash. Mozilla also removed support for the Battery Status API, which could have been used by some services to fingerprint users, thus significantly reducing privacy on the web.

Along with the regular release of Firefox 52, Mozilla also announced a new Firefox ESR, which has caught up with the features of the latest mainstream version of Firefox.

The ESR version is a release of Firefox that only receives security patches for almost a year (seven Firefox releases, to be exact). That means it falls behind in supporting new features as they appear in the regular versions of Firefox. This is usually a good thing for enterprise users, but also for certain organizations such as the Tor Project, which build the Tor Browser on top of Firefox ESR.

New features tend to introduce new bugs and it also takes time to validate them and to make sure they dont break anything. Therefore, something like Firefox ESR is more appealing to the Tor Project. However, sometimes staying almost a year behind is not that good, especially when the main browser introduces significant security improvements.

One of the major security improvements weve seen last year in Firefox is the switch to a better sandboxing architecture, which separates the UI and the content in a different process. That should make it harder for JavaScript exploits that may live inside a web page to make modifications to the browser itself.

As Firefox has kept seeing more and more exploits against it due to the fact that it doesnt have as good of a sandboxing architecture as Chrome does, the Tor Project has started to build its own sandboxing. However, the hardened version of the Tor Browser is only available on Linux for now, and its still in the alpha stage. The Tor browser should still benefit from Mozillas own sandboxing, especially on Windows.

This year, Firefox should continue to receive security upgrades, but it wont be until Firefox 59 (the next ESR version) that the Tor Browser will be able to implement them as well.

Read the original post:

Firefox 52 Brings New ESR Version, Security Upgrades, And WebAssembly Support - Tom's Hardware

8 privacy tools that will keep you safe online – Techworm

Posted on March 7, 2017 by Dook Domini

For any internet user, safeguarding sensitive and confidential information has become a high priority, as internet these days are becoming a less private place with several individuals, corporations, and even governments in some cases, tracking your activities to collect users information and metrics.

Also, it is very easy to track a user because of the IP, the unique address that we all use to connect to internet that makes online privacy a big concern. However, if you wish to keep your personal information private, you can use a VPN or proxy tool to help you. It covers everything from secure web browsing to secure file erasing.

Lets have a look at the privacy tools below:

1. Tor Browser

The Tor network (short for The Onion Router, which describes its multi-layered privacy technology) offers you an anonymous window to the Web. By far, the Firefox-based Tor Browser is the quickest and simplest to start using it.

Tors network of bouncing your traffic through multiple relays makes it nearly impossible to track a users identity or activity. You can access almost every website anonymously, including .onion addresses, which are only accessible while connected to Tor. Its also useful for accessing geo-blocked sites that block IP addresses from specific countries. Tor is available for Windows, Apple Macs and Linux.

2. CyberGhost VPN

CyberGhost allows users to connect to a VPN (virtual private network) and access the internet anonymously. The service is built for users who just want secure, private access when connected from public or untrusted networks. It re-routes your internet traffic to hide your location and identity. The privacy software has six elements: anonymous browsing, unblocking streaming sites, protecting your internet connection, torrenting anonymously, unblocking websites and choosing which VPN server to use

CyberGhost VPN is available as a free ad-supported app, as well as a paid-for edition that provides enhanced performance and more features. The free version should be perfectly adequate for daily or random use. However, it runs much more slowly than the paid-for premium service. The CyberGhost VPN client supports Windows XP, Vista, and 7.

3. Tails

Privacy has become a major issue in this age of mass surveillance and tracking by marketers (anonymous tracking for targeted content is acceptable). If you are someone who needs to keep the government and marketing agencies out of your business, you need an operating system thats created from the ground up with privacy in mind.

And, nothing beats Tails for this purpose. Its a Debian-based Linux distribution that offers privacy and anonymity by design. Its a distro whose aim is solely to keep the identity of the user completely opaque. It routes its traffic through Tor, designed to avoid your outward-bound data from being intercepted and analysed. According to reports, Tails is so good that the NSA considers it a major threat to their hacking activities.

4. Ghostery

Ghostery is a privacy and security-related browser extension and mobile application, which is distributed as proprietary freeware. You can simply install the privacy software and allow it to do its job. Ghostery also tells you exactly what each company is looking at and likely to do with your data. It is definitely a must-have for those who do wish to share every click with marketers. Its available for Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Microsoft Edge, Opera, Apple Safari, iOS, Android and Firefox Mobile.

5. GnuPG

GNU Privacy Guard (GnuPG or GPG) is a free software, and its the open source version of the venerable PGP (Pretty Good Privacy) tool. GnuPG allows you to encrypt and sign your data and communication thats effectively unbreakable. It features a versatile key management system as well as access modules for all kinds of public key directories. It is a command line tool with features for easy integration with other applications.

6. KeyScrambler

KeyScrambler is the most useful method that encrypts every single key that you entered or type deep into the Windows kernel to prevent it from being intercepted by keylogging software. The positioning and timing of encryption key allow it to be much more challenging and burdensome for key-loggers to split or defeat KeyScramblers protection.

If you worry about keylogging or doubt that you are being logged whenever you type, this free privacy software is a good way to frustrate the watchmen.

7. Wise Folder Hider

Designed for Windows XP onwards, Wise Folder Hider is freeware that can quickly and safely hide not only the files/folders on local partitions or removable devices but also USB drives or the files/folders on USB drives. The hidden files/folders will be safely hidden no matter whether the drive is accessed in another operating system on the same computer or reinstalled on another computer. The only way to access hidden files/folders/USB is to enter the valid password(s) correctly. Its double password protection can ensure the absolute safety of your files/folders/USB.

8. AntiSpy for Windows 10

While Windows 10 is the most personal version of Windows, Microsofts attempts at knowing you better have alerted many privacy activists. AntiSpy for Windows 10 allows you to disable advertising IDs, SmartScreen filtering, whether apps can access your camera and so on.

Source: TOI

Read the original here:

8 privacy tools that will keep you safe online - Techworm

Justice Dept. drops Playpen child porn case to prevent release of Tor hack – ZDNet

Posted on March 6, 2017 by Dook Domini

(Image: file photo)

Justice Dept. lawyers are asking a federal court to drop a case against a dark web child porn site because it says it cannot reveal how it used a browser exploit to target thousands of unsuspecting visitors to the site.

A court filing posted late on Friday in Washington state said that because the government is "unwilling to disclose" how it carried out the hacks, it has "no choice but to seek dismissal" of the case.

"The government must now choose between disclosure of classified information and dismissal of its indictment. Disclosure is not currently an option," said the filing.

However, the government's attorneys are asking the case to be reopened once the exploit is no longer classified.

The case, proven to be of the most controversial indictments in recent history, focused on Jay Michaud, a school administrator from Vancouver, WA, who was arrested in July 2015 for viewing child porn images.

Michaud was accused of accessing over a hundred threads on Playpen, a dark web site accessible over the Tor anonymity network, which hosted child abuse imagery for thousands of users.

Feds discovered the server was hosted in the US, and obtained a search warrant that seized the server.

But instead of pulling down the website, the FBI continued to run the website for almost two weeks, as part of efforts to discover the identities of others who accessed the site.

The FBI used a "network investigative technique" -- a hacking tool that in any other hands than the feds would be considered malware -- to deanonymize the users of the Tor browser, a widely used app for easy access to the dark web, during its 2015 investigation into the website.

Little is known about the hacking tool, but it was known to be able to gather real-world information on Playpen visitors, such as IP addresses -- details of which should have been protected by Tor.

But the government refused to reveal the full source code of the exploit in court, and so the judge tossed out the evidence, rendering a significant set-back to the government's case.

Given that the Tor browser uses much of the same code as Firefox, it's long believed that the vulnerability is a zero-day flaw affecting the browser.

In May, Mozilla filed a brief in the Playpen defendant's case asking the FBI to privately disclose the flaw in order to fix the bug that it says would affect the security of "hundreds of millions of users."

A judge is expected to rule on the case in the coming weeks.

Originally posted here:

Justice Dept. drops Playpen child porn case to prevent release of Tor hack - ZDNet

13 reasons not to use Chrome – Techworld Australia

Posted on March 3, 2017 by Dook Domini

OK, were kidding a bit. Chrome is great. Google did a wonderful job with itand continues improving it every day. The marketplace recognizes this, and many surveys show Chrome is the most popular browser by far.

Its not hard to see why. Chrome is stable, in part because its architects made a smart decision to put each web page in a separate process. It has excellent HTML5 standards support, loads of extensions, synchronization across computers, and tight integration with Googles cloud services. All of these reasons and more make Chrome the popular choice.

But Chrome isnt perfect, and its not the only bundle of bits that can fetch a URL. There are plenty of other good options, and you should explore them for all of these 13 reasons and maybe a few more.

Opera was one of the first to stick its own servers in the path between your browser and the larger web. Adding a middleman might slow down some things in life, but not here. Opera designed its Turbo system to cache web pages and compress all of the data into smaller chunks of data. This saves your mobile data and helps the page download faster. Thats why a number of the other browsers offer similar features. Chrome users, for instance, can install the Data Saver extension.

Benchmarks are fickle and dont always represent real browsing performance, but theyre better than nothing. When DigitalTrends pushed seven browsers through three different sets of benchmarks (JetStream, Octane, and Kraken), Chrome didnt win once. It came close occasionally, but Edge, Opera, and Vivaldi are the three main browsers that finished ahead of Chrome, at least on some tests.

Batteries have a finite amount of power. Opera has a feature that lets you use less power by shutting down the activity in background tabs and other corners out of sight. It also turns off eye-catching but functionally worthless animation. All of this adds up. In Operas own tests, it found its browser lasted 35 percent longer than Chrome when visiting the same pages. That translated into an hour of extra browsing on the test machine.

Mac users should check out Safari too. One test reported by the Cult of Mac showed a MacBook lasting 35 percent longer when it ran Safari instead of Chrome.

Security testing group NSS Labs tried out Chrome, Edge, and Firefox for resistance to phishing attempts by trying to load dangerous URLs and measuring when and if the browsers blocked them. Edge blocked the most URLs over time (93 percent vs. 86 percent for Chrome and 85 percent for Firefox) and did it faster (with a total response time of 0.4 hour vs. 1 hour for Chrome and 1.4 hours for Firefox). The tests lasted 12 days in October 2016 and included 991 malicious URLs. Your malicious clicks may vary, but its clear that Microsoft is serious about building a safer browser.

The same NSS Labs report also contained results from tests of the browsers success in stopping social engineering malware, a general term that includes bad software distributed through links that are often sent through hijacked email accounts. NSS Labs began with more than 220,000 URLs and found 5,224 bad URLs. Edge blocked 99.3 percent, while Chrome blocked 95.7 percent and Firefox 81.9 percent.

Operas Turbo services dont simply speed up the web. They can offer privacy and protection too. If you want to enable a VPN, Opera has one built in and ready to go. You dont need to install extensions or subscribe to services. The VPN is ready to protect you whenever youre on public Wi-Fi networks.

Web developers logging the adoption of HTML5 standards have long relied upon HTML5Test scores to track how the browsers are embracing and implementing some of the new ideas, tags, and features. For the longest time, Chrome has received the best scores (507 on my current Chromebox) for offering the most complete set of HTML5 features. But how important are these features? Is a high score better than a not-so-high score? Does any normal human notice the difference?

Safari gets a score of only 380, one of the lowest of the major browsers. Why? It loses points for not implementing many of the new HTML5 form inputs that are customized for collecting special data types like dates or colors. But most pages implement their own date picker anyway. How many people choose a color with a webpage? Most decent web pages that ask for a color have a picker implemented already. Its hard to dwell too much on the FOMO (fear of missing out). But Safari also lacks support for items like a Gamepad controller and offers no way to use new peer-to-peer features like WebRTC. How many times have you noticed? How many times have you said, Gosh, I wish I could hook up a game controller to my Mac and browse the web?

Firefox, Edge, and some of the other browsers are closer to Chromes high score, but its hard to get too upset about what theyre missing. One day well want our browser to implement a native color picker to select a new hue via WebRTC, but until then well be fine without many of the slickest new HTML5 features.

The Tor Browser is a modified version of Firefox that sends your requests bouncing through the Tor network, an encrypted swamp that hides the connection between you and the website. It makes using the Tor network so much easier.

The Epic browser deploys a number of privacy-enhancing features, including blocking the web trackers employed by advertising companies. The developers worked hard to give you more control over the data thats stored and the data thats hidden. You have power over cookies, cache, and the historyif you choose to use it. Power is wonderful, especially over personal data.

These are only two of the more extreme options. The regular browsers like Opera and Firefox also protect their users. Even Chrome can be reconfigured to turn off some of the tracking that Google uses to deliver its services. But as you might expect, Google likes Chrome to support its core business built upon tracking what we do on the web.

Its hard to find the right metaphor for Operas experimental Neon, a new concept browser that melds the web with your desktop and arranges your bookmarks and tabs like objects in space. A built-in physics engine makes these objects bounce, snap, and pop like real objects when you drag or push them. Are you diving into the web? Floating in outer space with web pages? Its a gimmick, perhaps, but they said that about the web itself.

Operas Neon offers a nice feature called snap to gallery, a clever wormhole that lets you grab an image and store it to your disk. Neon also keeps the URL in case you want to return. Its not only saving the IMG SRC, but nurturing the beginning of an image sharing ecology. A picture is more than a collection of pixels.

Apple loves to connect the software in its universe, and Safari is the star in the center of that cosmos. Bookmarks and passwords are a few items synced with iCloud. If youre the type that buys Apple underwear, it makes sense to use Safari for everything too.

Firefox began life long ago as Mozilla, the core of Netscape, the (almost) original browser. The company was one of the first big players to embrace opening up its source code, and it remains one of the leaders of the movement. Using Firefox on your desktop or phone supports the open code base.

Between Google Chrome, Google Wi-Fi, Google DNS, Google Domains, Google Cloud Platform, Chromebooks, and the Pixel, your HTTP request could go from your fingers to the server and back to your eyes through Google Glass lenses on your face without leaving Googles silo. If you love Google, thats not a bad development. But if you believe the rhetoric about competition, monopolies, and an open internet, it has to leave you a bit worried. Using another browser brings ad revenue to another company and keeps the competition alive.

Error: Please check your email address.

More about AppleGoogleIMGMicrosoftMozillaOctaneTechnology

Originally posted here:

13 reasons not to use Chrome - Techworld Australia

Onionshare: secure file transfers using Tor – Ghacks Technology News

Posted on March 2, 2017 by Dook Domini

Onionshare is a free open source program for Windows, Mac OS X and Linux that enables you to transfer files security using Tor.

File sharing has not changed all that much in the past ten or so years. You can send files to other users in various ways: using email, (s)ftp, file sharing services, or online storage services. There are a couple of other options such as sharing files using USB storage devices and face to face exchanges.

It is difficult to transfer files securely. You could encrypt files before you send or upload them, but someone listening in could dump the data and try to break the encryption.

Face to face may work best, but only if you are not crossing any borders.

Onionshare was designed as a direct response to a passage in Glenn Greenwalds new book in which he described the issues that he was facing getting Snowden file copies from a fellow journalist.

The open source program Onionshare uses the Tor network for anonymity. What happens in the background is the following:

When you want to share files, Onionshare creates a temporary password protected website that is hosted on the Tor network.

Anyone with knowledge of the URL and the password can access the data, and download it to a computer system. Onionshare does not take care of that part of the communication though, so it is up to the user who set up the file transfer to use a secure channel to inform recipients about the availability of the data.

The recipient opens the URL in the Tor browser, and downloads files hosted on it to the local system. All that is left to do afterwards is to close down the site. This happens automatically by default after the first download.

You may stop this from being the case though if multiple users need to download the file, or if you want to keep it available in case it needs to be downloaded again.

The program -- we have tested the Windows version -- is easy to use. You need to install it on your system, and may launch it right after installation.

Note: You need to run Tor Browser on your system. If you don't have it, download it from the official Tor Project website.

The interface supports drag and drop operations, but you may also hit the add files or add folder button instead to use the file browser. Hit the "start sharing" button afterwards, and wait for the program to create the site in the background. If things go well, you get a custom URL the files or folders you selected are made available on.

Anyone with the url may download those then using Tor.

Passwords are not set up by default. To set up one, click on File > Settings. There you need to switch either to connect using control port, or connect using socket file. The password authentication option becomes available immediately afterwards.

Onionshare is an easy to use, yet anonymous cross-platform file transfer program. You can increase the protection beyond just requiring a password to download the files by encrypting the files.

Now You: Which programs do you use when you need to transfer files over the Internet?

Author Rating

Software Name

Onionshare

Software Category

Internet

Landing Page

You are here: Home > Software > Onionshare: secure file transfers using Tor

See the article here:

Onionshare: secure file transfers using Tor - Ghacks Technology News

The best free privacy software 2017 – TechRadar

Posted on March 2, 2017 by Dook Domini

Free privacy software

Online privacy is a hot topic, with even world leaders weighing in on the subject. Many of the big-name websites and companies will track your activities to deliver targeted advertising, and can build up an astonishingly detailed profile including your interests, spending habits, age, location and more.

If you would prefer to keep your personal details private, a VPN or proxy tool will help. See our guide to setting up and maintaining a VPN.

As well as preventing third parties building up a profile of you, the best free privacy software can open up the web, granting you access to sites blocked in your country, to access region-locked content when you're travelling away from home, and to add a layer of protection when you use a public Wi-Fi network.

A whole browser dedicated to your privacy, Tor Browser is the cornerstone of any privacy toolkit

Tor Browser is probably the best-known anonymous browsing tool out there, and it is described as a 'censorship circumvention tool'.

Tor Browser has a vast following in the online privacy and security communities. It works by bouncing your communication through numerous encrypted node on the internet, making it impossible to determine your location or other identifying information.

Tor Browser employs complex technology, but is refreshingly accessible. It's based on the same code as Firefox, and guides you through the process of getting online one step at a time.

It uses different connection methods depending on what you're trying to achieve, but there's no need to understand the details because it's all taken care of for you. This combination of effective protection and ease of use makes Tor Browser the best free privacy software you can download today.

Download here: Tor Browser

Privoxy gives you total control over your privacy, but the options might be overwhelming

Privoxy is a web proxy tool that's available not only for Mac, Windows and Linux, but also Android and iOS. It is a tremendously powerful tool, but you'll need to invest a little time and effort to get it up and running.

Privoxy can be used in conjunction with just about any web browser, which is a big bonus; simply set the browser to run its traffic through the tool.

However, one of Privoxy's key features could also be a drawback for new users: it gives you very granular control over privacy settings, and configuring them is very much a manual process. There's a helpful quick start guide available, but it has the potential to be off-putting.

That said, if you're happy to persevere, this free privacy software lets you set up advanced filters that will not only ensure you remain anonymous online, but also protect you against unwanted ads.

Download here: Privoxy

Free privacy software that protects your identity by hiding your IP address from prying eyes

Hotspot Shield VPN is available in two flavors: a free, ad-supported one, and a paid-for version that offer unlimited bandwidth. Hotspot Shield hides your IP address and provides encrypted traffic tunnelling (ideal for use on public Wi-Fi networks) to improve security and ensure privacy.

You may not want to use Hotspot Shield at all time. For instance, you may only be interested in using it to access certain sites that are blocked in your country. In this case you can create shortcuts to individual sites in the Hotspot Shield window which will enable protection before launching the sites. Protection can also be toggled on an off with a single click.

The paid-for version, Hotspot Elite, only costs a few pounds or dollars a month, but it's worth trying the free edition first before opening your wallet. Its additional features, including ad-free browsing and dedicated customer support, make it a tempting proposition.

Download here: Hotspot Shield VPN

Free and user-friendly, TunnelBear is VPN made easy but keep an eye on the data limit

In addition to anonymous browsing, free VPN tool TunnelBear can also be used to bypass traffic-shaping and throttling put in place by ISPs.

The free version of TunnelBear gives you up to 500MB of data each month, but if this isn't enough, unlimited data is available for a subscription fee, with prices starting at US$4.16 per month (about 3, AU$6).

Whether you go premium or stick with the free version, you can share a single account between up to five phones, tablets, Windows PCs or Macs.

Configuration is incredibly simple, and TunnelBear's free privacy software can be used with any browser. It's probably the most accessible VPN tool there is, and is just about impossible not to recommend.

Download here: TunnelBear

A great VPN tool for protecting your privacy online, but free users have to wait their turn

Another multi-platform VPN tool, CyberGhost VPN is available as a free ad-supported app, as well as a paid-for edition offering better performance and more features.

For day-to-day or occasional use, the free version should be perfectly adequate. Configuration is very simple, with the only potential stumbling block being the installation of a virtual network adaptor.

With a single click, CyberGhost VPN will activate, giving the impression that you're browsing from another country. The free privacy software also lets you keep an eye on how much traffic you've transferred through the service using a handy graph.

The downside of using the free version is that there's a limited numbers of spaces on the servers, so you may have to wait to gain access (although you're unlikely to be kept hanging for long).

Download here: CyberGhost VPN

See more here:

The best free privacy software 2017 - TechRadar

Coachella Hack: Five Questions You Were Afraid to Ask – Amplify

Posted on March 2, 2017 by Dook Domini

Goldenvoice sent out an email to its users last night warning that a database holding some of their personal information had been hacked. First reported on Vices Motherboard, the stolen information contained most user account names, email addresses and shipping information.While no financial information was compromised, the hack represents a serious security setback for the festival promoter.Yesterday Goldenvoice officials sent out thisemail to ticket buyers notifying them of the breach.

Coachella got hacked pic.twitter.com/HokC90I4Nf

Kia Makarechi (@Kia_Mak) February 28, 2017

So whats going on here? Below we answer five questions on the Coachella hack you were afraid to ask.

According to AEG,hackers were able to breach a CRM-type database that fans can use to explore Coachellas lineup and chat with other fans on the Coachella message board. This database is different from the Gingerbread ticketing system Goldenvoiceuses for Coachella that system uses a separate login and credential system from the stolen Coachella.com database.

So what was taken? According to AEG, usernames, first and last names, shipping addresses, email addresses, phone numbers and dates of birth individuals, were compromised, but we have confirmed that no user passwords were stolen. Financial information like credit card information was not compromised in the attack.

They probably dont need to do anything, besides stay alert for phishing scams and other illegal activities. Coachella officials told users they should consider changing any passwords that they have shared with others.

Yeahand going forward, dont share your passwords. Watch out for suspicious emails that ask you to login to your account to verify information. Opt for double-verification settings on Gmail and Facebook and use a password vault like LastPass to store your passwords.

What can hackers do with the Coachella information they obtained? Not much the personal details stolen arent that different than the marketing lists companies sell and trade. In fact, the information is really only valuable to other festival promoters and event organizers, although purchasing the information and using it for marketing would be incredibly stupidand illegal.

According to Vice, a hacker using the handle @berkut on the dark website Tochka is taking credit and was attempting to peddle the database for $300. Using a Tor browser, we created an account on Tochka and checked out Berkuts profile he was no longer selling the Coachella data, buthe was trying to sell a stolen database for an ecommerce site based in Mumbai, India. He was also selling a stolen database from policeone.com, a news and message site for law enforcement officials.

PoliceOne acknowledged the attack on their site, posting on Feb. 7 that they had been notified that the content of our PoliceOne Forum was the subject of unauthorized access and acquisition. The incident occurred in our forums, which are run on third-party software and are entirely separate from our main PoliceOne member database and other systems, which have not been compromised.

Sites selling hacked databases area big part of the dark web, which is essentially a network of sites that can only be accessed through a virtual private network and a special web browser. It only takes avery basic knowledge of the internet to hop on and browse sites selling stolen information, weapons and lots of drugs.

Totally dudeand if you order now, it can be here in time for Coachella!

Prices are listed in US Dollars but youhave to pay with the Bitcoin cryptocurrency. Just a few words of caution. First, if you do decide to buy drugs online, youre breaking a number of federal laws possession of a controlled substance, drug trafficking, and potential mail fraud. Also, theres the very real possibility that the site will get busted and your address and order history might end up on some DEA Agents desk.

When in doubt, just say no. Drugs are bad. Mkay?

Maybe. Were not saying he did, but were also not saying he didnt.

Why would Putin want to mess with Goldenvoice? Hmmmmmmm.

Founder & Executive Editor at Amplify Media

Dave Brooks has over 15 years experience as a writer, including eight years as the Managing Editor of Venues Today. He started Amplify in 2014 to give the industry its own voice and turn up the volume on live entertainment.

Go here to see the original:

Coachella Hack: Five Questions You Were Afraid to Ask - Amplify

ExtremeTech explains: All about the dark web, and how to use it – ExtremeTech

Posted on March 2, 2017 by Dook Domini

If youve paid any attention to online marketplaces for illegal goods like the now-defunct Silk Road or the FBIs investigations into criminal in cyberspace, chances are youve heard the term dark web. Curious about what it means? Youve come to the right place.

The dark web is sometimes called onionland because of its content accessible only using services like Tor. The rest of the internet is simply referred to as the clearweb, since it isnt generally encrypted.

The dark web works just about the same as the regular internet: it uses the same TCP/IP framework to transmit HTTP and FTP traffic within and between networks, over the same phone, cable or FiOS lines that carry regular internet traffic. Content on the dark web consists of HTML webpages and their assets, just like it does on the rest of the web. In fact, under the hood, the dark web is the same as the regular web, with two important exceptions that also distinguish the dark web from the deep web.

First: the dark web isnt indexed by search engines. Second, content on the dark web cant be accessed with regular web browsing software alone; additional software is required to make the networks talk to one another.

This is because content on the dark web is hosted on overlay networks, which are physically connected to the internet but arent accessible to web crawlers. That relative inaccessibility is because the dark web uses a complete, but fundamentally different, network addressing system than the web addresses most of us know and use. Browsers like Chrome and Firefox are programmed to access website files using the DNS index, which turns a files unique address on its unique server into a string of text that you can type into your address bar. Sites indexed by the DNS registry are accessible via top-level domains like .com and .org, among others. After ICANN opened up the suffixing system to other strings of text, we started to see web addresses that look like home.cern and bit.ly but you can still type those into your address bar and get to a website, because theyre in the official DNS registry. Dark websites dont participate in the DNS system, and web crawlers dont have the software to get onto the dark web, so the dark web and the clearweb dont really cross-pollinate.

Content obscured in this way can still be accessed, but you need the right software. Its a bit like a Wi-Fi network that doesnt broadcast its SSID: you can only get access if you already know exactly how to find it. Some content accessible only through Tor is hosted at a .onion pseudo-top-level domain, which means that in the right software, you might type in foobar.onion and get to the Foobar dark website.

Such software, including the Tor browser bundle, is capable of bridging the differences in network behavior between the dark web and the clearweb. But that only works when youre using a compatible browser and have the right encryption. Tor, Freenet and I2P are the most commonly cited examples of software capable of accessing the dark web. Typing a .onion address into your Chrome address bar wont get you anywhere. Furthermore, many if not most .onion sites are generated sixteen-character non-mnemonic alphanumeric strings, rather than being composed of words like most clearweb URLs.

There also exists a difference in the path web traffic takes on the clearnet versus the dark web. Tor is valuable because it sends your own web traffic through multiple different network nodes, masking its origin and destination. Theres significant overlap between VPNs and the dark web; both services use encryption and multiple network nodes to anonymize traffic. But VPNs deal with clearweb sites that participate in the DNS system, while dark web browsers deal with domains not recognized by ICANN.

The structure of the dark web makes it anonymizing, which means that first and foremost, its used for anonymous communication and web browsing. This accounts for the vast majority of network traffic through Tor. Why seek out anonymity? To read and write about things that might get you in trouble, like political dissent or whistleblowing. The same technology that enables Tor is capable of tunneling out from behind the Great Firewall of China, and the US government contributes to the development of such software.

Anonymity also brings out those who wish to do illegal things. A 2014 study found that of the different kinds of sites on the dark net, there are more markets devoted to drugs and guns than any other kind of dark site, including forums, bitcoin laundering, hacking, fraud, whistleblowing and even regular old porn.

To paraphrase Jim Jeffries, if you want to murder someone, you cant just walk up to Pier 31 and shout GUNS, WHO WANTS TO SELL ME SOME GUNS!? But with a website like an evil eBay that lists weapons and other contraband for sale, all of a sudden you dont have to know someone with black market connections. You just have to be able to install some software.

Tor hidden services are the other thing the dark web does, and theyre what gives the dark web its shady reputation. Hidden services refers to dark sites where both the host and the visitor are anonymous to one another. That technology enables dark web sites that host illegal content to persist. Hidden services account for only 1.5% of the Tor network volume. But the overwhelming majority of resources requested over Tor hidden services fully 80% of that traffic were requests from child abuse sites. Outgoing traffic from the dark web flowed mainly between botnets and their hidden control servers. More detail on Tors traffic patterns and how much of its total bandwidth is used for illegal activities is available in a blog post by the Tor project.

The dark web is notoriously dodgy territory for both buyers and sellers. Law enforcement has been chipping away at the nominal anonymity afforded by software like Tor, and anything of interest on the dark web is as likely to be a scam as it is to be a honeypot. Between social engineering and software vulnerabilities, it is a realm best accessed while wielding some trustworthy anti-malware.

For a long time, the Silk Road was the biggest game in darknet commerce. It allowed users to sell a great many illegal things, and inspired a number of similarly designed copycat markets. Transactions there were conducted in bitcoins and other virtual currency, and then goods were shipped through the mail. But a high-profile bust and ensuing court case put several Silk Road admins in jail. The media spotlight has impinged on the Silk Roads relative obscurity, reducing its value as a black marketplace.

From Tumblr.

While Uncle Sam contributes to the development of Tor and similar anonymity resources, the government is also known to take more of a proprietary approach, considering even the dark web to be within American jurisdiction when site hosting is in question. The FBI paid Carnegie Mellon to crack Tor in pursuit of a criminal case. They even waded into the muck and ran a huge sting operation on Playpen, a darknet child porn site by taking over control of the site and running it for weeks as a poisoned well to catch its users.

The dark net is an excellent example of how difficult it is to preventcriminals from using anonymizing services designed to protect honest dissenters. Tors anonymizing functions are critically important to people who rely on it to discuss sensitive topics without fear of reprisal. The debate over how much light should be shone into the dark web is an ongoing topic of discussion. How much illegal activity should be allowed to maintain Tors positive benefits, and is there a way to unmask child molesters and other illicit activity without compromising the security that makes the dark web work?

Now read: 19 ways to stay anonymous and protect your privacy online

Check out our ExtremeTech Explains series for more in-depth coverage of todays hottest tech topics.

New ‘Fingerprinting’ Tech Can Track You Anywhere Online – Top Tech News

Posted on February 16, 2017 by Dook Domini

Banks, retailers and advertisers can track your online activity using Web "fingerprinting" techniques, but these methods usually only work across a single browser. Now, however, new technology can follow you anywhere online -- even if you switch browsers.

The new tech makes it possible to establish a unique online fingerprint based not on browser features but on features of a user's operating system and computer hardware, according to a new study by researchers at Lehigh University and Washington University. The cross-browser fingerprinting technique identifies users with an accuracy of 99.24 percent, compared to AmIUnique's "state-of-the-art" accuracy of 90.84 percent across a single browser, according to the researchers.

While acknowledging the fingerprinting method could be used for undesirable purposes that violate online privacy, the researchers said the technique could also help service providers authenticate users for improved security.

Tracking Tech Evolving Fast

In their paper, researchers Yinzhi Cao and Song Li of Lehigh University and Erik Wijmans of Washington University in St. Louis described their cross-browser fingerprinting technique as the first to use "many novel OS and hardware features, especially computer graphics ones" to establish identities and track individual online users. They provided both a working demo and open source code online.

"Web tracking is a debatable technique used to remember and recognize past website visitors," the researchers noted. "On the one hand, web tracking can authenticate users -- and particularly a combination of different web tracking techniques can be used for multifactor authentication to strengthen security. On the other hand, web tracking can also be used to deliver personalized service -- if the service is undesirable, e.g., some unwanted, targeted ads, such tracking is a violation of privacy."

Whether people like it or not, Web tracking technology is widely used and evolving quickly, the researchers added, noting that "more than 90 [percent] of Alexa Top 500 Web sites adopt web tracking."

Possible Defenses: Tor, Virtualization

Cao, Li and Wijmans said their tracking technique outperforms the only other cross-browser fingerprinting technique, which uses IP (Internet Protocol) addresses to track user activity. That technique doesn't work when IP addresses are dynamically allocated -- as when users browse via mobile networks -- or changed by switching from home networks to office networks, they said.

By contrast, the new cross-browser tracking technique might even work with some installations of the Tor browser, which normally prevents browser fingerprinting, according to the researchers. They said their technique could probably be blocked by using the Tor browser with its default settings intact or by using machine virtualization, although the latter technique has the disadvantage of being "heavyweight."

For many online users, Web tracking is a daily issue. The most common sign of being tracked online is when users see ads on different Web sites for products or services they searched for earlier on different sites.

Privacy-focused organizations have developed a number of tools to help users minimize the impact of such tracking. The Electronic Frontier Foundation, for example, offers a tracking tester called Panopticlick that lets users analyze and tweak their browsers and add-ons to maximize privacy protections.

Cao, Li and Wijmans plan to present their research at the Network and Distributed System Security Symposium scheduled for Feb. 26 through March 1 in San Diego.

Image Credit: iStock.

Follow this link:

New 'Fingerprinting' Tech Can Track You Anywhere Online - Top Tech News

‘Using Tor is a civic act’: A beginner’s guide to the privacy browser – Technical.ly Philly

Posted on February 10, 2017 by Dook Domini

Browsers are our window into the virtual world.

So often though, we forget that just as we are looking outward, companies are looking inward. Every search we perform is logged and tied to our virtual footprint (and amongst other things, our geographic location). Search surveillance consequences span from differential pricing (like a higher online price if your browser denotes your location as affluent) to the inability for people to access sensitive information in countries with strict censorship laws (countries, for example, restricting access to sites about AIDS). Access to the amount and kinds of information internet architecture provides is unprecedented, and we are only beginning to understand the implications.

This is where The Onion Router (Tor) comes in. The Tor browser obscures any personal ties and information (with a few exceptions) associated with your browsinghistory. When you use Tor, instead of your request going straight from your browser to the site (like from my DuckDuckGosearch right to technical.ly/philly),it reroutes through several different countries. When using Tor, my request then might go through Norway and Germany before reaching technical.ly/philly. You might imagine that when using Tor, you are not only putting shades on your window but also removing your house from the map or Streetview entirely.

The overall strategy of Tor is that the more people who use it, the stronger of a tool it is. For activist and West Philly-based Tor Communications DirectorKatie Krauss, using Tor is not just switching a browser.

Using the Tor browser is a civic act it allows you to protect your right to privacy, and at the same time it helps human rights activists in countries like Iran or China to use the Internet without getting a knock on the door, she said.

The Tor Project also has Philly roots, as cofounder and research director Roger Dingledine used to be a visiting professor at Drexel.

Below are screenshots and some narrative about my experience downloading and using Tor.

(Screenshot)

When logging on to Facebook and Gmail, Tor wouldnt have masked my identity (instead it would prevent certain kinds of advertising and tracking). However, both Facebook and Gmail gave me error messages.

(Screenshot)

Unfortunately, this was to no avail. Facebook was alerting me that my account was likely compromised, because my last shown login was from Colombia. After attempting verification steps, I was locked out of both of my accounts.

I contacted Krauss to see if this was typical or Tor-related. She gave me the Facebook loophole: The way to avoid this with Facebook is to use their onion address (put this into the address bar on the Tor browser and it will take you to Facebook): https://facebookcorewwwi.onion/.For more info, she directed me to this Facebook blog post.

Krauss noted that she and several other users she checked with have no problem with Gmail in the Tor browser, though it is possible that the issue was the Tor-Gmail interface.

In the end, it worked for me: I was locked out of Gmail for about 3 hours, but after attempting again, I was able to sign in (though I had to verify with an extra step). While it was frustrating to be locked out of my email for a bit, the experience drove home for me how location dependent verification is (and the potential consequences of such dependence).

Overall, Tor was easy to implement and the inconvenience of switching browser was worth the benefit.Ive since relapsed since I first used it because its faster to go log on in Chrome and I need Google Hangouts for work (I havent been able to use it on Tor) but I am back on Tor now.

As I was browsing and watching the latest news, the onion metaphor made me beyond the technical aspect of Tor: if we imagine that those whose civil rights are most vulnerable are in the center, we can effect change by layering around them even with as simple an act of a browser change.

Jen Rajchel explores the intersection between the humanities and technology. A transplant from Las Vegas, she is a Bryn Mawr grad who has made the Philly suburbs her home.

'Using Tor is a civic act': A beginner's guide to the privacy browser - Technical.ly Philly

Tor Browser 6.5 Download – TechSpot

Posted on February 9, 2017 by Dook Domini

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

What's New:

This is a major release and the first one in the 6.5 series. First of all it fixes the usual critical bugs in Firefox by updating to ESR 45.7.0. It contains version updates to other bundle components as well: Tor to 0.2.9.9, OpenSSL to 1.0.2j, HTTPS-Everywhere to 5.2.9, and NoScript to 2.9.5.3.

Besides those updates Tor Browser 6.5 ships with a lot of the improvements we have been working on in the past couple of months.

On the security side we alwaysblock remote JAR filesnow andremove the support for SHA-1 HPKP pins. Additionally we backported from an other firefox branch patches to mark JIT pages as non-writable and other crash fixes that could disrupt a Tor Browser session quite reliably.

With respect to user tracking and fingerprinting we now isolate SharedWorker script requests to the first party domain. We improved our timer resolution spoofing and reduced the timing precision for AudioContext, HTMLMediaElement, and Mediastream elements. We stopped user fingerprinting via internal resource:// URLs, and for Windows users we fixed a regression introduced in Tor Browser 6.0 which could leak the local timezone if JavaScript were enabled.

A great deal of our time was spent on improving the usability of Tor Browser. We redesigned the security slider and improved its labels. We moved a lot of Torbutton's privacy settings directly into the respective Firefox menu making it cleaner and more straightforward to use. Finally, we moved as many Torbutton features as possible into Firefox to make it easier for upstreaming them. This allowed us to resolve a couple of window resizing bugs that piled on over the course of the past years.

The features mentioned above are only some of the highlights in Tor Browser 6.5. The full changelog since 6.0.8 is:

All Platforms

Read the rest here:

Tor Browser 6.5 Download - TechSpot

Futurist Transhuman News Blog

Category Archives: Tor Browser

Tor browser will rely on more Rust code – Cloud Pro

What is the Dark Web and Deep Web? – PC Advisor

A new law allow ISPs to sell your data without your consent. Here’s how to shield your privacy – Technical.ly

OMG! Is Facebook Messenger Day a Total Ripoff of Snapchat? – CIO Today

Vancouver child-porn case dropped as US refuses to show software code – Q13 FOX

Europe-Wide Raids Against Cybercrime Networks | NewsFactor … – NewsFactor Network

Vancouver man’s child porn charges dropped as feds refuse to disclose hacking techniques – KING5.com

What is Tor and how do I use it? – International Business Times UK

Child porn case dropped as US refuses to show software weakness it exploited – Chicago Tribune

Firefox 52 Brings New ESR Version, Security Upgrades, And WebAssembly Support – Tom’s Hardware

8 privacy tools that will keep you safe online – Techworm

Justice Dept. drops Playpen child porn case to prevent release of Tor hack – ZDNet

13 reasons not to use Chrome – Techworld Australia

Onionshare: secure file transfers using Tor – Ghacks Technology News

The best free privacy software 2017 – TechRadar

Coachella Hack: Five Questions You Were Afraid to Ask – Amplify

ExtremeTech explains: All about the dark web, and how to use it – ExtremeTech

New ‘Fingerprinting’ Tech Can Track You Anywhere Online – Top Tech News

‘Using Tor is a civic act’: A beginner’s guide to the privacy browser – Technical.ly Philly

Tor Browser 6.5 Download – TechSpot