Category Archives: Tor Browser

Are you looking to hide in plain sight? Heres a rundown of three options for becoming invisible online

As concern about internet privacy grows and grows, more and more people are actively seeking to browse the web anonymously. There are various ways to avoid being identified or tracked on the internet, although, in fact, attempt to avoid might often be more appropriate. Online anonymity can often feel like a fleeting goal, and a problem as complex as online privacy has no solution that is bulletproof under all circumstances.

Besides rather simple options such as proxy services or virtual private networks (VPNs), there are other services that you can use in order to hide your surfing habits from your Internet Service Provider (ISP), government, or the very websites youre visiting. Lets look at the benefits and downsides of three easy-to-use anonymity networks Tor, I2P, and Freenet.

Tor which is occasionally referred to as Onionland because of its use of onion routing, with its encapsulation of network traffic in layer upon layer of encryption is the best known and most widely used network other than the surface web. The Tor network is made up of entry, transit and exit nodes through which a users communication passes until it reaches its destination. The many hoops and the encryption used in each of them make it almost impossible to track or analyze a communication.

The Tor network is estimated to have an average of 200,000 users, making it the biggest anonymous network at the moment. In a way, its popularity is a boon for users, as the Tor browser is very easy to use and supports many languages and various platforms, including Linux, Windows and evenAndroid. In addition, browsing is relatively fast and consumes relatively few resources.

Nevertheless, Tor is still a network of anonymous proxies, which are often overpopulated. It is very useful for traditional browsing, visiting websites and accessing unindexed content, but it might not be the best option for other kinds of communications. Also, as shown over the years, it is not a magic solution. In other words, there have been scenarios when your identity can be unmasked. In addition, recent ESET research uncovered cybercriminals distributing unofficial, trojanized copies of the Tor Browser with the intent of stealing from their victims.

RELATED READING: An introduction to private browsing

TheInvisible Internet Project(I2P) is an anonymous, decentralized network that also allows its users and applications to browse anonymously. Unlike the onion routing used by Tor, communication on I2P is likened to garlic, with each message being a clove and a group of them being a bulb. This way, with I2P a number of packets (or messages) are sent instead of just one, and they go through different nodes. It also uses one-way entry and exit tunnels, so that a query and a reply take different routes. Furthermore, within each tunnel there is onion routing similar to Tors.

Consequently, with I2P its even more complicated to analyze traffic than with Tor or a traditional VPN, since it not only uses various nodes and tunnels, but it also sends a number of packets, not just one.

Themain advantage of I2P is that it can be used for all the activities we carry out on the Internet, since its compatible with most apps, such as browsers, torrent and other P2P (peer-to-peer) tools, mail, chat, games and many more. In addition, the projects documentation is very clear and comprehensive, allowing you to adapt its API for any application.

However, as it is not as popular a network as Tor. It doesnt yet have as high a volume of users (and so fewer players to share the load), meaning that browsing is sometimes slower.

Freenetis the oldest network of the three considered here, having been launched in 2000. Freenet is designed as an unstructured P2P network with non-hierarchical nodes among which information is shared. Like Tor and I2P, communication travels between different entry, transit and exit nodes.

Freenets purpose is to store encrypted documents that can only be accessed if you know the associated key, thereby preventing them from being found and censored. It offers anonymity both to those who post information and to those who download it.

Among its main benefits, Freenet has strong privacy and anonymity controls that allow users to browse websites, search or read forums, and publish files anonymously. Furthermore,being a P2P network, it is the best of the three for publishing and sharing anonymous content. Nevertheless, that same functionality has the downside in that every user has to store the content on their own hardware in order to share it, so it requires a large amount of disk space and resources.

As each network was developed for different use cases and purposes, their features vary. Tor and I2P cannot compete with Freenets durability, whereas the latter does not support music and video streaming. On the other hand, I2P offers great flexibility and can easily be adapted to any application, but even so, there is no better proxy system than Tor. Arguably the best approach is to learn how to use all of them, and then choose one most suitable for each situation.

Follow this link:
3 ways to browse the web anonymously - We Live Security

Few people know that Bitcoin isnt as anonymous as most of the users think. For this reason, Bitcoin mixing services make your coins safe and your transactions private.

So are you ready to improve your Bitcoin anonymity? Start mixing! Bitcoin mixing services break down your BTC into smaller, different parts. Next, they mix them up with coins from other addresses, so that third-parties will find it extremely difficult to link your wealth with your identity.

As an illustration, think about making a smoothie drink. Every small piece of fruit that you put in the blender is analogous to coins from an original address. However, when the drink is all ready, you could never really identify which fruit produces a specific flavor. Are you in search of an easy-to-understand and detailed explanation of Bitcoin Mixer? Youve come to the right place. In simple words, a Bitcoin mixing service focuses on helping you gain privacy and security over the anonymity concern of Bitcoin.

Of course, its a fact that Bitcoin operates on the blockchain, which implies that every other trader, miner, bitcoin user or someone else can monitor your moves and transactions.

However, thanks to Bitcoin mixer, you can throw your distrust for Bitcoin under the carpet and use your coins with confidence.

In this post, we present an in-depth discussion on the Bitcoin mixing service BitcoinMix.org, paying attention to its appeal to people, and how it helps you keep your coins safe.

Without further ado, lets get started.

A Bitcoin mixing service mixes your coins via a predefined system or random mixing. The ultimate aim of mixing Bitcoins is to create a misleading situation which disables hackers and third-parties from tracing your Bitcoin transactions.

Today, many mixers offer reliable and competitive services. Also known as Bitcoin tumblers, shufflers, blenders, Bitcoin mixers are capable of hiding your Bitcoin address or web identity to protect you from internet snoopers.

Now, youre probably wondering why these services are in vogue in the present age of digital currencies and crypto mining. As far as Bitcoin is concerned, anonymity is partial. With Bitcoin and many other cryptocurrencies, pseudo-anonymity is what operates.

A blockchain network is a form of public ledger which records the blocks which individual miners add. It keeps a log of all your activities as well as your Bitcoin addresses.

While some hold the belief that thieves and criminals love to avoid the public domain, news reports regularly show that exchanges fall victims to hacks. This, therefore, goes to show that the issue of anonymity is vital for every individual who has Bitcoins and values them.

As a result of this, Bitcoin mixing services break down your BTC into smaller, different parts. Next, they mix them up with coins from other addresses so that third-parties will find it extremely difficult to steal from you.

Lets go a little further to discuss peoples reasons for using mixing services.

Just as in older times, when people moved their funds to countries which operate strict bank-secrecy regulations, people now opt for mixing services to keep their coin business private.

Because personal information could go to a third-party during the course of a payment transaction. Nonetheless, with a Bitcoin mixer, no criminal can trace any transaction to your Bitcoin address.

The transaction fees for mixing services are between the reasonable range of 2-5%.

It really looks smooth and easy to use starting with choosing the coin which you would like to anonymize Bitcoin(BTC), Ethereum(ETH), Litecoin(LTC), then each user have to provide its own receiving (new) Bitcoin address, before moving forward with setting a time delay that the user may find it appropriate to the transaction he wants the mixing service to provide. The following steps like sending Bitcoin to mixer address involve the advice, that I highly thank mixing service for encouraging users to do it, which is the use of the Tor browser for more security. All these steps are concluded by receiving Bitcoin in private and a secure way that makes it impossible to trace the transaction that has been made by the user.

Bitcoin is not as anonymous as many people in the cryptocurrency community are led to believe. In fact, it could be quite easy to track an address and connect identity to it. But mixing service allows users to be anonymous which is absolutely welcomed by the crypto community who always seeks its privacy and security along with of course fast and cheap transactions.

Instant Crypto Credit Lines from only 5.9% APR. Earn up to 8% interest per year on your Stablecoins, USD, EUR & GBP. $100 million custodial insurance.

Ad

This post may contain promotional links that help us fund the site. When you click on the links, we receive a commission - but the prices do not change for you! 🙂

Disclaimer: The authors of this website may have invested in crypto currencies themselves. They are not financial advisors and only express their opinions. Anyone considering investing in crypto currencies should be well informed about these high-risk assets.

Trading with financial products, especially with CFDs involves a high level of risk and is therefore not suitable for security-conscious investors.CFDs are complex instruments and carry a high risk of losing money quickly through leverage. Be aware that most private Investors lose money, if they decide to trade CFDs. Any type of trading and speculation in financial products that can produce an unusually high return is also associated with increased risk to lose money. Note that past gains are no guarantee of positive results in the future.

Posted By

The first cryptocurrency Bitcoin emerged in 2009. Despite a period of disbelief in it and other blockchain-based currencies, known collectively

Go here to read the rest:
What is a Bitcoin mixer and how does it work? - CryptoTicker

From sophisticated spyware attacks to mass phishing via smartphones and the rise of facial recognition technology, the range and reach of surveillance threats to human rights defenders is growing.

For security teams trying to keep activists safe, it is a cat-and-mouse game as attackers rapidly adapt to developments aimed at protection.

When cyber-attackers see people are switching to using (messaging app) Signal, for example, then they will try to target Signal. If people start changing to VPN technology, they will start blocking VPN technology. If people are using Tor browser, they will target Tor traffic, says Ramy Raoof, a tactical technologist with Amnesty Tech.

Raoof says one of the main focuses for 2020 will be tackling customised targeting of smartphones, which hit headlines in 2019. Last October, messaging app WhatsApp, owned by Facebook, launcheda high-profile caseagainst surveillance company NSO Group for spyware attacks on more than a thousand of its users.

Malicious digital attacks will be in the spotlight this week, when alegal actionbrought by Amnesty and other rights groups comes to court in Tel Aviv. The activists are seeking to force Israels defence ministry to revoke the export licence of NSO, whose products have been used to target activists globally.

More advanced techniques now no longer require a target to actively click on a link to infect a device, explains Amnesty Tech security researcher Etienne Maynier. An attack using NSO spyware on an activist in Morocco covertly intercepted the activists web browsing to infect their phone with spyware. Instead of waiting for you to click on a link, they instead hijack your web browsers traffic and redirect you to a malicious website which tries to secretly install spyware, says Maynier.

Successful targeting of well-protected phones is becoming more common and security teams are under added pressure from a burgeoning industry in so-called zero-day exploits, in which unscrupulous hackers seek to find unknown vulnerabilities in software to sell.

InMay 2019, NSO Group exploited a zero-day vulnerability in WhatsApp that was used to target more than 100 human rights activists across the world with spyware.

Phishing attacks

Amnesty Tech is also trying to combat less hi-tech attacks which are nonetheless effective and can hit large numbers of victims within minutes.

Mass phishing via SMS or within applications on smartphones is a low-cost method that is more common and too often succeeds.

Phishing looks to trick people into providing personal information such as passwords. The attacks often come in the form of a password reset request and link, which mimics a mobile phone operator or social media company as the sender. Other times, attackers pose as a friend or contact of the victim and will share a link to an app which is already embedded with malicious code.

Maynier adds that attacks like these often use some kind of social engineering, pressurising the user to click on a link or open a document by, for example, pretending to represent a trusted organisation that purports to want to work with the target.

Its very cheap and very efficient and you can scale this type of attack very easily, says Raoof, who predicts the new wave of phishing will be a threat to human rights defenders globally in 2020 as they become increasingly dependent on mobile phones.

How to keep safe

For iPhone or Android:Only download apps from official app stores to prevent your personal information from being accessed without your consent and to minimise the risk of attacks. Update your system and apps frequently to ensure they have the latest security patches. Enable account recovery in case you lose access to your phone. Choose a mobile screen lock that is not easily guessed, e.g. 8-digit pin or an alphanumeric code.

Password management:Using a password manager means you dont have to worry about forgetting passwords and can avoid using the same ones. Its a tool that creates and safely stores strong passwords for you, so you can use many different passwords on different sites and services. There are various password managers such asKeePassXC,1PasswordorLastpass.Remember to back up your password manager database.

Messaging apps:When we advise human rights defenders about messaging apps, we assess each app on its policies (such as terms of service, privacy agreement), its technology (if open source, available for review, has been audited, security) and finally the situation (if provides features and functionality that fits the need and threat model). Generally speaking,SignalandWireare two apps with strong privacy features. [Signal requires a SIM card to register, while Wire just requires sign up with a username/email.]

Public Wi-Fi and VPNs:When you connect to Wi-Fi in a cafe or airport your internet activities are routed through that network. If attackers are on the network, they could capture your personal data. By using a VPN app on your devices, you protect your online activities on public connections, preventing your internet activities from being seen by others on the same network. If you want to explore options, tryNordVPNandTunnelBear.

Continue reading here:
Digital surveillance threats for 2020 - The Star, Kenya

All while scamming, Teejayx6 always wanted to rap. In his teens, he gave it a whirl. At first, on early tracks that didn't get traction, he was just punching out predictable lines about drug-dealingstuff he wasnt even really doing. And everybody in the world damn near does that. Its nothing to stand about drug dealing. So he pivoted to putting his scams on the tracks, and he became a part of a wave.

Charting the scam rap scenes rise, Vices Ryan Bassil points to Detroit as the nexus, Bossman Rich as the progenitor, and Bossmans 2017 track Juggin Aint Dead as the index case. Writing about the scene at Pitchfork, Alphonse Pierre paid respect to the more obscure bits of the internet from which these dudes draw inspiration: Every Detroit rapper definitely prefers Ask.com over Google. Scam rap has become a small media darling. Maybe thats because it sounds made-up. Or maybe thats because its so particular. In its insularity, and its strangeness, and its fledgling-ness, theres a very appealing purity.

For me, Teejayx6 stands out from the scene. Hes more audacious and more single-minded. Bar after bar are lessonsliteral details of his own (alleged? alleged-ish?) scammery. He blurs the lines as much as possible. On his Instagram, hes offered to sell verses (at $500 a pop) and scam tutorials (at a much more reasonable $25 per).

At a so-called scammer convention in New York, as Pitchfork's Pierre reported, a kid with two iPhone 10s told Teejayx6, with apparent sincerity, I wouldnt have this sauce without you. One of the top comments on Teejayx6s video for Apple reads, This aint even a song this just a felony with a beat.

You know how lifer comedy writers end up so inured to standard misfortune that they can only laugh at the saddest, darkest shit? I would have to admit theres an element of that operating here, with love for Teejayx6. The dude is just so, so weird. At times, Teejayx6 free-associates himself into very unexpected places. On Violin, he brags, I know the terrorists who did 9/11 back in New York. On Twitter, hes teased a future lyric: My uncle said in World War2 he shot at a T-Rex.

But through it all, his tracks pack an unexpected hookiness. Since I first heard Dark Web a few months back, its opening linesThe government tried to ban me from the dark web / I downloaded Tor Browser then got back inhave been on a near-constant loop inside of my head.

Sometimes, Teejayx6 raps about scamming people and places who most certainly deserve it. Walmart, for one. The New England Patriots Tom Brady, for another. Teejayx6 has a more nihilistic streak, though. Other victims of his scams have supposedly included tenuously employed forward Carmelo Anthony, his barber, his grandma, and a little kid who he think[s] is Arthur.

Do you ever, like, feel bad? I ask Teejayx6.

Sometimes, he says. It depends on the situation. Like around Christmas last year, a lot of people were telling me I was taking their last money for Christmas gifts. Thats really the only time I was feeling bad.

So you wont do that again?

He says he most certainly will be doing that again. Im picking up new scams every day, he adds. Fans and peers send him tips and ideas. I get a lot of DMs every day and a lot of people coming up to me.

But wait. Even with the Christmas money people. You dont feel bad?

Let me ask you a question, he says. You think Donald Trump scammed his way into office?

Read the original post:
Teejayx6 Will Steal Your Identityand Rap About It - WIRED

Cybercrime thrives in Venezuela as the deepening economic and political crisis in the country drive thousands of underground criminal world, according to a report released Thursday by IntSights, a companys global threat intelligence.

IntSights analysts discovered a large scale and sophisticated attempts to steal personal information from people in Latin America who worked for various companies, such as banks and retailers, and then sell the information online or use them to gather more data. The hackers based in Venezuela and neighboring countries, such as Colombia, Venezuela where many refugees have settled.

operation collection of this information is very beneficial for the people of Venezuela as sold for cryptocurrency like bitcoin, welcome alternative to his own countrys currency, which has withstood the rapid inflation.

And they are not subtle about it. specific information about the operation, as the hackers, in which they are located and a phone number even hackers are surprisingly easy to find, according to Amal Wright, an analyst at IntSights. Usually, experienced hackers operating in countries such as Russia, China and Vietnam hide by taking alternate identities and profiles for discarding.

They did not seem too worried about hiding, said Wright. I think its because they do not feel the law enforcement will do anything.

Venezuelas hyperinflation has caused deterioration of the national currency and, in turn, many Venezuelans have turned to cryptocurrencies. The International Monetary Fund said inflation of the Venezuelan bolivar, the countrys currency, is expected to reach staggering 200,000 percent this year. Cup of coffee cost 150 bolivars in November 2018 now costs 18,000 bolivars, according to Bloomberg.

Venezuela was once one of the richest countries in Latin America, with the largest oil reserves in the world and the vast gold deposits. But decades of corruption and mismanagement under the Socialist government has caused the economy to fall. In the past year, the protests have turned deadly after a crackdown by the government of President Nicols Maduro. The country has also experienced sizeable outages.

Venezuela-based cybercrime efforts span a wide range of digital common crimes including large scale email phishing attempts and malware campaigns. sensitive information collected through the successful hacks are then sold in various public websites and in the dark web.

This report indicates the victim does not receive a lot of cooperation from the government when they file a complaint because of economic and political turmoil in the country. As a result, local law enforcement turned a blind eye.

Censorship in Venezuela has led hackers to openly use social media. Government blocks many sites such as CNN and El Nacional, a popular national newspaper. Even walkie-talkie zello application, which is very popular among the people of Venezuela during the protests, has been blocked. People have turned to virtual private networks (VPNs), which sensors help sidestep the internet, and the Tor browser, free software and open source enables anonymous communication. But even VPNs and Tor have been banned by the Venezuelan state-owned Internet provider, CANTV.(Source)

The rest is here:
Such as the struggle of the Venezuelan economy, some residents turn to a lucrative gig: Cybercrime - Herald Journalism 24

NEW DELHI :In July 2015, when WikiLeaks published internal email records of Hacking Team, an Italian surveillance vendor, it gave a rare peek into the shopping basket of Indias intelligence agencies. One agency wanted to infect the mobile phones or SIM cards of all the subscribers in sensitive areas to continuously track their location with high accuracy", another was looking for a one-click solution to infect any type of platforms, models, etc. by just sending an SMS, without knowing any background about his target (sic)".

The agencies were enquiring about the Remote Control System (RCS), Hacking Teams flagship surveillance product. It is sold exclusively to intelligence and law enforcement agencies, and is designed to remotely monitor targets: it could copy files, record Skype calls, read emails and instant messages, capture typed passwords, and turn on a devices webcam and microphone to spy on the user.

Emails reviewed by Mint show that a multitude of Indian agencies were secretly negotiatingeither directly but mostly through a third-party contractorwith the Italian firm. It is, however, unclear whether the deals went through or not.

The spying features of RCS are strikingly similar to recent revelations about Pegasus, the spyware built by Israeli cybersecurity company NSO Group that targeted WhatsApp users and facilitated the complete takeover of the device to capture all its activity. Facebook-owned WhatsApp sued the company for installing surveillance malware on the phones of 1,400 users across four continents, including at least two dozen Indians activists, journalists, lawyers and academics.

Like Hacking Team, NSO Group claims it only sells software to government authorities. While the Indian government hasnt acknowledged any transaction with NSO Group, the 2015 email dump suggests this is standard practice. The agencies have been asking around for products that allow for intercepting WhatsApp messages since at least 2016," a senior security researcher who works closely with Indian intelligence agencies told Mint on condition of anonymity.

The WhatsApp hack has once again brought to light the concerns over surveillance abuse in India. The debate is often framed as a trade-off between user privacy and national security. Officials say there are processes in place to check misuse of power, but as the WhatsApp episode highlights, its not just suspected terrorists but civil rights activists who are often at the receiving end of intrusive state surveillance.

Actually, what we know about the surveillance regime in India is just the tip of the iceberg. Even without the deployment of expensive solutions like Pegasus to hack into your device, the government has ample sources to learn about your whereabouts from the data trails you leave behind. Heres how you can try to stay ahead of the snooping game.

Fallacies about encryption

Traditionally, surveillance is imagined as law enforcement listening to telephonic conversations or reading text messages of targets. In the cyber age, this extends to internet traffic: the state wants similar capabilities for digital communication including emails, instant messaging and VoIP calls (like Skype).

Here, encryption protects your information. Through publicly known mathematical algorithms, computer programs can turn a plain text (I will meet you at Punjabi Bagh, 8pm") into a cipher text through a special key. Only those having access to the key can decrypt the information to infer the meaning; for the rest its gibberish. WhatsApp for instance is end-to-end encrypted, meaning only the sender and receiver can read the content.

Thats why the Indian government wants WhatsApp to trace the origin of a message flagged as unlawful by law enforcement, a demand the American company says it cant deliver as WhatsApp itself doesnt have access to the special key to decrypt the information.

Encryption is important, and it provides some degree of protection from mass surveillance. But its not the end of the game: a malware attack on your mobile phone can take control of your device and will make your communications naked to the attackers eyes.

The power of malware

Imagine a castle with hundreds of doors. Dozens of security guards are deployed at every gate to protect the fort. You are sure no one can enter the castle. But one small entrance in an obscure corner is unknown and unprotected. The opponent, however, discovers it first and uses the route to enter the castle, breaching security.

In cybersecurity parlance, if the castle is your device or software, that unknown gate is a zero-day vulnerability", meaning you have zero days to protect your system if the attacker knows about a vulnerabilitya security weakness unintentionally designed in a piece of softwarebefore you do. This is exactly what happened in the case of the latest hack. Pegasus exploited an unknown security vulnerability to remotely instal spyware on the targets device.

Zero-day exploits are traded in the market. Many companies have bug bounty programs" where security experts are paid to report bugs in their products, a smart way to outsource security. Attackers have many ways to infect the target vulnerabilities with malware. First, sending infected PDF files or images sent as email attachments: if downloaded and opened, you inadvertently infect your own computer. Most of these are well-targeted campaigns to make the content look appealing enough for you to trust.

Then, just visiting a compromised Web page could instal dangerous software on your device, without you downloading any attachment or giving additional permission. Victims may come across such links through social media posts or email links. This attack usually takes advantage of a security flaw in the Web browser and aims to auto-run the exploit code to take over the device.

As a special case of this attack, a set of niche but popular websites that a target group regularly visits are infected with malware. When users visit the website next time, it is ready to infect the target group with malware. In September, TechCrunch reported that a number of malicious websites used to hack into iPhones over a two-year period were targeting Uyghur Muslims", most of whom live in Chinas Xinjiang state.

How do you protect yourself from malware attacks? If an attacker gets hold of a zero-day, you barely have any option. But as a precaution, you should ensure you use the latest version of the software. Outdated software is like a castle with open doors known to everyone but without any guards. Still, most people dont: According to the latest data from analytics firm StatCounter, only 33% of Indian smartphones are running the latest version of Android.

Moreover, cheaper smartphones, which ship with their own customized version of the Android operating system, are late to ship updates, leaving their users vulnerable to known attacks (See graphic for more ways to counter snooping).

M stands for metadata

Most people imagine government surveillance in terms of content: tapping phone calls to listen to conversations, ability to read the complete text of emails and messages. But more is happening under the hood: even without knowing the details of content, a lot can be inferred about ones whereabouts.

Just by the act of using a service, be it making a call or browsing the internet, we leave a valuable trail of data with telecom companies and internet service providers (ISPs): it includes call detail records (whom did you speak with, when and for how long), the location and IMEI number (which uniquely identifies a wireless phone or device) of both the caller and recipient, and the Web browsing history.

This is called metadata", everything except the content of the communication, and can be far more revelatory than most people imagine. Connect the dots and it provides an intimate lens into a persons life.

Sample what companies and governments can infer from metadata: they know you called a phone sex line in the night but dont know what you talked about; they know the people you speak with every day, once in a month or once in a year, revealing your close and distant contacts; they know you called a suicide prevention hotline but the topic is not known; they know if an informant is repeatedly talking to a human rights activist or journalist, but dont know what is being revealed; they know a girl called a gynaecologist, spoke for a half hour, then called a man whom she often speaks with late in the night, and then called the local abortion clinics number later that day; they know the websites you visit and time you spend looking at the content (no, incognito mode doesnt protect you from the eyes of the ISP).

The contents of calls are far more difficult to analyze in an automated fashion due to their unstructured nature," Edward Felten, a professor of computer science and public affairs at Princeton, explained in an affidavit filed by American Civil Liberties Union challenging the legality of the National Security Agencys mass collection of Americans phone records. A groups metadata can reveal intricacies of social, political, and religious associations," he wrote, adding: Given limited analytical resources, analyzing metadata is often a far more powerful analytical strategy than investigating content."

Location, location, location

Moreover, mobile phones are perennially giving away our location to the telecom companies through the signals they broadcast. By observing the signal strength that different towers receive from a particular subscribers mobile phone, operators can calculate where that phone must be located.

Location tracking is more than just knowing where you are at a given point in time: it could be used to try to find out whether certain people are in a romantic relationship, to find out who attended a particular meeting or who was at a particular protest, or to try and identify a journalists confidential source", the Electronic Frontier Foundation explained in a blog post.

In India, telecom licences require operators to provide direct access to all communication data and content to authorities even without a warrant. In 2009, the government announced it was building a Central Monitoring System that will provide it centralized access to the countrys telecommunications network and facilitate direct monitoring of phone calls, text messages, and Internet use by government agencies, bypassing service providers", the Human Rights Watch noted in 2013.

There is not much you can do to protect metadata surveillance, especially for calling and location tracking data. You can use a VPN (virtual private network) service to protect your browsing activity from the ISP or Tor browser for anonymous browsing, but both have their limitations.

The lack of law

The general saying that the law lags technological innovation by at least a generation does not apply to India. The country has no laws governing mass surveillance. For targeted interception, there are two main Acts governing the legal provisions for surveillance in India. First, the Indian Telegraph Act, 1885, which allows for the interception of telephonic calls and messages. Second, the Information Technology (IT) Act, 2000, which has provisions to intercept digital information including data stored on a computer, internet traffic and other data flows.

There is one key difference between the two Acts: The grounds under the IT Act are wider and lack some of the safeguards under the Indian Telegraph Act. Under the latter, there should be a condition of a public emergency" or interest of public safety" for intercepting the information. There is no such requirement under the IT Act, which makes it more powerful.

As India heads towards framing laws to protect user data and privacy, it remains to be seen if the state will curb its own powers of illegitimate surveillance to snoop on its citizens.

In conclusion

The truth is, cyberspace warfare is asymmetrically skewed towards the attacker, who needs to take advantage of just one weakness to exploit you. Defenders need to protect everything.

Which is why, when framing a digital security plan, it is not useful to ask a question like whether X technology is safe or not". Merely using Signal (a highly recommended encrypted instant messaging app) or Tor (that allows anonymous Web browsing) is not the solution. The recommended approach is to define what you are protecting, from whom, how much convenience you are willing to trade-off and then take specific security steps for clearly defined goals.

By adopting best practices to be secure online and following a plan, you can make it difficult for anyone to spy on you. But in the extreme case, if a nation-state really wants to target you, it probably can: your efforts will introduce roadblocks, make it financially more expensive to snoop on you, but nothing can offer a guarantee of complete privacy.

Samarth Bansal is a freelance journalist based in Delhi. He writes about technology, politics and policy.

Read the original post:
Smart users guide to the snooping game - Livemint

Jumps to section:Privacy protection through Android featuresSaves the lock screen

A good display lock is one of the easiest steps to more security. Only those who know your code can operate your smartphone. You can choose between a blocking pattern, a four-digit PIN or a password. You can configure the locking screen in the settings under Security. This code also improves device encryption. A smartphone encrypted in this way is unattractive for thieves in many respects, as its memory cannot be read out and, thanks to the reactivation lock, it can only be used as a spare parts store even after resetting.

Even if the smartphone starts a little faster, don't be tempted to remove the SIM card's PIN lock. If a thief can use your phone number unhindered, this helps him with two-factor authentication or identity theft in simply verified chat apps like WhatsApp, Telegram or Signal. In the worst case, it can use your online banking because he receives SMS-TANs. But above all and easiest he could call at your expense.

You'd be amazed to see what app developers know about you. You can deny them a lot of data by regularly checking and revoking app permissions. The app "Bouncer" costs only a dollar, but takes over the role of the authorization house manager on your smartphone.

Important updates from the manufacturers should always be installed in order to close any security gaps. This is relevant for your privacy, since attackers can use these gaps to copy your SMS, e-mails, photos and the remaining data from your device, sometimes wirelessly, without you noticing. You can easily avoid this.

The notification of available updates is now arriving on many devices on a monthly basis. Don't ignore them, but make your smartphone secure again. Installing the update on newer smartphones doesn't take long. Thanks to an additional partition, updates can be installed in the background and activated after a reboot.

If an official update is no longer available, it is worth searching for a compatible custom ROM for your device. So you can bring even an old Samsung Galaxy S5 back up to date. At the same time, you can also rely on a ROM with MicroG framework to prevent espionage by Google.

If you're using different Google accounts (such as business and personal), you can separate them into two storage areas on one smartphone. Unfortunately, not all smartphone manufacturers implement the Android feature in their user interfaces to create different user profiles.

Huawei/Honor, for example, interprets the feature in its own way and uses so-called private areas. Samsung creates the app twin for certain apps. These are also protected by additional security precautions and safely separate the storage areas from each other.

If you want a single app to always stay in the foreground and the home button to be locked as well, you can now pin single apps to the foreground since Android 5.0 Lollipop. You first have to activate this function in the security settings under "Attach screen". Then you can see the small pin in the lower right corner of each app preview in the app overview. For full security, you also activate the screen lock before the screen lock is released.

If you lose your smartphone or it gets stolen, you can locate it from a distance. Unfortunately, the location service continuously records data so that Google or known security authorities can track you unnoticed. So at least switch off the recording of your movement profile on Google. Other location-sensitive apps such as Mobike should be denied access (see above).

Now it is important that you use the location service in your sense and don't pass on unnecessary data to Google. How you can interrupt, stop or delete these and many other ominous Google recordings is explained in our special article.

Keep in mind that your smartphone does not only share the location with Google. Your mobile phone provider also knows where you are at all times, at least through its cell triangulation. If you make an emergency call, this is of course an advantage. Because then the employee in the emergency call center can determine your position, if you could not describe it exactly.

Facebook is by far the largest social network. Many people use it almost exclusively to keep in touch with friends or acquaintances. Some services and events are exclusively organized there. Once registered, you can share photos, links and texts with friends or in your filter bubble. So that you or a stranger don't publish embarrassing things about you, you should check your privacy settings regularly. We'll show you how to do this in a separate article.

But even if the app is not open, it is still busy collecting and sending data. Uninstall it as far as possible. Some smartphone manufacturers even require you to connect to a computer and work with a command line, see our instructions.

A paranoid alternative for Facebook and Messenger is the open-source app SlimSocial. The app looks like the Facebook app five years ago, is a few hundred kilobytes in size (200 times less than the Play Store app) and has a chat function directly in the app. Everything looks a bit worse than in the original, but stops the data flow in the background.

With Facebook's chat service, your hands are tied for data protection reasons. While the chats themselves are end-to-end encrypted, the complete metadata is visible for Facebook. This means that the head office knows who communicated with whom for how long and when. In addition, your telephone number is quasi-public. As soon as a contact pulls you into a group, which you can prevent in the meantime in the settings, everyone in that group can see, save and pass on your telephone number. WhatsApp announces this in the user agreement, but could still surprise you. If you don't like this, we recommend alternative chat services.

If you're still dependent on Messenger (I know group pressure is overwhelming in the long run), you can use WhatsApp on a different mobile number than your main number. When you set it up, you can deny WhatsApp access to your contacts so they won't be copied to Facebook right away. Who then wants to contact you, should ask you individually on another channel for your dedicated WhatsApp number.

You can also use Android without Google apps and services. The reliable option would be to overwrite the entire operating system partition. But this is only possible with some smartphones, is complicated and may cost you the warranty claims. Thanks to a cooperation between the developers of the Google service replacement package microG and the team behind Lineage OS, many problems with a Google-free Android could be solved in everyday life.

If your Chrome and Google is replaced by Firefox Klar or even the TOR browser and DuckDuckGo, it will be much more complicated for website operators to analyze your surfing behavior. Because when leaving the website or at least when closing the browser, they delete your tracks. Websites can only create a user profile of you with more effort.

WLANs are only secure to a limited extent; especially if you do not know who is still connected to them. So encrypts the Internet connections of your own devices over a virtual private network (VPN). We will show you in a separate article how to set this up and which free services are available:

There is plenty of information on the net about why we should not trust apps like Facebook, WhatsApp, Google and the like. Prism-Break offers you a privacy-friendly alternative for each of them. The Degoogle Subreddit wiki also provides you with a list of alternative web services to privately secure your calendars, contacts, and the like.

A completely data protection-friendly operation of a smartphone is virtually impossible. As soon as you connect to the mobile network, your provider can locate you. And as soon as you establish a data connection, your smartphone sends telemetry data to several services; some anonymous, some not.

Only Purism with the Librem 5 really wants to make it better. Killswitches for GPS, GSM, microphone and other components are supposed to have this, with which you physically deprive the smartphone of the right to observe you. In practice, however, this device also has to struggle with start-up difficulties (see blog post).

With your existing Android smartphone and the use of supposedly free services like Gmail, Facebook, WhatsApp or Google Maps you have to decide: Be completely anonymous or pay the price with a part of your privacy.

Here is the original post:
Privacy on your smartphone: how to protect your data - AndroidPIT

BBC News has made a version of its website available on the Tor network, allowing it to be more securely accessed via the anonymising browser. The news organisation is putting its international edition on the network, with coverage available in a variety of languages including Arabic, Persian, and Russian. The Tor network is frequently associated with the dark web, but its also a vital tool for anyone looking to preserve their anonymity while accessing regular websites.

The move is aimed at making the BBCs news coverage available more securely in countries that attempt to restrict access to it such as China, Iran, and Vietnam. Although the BBCs typical bbc.com/news URL already loads when visited via the browser, BBC News reports that using the .onion top level domain prevents spoofing and preserves end-to-end encryption, making it a more secure way to access the news site. Facebook launched a similar mirror back in 2014.

If youd like to give the service a go, you can download the Tor browser and head over to Bbcnewsv2vjtpsuy.onion. Alternatively, the Brave browser also includes a Tor browsing mode similar to the Incognito modes offered on other browsers.

The rest is here:
BBC News heads to the dark web with new Tor mirror - The Verge

The Tor Project has announced the release of Tor Browser 9.0, the new update brings several updates to the user experience, integrating more features into the browser directly and scrapping the onion button. Additionally, localisation has been improved with support added for the Macedonian and Romanian languages, bringing the total amount of supported languages to 27.

With Tor Browser 9.0, Firefox 68.2.0 is used as the foundation. In order to scrap the onion button that came with old releases, the Tor Project has altered the actual interface of Firefox adding circuit information to the i button in the address bar, adding more Tor settings into about:preferences, and including a new identity button in the toolbar and in the menu.

One of the ways that Tor users can be identified by websites is by the size of the browser window. For several releases now, when the user maximises the Tor Browser window a notification would appear warning users not to do that. In order to make things simpler for users, a new feature called letterboxing has been added, this essentially restricts the amount of space a webpage can use; even if the browser is maximised, the user will just see a grey border around the webpage.

In order to get the new update, either download a fresh copy of the browser from the official website or if you have Tor already installed just continue using the browser and it should update automatically.

Read the original post:
The Tor Project releases Tor Browser 9.0 with several UX improvements - Neowin

The researchers from the IT cybersecurity firm ESET have discovered a fraudulent version of the Tor browser that has a Trojan that steals Bitcoins from users in darknet.

The website was targeting Russian users. The fake browser was distributed on two sites, and it stole the cryptocurrencies by switching the original cryptocurrency addresses from the year 2017, as mentioned in the ESNETs editorials, as reported on October 18. According to the report, these malicious programs are distributed for Windows users, and there are no signs of having circulated in macOS, Linux, and other mobile phone versions. And these were able to steal around $40,000 worth of Bitcoins.

These were created back in the year 2014, tor-browser[.]org and torproect[.]org are the two browser websites that have been mimicking the real site of the unknown browser, torproject.org. And the scammers usually redirect the users version of Tor is out of date, and when the user clicks to update, they are redirected to a different page to get it updated.

Once installed, the malware-laden browser enables its creators to know what websites a user visits, to change the data on visited pages, and grab the content of data forms. While the hackers could potentially display false information to users, the browser has only been observed to change the wallet addresses to steal bitcoin, the senior malware researcher of ESET, Anton Cherepanov said. He further said, Each such wallet contains relatively large numbers of small transactions; we consider this a confirmation that these wallets indeed were used by the trojanized Tor Browser, The report also said, Their goal was to lure language-specific targets to a pair of malicious yet legitimate-looking websites,

The browser, however, has informed the users about the happenings with regards to the monetary losses in the meantime because of the malware.

See the rest here:
Fraudulent Tor Browser Spies and Has Been Stealing The Bitcoins - GoodTime Nation