Category Archives: Tor Browser

A new version of the OnionShare programnow allows you to easily create basic anonymous dark web sites on Tor so that they cannot be censored. This is particularlyuseful for those who wish to publish information anonymously, but do not want to deal with the mechanics of setting up their own dark web server.

OnionShare is a program for Windows, Mac, and Linux that was originally designed to let you easily and anonymously share and receivefiles on the dark web. It does this by bundling the Tor client and turning your computer into a web server that is accessible only via Tor.

When sharing or receiving files, OnionShare will create arandom .onion address that can be shared with other users in order to share files or turn your computer into an anonymous dropbox that users can send files.

For example, in the screen below you can what it looks like when OnionShare is configured as an anonymous dropbox and someone else connects to it to send a file.

With the release of OnionShare 2.2, users are now able to create basic web sites using HTML, JavaScript, and images and publish them anonymously on the dark web.

This enables you to publish an anonymous site that cannot be censored and for your visitors to remain anonymous asthey access the site.

"This website is only accessible from the Tor network, so people will need Tor Browser to visit it," states the OnionShare announcement for this new version."People who visit your website will have no idea who you are they wont have access to your IP address, and they wont know your identity or your location. And, so long as your website visitors are able to access the Tor network, the website cant be censored."

To publish a website through OnionShare, simply click on the "Publish Website" tab and drag the HTML, JavaScript, andimages files for your site onto the program's screen. When ready to make your site accessible, click on the Start sharing button to publish the site to the Tor network.

Once published, OnionShare will display a random onion URL you can share with users. You can also configure the programs settings to use a "persistent address" and place it in "public mode" to make the site use a normal onion address as shown below.

Now when a user visits the site in the Tor Browser, they will be shown the website from your computer through OnionShare.

It should be noted, though, that once you use OnionShare to publish a web site, OnionShare and your computer must continue to run for the site to be accessible to others users on the Tor network. Once you shutdown your computer or close OnionShare, the site will be shutdown as well.

Read more here:
OnionShare Lets Anyone Host Anonymous Sites on the Dark Web - BleepingComputer

There is a privacy threat lurking on perhaps hundreds of millions of devices, that could enable potential attackers to track and profile users, by using information leaked via the Tor network, even if the users never intentionally installed Tor in the first place.

In a session at the SecTor security conference in Toronto, Canada on October 10, researchers Adam Podgorski and Milind Bhargava from Deloitte Canada outlined and demonstrated previously undisclosed research into how they were able to determine that personally identifiable information (PII) is being leaked by millions of mobile users every day over Tor.

The irony of the issue is that Tor is a technology and a network that is intended to help provide and enable anonymity for users. With Tor, traffic travels through a number of different network hops to an eventual exit point in the hope of masking where the traffic originated from. Podgorski said that there are some users that choose to install a Tor browser on their mobile devices, but thats not the problem. The problem is that Tor is being installed by mobile applications without user knowledge and potentially putting users at risk.

The researchers explained that they set up several Tor exit nodes, just to see what they could find, and the results were surprising. The researchers found that approximately 30% of all Android devices are transmitting data over Tor.

Youre probably scratching your head now, like we were a couple of months ago, because that doesnt make any sense, Podgorski said. There's no way a third of Android users know what Tor is and are actually using it.

What the researchers determined is that Tor is being bundled, embedded and installed in other applications and users are not aware of its existence. It was not entirely clear to the researchers why Tor was being bundled with so many applications. Podgorski said that it could be due to a misunderstanding of the technology and how it can be used. Tor was also found on Apple IOS devices, but the numbers were smaller with only approximately 5% of devices sending data.

Tracking Users

In a series of demonstrations, including live dashboards shown by Bhargava, the researchers showed what data they had collected from mobile users that were inadvertently using Tor. The data included GPS coordinates, web addresses, phone numbers, keystrokes and other PII.

This data can be used to build a robust profile of an individual, Podgorski said.

Bhargava explained that the exit nodes the researchers set up intentionally attempted to force browsers to not use encrypted versions of websites, forcing the devices to regular HTTP when possible. With data coming to the exit node without encryption, it was possible for the researchers to see the user data. Bhargava noted that for sites that force HTTPS encryption and do not offer any fallback option to regular un-encrypted HTTP, they wouldnt be able to see the users data.

Also of note, Bhargava admitted that he found his own phone number in the data, which was a surprise to him, as he had not installed Tor on his device. The only applications on his phone were applications installed by the carrier.

There are several things that need to happen to fix the issue. Podgorski said that the first is awareness that there is a problem, which is what the research is intended to highlight for legislators, government and organizations. For users, Podgorski emphasized that good operational security practices need to be employed, by using encryption everywhere.

In Podgorski's view, there is already a legal compliance risk that the mobile application PII data leaks expose.

Were pretty sure what we found breaches GDPR on multiple levels, he said, but the issue is that governments cant enforce the law if theyre not aware.

See more here:
#SecTorCa: Millions of Phones Leaking Information Via Tor - Infosecurity Magazine

Last year, a 16-year-old Mexican schoolboy received an unsolicited text message making crude sexual taunts. The text attempted to lure him into clicking on a link at the bottom of the message. Had he clicked on the link, his smartphone would have been secretly compromised, allowing those targeting him to monitor everything he did, steal login details, upload his contacts list and even spy on him through his phones own microphone and camera.

Whoever sent the message was using an incredibly sophisticated piece of spyware created by an Israeli company called NSO Group, which says it only sells its tools to governments and law enforcement agencies around the world. It is designed to track and monitor terrorists and other high-profile criminals.

The researchers say they have no conclusive evidence attributing these messages to specific government agencies in Mexico. However, circumstantial evidence suggests that one or more of NSOs government customers in Mexico are the likely operators.

Many people on this side of the Atlantic reading this report may be shocked to hear of a government using spying tools to hack the smartphones belonging to activists and journalists. At the same time, most people will likely shrug their shoulders and say: Sure why would anyone want to spy on me, Ive got nothing to hide?

But this is not about having something to hide, it is about privacy. There are many things we all do everyday which we dont want most people knowing about: How often did you go to the toilet today? Did you have sex today? Did you look up something online you wouldnt tell your family or friends about?

We are all entitled to a private life, and that goes for our digital lives as well as our offline lives. And so, we should all be concerned about the use of hyper-sophisticated tools like those from the NSO Group being used against a 16-year-old boy.

The simple fact of the matter is that is you have enough resources, then you can pretty much hack into anything as long as it is connected to the internet. The problem for you and me is the cost of compromising our lives is dropping precipitously and the barrier which criminals have to hurdle to find out the most intimate details of our lives is getting lower and lower.

With such powerful tools available, the question arises, is there anything I can do to protect myself? The short answer is not really. If a committed adversary really wants to hack into your smartphone, then they will likely be able to succeed.

However, that doesnt mean you should just give up completely and surrender your digital life to anyone who wants to to take a look.

Here are some basic ways to harden your online security to make what you do more private:

Stop telling them everything:Every online service that doesnt charge you to use it (Google, Facebook, Twitter) is using your data as payment. When you sign up they require a minimum level of information, but ask for a whole lot more. If you dont want Facebook knowing when your birthday is, then dont tell it. If you dont want Google to know what your favorite pet it, dont tell it. Oversharing of information is rife today on social media, and while we may blame Facebook and Snapchat, the real culprit is ourselves. If you dont want anyone to know about it, just dont share it.

Use the Tor browser:Tor, short for The Onion Router, is a modified version of the Firefox browser which anonymizes your identity by routing your IP address through multiple nodes until no one knows where the traffic is coming from or going to. Often associated with the dark web, it is not just a tool for criminals, but one that can be used by anyone who values their privacy.

Dont eat the cookies:Third-party cookies are the little bits of code websites use to track your movements online. They are the reason why Facebook will show you adverts for the nappies you were just looking at on Amazon. Now through every major browser offers the ability to turn off tracking cookies. It wont stop the more determined companies tracking you, but it does shut down the most common vector used by advertisers to build usage profiles.

Patch, patch, patch:Keep your software up to date. One of the easiest ways for any hacker to compromise your system is to use vulnerabilities in older versions of software. So whether its iOS, Android or Windows, always make sure you have installed the latest version available to you.

Free Wi-Fi may not be your friend:We all love connecting to free Wi-Fi, particularly when were travelling. But this is one of the easiest methods for hackers to compromise a lot of peoples data in a very short space of time. Make sure the network you are connecting to is safe, particularly in locations like airports and train stations.

See the original post:
Is there anything we can do to stop someone spying on us? - Newstalk 106-108 fm

Quick question: What do you do when you want to browse the internet securely? Do you click on your browser menu and select your browser's privacy mode and go about your merry way, assuming your data is safe and your history not saved. I've got news for you; chances are that private or incognito mode isn't exactly what it's cracked up to be.

I've tested both Chrome and Firefox and have witnessed both of them retaining browser history. What does this mean for you, the user? It means if you need serious privacy for your web browsing, or if you need to safeguard data while working on company sites, you might have to turn to a speciality browser, such as Tor Browser or Epic Browser. Tor Browser is available for all platforms, and Epic Browser is only available for Mac and Windows. Both browsers not only ensure your history will not be retained, but they also work with the help of a proxy system to keep your browsing encrypted and private.

So, if you're looking for the highest level of security in a browser, look away from the the likes of Edge, Chrome, and Firefox and turn your sites on Tor and Epic. Both of these browsers are surprisingly easy to use and will go a long way to keep your data safe. Are they perfect? Are the superior than what you're using now? Chances are, the answer to that question is a resounding yes.

Image: Jack Wallen

More:
If you're really concerned about browser security, Incognito isn't enough - TechRepublic

Infamous neo-Nazi website The Daily Stormer is no longer accessible online via a conventional web browser. But a Monday essay seems to have caught the eye of President Trump.

Instead, site visitors need to download the Tor browser and use that to access the notorious neo-Nazi website at dstormer6em3i4km.onion. The Tor browser facilitates anonymous browsing.

On Sunday 13 August, the site published a crude and highly criticized article attacking Heather Heyer, the woman killed in the Charlottesville melee.

Monday Daily Stormer publisher Andrew Anglin authored an essay (pdf) condemning protestors who topped a Confederate statue in Durham, NC.

And I guarantee you, [the protesters] are going to go to Washington, and they are going to demand that the Washington Monument be torn down. They might even try to pull it down. Because George Washington owned slaves. More importantly, he was a white man who built something.

Also on Monday, former Congressman Newt Gingrich (whose wife is in the Administration) and Fox host Martha MacCallum were discussing the announcement that the Lexington, KY, mayor intends to remove two Confederate statues from a public building.

Where are you going to stop it? Gingrich said. What if you werent sensitive enough to the Holocaust we should take down all the statues of Franklin Delano Roosevelt? You could make an argument for that.

You could make an argument for Thomas Jefferson or George Washington, MacCallum interjected. Are you going to change the name of the Washington Monument?

Gingrich then noted that both were slave owners.

Absolutely, thats my point, MacCallum responds.

Its not a surprise that these points from FOX and The Daily Stormer were reprised in President Trumps press conference on Tuesday:

many of those people were there to protest the taking down of the statue of Robert E. Lee. So this week, it is Robert E. Lee. I noticed that Stonewall Jackson is coming down. I wonder, is it George Washington next week? And is it Thomas Jefferson the week after? You know, you really do have to ask yourself, where does it stop?

Was George Washington a slave owner? So will George Washington now lose his status? Are we going to take down excuse me are we going to take down statues to George Washington? How about Thomas Jefferson?

Trumps comments were widely criticized:

That wasnt the only eyebrow-raising act of the day:

Trump RT'd this pic showing a CNN journalist hit by a train days after a white nationalist ran his car into activists, killed Heather Heyer. pic.twitter.com/tWjdoE70AS

Kyle Griffin (@kylegriffin1) August 15, 2017

Aug 16, 2017KATHY GILL, Technology Policy Analyst

Original post:
The Daily Stormer has lost its lease, accessible only via Tor browser - The Moderate Voice

The Tor Project says it can't build open source tools for circumventing censorship if it also controls who uses those tools.

A day after The Daily Stormer retreated to the darknet, the organization that helped make that move possible is condemning the neo-Nazi site while grudgingly acknowledging its technology allows the site to continue to spew messages of hate.

A version of the site, dubbed the "top hate site in America," appeared Wednesday on a part of the web that can only be accessed through the Tor Project's browser, which hides users' online identities. The Daily Stormer moved to a Tor onion service after GoDaddy and then Googlepulled its domain following an offensive story it published about Heather Heyer, who was killed on Saturday while counter-protesting against white supremacist protesters in Charlottesville, Virginia.

"We are disgusted, angered, and appalled by everything these racists stand for and do," Tor member Steph wrote in a blog post Thursday. "Ironically, the Tor software has been designed and written by a diverse team including people of many religions, races, gender identities, sexual orientations, and points on the (legitimate, non-Nazi) political spectrum.

"We are everything they claim to despise," Steph wrote. "And we work every day to defend the human rights they oppose."

With the move, the Tor Project joins a slew of companies and organizations seeking to distance themselves from white supremacist activity on the web. Apple and PayPal have disabled support of their services at websites that sell merchandise glorifying white nationalists and support hate groups, while Reddit and Facebook have each banned entire hate groups.

Click to see our in-depth coverage of online hatred.

On Wednesday, internet security provider Cloudflare dropped its support for the website, essentially allowing it to be taken down with a denial-of-service attack. Twitter also joined the campaign by suspending the accounts linked to the the website.

Steph pointed out the Tor browser is designed to defeat censorship, and the organization can't and shouldn't decide who benefits from that freedom.

"We can't build free and open source tools that protect journalists, human rights activists, and ordinary people around the world if we also control who uses those tools," Steph wrote. "Tor is designed to defend human rights and privacy by preventing anyone from censoring things, even us."

Solving for XX: The industry seeks to overcome outdated ideas about "women in tech."

Special Reports: All of CNET's most in-depth features in one easy spot.

See more here:
Tor Project 'disgusted' by Daily Stormer, defends software ethos - CNET

After being refused service by two domain registrars and a hosting provider, a notorious neo-Nazi site has apparently fled to a Russian domain and a new server host, with a backup on the dark web.

The Daily Stormer came under fire following the events in Charlottesville, Virginia, over the weekend. The neo-Nazi website had its account terminated with domain registrar GoDaddy on Sunday after Twitter users complained about a post lobbing insults and slurs at Heather Heyer, the anti-racism demonstrator who was killed in Charlottesville. The website also quietly had its server hosting disabled by hosting company Scaleway. And even though the website quickly moved to another domain registration company, Google, Google promptly terminated its account.

Thus, heading into Tuesday, the site founded by prominent neo-Nazi Andrew Anglin in 2013 was essentially bouncing around looking for places to land. It briefly attempted to gain hosting through a Chinese service provider at the URL DailyStormer.wang, only to quickly be taken offline.

Next, the site attempted to set up shop on the dark web, using a .onion domain. Websites on the dark web are hidden from search engines and can only be accessed by special browsers such as a Tor browser. But the sites move underground didnt last long. Currently its home on the dark web is a parked announcement that it has relocated to DailyStormer.Ru:

The .ru domain in the URL isnt exactly proof that the website is now hosted in Russia, because anyone can register a .ru domain. A Whois lookup for the .ru site reveals that the controversial hosting proxy CloudFlare, which has refused to terminate its business relationship with the neo-Nazi forum, continues to mask the identity of the sites true server host.

On the website, Anglin celebrated the sites return with a litany of anti-Semitism and criticism of GoDaddy and Google, calling the latter an anti-speech site. He also took the opportunity to deliver more insults against Heyer, whose memorial is today.

Update: The Dailystormer.ru domain now appears to be offline as well; the .onion domain accessible via Tor browser has not updated. We are following developments and will update this article as new iterations of the site appear.

Read the rest here:
Neo-Nazi site Daily Stormer resurfaces with Russian domain following Google and GoDaddy bans - Vox

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

What's New:

This release features an important security update to Tor.

All Platforms

Previous versions:

The rest is here:
Tor Browser 7.0.4 Download - TechSpot

Tails, the amnesic incognito live system, also known as the anonymous live operating system, has been updated today to version 3.1, a point release that fixes many security issues and updates important components.

Tails 3.1 is here with the latest Tor Browser 7.0.4 anonymous web browser and the Linux 4.9.30-2+deb9u3 LTS kernel, which is also used by default in Debian Stretch. The new release was synced with the upstream repositories of the Debian GNU/Linux 9.1 "Stretch" operating system.

Among other noteworthy changes implemented in Tails 3.1, we can mention a fix for a bug that lets the Mozilla Thunderbird email and news client erase its temporary directory, which might contain previously opened attachments, as well as updated "Tor is ready" and time synchronization notifications translations.

Full Story

This topic does not have any threads posted yet!

You cannot post until you login.

See original here:
Debian-Based Tails 3.1 Anonymous OS Debuts with Tor Browser 7.0.4, Linux 4.9.30 - LXer (press release)

As planned, the Tails project has announced the general availability of Tails 3.1. The developers are strongly encouraging users of older releases to upgrade as soon as possible because it closes several security vulnerabilities and upgrades the Tor Browser to the latest version based on the newest Firefox ESR.

The two major changes in Tails 3.1 are that the Tor Browser has been upgraded to 7.0.4 and the Linux kernel has been upgraded to 4.9.30-2+deb9u3. The new Tor Browser will be the main reason to upgrade, to make sure that bugs in the browser arent being exploited to remove the anonymity of the user. The final detail to note is that this release is based on the new Debian 9.1, which was released in July.

There are also a few problems which have been fixed in Tails 3.1, they are:

To get the new update, you can either do a clean install or do a manual upgrade. Both options have well-detailed instructions accompanied by screenshots making it easy to create your new Tails live USB. Unfortunately for existing users, the automatic upgrade from 3.0.1 to 3.1 has been disabled due to some issues, but Tails 3.0 users can jump directly to 3.1 with an automatic upgrade.

Tails 3.2 is scheduled for release on October 3, and version 3.3 will be out on November 14. While the team behind the OS seems to be good at meeting their deadlines, you should assume that the dates listed could change. To see where the project is headed over the coming years, feel free to give their roadmap a look.

Source: Tails

Read more here:
Tails 3.1 has been released but you'll need to do a manual upgrade - Neowin