Page 11234..1020..»

Category Archives: Tor Browser

Digital surveillance threats for 2020 – The Star, Kenya

Posted: January 18, 2020 at 11:05 am

From sophisticated spyware attacks to mass phishing via smartphones and the rise of facial recognition technology, the range and reach of surveillance threats to human rights defenders is growing.

For security teams trying to keep activists safe, it is a cat-and-mouse game as attackers rapidly adapt to developments aimed at protection.

When cyber-attackers see people are switching to using (messaging app) Signal, for example, then they will try to target Signal. If people start changing to VPN technology, they will start blocking VPN technology. If people are using Tor browser, they will target Tor traffic, says Ramy Raoof, a tactical technologist with Amnesty Tech.

Raoof says one of the main focuses for 2020 will be tackling customised targeting of smartphones, which hit headlines in 2019. Last October, messaging app WhatsApp, owned by Facebook, launcheda high-profile caseagainst surveillance company NSO Group for spyware attacks on more than a thousand of its users.

Malicious digital attacks will be in the spotlight this week, when alegal actionbrought by Amnesty and other rights groups comes to court in Tel Aviv. The activists are seeking to force Israels defence ministry to revoke the export licence of NSO, whose products have been used to target activists globally.

More advanced techniques now no longer require a target to actively click on a link to infect a device, explains Amnesty Tech security researcher Etienne Maynier. An attack using NSO spyware on an activist in Morocco covertly intercepted the activists web browsing to infect their phone with spyware. Instead of waiting for you to click on a link, they instead hijack your web browsers traffic and redirect you to a malicious website which tries to secretly install spyware, says Maynier.

Successful targeting of well-protected phones is becoming more common and security teams are under added pressure from a burgeoning industry in so-called zero-day exploits, in which unscrupulous hackers seek to find unknown vulnerabilities in software to sell.

InMay 2019, NSO Group exploited a zero-day vulnerability in WhatsApp that was used to target more than 100 human rights activists across the world with spyware.

Phishing attacks

Amnesty Tech is also trying to combat less hi-tech attacks which are nonetheless effective and can hit large numbers of victims within minutes.

Mass phishing via SMS or within applications on smartphones is a low-cost method that is more common and too often succeeds.

Phishing looks to trick people into providing personal information such as passwords. The attacks often come in the form of a password reset request and link, which mimics a mobile phone operator or social media company as the sender. Other times, attackers pose as a friend or contact of the victim and will share a link to an app which is already embedded with malicious code.

Maynier adds that attacks like these often use some kind of social engineering, pressurising the user to click on a link or open a document by, for example, pretending to represent a trusted organisation that purports to want to work with the target.

Its very cheap and very efficient and you can scale this type of attack very easily, says Raoof, who predicts the new wave of phishing will be a threat to human rights defenders globally in 2020 as they become increasingly dependent on mobile phones.

How to keep safe

For iPhone or Android:Only download apps from official app stores to prevent your personal information from being accessed without your consent and to minimise the risk of attacks. Update your system and apps frequently to ensure they have the latest security patches. Enable account recovery in case you lose access to your phone. Choose a mobile screen lock that is not easily guessed, e.g. 8-digit pin or an alphanumeric code.

Password management:Using a password manager means you dont have to worry about forgetting passwords and can avoid using the same ones. Its a tool that creates and safely stores strong passwords for you, so you can use many different passwords on different sites and services. There are various password managers such asKeePassXC,1PasswordorLastpass.Remember to back up your password manager database.

Messaging apps:When we advise human rights defenders about messaging apps, we assess each app on its policies (such as terms of service, privacy agreement), its technology (if open source, available for review, has been audited, security) and finally the situation (if provides features and functionality that fits the need and threat model). Generally speaking,SignalandWireare two apps with strong privacy features. [Signal requires a SIM card to register, while Wire just requires sign up with a username/email.]

Public Wi-Fi and VPNs:When you connect to Wi-Fi in a cafe or airport your internet activities are routed through that network. If attackers are on the network, they could capture your personal data. By using a VPN app on your devices, you protect your online activities on public connections, preventing your internet activities from being seen by others on the same network. If you want to explore options, tryNordVPNandTunnelBear.

Continue reading here:
Digital surveillance threats for 2020 - The Star, Kenya

Posted in Tor Browser | Comments Off on Digital surveillance threats for 2020 – The Star, Kenya

Teejayx6 Will Steal Your Identityand Rap About It – WIRED

Posted: December 2, 2019 at 11:46 am

All while scamming, Teejayx6 always wanted to rap. In his teens, he gave it a whirl. At first, on early tracks that didn't get traction, he was just punching out predictable lines about drug-dealingstuff he wasnt even really doing. And everybody in the world damn near does that. Its nothing to stand about drug dealing. So he pivoted to putting his scams on the tracks, and he became a part of a wave.

Charting the scam rap scenes rise, Vices Ryan Bassil points to Detroit as the nexus, Bossman Rich as the progenitor, and Bossmans 2017 track Juggin Aint Dead as the index case. Writing about the scene at Pitchfork, Alphonse Pierre paid respect to the more obscure bits of the internet from which these dudes draw inspiration: Every Detroit rapper definitely prefers Ask.com over Google. Scam rap has become a small media darling. Maybe thats because it sounds made-up. Or maybe thats because its so particular. In its insularity, and its strangeness, and its fledgling-ness, theres a very appealing purity.

For me, Teejayx6 stands out from the scene. Hes more audacious and more single-minded. Bar after bar are lessonsliteral details of his own (alleged? alleged-ish?) scammery. He blurs the lines as much as possible. On his Instagram, hes offered to sell verses (at $500 a pop) and scam tutorials (at a much more reasonable $25 per).

At a so-called scammer convention in New York, as Pitchfork's Pierre reported, a kid with two iPhone 10s told Teejayx6, with apparent sincerity, I wouldnt have this sauce without you. One of the top comments on Teejayx6s video for Apple reads, This aint even a song this just a felony with a beat.

You know how lifer comedy writers end up so inured to standard misfortune that they can only laugh at the saddest, darkest shit? I would have to admit theres an element of that operating here, with love for Teejayx6. The dude is just so, so weird. At times, Teejayx6 free-associates himself into very unexpected places. On Violin, he brags, I know the terrorists who did 9/11 back in New York. On Twitter, hes teased a future lyric: My uncle said in World War2 he shot at a T-Rex.

But through it all, his tracks pack an unexpected hookiness. Since I first heard Dark Web a few months back, its opening linesThe government tried to ban me from the dark web / I downloaded Tor Browser then got back inhave been on a near-constant loop inside of my head.

Sometimes, Teejayx6 raps about scamming people and places who most certainly deserve it. Walmart, for one. The New England Patriots Tom Brady, for another. Teejayx6 has a more nihilistic streak, though. Other victims of his scams have supposedly included tenuously employed forward Carmelo Anthony, his barber, his grandma, and a little kid who he think[s] is Arthur.

Do you ever, like, feel bad? I ask Teejayx6.

Sometimes, he says. It depends on the situation. Like around Christmas last year, a lot of people were telling me I was taking their last money for Christmas gifts. Thats really the only time I was feeling bad.

So you wont do that again?

He says he most certainly will be doing that again. Im picking up new scams every day, he adds. Fans and peers send him tips and ideas. I get a lot of DMs every day and a lot of people coming up to me.

But wait. Even with the Christmas money people. You dont feel bad?

Let me ask you a question, he says. You think Donald Trump scammed his way into office?

Read the original post:
Teejayx6 Will Steal Your Identityand Rap About It - WIRED

Posted in Tor Browser | Comments Off on Teejayx6 Will Steal Your Identityand Rap About It – WIRED

Such as the struggle of the Venezuelan economy, some residents turn to a lucrative gig: Cybercrime – Herald Journalism 24

Posted: at 11:46 am

Cybercrime thrives in Venezuela as the deepening economic and political crisis in the country drive thousands of underground criminal world, according to a report released Thursday by IntSights, a companys global threat intelligence.

IntSights analysts discovered a large scale and sophisticated attempts to steal personal information from people in Latin America who worked for various companies, such as banks and retailers, and then sell the information online or use them to gather more data. The hackers based in Venezuela and neighboring countries, such as Colombia, Venezuela where many refugees have settled.

operation collection of this information is very beneficial for the people of Venezuela as sold for cryptocurrency like bitcoin, welcome alternative to his own countrys currency, which has withstood the rapid inflation.

And they are not subtle about it. specific information about the operation, as the hackers, in which they are located and a phone number even hackers are surprisingly easy to find, according to Amal Wright, an analyst at IntSights. Usually, experienced hackers operating in countries such as Russia, China and Vietnam hide by taking alternate identities and profiles for discarding.

They did not seem too worried about hiding, said Wright. I think its because they do not feel the law enforcement will do anything.

Venezuelas hyperinflation has caused deterioration of the national currency and, in turn, many Venezuelans have turned to cryptocurrencies. The International Monetary Fund said inflation of the Venezuelan bolivar, the countrys currency, is expected to reach staggering 200,000 percent this year. Cup of coffee cost 150 bolivars in November 2018 now costs 18,000 bolivars, according to Bloomberg.

Venezuela was once one of the richest countries in Latin America, with the largest oil reserves in the world and the vast gold deposits. But decades of corruption and mismanagement under the Socialist government has caused the economy to fall. In the past year, the protests have turned deadly after a crackdown by the government of President Nicols Maduro. The country has also experienced sizeable outages.

Venezuela-based cybercrime efforts span a wide range of digital common crimes including large scale email phishing attempts and malware campaigns. sensitive information collected through the successful hacks are then sold in various public websites and in the dark web.

This report indicates the victim does not receive a lot of cooperation from the government when they file a complaint because of economic and political turmoil in the country. As a result, local law enforcement turned a blind eye.

Censorship in Venezuela has led hackers to openly use social media. Government blocks many sites such as CNN and El Nacional, a popular national newspaper. Even walkie-talkie zello application, which is very popular among the people of Venezuela during the protests, has been blocked. People have turned to virtual private networks (VPNs), which sensors help sidestep the internet, and the Tor browser, free software and open source enables anonymous communication. But even VPNs and Tor have been banned by the Venezuelan state-owned Internet provider, CANTV.(Source)

The rest is here:
Such as the struggle of the Venezuelan economy, some residents turn to a lucrative gig: Cybercrime - Herald Journalism 24

Posted in Tor Browser | Comments Off on Such as the struggle of the Venezuelan economy, some residents turn to a lucrative gig: Cybercrime – Herald Journalism 24

Smart users guide to the snooping game – Livemint

Posted: November 17, 2019 at 1:55 pm

NEW DELHI :In July 2015, when WikiLeaks published internal email records of Hacking Team, an Italian surveillance vendor, it gave a rare peek into the shopping basket of Indias intelligence agencies. One agency wanted to infect the mobile phones or SIM cards of all the subscribers in sensitive areas to continuously track their location with high accuracy", another was looking for a one-click solution to infect any type of platforms, models, etc. by just sending an SMS, without knowing any background about his target (sic)".

The agencies were enquiring about the Remote Control System (RCS), Hacking Teams flagship surveillance product. It is sold exclusively to intelligence and law enforcement agencies, and is designed to remotely monitor targets: it could copy files, record Skype calls, read emails and instant messages, capture typed passwords, and turn on a devices webcam and microphone to spy on the user.

Emails reviewed by Mint show that a multitude of Indian agencies were secretly negotiatingeither directly but mostly through a third-party contractorwith the Italian firm. It is, however, unclear whether the deals went through or not.

The spying features of RCS are strikingly similar to recent revelations about Pegasus, the spyware built by Israeli cybersecurity company NSO Group that targeted WhatsApp users and facilitated the complete takeover of the device to capture all its activity. Facebook-owned WhatsApp sued the company for installing surveillance malware on the phones of 1,400 users across four continents, including at least two dozen Indians activists, journalists, lawyers and academics.

Like Hacking Team, NSO Group claims it only sells software to government authorities. While the Indian government hasnt acknowledged any transaction with NSO Group, the 2015 email dump suggests this is standard practice. The agencies have been asking around for products that allow for intercepting WhatsApp messages since at least 2016," a senior security researcher who works closely with Indian intelligence agencies told Mint on condition of anonymity.

The WhatsApp hack has once again brought to light the concerns over surveillance abuse in India. The debate is often framed as a trade-off between user privacy and national security. Officials say there are processes in place to check misuse of power, but as the WhatsApp episode highlights, its not just suspected terrorists but civil rights activists who are often at the receiving end of intrusive state surveillance.

Actually, what we know about the surveillance regime in India is just the tip of the iceberg. Even without the deployment of expensive solutions like Pegasus to hack into your device, the government has ample sources to learn about your whereabouts from the data trails you leave behind. Heres how you can try to stay ahead of the snooping game.

Fallacies about encryption

Traditionally, surveillance is imagined as law enforcement listening to telephonic conversations or reading text messages of targets. In the cyber age, this extends to internet traffic: the state wants similar capabilities for digital communication including emails, instant messaging and VoIP calls (like Skype).

Here, encryption protects your information. Through publicly known mathematical algorithms, computer programs can turn a plain text (I will meet you at Punjabi Bagh, 8pm") into a cipher text through a special key. Only those having access to the key can decrypt the information to infer the meaning; for the rest its gibberish. WhatsApp for instance is end-to-end encrypted, meaning only the sender and receiver can read the content.

Thats why the Indian government wants WhatsApp to trace the origin of a message flagged as unlawful by law enforcement, a demand the American company says it cant deliver as WhatsApp itself doesnt have access to the special key to decrypt the information.

Encryption is important, and it provides some degree of protection from mass surveillance. But its not the end of the game: a malware attack on your mobile phone can take control of your device and will make your communications naked to the attackers eyes.

The power of malware

Imagine a castle with hundreds of doors. Dozens of security guards are deployed at every gate to protect the fort. You are sure no one can enter the castle. But one small entrance in an obscure corner is unknown and unprotected. The opponent, however, discovers it first and uses the route to enter the castle, breaching security.

In cybersecurity parlance, if the castle is your device or software, that unknown gate is a zero-day vulnerability", meaning you have zero days to protect your system if the attacker knows about a vulnerabilitya security weakness unintentionally designed in a piece of softwarebefore you do. This is exactly what happened in the case of the latest hack. Pegasus exploited an unknown security vulnerability to remotely instal spyware on the targets device.

Zero-day exploits are traded in the market. Many companies have bug bounty programs" where security experts are paid to report bugs in their products, a smart way to outsource security. Attackers have many ways to infect the target vulnerabilities with malware. First, sending infected PDF files or images sent as email attachments: if downloaded and opened, you inadvertently infect your own computer. Most of these are well-targeted campaigns to make the content look appealing enough for you to trust.

Then, just visiting a compromised Web page could instal dangerous software on your device, without you downloading any attachment or giving additional permission. Victims may come across such links through social media posts or email links. This attack usually takes advantage of a security flaw in the Web browser and aims to auto-run the exploit code to take over the device.

As a special case of this attack, a set of niche but popular websites that a target group regularly visits are infected with malware. When users visit the website next time, it is ready to infect the target group with malware. In September, TechCrunch reported that a number of malicious websites used to hack into iPhones over a two-year period were targeting Uyghur Muslims", most of whom live in Chinas Xinjiang state.

How do you protect yourself from malware attacks? If an attacker gets hold of a zero-day, you barely have any option. But as a precaution, you should ensure you use the latest version of the software. Outdated software is like a castle with open doors known to everyone but without any guards. Still, most people dont: According to the latest data from analytics firm StatCounter, only 33% of Indian smartphones are running the latest version of Android.

Moreover, cheaper smartphones, which ship with their own customized version of the Android operating system, are late to ship updates, leaving their users vulnerable to known attacks (See graphic for more ways to counter snooping).

M stands for metadata

Most people imagine government surveillance in terms of content: tapping phone calls to listen to conversations, ability to read the complete text of emails and messages. But more is happening under the hood: even without knowing the details of content, a lot can be inferred about ones whereabouts.

Just by the act of using a service, be it making a call or browsing the internet, we leave a valuable trail of data with telecom companies and internet service providers (ISPs): it includes call detail records (whom did you speak with, when and for how long), the location and IMEI number (which uniquely identifies a wireless phone or device) of both the caller and recipient, and the Web browsing history.

This is called metadata", everything except the content of the communication, and can be far more revelatory than most people imagine. Connect the dots and it provides an intimate lens into a persons life.

Sample what companies and governments can infer from metadata: they know you called a phone sex line in the night but dont know what you talked about; they know the people you speak with every day, once in a month or once in a year, revealing your close and distant contacts; they know you called a suicide prevention hotline but the topic is not known; they know if an informant is repeatedly talking to a human rights activist or journalist, but dont know what is being revealed; they know a girl called a gynaecologist, spoke for a half hour, then called a man whom she often speaks with late in the night, and then called the local abortion clinics number later that day; they know the websites you visit and time you spend looking at the content (no, incognito mode doesnt protect you from the eyes of the ISP).

The contents of calls are far more difficult to analyze in an automated fashion due to their unstructured nature," Edward Felten, a professor of computer science and public affairs at Princeton, explained in an affidavit filed by American Civil Liberties Union challenging the legality of the National Security Agencys mass collection of Americans phone records. A groups metadata can reveal intricacies of social, political, and religious associations," he wrote, adding: Given limited analytical resources, analyzing metadata is often a far more powerful analytical strategy than investigating content."

Location, location, location

Moreover, mobile phones are perennially giving away our location to the telecom companies through the signals they broadcast. By observing the signal strength that different towers receive from a particular subscribers mobile phone, operators can calculate where that phone must be located.

Location tracking is more than just knowing where you are at a given point in time: it could be used to try to find out whether certain people are in a romantic relationship, to find out who attended a particular meeting or who was at a particular protest, or to try and identify a journalists confidential source", the Electronic Frontier Foundation explained in a blog post.

In India, telecom licences require operators to provide direct access to all communication data and content to authorities even without a warrant. In 2009, the government announced it was building a Central Monitoring System that will provide it centralized access to the countrys telecommunications network and facilitate direct monitoring of phone calls, text messages, and Internet use by government agencies, bypassing service providers", the Human Rights Watch noted in 2013.

There is not much you can do to protect metadata surveillance, especially for calling and location tracking data. You can use a VPN (virtual private network) service to protect your browsing activity from the ISP or Tor browser for anonymous browsing, but both have their limitations.

The lack of law

The general saying that the law lags technological innovation by at least a generation does not apply to India. The country has no laws governing mass surveillance. For targeted interception, there are two main Acts governing the legal provisions for surveillance in India. First, the Indian Telegraph Act, 1885, which allows for the interception of telephonic calls and messages. Second, the Information Technology (IT) Act, 2000, which has provisions to intercept digital information including data stored on a computer, internet traffic and other data flows.

There is one key difference between the two Acts: The grounds under the IT Act are wider and lack some of the safeguards under the Indian Telegraph Act. Under the latter, there should be a condition of a public emergency" or interest of public safety" for intercepting the information. There is no such requirement under the IT Act, which makes it more powerful.

As India heads towards framing laws to protect user data and privacy, it remains to be seen if the state will curb its own powers of illegitimate surveillance to snoop on its citizens.

In conclusion

The truth is, cyberspace warfare is asymmetrically skewed towards the attacker, who needs to take advantage of just one weakness to exploit you. Defenders need to protect everything.

Which is why, when framing a digital security plan, it is not useful to ask a question like whether X technology is safe or not". Merely using Signal (a highly recommended encrypted instant messaging app) or Tor (that allows anonymous Web browsing) is not the solution. The recommended approach is to define what you are protecting, from whom, how much convenience you are willing to trade-off and then take specific security steps for clearly defined goals.

By adopting best practices to be secure online and following a plan, you can make it difficult for anyone to spy on you. But in the extreme case, if a nation-state really wants to target you, it probably can: your efforts will introduce roadblocks, make it financially more expensive to snoop on you, but nothing can offer a guarantee of complete privacy.

Samarth Bansal is a freelance journalist based in Delhi. He writes about technology, politics and policy.

Read the original post:
Smart users guide to the snooping game - Livemint

Posted in Tor Browser | Comments Off on Smart users guide to the snooping game – Livemint

Privacy on your smartphone: how to protect your data – AndroidPIT

Posted: at 1:55 pm

Jumps to section:Privacy protection through Android featuresSaves the lock screen

A good display lock is one of the easiest steps to more security. Only those who know your code can operate your smartphone. You can choose between a blocking pattern, a four-digit PIN or a password. You can configure the locking screen in the settings under Security. This code also improves device encryption. A smartphone encrypted in this way is unattractive for thieves in many respects, as its memory cannot be read out and, thanks to the reactivation lock, it can only be used as a spare parts store even after resetting.

Even if the smartphone starts a little faster, don't be tempted to remove the SIM card's PIN lock. If a thief can use your phone number unhindered, this helps him with two-factor authentication or identity theft in simply verified chat apps like WhatsApp, Telegram or Signal. In the worst case, it can use your online banking because he receives SMS-TANs. But above all and easiest he could call at your expense.

You'd be amazed to see what app developers know about you. You can deny them a lot of data by regularly checking and revoking app permissions. The app "Bouncer" costs only a dollar, but takes over the role of the authorization house manager on your smartphone.

Important updates from the manufacturers should always be installed in order to close any security gaps. This is relevant for your privacy, since attackers can use these gaps to copy your SMS, e-mails, photos and the remaining data from your device, sometimes wirelessly, without you noticing. You can easily avoid this.

The notification of available updates is now arriving on many devices on a monthly basis. Don't ignore them, but make your smartphone secure again. Installing the update on newer smartphones doesn't take long. Thanks to an additional partition, updates can be installed in the background and activated after a reboot.

If an official update is no longer available, it is worth searching for a compatible custom ROM for your device. So you can bring even an old Samsung Galaxy S5 back up to date. At the same time, you can also rely on a ROM with MicroG framework to prevent espionage by Google.

If you're using different Google accounts (such as business and personal), you can separate them into two storage areas on one smartphone. Unfortunately, not all smartphone manufacturers implement the Android feature in their user interfaces to create different user profiles.

Huawei/Honor, for example, interprets the feature in its own way and uses so-called private areas. Samsung creates the app twin for certain apps. These are also protected by additional security precautions and safely separate the storage areas from each other.

If you want a single app to always stay in the foreground and the home button to be locked as well, you can now pin single apps to the foreground since Android 5.0 Lollipop. You first have to activate this function in the security settings under "Attach screen". Then you can see the small pin in the lower right corner of each app preview in the app overview. For full security, you also activate the screen lock before the screen lock is released.

If you lose your smartphone or it gets stolen, you can locate it from a distance. Unfortunately, the location service continuously records data so that Google or known security authorities can track you unnoticed. So at least switch off the recording of your movement profile on Google. Other location-sensitive apps such as Mobike should be denied access (see above).

Now it is important that you use the location service in your sense and don't pass on unnecessary data to Google. How you can interrupt, stop or delete these and many other ominous Google recordings is explained in our special article.

Keep in mind that your smartphone does not only share the location with Google. Your mobile phone provider also knows where you are at all times, at least through its cell triangulation. If you make an emergency call, this is of course an advantage. Because then the employee in the emergency call center can determine your position, if you could not describe it exactly.

Facebook is by far the largest social network. Many people use it almost exclusively to keep in touch with friends or acquaintances. Some services and events are exclusively organized there. Once registered, you can share photos, links and texts with friends or in your filter bubble. So that you or a stranger don't publish embarrassing things about you, you should check your privacy settings regularly. We'll show you how to do this in a separate article.

But even if the app is not open, it is still busy collecting and sending data. Uninstall it as far as possible. Some smartphone manufacturers even require you to connect to a computer and work with a command line, see our instructions.

A paranoid alternative for Facebook and Messenger is the open-source app SlimSocial. The app looks like the Facebook app five years ago, is a few hundred kilobytes in size (200 times less than the Play Store app) and has a chat function directly in the app. Everything looks a bit worse than in the original, but stops the data flow in the background.

With Facebook's chat service, your hands are tied for data protection reasons. While the chats themselves are end-to-end encrypted, the complete metadata is visible for Facebook. This means that the head office knows who communicated with whom for how long and when. In addition, your telephone number is quasi-public. As soon as a contact pulls you into a group, which you can prevent in the meantime in the settings, everyone in that group can see, save and pass on your telephone number. WhatsApp announces this in the user agreement, but could still surprise you. If you don't like this, we recommend alternative chat services.

If you're still dependent on Messenger (I know group pressure is overwhelming in the long run), you can use WhatsApp on a different mobile number than your main number. When you set it up, you can deny WhatsApp access to your contacts so they won't be copied to Facebook right away. Who then wants to contact you, should ask you individually on another channel for your dedicated WhatsApp number.

You can also use Android without Google apps and services. The reliable option would be to overwrite the entire operating system partition. But this is only possible with some smartphones, is complicated and may cost you the warranty claims. Thanks to a cooperation between the developers of the Google service replacement package microG and the team behind Lineage OS, many problems with a Google-free Android could be solved in everyday life.

If your Chrome and Google is replaced by Firefox Klar or even the TOR browser and DuckDuckGo, it will be much more complicated for website operators to analyze your surfing behavior. Because when leaving the website or at least when closing the browser, they delete your tracks. Websites can only create a user profile of you with more effort.

WLANs are only secure to a limited extent; especially if you do not know who is still connected to them. So encrypts the Internet connections of your own devices over a virtual private network (VPN). We will show you in a separate article how to set this up and which free services are available:

There is plenty of information on the net about why we should not trust apps like Facebook, WhatsApp, Google and the like. Prism-Break offers you a privacy-friendly alternative for each of them. The Degoogle Subreddit wiki also provides you with a list of alternative web services to privately secure your calendars, contacts, and the like.

A completely data protection-friendly operation of a smartphone is virtually impossible. As soon as you connect to the mobile network, your provider can locate you. And as soon as you establish a data connection, your smartphone sends telemetry data to several services; some anonymous, some not.

Only Purism with the Librem 5 really wants to make it better. Killswitches for GPS, GSM, microphone and other components are supposed to have this, with which you physically deprive the smartphone of the right to observe you. In practice, however, this device also has to struggle with start-up difficulties (see blog post).

With your existing Android smartphone and the use of supposedly free services like Gmail, Facebook, WhatsApp or Google Maps you have to decide: Be completely anonymous or pay the price with a part of your privacy.

Here is the original post:
Privacy on your smartphone: how to protect your data - AndroidPIT

Posted in Tor Browser | Comments Off on Privacy on your smartphone: how to protect your data – AndroidPIT

BBC News heads to the dark web with new Tor mirror – The Verge

Posted: October 27, 2019 at 3:35 pm

BBC News has made a version of its website available on the Tor network, allowing it to be more securely accessed via the anonymising browser. The news organisation is putting its international edition on the network, with coverage available in a variety of languages including Arabic, Persian, and Russian. The Tor network is frequently associated with the dark web, but its also a vital tool for anyone looking to preserve their anonymity while accessing regular websites.

The move is aimed at making the BBCs news coverage available more securely in countries that attempt to restrict access to it such as China, Iran, and Vietnam. Although the BBCs typical bbc.com/news URL already loads when visited via the browser, BBC News reports that using the .onion top level domain prevents spoofing and preserves end-to-end encryption, making it a more secure way to access the news site. Facebook launched a similar mirror back in 2014.

If youd like to give the service a go, you can download the Tor browser and head over to Bbcnewsv2vjtpsuy.onion. Alternatively, the Brave browser also includes a Tor browsing mode similar to the Incognito modes offered on other browsers.

The rest is here:
BBC News heads to the dark web with new Tor mirror - The Verge

Posted in Tor Browser | Comments Off on BBC News heads to the dark web with new Tor mirror – The Verge

The Tor Project releases Tor Browser 9.0 with several UX improvements – Neowin

Posted: at 3:35 pm

The Tor Project has announced the release of Tor Browser 9.0, the new update brings several updates to the user experience, integrating more features into the browser directly and scrapping the onion button. Additionally, localisation has been improved with support added for the Macedonian and Romanian languages, bringing the total amount of supported languages to 27.

With Tor Browser 9.0, Firefox 68.2.0 is used as the foundation. In order to scrap the onion button that came with old releases, the Tor Project has altered the actual interface of Firefox adding circuit information to the i button in the address bar, adding more Tor settings into about:preferences, and including a new identity button in the toolbar and in the menu.

One of the ways that Tor users can be identified by websites is by the size of the browser window. For several releases now, when the user maximises the Tor Browser window a notification would appear warning users not to do that. In order to make things simpler for users, a new feature called letterboxing has been added, this essentially restricts the amount of space a webpage can use; even if the browser is maximised, the user will just see a grey border around the webpage.

In order to get the new update, either download a fresh copy of the browser from the official website or if you have Tor already installed just continue using the browser and it should update automatically.

Read the original post:
The Tor Project releases Tor Browser 9.0 with several UX improvements - Neowin

Posted in Tor Browser | Comments Off on The Tor Project releases Tor Browser 9.0 with several UX improvements – Neowin

Fraudulent Tor Browser Spies and Has Been Stealing The Bitcoins – GoodTime Nation

Posted: at 3:35 pm

The researchers from the IT cybersecurity firm ESET have discovered a fraudulent version of the Tor browser that has a Trojan that steals Bitcoins from users in darknet.

The website was targeting Russian users. The fake browser was distributed on two sites, and it stole the cryptocurrencies by switching the original cryptocurrency addresses from the year 2017, as mentioned in the ESNETs editorials, as reported on October 18. According to the report, these malicious programs are distributed for Windows users, and there are no signs of having circulated in macOS, Linux, and other mobile phone versions. And these were able to steal around $40,000 worth of Bitcoins.

These were created back in the year 2014, tor-browser[.]org and torproect[.]org are the two browser websites that have been mimicking the real site of the unknown browser, torproject.org. And the scammers usually redirect the users version of Tor is out of date, and when the user clicks to update, they are redirected to a different page to get it updated.

Once installed, the malware-laden browser enables its creators to know what websites a user visits, to change the data on visited pages, and grab the content of data forms. While the hackers could potentially display false information to users, the browser has only been observed to change the wallet addresses to steal bitcoin, the senior malware researcher of ESET, Anton Cherepanov said. He further said, Each such wallet contains relatively large numbers of small transactions; we consider this a confirmation that these wallets indeed were used by the trojanized Tor Browser, The report also said, Their goal was to lure language-specific targets to a pair of malicious yet legitimate-looking websites,

The browser, however, has informed the users about the happenings with regards to the monetary losses in the meantime because of the malware.

See the rest here:
Fraudulent Tor Browser Spies and Has Been Stealing The Bitcoins - GoodTime Nation

Posted in Tor Browser | Comments Off on Fraudulent Tor Browser Spies and Has Been Stealing The Bitcoins – GoodTime Nation

OnionShare Lets Anyone Host Anonymous Sites on the Dark Web – BleepingComputer

Posted: October 16, 2019 at 5:44 pm

A new version of the OnionShare programnow allows you to easily create basic anonymous dark web sites on Tor so that they cannot be censored. This is particularlyuseful for those who wish to publish information anonymously, but do not want to deal with the mechanics of setting up their own dark web server.

OnionShare is a program for Windows, Mac, and Linux that was originally designed to let you easily and anonymously share and receivefiles on the dark web. It does this by bundling the Tor client and turning your computer into a web server that is accessible only via Tor.

When sharing or receiving files, OnionShare will create arandom .onion address that can be shared with other users in order to share files or turn your computer into an anonymous dropbox that users can send files.

For example, in the screen below you can what it looks like when OnionShare is configured as an anonymous dropbox and someone else connects to it to send a file.

With the release of OnionShare 2.2, users are now able to create basic web sites using HTML, JavaScript, and images and publish them anonymously on the dark web.

This enables you to publish an anonymous site that cannot be censored and for your visitors to remain anonymous asthey access the site.

"This website is only accessible from the Tor network, so people will need Tor Browser to visit it," states the OnionShare announcement for this new version."People who visit your website will have no idea who you are they wont have access to your IP address, and they wont know your identity or your location. And, so long as your website visitors are able to access the Tor network, the website cant be censored."

To publish a website through OnionShare, simply click on the "Publish Website" tab and drag the HTML, JavaScript, andimages files for your site onto the program's screen. When ready to make your site accessible, click on the Start sharing button to publish the site to the Tor network.

Once published, OnionShare will display a random onion URL you can share with users. You can also configure the programs settings to use a "persistent address" and place it in "public mode" to make the site use a normal onion address as shown below.

Now when a user visits the site in the Tor Browser, they will be shown the website from your computer through OnionShare.

It should be noted, though, that once you use OnionShare to publish a web site, OnionShare and your computer must continue to run for the site to be accessible to others users on the Tor network. Once you shutdown your computer or close OnionShare, the site will be shutdown as well.

Read more here:
OnionShare Lets Anyone Host Anonymous Sites on the Dark Web - BleepingComputer

Posted in Tor Browser | Comments Off on OnionShare Lets Anyone Host Anonymous Sites on the Dark Web – BleepingComputer

#SecTorCa: Millions of Phones Leaking Information Via Tor – Infosecurity Magazine

Posted: at 5:43 pm

There is a privacy threat lurking on perhaps hundreds of millions of devices, that could enable potential attackers to track and profile users, by using information leaked via the Tor network, even if the users never intentionally installed Tor in the first place.

In a session at the SecTor security conference in Toronto, Canada on October 10, researchers Adam Podgorski and Milind Bhargava from Deloitte Canada outlined and demonstrated previously undisclosed research into how they were able to determine that personally identifiable information (PII) is being leaked by millions of mobile users every day over Tor.

The irony of the issue is that Tor is a technology and a network that is intended to help provide and enable anonymity for users. With Tor, traffic travels through a number of different network hops to an eventual exit point in the hope of masking where the traffic originated from. Podgorski said that there are some users that choose to install a Tor browser on their mobile devices, but thats not the problem. The problem is that Tor is being installed by mobile applications without user knowledge and potentially putting users at risk.

The researchers explained that they set up several Tor exit nodes, just to see what they could find, and the results were surprising. The researchers found that approximately 30% of all Android devices are transmitting data over Tor.

Youre probably scratching your head now, like we were a couple of months ago, because that doesnt make any sense, Podgorski said. There's no way a third of Android users know what Tor is and are actually using it.

What the researchers determined is that Tor is being bundled, embedded and installed in other applications and users are not aware of its existence. It was not entirely clear to the researchers why Tor was being bundled with so many applications. Podgorski said that it could be due to a misunderstanding of the technology and how it can be used. Tor was also found on Apple IOS devices, but the numbers were smaller with only approximately 5% of devices sending data.

Tracking Users

In a series of demonstrations, including live dashboards shown by Bhargava, the researchers showed what data they had collected from mobile users that were inadvertently using Tor. The data included GPS coordinates, web addresses, phone numbers, keystrokes and other PII.

This data can be used to build a robust profile of an individual, Podgorski said.

Bhargava explained that the exit nodes the researchers set up intentionally attempted to force browsers to not use encrypted versions of websites, forcing the devices to regular HTTP when possible. With data coming to the exit node without encryption, it was possible for the researchers to see the user data. Bhargava noted that for sites that force HTTPS encryption and do not offer any fallback option to regular un-encrypted HTTP, they wouldnt be able to see the users data.

Also of note, Bhargava admitted that he found his own phone number in the data, which was a surprise to him, as he had not installed Tor on his device. The only applications on his phone were applications installed by the carrier.

There are several things that need to happen to fix the issue. Podgorski said that the first is awareness that there is a problem, which is what the research is intended to highlight for legislators, government and organizations. For users, Podgorski emphasized that good operational security practices need to be employed, by using encryption everywhere.

In Podgorski's view, there is already a legal compliance risk that the mobile application PII data leaks expose.

Were pretty sure what we found breaches GDPR on multiple levels, he said, but the issue is that governments cant enforce the law if theyre not aware.

See more here:
#SecTorCa: Millions of Phones Leaking Information Via Tor - Infosecurity Magazine

Posted in Tor Browser | Comments Off on #SecTorCa: Millions of Phones Leaking Information Via Tor – Infosecurity Magazine

Page 11234..1020..»