Category Archives: Tor Browser

Internetusers who value online privacy and anonymity will often rely on the Tor Browser to access websites. Using this browser, they can also access the so-called .onion websites, which are not indexed by regular internet search engines. However, the Web2Tor service provides an alternative way to access these sites. It is time to look at how both solutions compare to one another and figure out which solution is best.

Although the Onion.cab platform provides a convenient way for users to access Tor Onion sites, there are some drawbacks to using such a service. The protocol used by Onoin.cab is known as a Web2Tor connection, which serves as a reverse proxy to access the Tor network. However, the user does not need to install the Tor Browser to do so, which makes it seem more appealing to less tech-savvy users.

As one would expect, such services are not unnecessarily privacy-centric by any means. All services such as Onion.cab do is listening on port 80 or 443 on a clearnet server and then proxy requests via Tor to access the .onion site in question. There is no end-to-end encryption involved either, which means anyone can snoop on the connection even though it seemingly occurs over the Tor network. For anyone looking for more privacy, that is anything but positive news.

Moreover, a Web2Tor service provider can see what users are doing at all times. They are even capable of injecting content into the browser, without the user content. This does not mean Onion.cab will do so, yet some services have done so in the past. Moreover, internet service providers can see customers use these hidden services to hide their internet activity, which is not beneficial either. Then again, that is the price users pay for this convenient solution.

To make matters even worse, using Web2Tor services means the service provider will set various cookies to track users across hidden services on the Onion network. Even if the users IP address changes, the service provider can still track users as long as they keep relying on the same intermediary service to access Tor sites. All things considered, there is no valid reason why anyone would not use the Tor Browser directly, assuming they care about online privacy at all.

Judging from all of the above, there is no real reason not to use the Tor Browser instead. The browser is designed to protect user information and privacy at all times. While it requires users to download a piece of software, that only needs to be done one time. It is no different than installing Chrome, Firefox, or Opera on a new computer either. Anyone who wants to access Onion sites and retain user privacy is better off with the Tor Browser. After all, it provides end-to-end encryption to all users free of charge.

Since the Tor Browser hides online activist from the internet service provider, users can browse the web in a privacy-centric environment. Do keep in mind the experience will be slower compared tor regular browsing, as all traffic needs to pass through relay points. All things considered, anyone looking to browse the web anonymously or access .Onion sites should stick with the Tor Browser instead of using online intermediary services.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Go here to read the rest:
Web2Tor Vs Tor Browser The Merkle - The Merkle

Here is a list of measures you can take to protect your privacy after FCC repeal.

Heres How to Protect Your Privacy [...]

We shouldnt have to take extraordinary steps to limit how our personal information can be used, but that is clearly something that we are all forced to do now, writes Amul Kalia. (Photo by Blogtrepreneur/ flickr CC 2.0)

This post originally appeared at the Electronic Frontier Foundation.

We pay our monthly internet bill to be able to access the internet. We dont pay it to give our internet service provider (ISP) a chance to collect and sell our private data to make more money. This was apparently lost on congressional Republicans as they voted to strip their constituents of their privacy. Even though our elected representatives have failed us, there are technical measures we can take to protect our privacy from ISPs.

Bear in mind that these measures arent a replacement for the privacy rules that were repealed or would protect our privacy completely, but they will certainly help.

Pick an ISP that respects your privacy

It goes without saying: If privacy is a concern of yours, vote with your wallet and pick an ISP that respects your privacy. Here is a list of them.

Given the dismal state of ISP competition in the US, you may not have this luxury, so read on for other steps you can take.

Opt-out of supercookies and other ISP tracking

In 2014, Verizon was caught injecting cookie-like trackers into their users traffic, allowing websites and third-party ad networks to build profiles without users consent. Following criticism from US senators and FCC action, Verizon stopped auto-enrolling users and instead made it opt-in. Users now have a choice of whether to participate in this privacy-intrusive service.

BY Peter Eckersley and Jeremy Gillula | March 28, 2017

You should check your account settings to see if your ISP allows you to opt-out of any tracking. It is generally found under the privacy, marketing, or ads settings. Your ISP doesnt have to provide this opt-out, especially in light of the repeals of the privacy rules, but it can never hurt to check.

HTTPS Everywhere

EFF makes this browser extension so that users connect to a service securely using encryption. If a website or service offers a secure connection, then the ISP is generally not able to see what exactly youre doing on the service. However, the ISP is still able to see that youre connecting to a certain website. For example, if you were to visit https://www.eff.org/https-everywhere, your ISP wouldnt be able to tell that youre on the HTTPS Everywhere page, but would still be able to see that youre connecting to EFFs website at https://www.eff.org.

While there are limitations of HTTPS Everywhere when it comes to your privacy, with the ISP being able to see what youre connecting to, its still a valuable tool.

If you use a site that doesnt have HTTPS by default, email them and ask them to join the movement to encrypt the web.

VPNs

In the wake of the privacy rules repeal, the advice to use a Virtual Private Network (VPN) to protect your privacy has dominated the conversation. However, while VPNs can be useful, they carry their own unique privacy risk. When using a VPN, youre making your internet traffic pass through the VPN providers servers before reaching your destination on the internet. Your ISP will see that youre connecting to a VPN provider, but wont be able to see what youre ultimately connecting to. This is important to understand because youre exposing your entire internet activity to the VPN provider and shifting your trust from the ISP to the VPN.

In other words, you should be damn sure you trust your VPN provider to not do the shady things that you dont want your ISP to do.

VPNs can see, modify, and log your internet traffic. Many VPN providers make promises to not log your traffic and to take other privacy protective measures, but it can be hard to verify this independently since these services are built on closed platforms. For example, a recent study found that up to 38 percent of VPN apps available for Android contained some form of malware or spyware.

Below, we detail some factors that should be considered when selecting a VPN provider. Keep in mind that these are considerations for someone who is interested in preventing their ISP from snooping on their internet traffic, and not meant for someone who is interested in protecting their information from the government a whistleblower, for instance. As with all things security and privacy-related, its important to consider your threat model.

BY Center for Responsive Politics staff | March 31, 2017

Now that you know what to look for in a VPN provider, you can use these two guides as your starting point for research. Though keep in mind that a lot of the information in the guides is derived from or given by the provider, so again, it requires us to trust their assertions.

Tor

If you are trying to protect your privacy from your internet company, Tor Browser perhaps offers the most robust protection. Your ISP will only see that you are connecting to the Tor network, and not your ultimate destination, similar to VPNs.

Keep in mind that with Tor, exit node operators can spy on your ultimate destination in the same way a VPN can, but Tor does attempt to hide your real IP address, which can improve anonymity relative to a VPN.

Users should be aware that some websites may not work in the Tor browser because of the protections built in. Additionally, maintaining privacy on Tor does require users to alter their browsing habits a little. See this for more information.

Its a shame that our elected representatives decided to prioritize corporate interests over our privacy rights. We shouldnt have to take extraordinary steps to limit how our personal information can be used, but that is clearly something that we are all forced to do now. EFF will continue to advocate for internet users privacy and will work to fix this in the future.

Trump, A Symptom Of What?

Mayoral Candidate in Jackson Hopes to Shake Up the Status Quo

Excerpt from:
Here's How to Protect Your Privacy From Your Internet Service Provider - BillMoyers.com

I fully agree with your editorial on the GOP Congress (including Doug LaMalfa) selling out our online privacy to internet service providers. At first, I thought I would write this letter expressing my despair over the loss of privacy and what that means in a free society. Instead, I wish to share things we can do to protect ourselves and our privacy.

Use Duckduckgo or Startpage as your only search engines. They (unlike all others) do not keep a record of your search words or track you.

One can use VPN (virtual private network) to hide ones IP address. The only problem is they are not free and there is still a need to trust the company that is providing it to not sell ones information. By far the best solution at the moment is using the Tor browser. First developed by the U.S. Navy, Tor is open source, which means its legally free to download and use by all. Its used by our government, law enforcement, journalists and citizens in countries where the internet is censored. Tor is always being improved and updated by volunteers. There is a version for all internet devices. Read about it here: http://www.torproject.org.

I use it everyday. My ISP knows that one of their customers is on the Tor browser. They dont know which one or what Im doing online. I must admit, I get a little joy each time I use it.

Richard J. Robinson, Chico

Advertisement

Read more:
Letter: Take steps to protect your privacy online - Oroville Mercury Register

Congress has voted to reverse new FCC privacy protections that would have required internet service providers (ISPs) like Comcast, Verizon, and AT&T to seek your permission before sharing information about your browsing history, location history, contacts, and other personal information. Last Tuesday, President Trump signed the measure.

There are some limited steps we as individuals can still take to protect our data. But the truth is that none of them are adequate when the companies that run wires into our home are determined to spy on our use of their services. The best thing Americans can do is to exercise their rights as citizens in a democratic society through activism, voting, working to support and oppose candidates, etc. Right now, people need to make their displeasure heard, loud and clear. Check to see if your senators and representative voted to protect the interests of Big Telecom, or the interests of individuals who dont want to be spied upon, profiled, bought and sold, and possibly discriminated against. If they did the former, voice your displeasure. Speak up online, support federal legislation to restore these protections, advocate for your state governments to take action to fill the gap left by Congressand dont let your memory of this travesty fade away, as telecom-supporting members of Congress are counting on you to do.

A common but inadequate response in situations like this is that we should let the market decide. The reality for most Americans is that the market has failed to provide meaningful choice among network operators. Fully 51 percent of Americans have only one real choice of broadband internet service provider, and even the lucky Americans with access to two or more providers may not see any meaningful difference between the providers in terms of user privacy. This makes it difficult, if not impossible, to vote with your wallet.

What are the limited steps that people can take to restore the privacy that ought to be their right? There is no perfect solution, but we have a few suggestions.

Despite the obliteration of the FCCs privacy protections, most ISPs (for now) offer consumers limited opportunity to opt out of data sharing about their internet use, often referred to by the legal term Customer Proprietary Network Information, or CPNI. Although this step has definite limitations, it is something that every customer should take advantage of.

Unfortunately, the telecoms have every incentive to make it difficult for you to do so, and often do not present discoverable, meaningful options. This is a highly imperfect solution from a policy standpoint because of the difficulty in opting out, because it throws the burden of protecting privacy onto the customers when the law clearly places it on carriers, and because it attempts to normalize surveillance by making surveillance the default when the default should be privacy.

To look at what it takes to opt-out, we explored the sites of the top ISPs in the United States. What we found is that their opt-out procedures and options are hopelessly inadequate, and that it was very difficult and time-consuming to get accurate information from the companies. When we sought help from Comcasts customer service chat, for example, it took over 20 minutes to get a link to their privacy policy, and they did not provide any information on how to opt out of information sharing. We also found that the companies privacy policies were generally vague and lacking in information about exactly what data is collected by the ISP and what a broadband user can expect in terms of privacy. Furthermore, none of the opt-out options appeared to allow a user to opt out of having information about their personal browsing histories retained and stored, which many people find offensivesome ISPs merely let users opt out of getting ads based on the collection and storage of that data. Other ISPs will still send some marketing materials based on the information they have collected, even if the user has opted out.

Here are links to opt-out pages for the leading ISPs:

AT&T: Instructions on opting out of various uses of data are here, including this CPNI Restriction Request Form

CenturyLink: Instructions for opt-outs on marketing contacts as well as other practices are here.

Charter Spectrum: Privacy preferences can be set here and by calling the company as described in Charters privacy policy in the sections entitled Can I prohibit or limit Charters use and disclosure of my personally identifiable information? and Charter Residential Customer Proprietary Network Information (CPNI) Policy. Charter has acquired Time-Warner Cable, but TWC still has a CPNI Opt Out form online here.

Cox: Features a Privacy Settings page to opt out of marketing based on CPNI as well as other uses of data such as location-based advertising.

Comcast: Information about opting out of various uses of information is contained within Comcasts xfinity privacy policy.

Verizon: Instructions to opt out of various uses of internet, cell phone, and television services are here (in the section How to limit the sharing and use of your information) and here.

If you use a smaller ISP not listed above, a providers privacy policy is generally the place to look for opt-out instructions and links. Nearly all companies include a link to a privacy policy on their main page, though it is often in very small print at the very bottom of the page.

Encryption is an effective way of hiding the content of your communications from an ISPs prying eyes (not to mention those of other parties). Encryption will block your ISP from seeing the content of your communications, but depending on the application it may still permit them to see your metadata (such as who you are communicating with and/or when).

Nevertheless, using encrypted communications and apps as much as possible is a good idea. As weve recommended before, for example, everyone should use Signal where possible to replace traditional text messaging or voice calls. Of course, many of your friends may use an end-to-end encrypted messaging app like Signal or Apples iMessage, but many may not, and you will be obliged to communicate with those friends over channels that your ISPand theirscan snoop on. So encourage your friends to move to better messaging platforms!

You can also use the HTTPS Everywhere browser extension, developed by our friends at The Tor Project and the Electronic Frontier Foundation, to force more of your web browsing to HTTPS. When a customer connects to a web site that uses HTTPS (as opposed to plain unencrypted HTTP), the ISP cant see the exact pages within a site that a customer is reading, or the content of the pages that he or she downloads. The ISP will, however, still see that youre visiting the site itself (i.e. http://www.autism.org or http://www.aids.gov). Another limitation is that while many web sites have shifted to HTTPS, many have not, and the end-user has no control over that.

Despite such limitations, moving to encrypted communications as much as possible is a good idea and is a step that will protect your privacy not only from your ISP, but also potentially from other parties ranging from the IT workers in your office to the NSA.

In addition to using encrypted communications, you might want to protect more of your metadata (information about where you are going and who you are communicating with on the internet). One approach is to use a Virtual Private Network (VPN), which creates an encrypted connection between a customers computer and the VPNs network, and routes all of the customers traffic through that remote network, leaving the customers ISP unable to see either the content or the destination of a customers communications. Configured this way, the VPN acts as an encrypted proxy to the rest of the internet. VPNs can be an effective way of preserving some degree of privacy against some parties, including ISPs.

The use of VPNs has a number of significant limitations you should be aware of.

VPNs cost money, forcing you to pay for privacy that should be your right (and which many Americans cannot afford). Unless expertly configured, a VPN may not cover the growing eco-system of Internet of Things devices that is appearing in many homes, such as personal assistants (like the Amazon Echo), smart or GPS watches, FitBits, appliances, etc. Even with use of a VPN, your ISP can still see the amount of data you are sending and receiving, and at what times. And VPNs can slow down your internet data speeds, because all your traffic has to be funneled through a remote server. It might introduce delay into video chats or VoIP phone calls, for example.

Finally, use of a VPN just shifts the privacy issues to a new party. When you use a VPN, many details about your internet usage become invisible to your ISPbut whatever party is operating the VPN service (employer, third-party service, etc.) then gains access to all that information. For this and other reasons, its important to do good research and be very careful about whom you select as a VPN provider. Your choice may depend on whom you're trying to protect yourself from: someone who is trying to avoid the local advertising agency might have a different set of choices than someone who is trying to avoid immigration authorities or a vindictive city councilmember. The Electronic Frontier Foundation lists questions that should guide your VPN choice here.

Another option for protecting privacy is to do your browsing through Tor, which is an encrypted network of servers that bounce your traffic around between you and the site youre visiting so that it cant be tracked. The simplest way to use Tor is to download and install the Tor Browser and use it instead of your normal web browser. Installing and using the Tor Browser wont have any effect on your normal web browser, so you can try it out and still easily switch back, or use Tor for some of your browsing and another web browser the rest of the time.

As with a VPN, your ISP will be able to see the amount and timing of your data transmissions over Tor, but it will all come and go from the Tor guard node to which you are connected, and it will all be encrypted. Even more than a VPN, Tor can slow down a users internet speeds. Furthermore, some website operators block traffic that arrives over Tor, which can be frustrating if you need to visit those sites.

To avoid losing advertising dollars, ISPs might be tempted to detect customers use of Tor Browser or VPNs and deliberately slow down that traffic in order to discourage people from protecting their privacy in that way. Fortunately, the FCCs network neutrality rules prohibit that kind of interference with customers traffic. Thats greatas long as Congress or Trumps FCC doesnt undo the network neutrality rules as they have the privacy rules. So privacy-conscious Americans are advised to politically agitate for the preservation of network neutrality in addition to agitating for the restoration of broadband privacy.

Overall, nobody should view any of the above suggestions as a permanent fix for the problem that Congress has created by nuking the FCCs privacy protections. When something bad happens, its natural to want assurance that we still can be in control of our own destiny. Taking advantage of the limited steps that are available can be a good idea, but the best thing Americans can do about this betrayal of their privacy is to exercise their right to support and oppose candidates, to vote, and to engage in vocal speech and vigorous activism.

Continue reading here:
What Individuals Should Do Now That Congress Has Obliterated the FCC's Privacy Protections - ACLU (blog)

GIF courtesy of 20th CenturyFox

Last week, most congressional Republicans voted to let Internet service providers (ISPs), the companies that pipe the Internet to consumers, harvest intimate online user data for profit. Since the big ISPs, such as Comcast, have near-monopoly power in most of this country, the only way for a consumer to opt out of this kind of data harvesting would be to not have a home Internet connection.

For the privacy-minded citizen, tech sites like Gizmodo recommend covering ones tracks by using virtual private networks (VPNs) or a Tor browser, which anonymizes traffic. But there are downsides to those options, especially if youre the kind of person who wants no-hassle access to the web.

And since most of us arent up to anything particularly nefarious, its not about anonymity so much as valuing the sanctity of the private details of our lives. This includes such chestnuts as personal health info and the sweet nothings shared by lovers. Cant all of us who arent Republican congresspeople and telecom-company execs agree that some things are sacred and shouldnt be profited off of?

Rather than hide, perhaps it would be most effective to render our information worthless to these greedy corporations. Please allow me to share an idea as to how we might take back our privacy from the powers that be.

The reason missile defense systems dont work in real life is that theres no good way to tell the difference between an actual nuclear missile and a fake one. If any industrious evildoer wants to get their missile past an antimissile defense system (like the one the US is installing in South Korea), all they have to do is overwhelm the detectors with dummy missiles.

Similarly, its time to go nuclear on the ISPs and the whole advertising-funded model of the web. They want to track our data and advertise to us? I say fineyou want my data? Ill give you data. SO MUCH DATA. Lets blow the system up.

Much like evading a missile defense system, the way to throw smoke into the eyes of enemy ISPs is to send forth a deluge of bogus information, flowing abundantly through the gnashing jaws of their ravenous data munchers.

The whole web advertising system is predicated on the idea that some fancy algorithms can get a decent idea of who are you from analyzing what content moves to and from your Internet-connected device.* On your computer, all the juicy profile data youre producing as you browse on your home WiFi connection will now be fair game to Comcast, AT&T, etc. And dont believe what they are saying now about respecting privacythese are terrible companies that will take you for everything youre worth.

A simple way to combat this would be for everyone to mix a lot of fake data in with their real data. But rather than spending lots of time fake browsing, ideally someone could create a program or a device to automatically fake-browse for you. Maybe this already exists, but Im searching through the Internets, and surprisingly, I cant find anything that precisely fits the bill. Yes, theres Internet Noise, a nifty program that adds random Internet nonsense to your browsingbut data munchers wont have much of a problem sifting out your real data from such a crude, randomized approach.

But what if someone came up with an approach that worked? Would you spend $5 on a device that you could plug into your computer in order to make your info worthless to marketers? Perhaps a USB dongle that has a program on it that acts as a virtual computer mouse. No physical hardware need be involved. Just a virtual device that, to the computer, is indistinguishable from a real peripheral device, since all the computer sees is commands anyway. The USB virtual mouse would be loaded with preprogrammed click schemes. You plug the device in, and the program opens a browser and starts clicking through pages. It enters in bogus information to text boxes it encounters along the way. When it gets to CAPTCHAs, it takes a different route, or perhaps it holds the page and waits for you to fill it in. Low tech is good tech.

Instead of feeding in a bunch of random searches like Internet Noise, I imagine computer labs full of teens furiously surfing the web, recording a diverse array of click schemes. Or perhaps a crowdsourced situation. Libraries of these human-generated web journeys would be uploaded onto the device. The important thing is keeping an analog-based solution to make it impossible to tell whether the clicks are coming from the real owner of a specific laptop or a deluge of fake data.

This phantom mouse could run around the web while youre away from your computer. Or maybe run in the background so that during all hours your computer is generating reams of fake browsing data.

If even a small portion of Internet users started doing this, enough doubt would infect the system, and the targeted Internet advertising business as we know it would crumble. Then we could all join Medium, pay our five bucks a month and live happily, advertisinglessly ever after.

Well, not really. Thered still be browsing data from your phone. I dont think running a program like this on an iPhone would be feasible. Maybe an Android device would be easier since they dont police their apps to the same degree as Apple. Also, this would throw the ball back into the court of Google and Facebook, who would still have plenty of data from your profile/account to target you well. But suddenly, Facebook and Google are looking a lot less insidious than they did a few weeks ago. And given how thoroughly dystopian last week was, thats saying something!

Heres a crazy idea: What if consumers could take control of their own data and then allow certain companies they like to opt-in for a price to their real information? But not ISP-creeper profile informationrather, relevant information the consumer feels open to sharing. For instance, I could give my favorite musical-instrument company the option of paying me or giving me discounts to tell them what Im interested in. This could be information I actively give them of my own free will that is relevant to my instrument buying. Heck, maybe I could get a free subscription to the New York Times or whatever news websites/blogs I dig in exchange for opting in to some targeted advertising. Wouldnt that feel much more aboveboard than this surreptitious profile building? And then they could send me deals. And then maybe Id buy stuff!

We cant just hand over our privacy to the biggest bribers of Congress. Until these products and services are implanted under our skin (oh, wait, its already happening!), we still have some say in this.

Maybe it seems benign at the moment, given all the other dire political stuff that is happeningthe lifting of environmental regulations, airstrikes killing civilians in Mosul, our government being infiltrated by Russiabut really, what the heck can you do about any of that? I have no idea! Whereas we still have a modicum of agency over our basic privacies.

Capitulating on this issue means pissing away fundamental, freedom-loving American value. Five years ago, such legalized intrusions would have seemed unfathomable. If Congress can sell us out so quickly and thoroughly, whats next?

My proposal may not be the most elegant solution, but I havent heard anyone else come up with anything better. Somehow, weve got to do something to stop corporations from violating the sanctity of your silly sexts and the stupid pictures you send to your mom.

*But the good news is that for the most part, your phone data isnt going through an ISP, and your phone company still isnt allowed to capture and sell your phone data. Phone connections are still defined as a public utility, whereas this new move by Congress stops laws going into effect that were going to make Internet connections subject to that same public-utility designation. So another pricey solution could be doing all your computing through data plans provided by your phone company.

Visit link:
Time to Go Nuclear Against Anti-Internet Privacy Laws - thebolditalic

Google has become synonymous with finding information. But even the mighty Google has its drawbacks, especially if you value your privacy. The worlds most famous search site is also known for saving your search history, reading your email in Gmail, and tracking what you click online.

Tip in a tip: Did you know that Google also tracks your physical location and dates you were there? Go to http://tinyurl.com/hxdc2hg to see a map showing your detailed location history.

Before you break out the torches and pitchforks, remember that Google is trying to make its services as useful as possible. The companys goal is to find out what you want before you want it.

Maybe you want a break from the well-meaning surveillance. What are your alternatives these days? Which search engines dont step on your virtual heels? Here are three ways to search the internet that you may find refreshing.

This search engine is unusual in many ways. First, it wasnt developed in California, but in suburban Pennsylvania. Second, DuckDuckGo has a mission to keep users information private and to prevent personalized search results.

So whats wrong with personalized search results? Dont you want your phone or computer to cater to your interests? The creators of DuckDuckGo assert that this kind of technology creates a filter bubble. Google specializes in sending you only the content that the company thinks you want, not everything available.

Theres more to DuckDuckGo than just not being Google. The search engine includes nifty calculators and other tricks youve come to expect, and you can customize its interface, with search shortcuts and an Instant Answers feature.

You might be surprised by the quality of Instant Answers, which easily rivals Googles Knowledge Graph. You can also make DuckDuckGo an extension of your browser and activate more privacy settings to keep your search history as protected as possible. Go to http://tinyurl.com/lxaw6gq to check out DuckDuckGo.

Ixquick calls itself the worlds most private search site. That may sound a little grand, but theyve earned their stripes. Ixquick doesnt record your IP address, browser information or search history.

The real magic of Ixquick is its search by proxy feature. This means that websites have no idea what IP address youre using. As a customer browsing their pages, you are basically invisible. This feature does have the potential to slow down your searches, but that will be a small price to pay for people who give their privacy top priority.

Heres an example: Suppose you use Ixquick to search for a term like Komando. Your search results will look similar to Googles, with a list of websites it has found that match your search. But each result has three options: Just click the regular link, and youll visit the page as you normally would, meaning the website can see you.

Or you can choose Highlight to see the sites most basic information. This way, youre not visiting the site, just seeing what its about. Finally, you can pick Proxy, which means you will remain anonymous. Those sites will only see Ixquicks IP address, not yours. Go to http://tinyurl.com/m7vyk8m to use Ixquick.

If youre looking for something a little more sophisticated, you might consider Tor. This name started as an acronym for The Onion Router, and its very popular among computer-savvy circles.

The Tor Project describes itself as an anonymity network, which means that privacy is its primary goal. The companys logo has an onion, which is more than just a cute cartoon. Tor uses sophisticated encryption software that behaves like the layers of an onion, making it virtually impossible for someone to track your movements online. Tor bounces your communications through a global network, a real headache for anyone trying to find your physical location.

You may have heard of Tor because this same technology is used to access the Dark Web. Go to ??? to learn more about the Dark Web.

That may sound creepy, and its true that Tor has been used for illegal activity online, but the software itself is perfectly legal and shouldnt pose any problems. Remember, its not the tool that causes problems but how you use it.

Before you rush to the Tor website and download the free software, keep in mind that Tor may slow down your searches, and it may also change your web browsers settings. Go to http://tinyurl.com/lgen79l to install and use the Tor browser.

Kim Komando hosts the nation's largest talk radio show about consumer electronics, the Internet and digital lifestyles. Hear it locally at 94.3 WSC noon-3 p.m. Sundays.

Read more here:
3 ways to search the web without Google tracking you | Business ... - Charleston Post Courier

We explain the Dark Web, how it differs from the Deep Web, and how to access the Dark Web using Tor. We explain the Dark Web and Deep Web, plus how to access them

By Matt Egan | 06 Apr 17

The Dark Web is a term that refers specifically to a collection of websites that exist on an encrypted network andcannot be found by using traditional search engines or visited by using traditional browsers.

Almost all sites on the so-called Dark Web hide their identity using the Tor encryption tool. You may know Tor for its ability to hide your identity and activity. You can use Tor to spoof your location so it appears you're in a different country to where you're really located, making it much like using a VPN service.

When a website is run through Tor it has much the same effect.

Indeed, it multiplies the effect. To visit a site on the Dark Web that is using Tor encryption, the web user needs to be using Tor. Just as the end user's IP address is bounced through several layers of encryption to appear to be at another IP address on the Tor network, so is that of the website.

There are several layers of magnitude more secrecy than the already secret act of using Tor to visit a website on the open internet - for both parties

Thus, sites on the Dark Web can be visited by anyone, but it is very difficult to work out who is behind the sites. And it can be dangerous if you slip up and your identity is discovered. Talking of identity, you can find outwhat Google knows about youand alsodelete your Google location history.

You can also read our in-depth guide to using Torif you want to know more about using the web anonymously and sending messages securely.

Not all Dark Web sites use Tor. Some use similar services such as I2P, such as the Silk Road Reloaded. But the principle remains the same. The visitor has to use the same encryption tool as the site and - crucially - know where to find the site, in order to type in the URL and visit.

Infamous examples of Dark Web sites include the Silk Road and its offspring. The Silk Road was (and maybe still is) a website for the buying and selling of recreational drugs. But there are legitimate uses for the Dark Web.

People operating within closed, totalitarian societies can use the Dark Web to communicate with the outside world. And given recent revelations about US- and UK government snooping on web use, you may feel it is sensible to take your communication on to the Dark Web. (I'll stick to Facebook, but I like the attention.)

The DarkWeb hitthe headlines in August 2015after it wasbeen reported that 10GB of data stolen from Ashley Madison, a site designed to enablebored spouses to cheat on their partners, was dumped on to the DarkWeb.

Hackers stole the data and threatened to upload it to the web if the site did not close down, and it has now acted on that threat. Now the spouses of Ashley Madison users have begun to receive blackmail letters demanding they pay $2500 in Bitcoin or have the infidelity exposed.

In March 2015 the UK government launched a dedicated cybercrime unit to tackle the Dark Web, with a particular focus on cracking down on serious crime rings and child pornography.The National Crime Agency (NCA) and UK intelligence outfit GCHQ are together creatingthe Joint Operations Cell (JOC).

Although all of these terms tend to be used interchangeably, they don't refer to exactly the same thing. An element of nuance is required. The 'Deep Web' refers to all web pages that search engines cannot find.

Thus the 'Deep Web' includes the 'Dark Web', but also includes all user databases, webmail pages, registration-required web forums, and pages behind paywalls. There are huge numbers of such pages, and most exist for mundane reasons.

We have a 'staging' version of all of our websites that is blocked from being indexed by search engines, so we can check stories before we set them live. Thus for every page publicly available on this website (and there are literally millions), there is another on the Deep Web.

The content management system into which I am typing this article is on the Deep Web. So that is another page for every page that is on the live site. Meanwhile our work intranet is hidden from search engines, and requires a password. It has been live for nearly 20 years, so there are plenty of pages there.

Use an online bank account? The password-protected bits are on the Deep Web. And when you consider how many pages just one Gmail account will create, you understand the sheer size of the Deep Web.

This scale is why newspapers and mainstream news outlets regularly trot out scare stories about '90 percent of the internet' consisting of the Dark Web. They are confusing the generally dodgy Dark Web with the much bigger and generally more benign Deep Web.

Mixing up the act of deliberately hiding things, with that of necessarily keeping pages away from search engines for reasons of security or user experience.

Confusingly, 'Dark Internet' is also a term sometimes used to describe further examples of networks, databases or even websites that cannot be reached over the internet. In this case either for technical reasons, or because the properties contain niche information that few people will want, or in some cases because the data is private.

A basic rule of thumb is that the phrases 'Dark Web' or 'Deep Web' are typically used by tabloid newspapers to refer to dangerous secret online worlds, the 'Dark Internet' is a boring place where scientists store raw data for research.

The Deep Web is a catch-all term for all web pages that are not indexed for search, the others refer to specific things. (See also: Take precautions when using public Wi-Fi networks.)

Technically, this is not a difficult process. You simply need to install and use Tor. Go to http://www.torproject.org and download the Tor Browser Bundle, which contains all the required tools. Run the downloaded file, choose an extraction location, then open the folder and click Start Tor Browser. That's it.

The Vidalia Control Panel will automatically handle the randomised network setup and, when Tor is ready, the browser will open; just close it again to disconnect from the network.

Depending on what you intend to do on the Dark Web, some users recommend placing tape over your laptop's webcam to prevent prying eyes watching you. A tinfoil hat is also an option.If you're reading this to find out about torrent files, check out our separate guide on how to use torrent sites in UK.

The difficult thing is knowing where to look on the Dark Web. There, reader, we leave you to your own devices and wish you good luck and safe surfing. And a warning before you go any further. Once you get into the Dark Web, you *will* be able to access those sites to which the tabloids refer. This means that you could be a click away from sites selling drugs and guns, and - frankly - even worse things.

Aggregation sites such as Reddit offer lists of links, as do several Wikis, including http://thehiddenwiki.org/ - a list that offers access to some very bad places. Have a quick look by all means, but please don't take our linking to it as an endorsement. It really isn't.

Also, Dark Web sites do go down from time to time, due to their dark nature. But if you want good customer service, stay out of the dark!

And do heed our warning: this article is intended as a guide to what is the Dark Web - not an endorsement or encouragement for you to start behaving in illegal or immoral behaviour.

Here is the original post:
What is the Dark Web and Deep Web? How to access the Dark Web ... - PC Advisor

VDigger offers several ways to share sensitive information with us, including new encryption services through a secure server.

Investigative journalists rely on members of the public to expose corruption and wrongdoing. No system is 100% secure, but weve set up methods to contact us that help protect your identity.

We are making an especial effort to protect our sources. We do not reveal the identities of anonymous sources who wish to give us confidential information. These methods of contact are designed to ensure communication is as secure as possible.

VTDigger for years has offered a place for tipsters to send us information without identifying themselves by name. While our system automatically records IP addresses, we respect your anonymity and do not trace the source of any submission. Here is a link to the tipster form. Here is a link to our document upload form.

Mail delivered through the postal service is a secure means of communication. We recommend that you use a public mailbox a blue box on the corner instead of a post office.

Send a letter with no return address to VTDigger at 26 State St., Montpelier VT 05602.

Signal is an encrypted phone and messaging app for mobile phones. It stores a number, but not your activity while using it. You can also set it to erase content from your phone automatically. For more info, go to https://whispersystems.org

Once youve got the Signal app, you can call or message us at +1 802-595-9159

If you want to send an anonymous tip that does not identify your Internet Protocol address, please use our GlobaLeaks service. You can write to us securely and attach documents which will be encrypted.

Remember that online security starts with you, so here are some simple ways for you to protect your identity.

Update the operating system for your computer so that its more secure. Make sure your computer has been scanned for malware and viruses. Be careful where you access the server. We recommend using broadband or wifi service that is protected by a Virtual Private Network. Do not use it from public places where your screen may be viewed by other people or cameras. Here is a list of popular VPNs.

VTDigger hosts a secure information transmission service on the GlobaLeaks platform, which has been independently verified by journalists around the world. You will need to take precautions to help protect yourself, and download special software to your computer:

1> Get on the internet using a Virtual Private Network connection to mask your computers IP address.

2> Download and install the Tor browser here.

3> Once you load the Tor browser, copy and paste the URL http://loyjvljzuhxzbifk.onion into your browsers address bar. When the page loads, you will see additional information on how to submit your content to us.

NOTE: If the Tor browser does not work, you are most likely on a monitored network and need to find a different network to avoid being detected.

4> On submission of your data, you will be assigned a randomly generated 16-digit code. When we respond to your message, you will use this code to log back into the site and communicate with us.

NOTE: This code is the only way we have of reaching you. To protect your anonymity, we do not ask for other contact information.

Please do not lose that code: it will not be stored in your computers keychain or browser history: you must write it down.

The Globaleaks server is highly secure. All your communication with us is over the Tor network, and we cannot collect any information about your location. Only a few of our most trusted journalists have access to information stored on our Globaleaks server. Its also geographically, physically, and digitally separate from all the rest of VTDiggers servers, email system and identifiable digital assets.

The GlobaLeaks software powering this system is an open-source project used by newsrooms around the world. You can learn more about it here: https://www.globaleaks.org

If the GlobaLeaks system is unavailable or TOR is blocked for you, you can use our PGP keys to send us encrypted email. If you do not wish to identify yourself, create an email address on a free webmail service, such as Gmail, using a pseudonym. Download a PGP extension (we recommend the Mailvelope Chrome extension), and send an encrypted email to [emailprotected] using the encryption at the link below.

VTDigger PGP Keys(Anne Galloway)

If youre going to send us PGP-encrypted email and would like us to encrypt our response, please send your public key.

If you are using the Tor browser you should ensure that there is no keylogging malware on your PC, MAC or tablet. If your computer has already been compromised, we cannot safeguard your identity or the information you are sending us. Its good practice to routinely run malware checkers on your devices.

Any content uploaded to the platform will be treated in the utmost confidentiality by us to protect your anonymity unless you indicate you wish to waive it.

Sending us your material is no guarantee that we will report on it or publish a story using that material.

VTDigger will not set cookies, fingerprint your browser/machine or display third party content when you use our system. Use is ultimately at your own risk. Thank you for helping us to promote secure, independent, not-for-profit journalism.

Originally posted here:
Share Secure Tips - vtdigger.org

Editors note: This post is a companion piece to this guide on how to take action and protect your privacy in light of the bill that President Trump recently signed into law that allows internet service providers (ISPs) to sell consumers browsing data.

Picking a good, secure VPN even for tech-savvy people can be difficult.

Im not a lawyer and someone with legal background should examine this, but something people need to understand is that VPN providers can also be classified as ISPs as theyre providing an internet service. And if theyre based in the U.S. or their servers are in the U.S. or in a country with similar anti-privacy laws, they may still be able to monetize your browsing habits. So basically by picking a bad VPN service, you might make the problem in hand even worse.

There are very very few service providers whom I know and trust that dont have any interest in the users data and take active measures to either not to have access to it in the first place or secure it if they have. Riseup.net and Calyx.net are two of them.

For more technical users, here are some tools I recommend. Each have their own pros and cons.

To be perfectly clear, Tor is NOT a VPN and is not even remotely comparable. Apples and oranges. But its probably your best shot at protecting your privacy. Tor Browser is a hardened browser built on top of Firefox. It makes it harder for sites and adversaries to track you by anonymizing your path to the website you visit. If this is the first time hearing about Tor, I encourage you to watch this short animation.

While Tor Browser is my primary browser these days, I dont use it for my banking, for example. They might freak out as your IP address changes from one country to another roughly every 10 minutes. Using Tor makes it extremely difficult for anyone to see or collect your online behavior.

Full disclosure, Im a volunteer and core member of The Tor Project.

Pros

Cons

[Related: A beginners guide to Tor.]

Once setup, Algo is probably the easiest and one of the most secure way to get a VPN up and running to be used on MacOS or iOS. If youve ever used the command line, setting up an instance of Algo should be fairly easy for you. Just be mindful, if youre using Algo for your privacy against the recent deregulation in the U.S., you might want to pick a data center that resides in a privacy- friendly jurisdiction. Another thing you might want to consider is that Algo uses Google DNS by default. If youre worried about this recent deregulation, you should as well be worried about the visibilities the Silicon Valley companies such as Google have on your traffic.

Pros

Cons

The design of Bitmask is based on OpenVPN and you can easily hook it up with Riseup or Calyx servers. In fact, theyre both already two of the built-in service providers. I hear from the developers that the MacOS version is on its way, but if youre like me and cant wait to see it, you could chip in with your money or skills to speed up the development process.

Also find it here.

Pros

Cons

A separate operating system housed on a USB stick, DVD or SD card that includes a suite of privacy-ninja applications built in. Everything runs over Tor. Tails is built and maintained by a mostly anonymous, international collective of highly respected developers (yes, all of those things). It can be tricky to set up the USB stick, but once you have it set up, Tails is easy to use. The best part about Tails is that it doesnt touch your currently running operating system. Whether you have Windows or MacOS or Linux, you can install Tails on a USB, reboot and do your work in Tails and when youre done, reboot and unplug the USB stick.

Neither your computer nor Tails would have any memory of what articles you read online or which newspaper you leaked documents to.

Pros

Cons

This new operating system, currently in alpha release, is based on Debian and not only sends all of your traffic over Tor by default, but also protects you from zero-day attacks by taking advantage of grsecurity patches. And on top of that, it has some amazing sandboxing features. If youre a little more savvy and want to try things at the bleeding edge, definitely give it a shot. Imagine Tails but built to be your primary OS.

Pros

Cons

Nima Fatemi is an independent security researcher and core member of Tor.

See the original post:
A new law allow ISPs to sell your data without your consent. Here's how to shield your privacy - Technical.ly

We pay our monthly Internet bill to be able to access the Internet. We dont pay it to give our Internet service provider (ISP) a chance to collect and sell our private data to make more money. This was apparently lost on congressional Republicans as they voted to strip their constituents of their privacy. Even though our elected representatives have failed us, there are technical measures we can take to protect our privacy from ISPs.

Bear in mind that these measures arent a replacement for the privacy rules that were repealed or would protect our privacy completely, but they will certainly help.

It goes without saying: if privacy is a concern of yours, vote with your wallet and pick an ISP that respects your privacy. Here is a list of them.

Given the dismal state of ISP competition in the US, you may not have this luxury, so read on for other steps you can take.

In 2014, Verizon was caught injecting cookie-like trackers into their users traffic, allowing websites and third-party ad networks to build profiles without users consent. Following criticism from US senators and FCC action, Verizon stopped auto-enrolling users and instead made it opt-in. Users now have a choice of whether to participate in this privacy-intrusive service.

You should check your account settings to see if your ISP allows you to opt-out of any tracking. It is generally found under the privacy, marketing, or ads settings. Your ISP doesnt have to provide this opt-out, especially in light of the repeals of the privacy rules, but it can never hurt to check.

EFF makes this browser extension so that users connect to a service securely using encryption. If a website or service offers a secure connection, then the ISP is generally not able to see what exactly youre doing on the service. However, the ISP is still able to see that youre connecting to a certain website. For example, if you were to visit https://www.eff.org/https-everywhere, your ISP wouldnt be able to tell that youre on the HTTPS Everywhere page, but would still be able to see that youre connecting to EFFs website at https://www.eff.org

While there are limitations of HTTPS Everywhere when it comes to your privacy, with the ISP being able to see what youre connecting to, its still a valuable tool.

If you use a site that doesn't have HTTPS by default, email them and ask them to join the movement to encrypt the web.

In the wake of the privacy rules repeal, the advice to use a Virtual Private Network (VPN) to protect your privacy has dominated the conversation. However, while VPNs can be useful, they carry their own unique privacy risk. When using a VPN, youre making your Internet traffic pass through the VPN providers servers before reaching your destination on the Internet. Your ISP will see that youre connecting to a VPN provider, but wont be able to see what youre ultimately connecting to. This is important to understand because youre exposing your entire Internet activity to the VPN provider and shifting your trust from the ISP to the VPN.

In other words, you should be damn sure you trust your VPN provider to not do the shady things that you dont want your ISP to do.

VPNs can see, modify, and log your Internet traffic. Many VPN providers make promises to not log your traffic and to take other privacy protective measures, but it can be hard to verify this independently since these services are built on closed platforms. For example, a recent study found that up to 38% of VPN apps available for Android contained some form of malware or spyware.

Below, we detail some factors that should be considered when selecting a VPN provider. Keep in mind that these are considerations for someone who is interested in preventing their ISP from snooping on their Internet traffic, and not meant for someone who is interested in protecting their information from the governmenta whistleblower, for instance. As with all things security and privacy-related, its important to consider your threat model.

Does the VPN provider log your traffic? If yes, what kind of information is logged? You should look for one that explicitly promises to not log your Internet traffic and how active the VPN provider is in advocating for user privacy.

Does the VPN provider use encryption in providing the service? Its generally recommended to use services that support a well-vetted open source protocol like OpenVPN or IPSec. Utilizing these protocols ensures best security available.

If your VPN provider uses encryption, but has a single shared password for all of the users, its not sufficient encryption.

Would using the VPN service still leak your DNS queries to your ISP?

Does the VPN support IPv6? As the Internet transitions from IPv4 to the IPv6 protocol, some VPN providers may not support it. Consequently, if your digital device is trying to reach a destination that has an IPv6 address using a VPN connection that only supports IPv4, the old protocol, it may attempt to do so outside of the VPN connection. This can enable the ISP to see what youre connecting to since the traffic would be outside of the encrypted VPN traffic.

Now that you know what to look for in a VPN provider, you can use these two guides as your starting point for research. Though keep in mind that a lot of the information in the guides is derived from or given by the provider, so again, it requires us to trust their assertions.

If you are trying to protect your privacy from your Internet company, Tor Browser perhaps offers the most robust protection. Your ISP will only see that you are connecting to the Tor network, and not your ultimate destination, similar to VPNs.

Keep in mind that with Tor, exit node operators can spy on your ultimate destination in the same way a VPN can, but Tor does attempt to hide your real IP address, which can improve anonymity relative to a VPN.

Users should be aware that some websites may not work in the Tor browser because of the protections built in. Additionally, maintaining privacy on Tor does require users to alter their browsing habits a little. See this for more information.

Its a shame that our elected representatives decided to prioritize corporate interests over our privacy rights. We shouldnt have to take extraordinary steps to limit how our personal information can be used, but that is clearly something that we are all forced to do now. EFF will continue to advocate for Internet users privacy and will work to fix this in the future.

Excerpt from:
Here's How to Protect Your Privacy From Your Internet Service Provider - EFF