Category Archives: Tor Browser

Tor, once known only by network nerds, has now become something of a hot topic. This is thanks largely to the anonymous network's reputation for hosting drug marketplaces like Silk Road, and other unsavoury sites.

But what exactly is Tor? What is it good for? Does it have any legitimate uses? And how can those not versed in the finer details of network technologies actually access it?

03/04/3017:The Tor browser will take greater advantage of the Rust programming language developed by Mozilla to keep user interactions more secure, it has been revealed.

Although Tor developers have been gunning for the news for a long time (since 2014, in fact), the Mozilla-powered code will play a bigger role in the secretive browser's future.

According to Bleeping Computer, Tor developers met last week to discuss the future of the private browser and decided to use more of the C++-based code in future, hoping to replace the majority of its legacy C and C++ base in the coming months or years.

"We didn't fight about Rust or Go or modern C++. Instead, we focused on identifying goals for migrating Tor to a memory-safe language, and how to get there," Tor developer Sebastian Hahn said.

"With that frame of reference, Rust emerged as a extremely strong candidate for the incremental improvement style that we considered necessary."

The reason why it decided to make such a big change was because a tiny mistake in the C programming language used in the current version of Tor could have a huge impact on users, Tor developer Isis Agora Lovecruft said on Twitter.

"A tipping point in our conversation around 'which safe language' is the Tor Browser team needs Rust because more & more Firefox is in Rust. Also the barrier to entry for contributing to large OSS projects written in C is insanely high."

13/12/2016:The first sandboxed version of the Tor Browser was released in alpha last weekend, bringing privacy fans one step closer to secure browsing.

Version 0.0.2 of the software was released by Tor developer Yawning Angel on Saturday, who is tackling the project largely single-handed. Official binaries are yet to be released, but early adopters can take it for a spit by compiling the code themselves from GitHub.

The project has been a labour of love for Yawning Angel. "We never have time to do this," he said back in October. "We have a funding proposal to do this but I decided to do it separately from the Tor Browser team. I've been trying to do this since last year."

The efforts have been given new urgency by a zero-day vulnerability in Firefox. Discovered last month, the error was being used to de-anonymise Tor users, as the browser is heavily based on Firefox code.

Sandboxed instances of Tor are different from the normal version in that they run in a self-contained silo. This means that if an attacker uses an exploit against the browser, the amount of data it can collect through it from the rest of the machine and operating system is limited.

However, Yawning Angel has stressed that the software is still a very early alpha, and cannot be trusted to be entirely secure. "There are several unresolved issues that affect security and fingerprinting," he wrote as part of the software's README.

01/12/2016:A zero day vulnerability found in both Firefox and Tor web browsers has been exploited in the wild, allowing attackers to target users for their IP and MAC addresses.

Internet security firm Malwarebytes first discovered the flaw, which was shown to be almost identical to the one used by the FBI to expose Tor browser users in 2013.

"The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code," said Daniel Veditz, security lead at Mozilla, in a blog post on Wednesday.

Hackers were able to exploit Tor and Firefox browsers to send user hostnames and IP and MAC addresses to a remote server identified as 5.39.27.226, which has now been taken down.

"The goal is to leak user data with as minimal of a footprint as possible. There's no malicious code downloaded to disk, only shell code is ran directly from memory," said Jerome Segura, lead malware intelligence analyst at Malwarebytes.

"Browsers and their plugins remain the best attack vector to deliver malware or leak data via drive-by attacks," added Segura.

Malwarebytes recommend users adjust the security settings of their Tor browser to 'High' within the privacy settings, which will thwart any similar attacks of this kind. Users running the Malwarebytes Anti-Exploit tool will already by protected from the vulnerability. Both Mozilla and Tor have released patches to address the security flaw.

08/11/2016:FBI illegally used malware against innocent people, say privacy experts

Privacy experts have accused the FBI of overstepping its legal bounds and hacking innocent dark web users, as part of its investigation into child pornography sites using Tor's hidden services.

Unsealed court documents from 2013 reveal that as part of an operation to identify visitors to sites owned by Freedom Hosting - which the FBI had seized earlier that year - the agency obtained a warrant to use a piece of malware called a 'network investigative technique' (NIT) against around 300 specific users of the TorMail secure webmail service, all of whom were allegedly linked to child porn.

However, users who were affected by the NIT told Motherboard that the malware was deployed before users even reached the login page, meaning that it would have been impossible for the FBI to determine who its malware was actually targeting.

The American Civil Liberties Union's principal technologist Christopher Soghoian has condemned this illegal hacking of innocent users, telling Motherboard that "while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade".

"The warrant that the FBI returned to the court makes no mention of the fact that the FBI ended their operation early because they were discovered by the security community," Soghoian continued, "nor does it acknowledge that the government delivered their malware to innocent TorMail users."

"This strongly suggests that the FBI kept the court in the dark about the extent to which they botched the TorMail operation."

The FBI has denied that it acted outside its remit, stating that "as a matter of practice the FBI narrowly tailors warrants, and we do not exceed the scope of those warrants."

07/11/2016: If you think the dark web is nothing more than a wretched hive of scum and villainy, think again - research has shown that the majority of content hosted on it is perfectly legal.

A new report from security firm Terbian Labs reveals that while most people associate the dark web with questionable pornography, exotic narcotics and unlicensed arms deals, the reality is actually quite dull, with over 50% of all domains and URLs in the survey's sample comprised of legal content.

"These Tor Hidden Services play host to Facebook, European graphic design firms, Scandinavian political parties, personal blogs about security, and forums to discuss privacy, technology, even erectile dysfunction," the report explains. "Anonymity does not equate criminality, merely a desire for privacy."

However, the report also conceded that illegal content was also rampant on the dark web. Drugs make up 12.3% of total content on the dark web (and a whopping 45% of all illicit content), while hacking and fraud-related content is also common.

"The dark web receives a fair amount of negative attention because of the anonymity it provides. To outside observers, the desire for anonymity goes handin-hand with criminal activity, and many summaries of the dark web focus exclusively on this criminal activity," the report said. "Most discussions of the dark web entirely gloss over the existence of legal content."

18/10/2016: The Tor Project has released a major update for the Tor software to fix a vulnerability which allows remote attackers to crash Tor servers.

According to a blog post on the Tor Project, Tor 0.2.8.9 backports a fix for a security hole in previous versions of Tor that would allow a remote attacker to crash a Tor client, hidden service, relay, or authority.

It said the update prevents a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string.

At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur, said the blog post.

The project urged all Tor users to upgrade to this version, or to 0.2.9.4-alpha. Patches will be released for older versions of Tor.

31/09/2016:The Tor Project has unveiled a new release: Tor Browser 6.0.5, arriving with a host of updates and improvements. Available for Windows, Linux, and Mac OS X, the new release isself-contained software that can run off a USB flash drive to ensure the anonymity of the user.

Another major change coming to this release is the important security updates that fix the newly revealed extension update vulnerability. According to FossBytes, this loophole allows a hacker to obtain a valid certificate for addons.mozilla.org to imitate Mozillas servers and serve a malicious update.

The new Tor Browser 6.0.5 also comes with updated HTTPS-Everywhere and a new Tor stable version 0.2.8.7.

16/09/2016:The Tor Project has criticised moves by the US government that would enable the FBI to hack computers and conduct surveillance on electronic devices.

It made a public plea against plans to amend Rule 41 of the Federal Rules of Criminal Procedure, which is due to take effect on 1 December.

The amendments would allow the Department of Justice to hack computers and conduct surveillance with a single search warrant, regardless of where the device is located.

It specifies that computers using technology to conceal data, such as encryption or using a Tor browser, would fall inside the scope of changes.

The broad search warrants allowable under these new rules will apply to people using Tor in any country - even if they are journalists, members of a legislature or human rights activists, the Tor Project said in a blog post.

The FBI will be permitted to hack into a persons computer or phone remotely and to search through and remove their data. The FBI will be able to introduce malware into computers. It will create vulnerabilities that will leave users exposed.

In the US Senate, Democrat senator Ron Wyden said that Congress should debate these changes.

If the Senate does nothing, if the Senate fails to act, whats ahead for Americans is a massive expansion of government hacking and surveillance powers, he said.

The Tor Project added: We are at a critical point in the United States regarding surveillance law. Some public officials, like those at the US Department of Justice understand very well how surveillance technology works and the implications of the Rule 41 changes.

31/08/2016: Tor has published its new Social Contract in a bid to improve member conduct and pledged against introducing backdoors into the tool.

In a blog post, the Tor Project has collated the six-point social contract pledging to adhere to standards of conduct, being more transparent and honest about technological capabilities as well as advancing human rights.

The last of the clauses underlined the projects commitment to not harm users, even when pressured to do so by external forces.

We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users. We will never implement front doors or back doors into our projects. In our commitment to transparency, we are honest when we make errors, and we communicate with our users about our plans to improve, said the project.

The standards have been brought about after a number of sexual misconduct allegations against some Tor developers.

16/08/2016: One of the Silk Road's ex-administrators is to be extradited to the US on Friday, following a ruling by Ireland's High Court.

27-year-old Gary Davis, of County Wicklow, was allegedly one of the black market site's chief administrators, going by the name of "Libertas".

According to Davis' legal counsel, the fact that he suffers from Asperger's Syndrome made him unsuitable for incarceration in a US facility, and that the potentially harsh treatment meant he could pose a suicide risk.

In his ruling, Justice Paul McDermott expressed his faith that "the United States authorities will act to protect his mental and physical health and take the appropriate steps to address any symptoms of depression of continuing anxiety by appropriate treatment".

US authorities claim that Davis was a paid employee of the dark web marketplace, which sold large amounts of drugs alongside other illegal goods and services. Site founder Ross Ulbright wasconvicted last yearof various offences relating to the site's operation and is currently serving life without parole.

Davis was charged by the federal government in 2013, alongside two other suspected admins who were supposedly known as "inigo" and "Samesamebutdifferent" on the site.

The trio has been charged with computer hacking conspiracy, money laundering conspiracy and narcotics trafficking conspiracy, charges which could net each suspect life in prison.

According to the 2013 Silk Road indictment, Davis' main role centred around customer satisfaction, and the indictment claimed he was tasked with "responding to customer service inquiries and resolving disputes between buyers and vendors".

15/08/2016:One of Nigel Farage's most trusted political confidantes has been caught using Tor to offer money laundering services on the dark web.

22-year-old George Cottrell was arrested in an FBI sting, The Telegraph reports, after allegedly advertising on the dark web under the pseudonym of "Bill".

An FBI team posing as a cadre of drug traffickers contacted the young aristocrat in 2014, whereupon - according to court documents - he promised to funnel their dirty money through his offshore accounts in order to launder it with "complete anonymity and security".

Cottrell organised for the 'drug traffickers' to send him an initial payment of 15,500 after a meeting in Las Vegas. However, he later attempted to extort the supposed criminals, threatening to turn them over to law enforcement if they did not transfer him 62,000 in bitcoin.

Cottrell faces 21 charges, including money laundering, fraud and attempted extortion, and was arrested at Chicago's O'Hare airport whilst travelling with chief Brexiteer and ex-UKIP leader Nigel Farage.

The authorities have frozen Cottrell's email and financial accounts, The Telegraph has claimed, which has resulted in Farage being unable to access his calendar.

26/07/2016: O2 customers have found their details being sold on the dark web after criminals used logins stolen from other sites to obtain access to their accounts.

The BBC's Victoria Derbyshire show learned of the sale after being contacted by an ethical hacker and found that names, passwords, email addresses and telephone numbers were all available to buyers.

O2 was quick to point out that its systems had not been breached, and that the attackers accessed customer data through password reuse attacks - also known as 'credential stuffing'.

"Credential stuffing is a challenge for businesses and can result in many company's customer data being sold on the dark net," an O2 spokesperson said.

"We have reported all the details passed to us about the seller to law enforcement and we continue to help with their investigations."

Following a joint investigation with O2, the Victoria Derbyshire programme learned that the credentials used to access the site had most likely come from games streaming site XSplit, which was hacked back in 2013.

The news underlines how easy it can be for criminals to use one hack to complete another, daisy-chaining breaches together.

"The problem with reusing passwords," says ESET security specialist Mark James, "is when a location gets breached that does not have very good security, the criminals will take that data and use it to attempt to log into websites for monetary gain."

"It makes no difference how good the security is for PayPal if you use the same username (often your email address) and password on a smaller not so well protected site."

15/07/2016:The Tor Project's entire board of directors has stepped down, following the scandal over alleged rapist Jacob Appelbaum's employment by the organisation.

"I think this was an incredibly brave and selfless thing for the board to do," said Tor's executive director Shari Steele as part of a blog post. "They're making a clear statement that they want the organisation to become its best self."

Wendy Seltzer, Ian Goldberg, Meredith Hoban Dunn, Rabbi Rob Thomas, Julius Mittenzwei, Nick Mathewson and Roger Dingledine have all agreed to leave their posts, stating "it is time that we pass the baton of board oversight".

Co-founders Dingledine and Mathewson will continue to lead the project's technical research and development efforts, however.

The outgoing directors have elected as their replacements six leading lights from the security and privacy communities. These include the Electronic Frontier Foundation's executive director Cindy Cohn, executive director of the Human Rights Data Analysis Group Megan Price, and security and cryptography guru Bruce Schneier.

The mass departure comes on the heels of a high-profile incident involving Tor Project developer Jacob Appelbaum, who has been accused of numerous counts of sexual harassment and rape.Appelbaum has vehemently denied the allegations.

However, testimony from one of his alleged victims has indicated that the organisation's board knew about the claims against him for over a year.

The board's perceived inaction against Appelbaum, who remained a public figure within the Tor community until his departure, drew substantial criticism from community members who thought they should have acted sooner.

08/07/2016:Malware that uses the Tor network to communicate with its command and control (C2) servers and is able to steal credentials stored in Mac OS X's keychain credentials and maintain a backdoor into the system has been discovered.

Keydnap, as it has been called, is delivered to a computer as a compressed Mach-O file, which is disguised as a benign extension, such as .jpg or .txt. However, there is an additional space at the end of these extensions, causing the file to launch in Terminal when double clicked, not in Preview or TextEdit.

However Gatekeeper, one of OS X's inbuilt security features that stops machines launching programmes in the Mac operating system has prevented the malware from spreading far and wide. Although it could become a problem if users have opted for the operating system to launch anything, regardless of the source.

If a user does allow all requests to pass, they could be at risk of letting the malware in via the persistent backdoor known as icloudsyncd and the keychain password stealer.

"[Keydnap] is equipped with a mechanism to gather and exfiltrate passwords and keys stored in OS Xs keychain," Eset researcher Marc-Etienne M.Leveille said.

He examined the malware attack, which was apparently stolen from a Github proof of concept created by software developer Juuso Salonen.

"The author simply took a proof-of-concept [that] reads securityds memory and searches for the decryption key for the users keychain," he explained in his report.

29/06/2016: The FBI is choosing not to divulge the Tor Browser exploit used to track and arrest 1,500 users of a dark web child pornography site last month, reports Engadget.

Mozilla requested that the FBI reveal the exploit used to track users' PCs with location-tracking malware, but the request was thrown out after being approved citing national security concerns.

"The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," the attorneys wrote in a filing this month.

20/06/2016:The Tor Project is building a special 'hardened' browser to prevent it being hacked by the FBI.

Security researchers have published a paper outlining how their newly-developed 'selfrando' technique is being used to protect against code reuse attacks that could bedeployed by US law enforcementagainst the browser.

Go here to see the original:
Tor Browser news: Tor browser will rely on more Rust code | Cloud Pro - Cloud Pro

In a 2016 study on global encryption trends published by the Ponemon Institute, encryption being used consistently across businesses grew from 16 percent to 41 percent since 2005.

Encryption converts any data into scrambled, unreadable text in order to mask the information from potential hackers.

WinMagic Data Security Solutions COO Mark Hickman says data encryptors require three key goals to successfully protect their information.

The first is to make encryption manageable so you can manage files on your network, cloud, and different devices. Second is to enhance the user experience encrypt the data without the user having to be aware of it. The last part is no compromised security: We cant compromise data security, even if it improves manageability or user experience, said Hickman.

UW Tacoma information technology graduate Sameer Hakimi believes its important to encrypt. Nowadays, you never know who has access to your information. If you dont keep your info private, anyone can know anything about you, said Hakimi.

Corporate businesses demand a high volume of security, but a lack of protection exists for the average consumer. On March 23, the U.S. Senate voted to decrease regulation, which allowed internet providers like Comcast and AT&T to share consumers information with other companies. According to Hari Sreenivasan of PBS NewsHour, this includes sharing browsing data, history, financial, health, communication and location information without your explicit permission.

Youtuber Philip DeFranco, called the situation the beginning to the end of privacy online.

Despite his thoughts on the end of privacy, he has many options to curtail data extraction. DeFranco stressed the importance of data encryption by mentioning different ways for everyday people to encrypt their information such as the Tor browser and virtual private networks.

Encryption is your best friend, said DeFranco.

Tor is a free online browser that, according to the Tor website, encrypts all of your incoming and outgoing browsing traffic and relays it through a number of volunteer nodes before sending it to its destination. DeFranco says this prevents internet providers from viewing the web pages the browser selects.

Hakimi says he has used Tor in the past, but feels as though there are better ways to encrypt data.

Tor is just a slower browser than Chrome, said Hakimi.

A VPN is another way to stop service providers from knowing your information. A VPN encrypts your entire web traffic, stopping service providers from seeing your information.

ILLUSTRATION BY ALEXX ELDER

More:
The importance of data encryption in our everyday cloud - The Ledger

Taking a Tor of the dark web isnt so anonymous

xijian/Getty

By Edd Gent

Dark web users may not be as anonymous as they think.

There are a high number of potentially privacy-busting connections between the dark web hidden online networks that require special software to access and the regular surface web, say privacy researchers.

The dark web is maybe not as dark as it seems, says Iskander Sanchez-Rola at the University of Deusto, Spain, who led the investigation into the Tor network, a dark web network that uses encryption to conceal users identity.

The group found close links between the dark web and surface web. More than 20 per cent of the 1.5 million dark web pages they analysed imported resources like pictures, documents and Javascript files from surface websites.

This raises potential privacy concerns, as owners of these resources can track when they are loaded by a user, giving them a window into the hidden domain. For example, Google could monitor traffic to 13 per cent of the domains in the studys dataset this way, the researchers say.

They also found tracking scripts, designed to analyse users browsing behaviour, on 27 per cent of the hidden pages they looked at. Nearly a third of these originated from the surface web, and 43 per cent of those were from Google.

Thats a problem, says Sanchez-Rola, because if a dark web service uses the same script as a site on the surface web, anyone using it could start tracking a users activity and potentially identify them when they visit less private sites. The researchers will present their work at the World Wide Web Conference in Perth, Australia, next week.

Those using Tor proxies services on the surface web that act as gateways to the dark web, like the popular Tor2Web are most at risk. These services can already see users IP addresses, but the links between the dark web and surface web mean that third parties could also access that information. If a user opens a dark web page that features a surface web resource through a proxy, their browser fetches this resource in the normal way, bypassing the anonymisation network. Using the Tor Browser to access the dark web offers better privacy protection, says Sanchez-Rola.

It is also better at protecting against web tracking, but only if users switch on script blocking, which can cause sites to malfunction.

This research has demonstrated for the first time how much of the dark web is intrinsically linked to the surface or clear web, says security researcher Sarah Jamie Lewis.

Her OnionScan tool, which probes dark web services for vulnerabilities, has found security issues that can de-anonymise up to 35 per cent of dark web servers, but she says there has been little action from site operators. The new research is a wake-up call for hosts to stop relying on third-party trackers and scripts that can put both users and themselves at risk, she says.

Read more: Why the dark net is more resilient to attack than the internet

More on these topics:

Originally posted here:
Trackers could unmask dark web users who think they're ... - New Scientist

Interest in VPNs hit a five-year high after Congress voted to kill FCC internet privacy rules.

Your internet service provider can sell your browsing history to the highest bidder.

That's the creepy truth internet users in the US woke up to on Wednesday morning. And it's spurring them to check out tools that can hide their browsing histories and disguise their internet traffic.

On Tuesday, the US House of Representatives voted to kill Federal Communications Commission rules that would have stopped ISPs from selling this data. Later that night, Google searches in the US for a tool called a VPN (short for virtual private network) spiked to a five-year high, according to Google Trends.

Journalists and cybersecurity experts also chattered about VPNs on Twitter.

The uptick in searches (which is relative, and likely doesn't mean everyone on the internet is seeking out a VPN) matched a broader, somewhat manic response to Congress' actions. One man is offering to sell his internet browsing history on eBay, so that he can benefit from this apparent commodity. Another ticked-off internet user started a campaign to buy the internet histories of legislators and a bunch of other people to make them publicly searchable.

Fatemeh Khatibloo, a principal analyst at tech research firm Forrester who focuses on privacy, pointed out that nothing has actually changed about the way ISPs treat your data. That's because the FCC rules hadn't gone into effect yet.

But if you're feeling creeped out, you might be wondering: What's a VPN, anyway? And will it keep the Comcasts, Verizons and other internet service providers of the world out of your business?

Well, it's complicated.

"People have to, unfortunately, take privacy matters into their own hands," said Ajay Arora, CEO of cybersecurity company Vera. "There's no silver bullet."

A VPN redirects your internet traffic, disguising where your computer, phone or other device is when it makes contact with websites. It also encrypts information you send across the internet, making it unreadable to anyone who intercepts your traffic. That includes your internet service provider.

Ha! Problem solved -- right?

Well, sort of. The big catch is, now the VPN has your internet traffic and browsing history, instead of your ISP. What's to stop the VPN from selling your information to the highest bidder?

Of course, there are reputable VPN services out there, but it's incumbent on you the user to "do your homework," Arora said. In addition to making sure the VPN will actually keep your data private, you'll want to make sure there's nothing shady in the terms and conditions.

Shady how? Well, in 2015, a group of security-minded coders discovered that free VPN service Hola was selling its users' bandwidth to the paying customers of its Luminati service. That meant some random person could have been using your internet connection to do something illegal. So, shady like that.

"I would recommend you do some cursory level research in terms of reputation [and] how long they've been around," Arora said, "And when you sign up, read the fine print."

The second catch is that you have to set up the VPN on your own, on all your devices that connect to the internet. You might even need different VPN services for different devices. Then you have to make sure you're connecting through a VPN at all times. How big of a catch that is depends on how tech-savvy you are and how much time you have on your hands.

Plenty of VPN users don't flip on the service unless they want to protect specific browsing sessions, said David Gorodyansky, CEO of privacy technology company AnchorFree.

He said 80 percent of the time, most people don't care about privacy, like when they're on Facebook. But the other 20 percent of the time is when they care about their privacy and they're more likely to use a VPN app. This could be when they're googling a personal topic.

"When people are searching online or downloading anything about their health, wealth or family, that's when they care about their privacy and download and use the app," he said.

Khatibloo, the Forrester analyst, said even though nothing has really changed in how ISPs are allowed to treat your data, Congress' actions have made people care more about privacy.

"This ruling has shined a light on carriers' and ISPs' data practices," Khatibloo said in an email, "and we expect that will mean an uptick in the number of consumers changing how they do things -- VPNs, the Tor browser, and HTTPS Everywhere."

Those last two tools also disguise internet traffic -- and they're not any easier to use than a VPN.

CNET's Maggie Reardon contributed reporting to this story.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it?

View original post here:
A VPN can protect your online privacy. But there's a catch - CNET

GRAND TRAVERSE COUNTY (WPBN/WGTU) -- President Trump is considering signing a bill allowing internet service providers to sell your online history information.

Right now, different search engines and social media sites are already doing this. The bill would allow internet providers such as Charter and Comcast to do the same.

"Yes it's susceptible to hacking and that kind of thing but for the most part nobody is secure anyways," said Mike Tusan, the Owner of Mad Mike's a computer store in Traverse City.

Tusan said the new privacy rules wouldn't really change things too much.

"People sell content," said Tusan. "That's where the value of Google, Yahoo and Bing is. It's in the content of their users."

Greg Genoyer of Traverse City disagrees with Tusan. Genoyer believes the bill shouldn't be signed.

"I'm dead set against them doing that," said Genoyer. "They shouldn't be able to."

Genoyer said he thinks other services should also stop collecting our information.

"To sell anyone's personal information should be 100% illegal," said Genoyer.

For people who prefer to keep their online information more private, Tusan said there are some ways to do so.

"You can use a browser called a TOR browser," said Tusan.

A TOR browser protects you by bouncing your information around different networks all over the world which makes it harder for one source to track it.

You can also use Https Everywhere which is a plugin used to keep the pages you visit more secure.

Tusan said regardless of what you do it is impossible to guarantee your information is 100% safe.

"Is there a dark side? Yeah possibly, but for the most part this is going to be a good thing for people," said Tusan.

The Senate has already voted in favor of the bill, now President Trump has the final say.

Read the original here:
New bill could expand sale of your private online history - UpNorthLive.com

Congress has moved to dismantle some Obama-era rules that would have protected the online privacy of everyday Americans. This sucks. The deregulation means it will be easier for huge telecom companies to track and sell their customers browsing history. This sucks! But not all is lost.

Regardless of what the Capitol Hill-based wrecking ball does to the FCCs online privacy rules, there are still steps you can take to protect yourself on the internet. The new era of anti-privacy policies in Washington does mean that companies like AT&T, Verizon, and Comcast can collect data about your everyday internet usage.

Your ISP can sell your traffic without any permission, and its unclear if they would even have to tell you they were doing it, Jeremy Gillula, a senior staff technologist at the Electronic Frontier Foundation (EFF), told Gizmodo.

The White House has already said it strongly supports the repeal of the Obama-era rules. Trump is expected to sign the bill into law in the coming days.

Without the FCCs privacy rules, its not just information about web pages you visit that service providers can collect. Your ISP can now track your activity any time your computer accesses the internet. If you check the weather on your phone, your ISP could know that youre worried about the rain and serve up ads about umbrellas. More realistically, they could sell the data about your daily habits to a marketing firm so that they could serve you more relevant ads.

However, you can still go dark, if you dont want big telecom peering into your private life. Theres a chance that your ISP will let you opt-out of certain types of data collection, although its unclear if theyre specifically required to do this in the absence of the privacy rules. The FTC does recommend that service providers off an opt-in option, although ISPs could just decide to ignore that recommendation. Your situation will inevitably depend on how your particular ISP decides to exploit the lack of rules. Otherwise, protecting your online privacy in these grim times essentially amounts to putting up a barrier between you and the prying eyes of large telecom companies. Let us show you how.

Our first recommendation is the best one: pay for a VPN service. Using a virtual private network (VPN) is the only way to ensure that youre accessing the internet through an encrypted, private channel. Your browsing habits can still be seen by the VPN serviceand law enforcement, if it comes to thatbut youll be safe from a spying ISP since it will see your traffic as coming from a random server instead of your house.

You can subscribe to VPN services for both desktop and mobile. But as the word pay implies, any decent option will cost you a few bucks a month. (Read that as: do not use a free VPN service and expect privacy at the same time.) Finding the right VPN for you can be an odyssey, although our friends at Lifehacker have this handy guide and this detailed spreadsheet that show the upsides of various services. If youre tech savvy, you can also set up your own VPN, although the server space does cost some money.

There is some bad news, too.

A VPN wont protect you from all of the creepy stuff that ISPs will be able to do, Evan Greer at Fight for the Future said in an interview with Gizmodo, noting that ISPs can still install secret traffic software and inject ads into web traffic when a VPN is in place. Thats part of the reason why the FCC passed internet privacy rules in the first place. Although they are the most comprehensive defense against snoopers, the fact that VPNs still wont completely protect internet users highlights just how badly America needed those privacy rules.

Without these rules, ISPs will be able to monitor, collect, and store almost everything you do online and sell that information to advertisers and data mining companiesand use it to build an almost complete profile of your online activity, Greer explained. In the end there are steps you can take, but also its the responsibility of our legislators to protect us.

Now lets get serious. If you really want to keep your browsing habits away from the prying eyes of corporations and the government, Tor is the best bet. It is not, however, the most convenient option nor is it the most comprehensive. (Using a VPN is the most comprehensive, even though it wont protect you entirely.)

Youve probably heard of Tor. Tor is everybodys favorite free anonymity software and is relatively easy to install on a desktop. Tor is also available for Android through a package called Orbot, which is slightly more difficult to install. Once youre up and running, you can browse the web anonymously, and even weasel your way into the edgy corners of the dark web, if thats your thing.

There are a couple of major downsides to using Tor all the time. One, it only protects you from snoopers when youre surfing the web in the Tor browser. Any other internet-connect apps, like email clients or chat apps, will not be anonymized. Two, Tor doesnt work well with sites that run Cloud Flares security software, which is the majority of sites on the web. When you visit these sites, you might have to type in a captcha to prove youre human which is fine from time-to-time, but Tor users often find themselves typing in captchas every time they visit a new domain.

Tor is not a perfect solution for browsing the web privately. Its certainly much better than using incognito windows in Chrome or private browsing tabs in Safari. As Gillula explained to Gizmodo, these features dont protect you at all if youre worried about obscuring your browsing habits from an ISP or the governmentnot one little bit.

See the original post:
How to Hide Your Browsing History From Your Snooping ISP - Gizmodo

Unknown to many, all the websites that are within our reach through search engine sites like Google, Bing, etc. are roughly 4% of the overall content available on the Internet. This group of websites are known to be the Surface Web, which is what most users experience as web browsing regardless of the browser software to be used.

Photo courtesy of Unsplash

The remaining 96% of the internet is known as Deep Web, which has a certain number of software restrictions to be accessed. For starters, you need to use Tor browser, as links shared through the deep web are listed under the anonymous domain suffix known as .onion. However, there are many other valid reasons for using Tor whenever we decide to engage in this deep web experience, being anonymity the most important factor. Is there something valid that insurance companies can learn from this experience? Lets find out!

These two terms are often wrongly used, as people refer to the area that doesnt belong to the Surface Web as Dark Web, whereas in fact, the Dark Web is just a part of the Deep Web.

Deep Web is so vast that cannot be directly indexed, hence the reason why services like Google doesnt simply focus on attending a big volume of data like Deep Web sites, and they have escalated up as much as to host their social media versions of traditional networks available on the Surface Web.

Photo courtesy of Startup Stock Photos

Dark Web, on the other hand, is the term used to refer to a sort of bad neighbourhood of the internet, whose original purpose has been drifted so far that today is a place best known for illicit activities like selling drugs, guns, private data, pornography, terrorist activities and hackers. Theres a reason why standard browsers cannot access this area of the internet, and thats because of the need for these communications to be as anonymous as possible, avoiding trackback from governments, but thats not all thats required to enter the Dark Web.

Prior even considering to take a tour through the Dark Web, be sure to count with these two elements:

These measures are no means for forfeit government control but a way to protect our connection from hackers. There are many creepy stories going around the net on what can actually happen throughout the Dark Web, some true, some not, so best to take all the security means available the sooner, the better.

First and foremost, Dark Web is a place in which illegal software is sold like candy. Therefore, you can learn of potential software exploits before software developers announce such potential threats. For insurance companies that focus on cybercrime prevention, this is essential to be tuned with the latest trends in cyber exploits and digital terrorism, but also for further developing software suites that provide secure entourages for data exchange at large corporations.

Photo courtesy of Pixabay

Bids can be placed on acquiring valuable pieces of code, so whether your business happens to protect the interests of some troubled company or a competitor, its best to be acknowledged with potential liabilities hackers are trying to exploit.

Whether you decide to wander for work purposes or just out of fun, you always have to be prepared for whats coming up next during the time your visit is going to take. Under any means DO NEVER share personal data with users, especially payment ones, as you will be a witness of potential black money offers on multiplying Bitcoins for a small rate and a wide range of similar alternatives.

Also, for your sake, avoid randomly going through pages, or you wont be sure of whats coming up next. Gruesome images are a daily possibility, but if your security means arent as strong as desired, you are likely to open a gate for hackers to take control of your network entirely inadvisable with the increase of cyber kidnappings through these years.

In case you decide its not worth the risk to be looking at such places, or if your computer skills arent as desirable to explore difficult aspects of the internet, there is also a way to stay in touch with whats going on at the underworld by accessing news sites like DarkWebNews.

Be smart and wander with a purpose. Thats not a place for simply sharing a laugh among friends like what could be said about many scary sites warnings are meant to be for a reason.

VikasAgrawal

Infobrandz

Vikas Agrawal is a start-up Investor and co-founder of the Infographic design agency Infobrandz.com, He is a highly influential research analyst and strategic marketing consultant. Vikas advises and plans the visual marketing campaigns of Medium to Large companies. Vikas has worked globally across multiple industries including retail, financial services, logistics, manufacturing, telecoms and pharmaceuticals deploying effective strategic marketing plans and methodologies. A renowned blogger on the subject of Technology, Marketing and Entrepreneurship.

Read more:
What Insurance Companies Can Learn From the Dark Web - Customer Think

Congress recently voted to overthrow internet protection rules.

Republicans hit a roadblock last week with repealing and replacing the Affordable Care Act, but they are making progress in deconstructing broad internet privacy protection policies that were created under former President Barack Obamas administration.

The Federal Communications Commission (FCC) approved the internet protection rules on Oct. 27, 2016 in a 3-to-2 vote, according to The New York Times (NYT). The policies further prevent internet service providers, such as AT&T, Comcast and Verizon, from gathering and disseminating information related to a users browser history, location, financial data and other personal information.

The United States Senate voted 50-to-48 Thursday to repeal the FCCs rules, starting what could be an end to internet privacy. The House still needs to vote on the proposal, but President Donald Trump is expected to sign the legislation if it makes it to the Oval Office, according to the NYT.

The real crux of the legislation is that it allows companies to use customer information without their permission.

Internet service providers could use the data for targeted advertising and to sell it to third parties, reported The Hill.

If the legislation makes it to Trumps desk and he approves it, any internet customer could automatically relinquish his or her privacy without question. While federal intelligence agencies already have the capability of looking up peoples browsing history and patterns, the change in policy will open the door to widespread access to personal information.

On the surface, internet users could see even more advertisements that are specifically targeted at their personal browsing habits. For example, if you are helping a friend browse for clothing online with your computer, you could see advertisements on websites you visit that are related to clothing. While this isnt entirely new, a lack of privacy protection could lead to companies directly sending you advertisements via email, postal mail or over the phone.

Shippensburg University students are already experiencing targeted advertisement as they use SUs website. SUs website states it or a third party tracks how users browse ship.edu so ads can be targeted to users on other websites they visit. SU offers students a way of opting out of targeted advertising by visiting networkadvertising.org.

SU also tracks how people use ship.edu to analyze the data with Google Analytics. It does not allow the information gathered to identify individual people.

We do not associate any data gathered from the site with any personally identifying information from any source as part of our use of Google Analytics, SU states on ship.edu.

While students may see privacy protection on ship.edu, there is no guarantee the same level of privacy applies when browsing the internet via SU servers. Under its Computing and Information Network Usage Policy SU states, There should be no expectation of privacy information stored on or sent through university-owned IT resources, except required by law.

Whether students want privacy from their internet service provider, SU or the federal government, they could use an alternative internet browser, such as Tor Browser. The browser is free to download, install and use, and it provides anonymity when surfing the web. While not foolproof, the browser gives you privacy by sending your communications to different relays to prevent people from tracking your internet-use history.

Be warned using Tor, or a similar software package, may put you in violation of SUs network usage policies.

Attempting to disguise the identity of the account or machine you are using is prohibited, states policy No. 3 of Computing and Information Network Usage Policy.

While Tor may be an option for students who have internet access outside of SU, it isnt a permanent method to maintaining privacy. Surfing the web with Tor can be slow and it cannot ensure complete anonymity.

A lack of internet privacy will result in winners and losers, but the new legislation will serve as a reminder to internet users that what happens on the web does not stay on the web.

Go here to read the rest:
Internet users face diminished privacy - The Slate Online - The Slate Online

Informed news analysis every weekday

Your message has been sent.

There was an error emailing this page.

Mozilla has long used itsFirefox browser as a staging platform for other innovations. One of the first real-world applications for its fast-and-safe systems language Rust, for instance, is rewriting some of Firefox's innards.

Now comes a project called Binary Transparency, an effort to ensure that every Firefox binary produced by Mozilla is the same one that everyone else has received and hasn't potentially been tampered with.

At first this sounds like a glorified version of using hash signatures or checksums, which most every organization that supplies binaries of its apps does. But Mozilla has a more ambitious plan: To make it difficult for anyone to distribute compromised copies of an application, even if they come from Mozilla.

Mozilla's plan, documented in a wiki entry, expands on the existing processes for generating checksums from Firefox binaries. First, a hex string from a composite of the checksums of each binary component is generated, then that hex string is used as a domain name. Mozilla then obtains an X.509 certificate from a certification authority using that domain name and posts the certificate in a public log.

With this method, instead of generating a checksum for the binary and posting it somewhere (that is, a wiki), there's an irrevocable record of the checksum made available by authorities not affiliated with Mozilla. This not only ensures that users downloading a new copy of Firefox don't get smacked with a bogus binary, but also gives Firefox's updater a mechanism it can use to make sure it doesn't unwittingly fetch a maliciously crafted payload.

Fans of blockchain technology will see a kindred concept here. Mozilla is taking data about its binaries and putting it into a (theoretically) immutable public ledger. By using certification authorities, Mozilla works with a familiar entity that has plenty of infrastructure to support its use.

Mozilla's efforts with tamper-proofing also is a prelude to even more ambitious integrity checks. One of them is providing reproducible builds of Firefox to guarantee that the binaries produced for a specific application came from a given, verified source code tree and not from one that's been altered.

It's harder than it might seem to guarantee such bit-exact softwarebuilds. Even an item as innocuous as a timestamp on a file can produce an entirely different checksum for the whole package, so the entire build system has to be designed to take such factors into account.

The reproducible build concept is not new, butthere's been a resurgence of interest in making reproducible builds a practical and standardized concern. The Linux Foundation's CII (Core Infrastructure Initiative) renewed financial support for such a project last year. Many free software projects, from Linux distributions (Debian in particular) to trusted applications like the bitcoin clients or the Tor browser, employ reproducible build strategies. Google's Bazel build tool, open-sourced in 2015, supports reproducible builds as part of its mission statement.

Getting Firefox to use a reproducible build system has been on the agenda since 2013, but not as a high-priority item, in big part because Firefox's build system isn't currently designed to allow it. One issue in particular that creates problems is PGO (profile guided optimization), which optimizes binaries based on details gleaned from running the application. It's theoretically possible to make PGO play nice with reproducible builds, but like reproducibility in Firefox, it's a work in progress.

Sponsored Links

Originally posted here:
Mozilla project keeps compromised apps out of circulation - InfoWorld

Q. I've heard you talk about a software called Tor before, but what does it do? Is it safe to download? And is it available to everyone? - Richard M.; listens on 880 AM WCBS, New York.

A. This is a great question, Richard, because Tor software is often the subject of controversy. If you're considering downloading this software, you need to be aware of the pros and cons, especially since Tor will allow you to browse through some pretty dark areas of the internet.

In its simplest definition, Tor is a web browser software that conceals your identity when you're online. It does this in a few different ways. First, it uses encryption to scramble the data that's being communicated within the network. Second, it routes that data between random servers within the Tor network to hide your online identity, including data tied to your personal IP address.

You've probably heard some unnerving things associated with Tor. We're not going to pretend there isn't truth to those claims. Tor can be used for good things and bad.

Positives: The best thing about Tor is that it provides anonymity for people who would wantto browse the web without being tracked by their internet service provider, websites, the government and other interest parties. You can also use Tor to access services that are blocked by some internet providers, or governments.

Note: If you'd like to increase your privacy online without downloading Tor software, click here for tips on disabling web browser tracking.

Negatives: It's true that Tor has a dark side. Not the software itself, but the places to where it grants access on the internet. You may have heard the term "Dark Web" before. This is a portion of the internet that is often used for illegal activities such as child pornography, the sale of drugs, prostitution, etc. Tor software is needed to access the Dark Web, so needless to say, using the software could lead you into some pretty dark places. Click here for more information on the Dark Web and what's hiding in the shadows of the internet.

The easiest answer: Yes, and no. The software itself is safe to use. And, if you're using it for its basic function of hiding your online identity, then you shouldn't run into any trouble. However, if you're using Tor with the intent of accessing the Dark Web, then you could easily encounter more than you bargained for.

Tor software is free to download, however, you may be asked by the software's developers to make a donation. You are not obligated to do so, but there are various sections of the Tor website where donations are requested.

Although Tor does have its benefits, it is an extreme way to obtain online anonymity, and should only be used by those who find it absolutely necessary. Because of the risks associated with the Dark Web, Tor may not be the best option for the average internet user. Instead, try the tips in these articles to gain more privacy online, no special software required.

Please share this information with everyone. Just click on any of these social media buttons.

Email

Facebook

Google+

Pinterest

Previous Downloads

Random Downloads

Follow this link:
What is Tor browser, and is it safe? - Komando