Daily Archives: June 7, 2020

Increasing numbers of internet users are becoming aware of the privacy and security implications of being online, and it is for this reason that secure browsers such as Tor are growing in popularity. Now, with the release of Tor Browser 9.5, the browser features an option that can automatically switch to the secure .onion version of a site if one is available.

In short this means that sites are able to actively promote the fact that they have a secure .onion site available. Publishers now can advertise their onion service to Tor users by adding an HTTP header, so if someone visits the regular version of a website, a notification will appear informing them of the more secure option.

Site owners just need to add the Onion-Location header to pages. Visitors will be offered to the chance to opt-in to upgrade to the onion service on their first use. While this is an extremely important change in Tor 9.5, it is far from the only thing that's new in this version of the browser.

There are also changes to Onion Authentication which allow it to manage authentication keys and tokens via about:preferences#privacy in the Onion Services Authentication section. Like other browser, Tor has improved its URL bar security notifications so users are made aware of when they are visiting secure sites, unsecure sites, or those which contain mixed content.

Error messages have also been improved so in the event that a .onion site is inaccessible, it is no longer the case that a standard Firefox (the browser on which Tor is based) error message is displayed. Instead, Tor now shows a simple diagram to illustrate where along the line the problem exists.

This particular build of the browser also marks the start of experimenting with ideas that will hopefully lead to .onion addresses that are easier to remember. The team behind the browser says: "we partnered with Freedom of the Press Foundation (FPF) and the Electronic Frontier Foundation's HTTPS Everywhere to develop the first proof-of-concept human-memorable names for SecureDrop onion services addresses".

Originally posted here:
Tor Browser 9.5 arrives with the option to automatically switch to more secure Onion versions of sites - BetaNews

Sites that carry the most traffic in the world like Google, YouTube, Facebook are already known to us all. But did you know that this is just a drop in the ocean on the internet? There are many websites that are very popular but are hidden away and you cannot find them by searching your popular search engines. That space is where the Dark Web and the Deep Web exist.

- Advertisement -

To understand the Dark Web or Darknet, we need to first attempt to define it more. Its is composed of many websites on an encrypted network with hidden IP addresses all of which gives users strong anonymity protection. In simple terms, no one can see what you are doing while you are there.

When one opens up a website, they strive to ensure that the site is indexed by search engines like Google, Bing or Yandex, but for the dark web, you can only access them with special anonymity browsers, which include Freenet, I2P, and The Onion Router also known as TOR browser.

These two are always confused. The Deep Web is all the sites on the web that cant be reached with a search engine. Although this includes sites on the Dark Web, it also includes sites that serve more mundane functions, such as business intranets, webmail platforms, databases, online banking platforms, and services that usually require a password or other means of authentication.

These are found and accessed directly with a URL or IP address and are hidden behind firewalls, paywalls, and HTML forms. Because all these other pages are included in the Deep Web, the Deep Web is actually far more vast than the regular internet (also known as the Clear Web).

Users of the Dark Web are assured of full anonymity but this also yields a great breeding ground for illegal activities. They use this space to buy or sell illegal goods such as stolen data, unprescribed drugs, or dangerous weapons.

The Dark Web can also be used for legitimate reasons. We have seen whistleblowers, activists, journalists, and others who need to share sensitive information, especially on political figures. This has made it popular as a lot in exposing information that would have not been known to the public for fear of political persecution or retribution by their government or other powerful actors.

In some countries, security and intelligence agencies also use it to monitor terror groups and track cybercriminals. In what may come as a surprise to many, corporate IT departments frequently crawl the Dark Web in search of stolen data and compromised accounts, and individuals may use it to look for signs of identity theft.

- Advertisement -

One of the most defining era of the Dark web was during the times of WikiLeaks the website that publishes classified official materials which also has a home on the Dark Web. Big companies like Facebook also maintain some form of presence there in order to make itself accessible in countries where it is censored by the government.

There are many ways to access the Dark web, but the most popular one is Tor browser. It used a highly secured network of volunteer relays around the world through which users internet connections pass through.

You will need to download and install the Tor browser bundle. Tor URLs end in the domain.onion and not domain.com. Website addresses here are not simple to memorize and they often change their URLs in order to evade detection and DDoS attacks.

When youre on the Dark Web, ISPs and by extension, the government might not be able to view your activity, but they will know you are on the Tor Network. This alone is enough to raise eyebrows in some countries.

It is very paramount that you access the Dark Web while using a VPN before going through the Tor Network. With this method, your ISP only sees the encrypted VPN traffic, and wont know youre on the Tor network.

We recommend you use a trusted VPN provider, one that doesnt track your activities when you log on. Finally, always connect to your VPN first before opening the Tor browser.

If you want to remain totally secure on the Dark Web, you should take the following extra security measures including:

- Advertisement -

Visit link:
The Dark Web Explained, and how to access it - Techjaja

In January 2020, several European news outlets, including The Daily Telegraph, reported that a famous set of antique jewellery were offered for ransom on the dark web. The diamond studded pieces worth almost a billion dollars were looted from a museum in Dresden in 2019. It was reported that Israeli investigators were offered a few of the pieces as a ransom. The messages on the dark web also claimed that it would be futile to try to identify and locate them. The ransom was also to be paid off in Bitcoin, a digital currency.

Imagine a standard business scenario. A business based on sales of a product or service needs a market, a set of products, a marketing campaign. Add to that the corollary mechanisms of customer support, complaints handling and the mechanism becomes a full-fledged commerce. Products, prices, market forces, supply, demand, buyers, sellers and so on.

The dark trade

If a product is not a legal product but still sought after by people in the market, buying would also be as illegal as selling. So neither the seller nor the buyer want to be visible to the outside world. They want to be anonymous, at least to produce, sell, buy and consume illicit products. Suddenly the whole market ecosystem for such products goes underground or anonymous. No mass marketing, no billboards, no well-known addresses, no public phone numbers. Still the market continues to operate and business thrives. While ensuring anonymity and hiding the activity, the buyers continue buying, sellers continue selling, dodging the authorities and thriving in darkness. The normal society cannot see. It is dark from their perspective.

The dark network

The Internet also functions like a normal social mechanism. Activities happen. Correspondences take place. Business and commerce is carried out. People can search things. People can publish things that can be searched by others. That is the normal, visible Internet. Like the hidden world of illegal trade, there is also a hidden Internet, though not fully illegitimate. On the illegitimate side, people access, buy and sell drugs, weapons, child pornography and many other illegal stuff using the platform of this hidden Internet. People with radical and extreme agenda use it to recruit cadets and lure victims.

As it is not seen by the normal populace, it is aptly called the dark net, the dark web etc. The dark net uses all the technologies of the normal Internet combined with specific practices, tools and technologies to make the content and transactions not visible to the normal audience. Like the illegal physical market, the people transacting on the dark web need to be specifically aware of the products, services and the places to conduct transactions. You have to belong to the underworld to access it. Or you have to be drawn into it, by those already inside it.

However, the dark net that is used for illegal activity and trade is only a small fraction of the so-called deep web which is much larger than the visible Internet. Only a small portion of the activities performed in this hidden network is illegal.

How to access it?

As is obvious, the dark net is not accessible through standard means. The sites cannot be browsed with normal, day-to-day Internet browsers. Specially designed browser software is needed to access the darknet. On top of that, the user needs to specifically know what he or she is accessing. In the normal scheme of things, Internet surfing usually starts with a search engine. Just type in the things you want to search into the search box and the rest is done by the engine. You are guided to the site containing information about the searched topic. But the dark net is different. Its contents cannot be searched using standard search engines. Search engines cannot crawl and index their contents. Special tools such as the TOR (The Onion Router) browser are used to browse the darknet. These browsers are designed to anonymize the Internet surfer and make access possible to the underworld of the Internet.

The TOR project has the word Onion in it to reflect the many layers that it has to traverse to achieve anonymity. The client computer using the TOR browser thus cannot access the information source directly. It goes through a multiple layer of servers or devices before reaching the actual source of data. This multilayer abstraction is intended to ensure the anonymity of the user so that neither the content source nor the user can be traced using standard Internet tools.

Why is it dark?

The normal or clear net is made visible to the world by various technologies. The foremost is the ability of search engines such as Google to search and index the web pages. Another technology powering the clear net is the domain name system or the DNS. It translates the common internet addresses such as abc.com to the actual address used by computers, aka the IP address. However, most of the dark net sites are visible only through IP addresses. So they cannot be accessed through common domain names. That makes it so much more difficult to remember, manage and keep track of these addresses. Since the access modality and the general structure is not visible through usual means, it is referred to as dark. Its name dark is further accentuated by the illegal and dark activities performed with the help of the platform.

Once you get the means and the knowhow to enter the dark net though, it might be as luminous as any other Internet content. If one gets exposure inadvertently or is drawn into it, the dark net may truly have a very dark side indeed.

Why is it used for crime?

The first aim of a criminal is not to get caught. For that, they want as little of the trail of their activity to be maintained as possible. Since the dark net has some provisions to help enhance anonymity, criminals love it. Because of the increased difficulty to trace an event back to the person, the illegal activities are hard to track and control. That is perhaps the main driver of high use of dark net for criminal activity and for spreading illegal material. Commercial transactions dealing in arms, drugs, child pornography or weapons can be easily performed with reduced risk of prosecution. Moreover, the financial transactions are performed using digital currency or shady bank accounts which are difficult to locate and trace back to a person.

Apart from trade, activities such as propaganda spreading, recruiting radicals for extremism etc. are also performed using network platforms provided by the dark web. German data security firm GDATA lists some of the things traded on the darknet. They include items ranging from forged credit card numbers to arms and ammunition, contract killers to counterfeit IDs and university degrees, computer viruses and malware to deadly poison, marijuana to even Uranium. The actual gamut of items traded over the dark net would obviously be much wider and more sinister.

Is it only illegal?

No. The darknet was originally not intended for illegal activity. In the late 1990s, the encrypted and hidden communication channel was envisaged to protect the sensitive communication of spies. While full realization of the dream was not achieved, the concept soon bifurcated into a network of activists for human rights and political dissent.

Apart from the various distinct uses of its own, the dark web or the deep web also has a major role in keeping the normal Internet operational. Every legitimate website or network service has a hidden mechanism that need not and should to be exposed. These include the mechanism to manage the content, network and infrastructure of the normal network. Such privileged and internal activities are restricted to the hidden network. This same hidden network and related technologies evolved into the dark web. In terms of the resources, content volume and physical infrastructure, the hidden network is much larger than the visible network.

Moreover, the darknet is also useful for perfectly logical and positive activities. For example, an investigative journalist might want to use the dark web to covertly plan her research and sting operations. The platform can also be used for citizen activism against an authoritarian regime. This group of users, though having legitimate intentions, usually resort to the dark net to ensure anonymity and escape persecution, censorship and threat from authorities or society.

Darknet or dark web or deep web is a network similar to the visible Internet. The differentiator is the visibility of the network resources and the anonymity of the involved parties. It is a legal and legitimate network infrastructure that enables the visible network to function properly. It also enables a lot of online activity that cannot be performed in the open Internet because of the need of secrecy, anonymity or even persecution and fear from others. This ability to ensure anonymity is also being used for illegal activities. Still its good uses and importance for overall cyberspace is far greater compared to the bad uses. The dark nature has some benefits that are being used for good causes as well. Dark web is both the bedrock of cyberspace with positive and critical use as well as an underworld of the Internet having negative uses.

View post:
Dark web is the underworld of cyberspace - MyRepublica

Its easy to feel helpless right now. Cities across the country are seeing unarmed protesters maimed by police officers who enjoy both the full support of the current presidential administration and of the American legal system itself. Congress is, in 2020, debating whether to make lynching a federal hate crime. And theres still a pandemic happening! Meanwhile, even the people who emerge from this moment unscathed physically will, undoubtedly, find their digital lives compromised in more ways than we can possibly fathom.

This last bit, at least, is something we can make meaningful progress on without risking life and limb. But that doesnt mean it will be easy.

One of the cruelest ironies is that the more you learn about digital privacy, the more helpless you feel. Were told that the privacy-protecting laws passed both here and abroad will actually protect us from data-hoovering tech, but a bit of research shows that they actually dont. Were told that wearing a mask the way many of us are right now is a simple enough trick to throw off facial recognition systems, but a bit of reading shows that companies are actively trying to subvert that limitation. A big of digging shows that every major tech company preaching privacy ideals is, in fact, full of shit.

After writing this week about the pipeline between your phone and the cops, my messages were flooded with questions from folks in the activist space trying to mitigate their digital footprint across all of their myriad devices. In turn, I was flooded with something close to guilt.

Even though theres plenty of extremely thorough guides for what the Electronic Frontier Foundation calls surveillance self defence, ultimately, any research about the apps we open or sites we browse are, at the baseline, going to be based on the assumption that these companies are telling us the truth. Its why so many companies get away with saying that they dont sell data, even when theyre blatantly sharing it somewhere out of sight; theyre running off of the assumption that we wont know enough to prove otherwise. And for the most part, theyre right.

Companies like Facebook and Google might not be loyal or particularly honest to you and me, but they have to be honest to the folks they do business with: the millions of advertisers, the dozens of partners in the adtech space or otherwise, and, of course, the sea of investors and venture capitalists raking in cash somewhere on the other side.

For folks trying to get a grip on their digital privacy whether youre an activists or not the best thing you can do is think about your data the same way these companies do: as a business. And while I cant, in good faith, give you The Top Ten Apps That Are An Activists Best Friend, I can give you some tips for surfing more thoughtfully.

Depending on your own privacy preferences, you can get away with using one or the other, both, or none at all. If youre trying to fly under the radar of ad-targeting tech, browsers like Firefox can help where Googles incognito mode cant. Meanwhile, virtual private networks (VPNs) can mask your web activity from any ISPs that might want to pawn it off for cash, while also cloaking your IP address from any advertisers (or authorities) looking to exploit it. That said, VPNs are notoriously unregulated and have been found pawning off this exact data themselves on more than one occasion, so its not a bad idea to research the company behind the network in question. (We have a handy guide on the subject.)

If you want to be really tough to track, the Tor browser might be your best bet but it comes with its own issues. The relay-system thats used on the backend to obfuscate your identity is incredibly powerful, but it can also make browsing pretty slow and inconvenient overall. And ironically, using the super-secure browser comes packaged with the risk of flagging the same authorities youre probably trying not to tip-off.

At the very least, I highly recommend following the Intercepts step-by-step guide on keeping your digital footprint on lock, since some tools they list do double-duty in keeping your data buried from bad actors and advertisers. Folks who are (understandably) sceptical of any privacy-centric tech can also take steps to monitor any data detritus that might still be leaking out.

Back in 2018, Gizmodo published a handy how-to on using network-monitoring tech like Wireshark for this exact purpose but the setup takes a bit of coding know-how. The same goes for using Charles Proxy, the traffic-monitoring tool that I personally use to track the third-parties getting data thats pulled from any apps on my phone. For folks who want to delve into those details, there are some great guides breaking down the basics from a beginner-friendly point of view.

Those of you who want to steer-clear of programming because its a pain in the arse, because its dominated by sexists, or because Tim Cook lied about how fun it actually is you still have ways to snoop on snoopers. Services liked Built With, for example, can break down the trackers that might be lurking on a given site, and tools like Ghostery and Privacy Badger can give you ways to block them.

Mobile data can be a bit tricker to investigate in a code-free way, but not impossible. Apple makes it easy for iOS users to check in on the permissions their apps might be requesting from them, and the permissions pulled from millions of Android apps can be freely browsed online (or pulled yourself), with one of the tools built by Androids community of rabid fanboys. And on both operating systems, paid-for services like App Figures or App Annie can help you break down whether an app comes packaged with any third-party adtech software (also known as an SDK) to do any data hoovering.

Depending on the national authority you ask, personal data can mean any number of things but I always try to imagine it as the worlds most disappointing layer cake, with our phones at one side and a data broker on the other. Even if the third parties youre finding seem innocuous at first glance, naming and shaming them can get you further from the app or site thats snooping on your location, and closer to a shadowy company thats handing off that data to the cops (or anyone else, really).

Depending on the app in question, you might see your data sometimes really sensitive data! being pulled to one actor, or five, or 10, or 20. Depending on how you handle this sort of stuff, you might feel rage, despair, or some kind of morbid relief that your encroaching tech paranoias are justified. And thats ok! Feeling like shit means youre doing this right.

That really depends on the app or site in question, the data in question, and who youre hiding from among other things. Parsing this stuff can take hours (or longer), which is why you can always tip us off if theres a service you think is worth digging into.

Ultimately, the popularity of third-party trackers either from a household name in tech or one youve never heard of lies in the fact that theyre easy for devs to onboard and understand them. And if devs can browse them, you can, too.

Heres an example: While Zoom might not tell you what kind of intel its mining from your calls and handing to the feds, any intel the video-call app shares with Facebook needs to fit into one of the many predetermined boxes laid out in the softwares code. When Zoom, or any other app that might be sharing data with Facebook, well, shares your data with Facebook, the company has to explicitly lay out how that data might be defined. And while the definitions might include all sorts of creepy stuff like every time you open the app or click on an ad tapping your calls isnt on the list. The way were defining data here matters.

Back in 2019, a survey from the American Press Institute found that nearly three-fourths of Americans agree in the importance of reporters holding those in power to account and Im definitely part of that majority. But calling out authorities becomes trickier when abuses of power are systemic and slow, rather than sudden. Calling out a cop on racist behaviour is easier when its horrifically obvious . Similarly, calling out tech companies is easier when we see them pawning off our data to ICE, but harder when that datas pawned off slowly and behind the scenes.

Corruption begets corruption, whether were talking about civil rights or digital privacy, and turning those tides will take mass action from all of us in our own way. For combating institutional racism, this might mean donating to a cause you care deeply about or taking part in the protests happening outside. For taking control of your online life, it means fucking with apps.

Looking for ways to advocate for black lives? Check out this list of resources by our sister site Lifehacker for ways to get involved.

More:
How to Track the Tech Thats Tracking You Every Day - Gizmodo Australia