Category Archives: Tor Browser

WUERZBURG, GERMANY

A German court rejected a temporary injunction against Facebook on Tuesday in a case brought by a Syrian refugee who sued the social networking site for failing to remove faked posts linking him to crimes and militant attacks.

The Wuerzburg district court said in a preliminary ruling that Facebook is neither a "perpetrator nor a participant" in what it said was "undisputable defamation" by Facebook users, but simply acting as a hosting provider that is not responsible for preemptively blocking offensive content under European law.

The posts in dispute featured a picture showing Anas Modamani, a 19-year-old from Damascus, taking a selfie with Chancellor Angela Merkel in September 2015 at a refugee shelter in the Berlin district of Spandau.

Modamani's image was subsequently shared on Facebook on anonymous accounts, alongside posts falsely claiming he was responsible for the Brussels airport bombing of March 2016 and setting on fire a homeless man in December last year by six migrants at an underground station in Berlin.

The court rejected the need for a temporary injunction sought by Modamani to require Facebook to go beyond measures the company had taken to block defamatory images of him for Facebook users in Germany using geo-blocking technology.

In a statement following the decision, Facebook expressed concern for Modamani's predicament but said the court's ruling showed the company acted quickly to block access to defamatory postings, once they had been reported by Modamani's lawyer.

The case has been closely watched as Germany, a frequent critic of Facebook, is preparing legislation to force the social networking website to remove "hate speech" from its web pages within 24 hours or face fines.

After the ruling, Modamani's lawyer in the case, Chan-jo Jun, told a news conference he was disappointed such imagery continued to circulate online and more must be done to force Facebook to delete hate-filled content on its own accord.

"We have to decide whether we want to accept that Facebook can basically do whatever it wants or whether German law, and above all the removal of illegal contents in Germany, will be enforced. If we want that we need new laws," Jun said.

Modamani's complaint maintained that defamatory images based on the selfie posted to Facebook were still viewable online outside of Germany, or by users within Germany using a sophisticated Tor browser.

But the court found that the risk of average German users seeing the illegal content was not sufficiently credible and therefore a temporary injunction was unnecessary at this stage.

The ruling said there remained a legitimate issue over whether it was technically feasible for Facebook to do more to block such images, but this would require testimony by experts.

Tuesday's decision is subject to appeal within one month of the yet-to-be-published written judgment, a court statement said. Jun declined to say whether an appeal was planned, saying the decision remained up to his client.

Here is the original post:
German Court Rejects Injunction for Facebook in Syrian Selfie Case - Voice of America

For any internet user, safeguarding sensitive and confidential information has become a high priority, as internet these days are becoming a less private place with several individuals, corporations, and even governments in some cases, tracking your activities to collect users information and metrics.

Also, it is very easy to track a user because of the IP, the unique address that we all use to connect to internet that makes online privacy a big concern. However, if you wish to keep your personal information private, you can use a VPN or proxy tool to help you. It covers everything from secure web browsing to secure file erasing.

Lets have a look at the privacy tools below:

1. Tor Browser

The Tor network (short for The Onion Router, which describes its multi-layered privacy technology) offers you an anonymous window to the Web. By far, the Firefox-based Tor Browser is the quickest and simplest to start using it.

Tors network of bouncing your traffic through multiple relays makes it nearly impossible to track a users identity or activity. You can access almost every website anonymously, including .onion addresses, which are only accessible while connected to Tor. Its also useful for accessing geo-blocked sites that block IP addresses from specific countries. Tor is available for Windows, Apple Macs and Linux.

2. CyberGhost VPN

CyberGhost allows users to connect to a VPN (virtual private network) and access the internet anonymously. The service is built for users who just want secure, private access when connected from public or untrusted networks. It re-routes your internet traffic to hide your location and identity. The privacy software has six elements: anonymous browsing, unblocking streaming sites, protecting your internet connection, torrenting anonymously, unblocking websites and choosing which VPN server to use

CyberGhost VPN is available as a free ad-supported app, as well as a paid-for edition that provides enhanced performance and more features. The free version should be perfectly adequate for daily or random use. However, it runs much more slowly than the paid-for premium service. The CyberGhost VPN client supports Windows XP, Vista, and 7.

3. Tails

Privacy has become a major issue in this age of mass surveillance and tracking by marketers (anonymous tracking for targeted content is acceptable). If you are someone who needs to keep the government and marketing agencies out of your business, you need an operating system thats created from the ground up with privacy in mind.

And, nothing beats Tails for this purpose. Its a Debian-based Linux distribution that offers privacy and anonymity by design. Its a distro whose aim is solely to keep the identity of the user completely opaque. It routes its traffic through Tor, designed to avoid your outward-bound data from being intercepted and analysed. According to reports, Tails is so good that the NSA considers it a major threat to their hacking activities.

4. Ghostery

Ghostery is a privacy and security-related browser extension and mobile application, which is distributed as proprietary freeware. You can simply install the privacy software and allow it to do its job. Ghostery also tells you exactly what each company is looking at and likely to do with your data. It is definitely a must-have for those who do wish to share every click with marketers. Its available for Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Microsoft Edge, Opera, Apple Safari, iOS, Android and Firefox Mobile.

5. GnuPG

GNU Privacy Guard (GnuPG or GPG) is a free software, and its the open source version of the venerable PGP (Pretty Good Privacy) tool. GnuPG allows you to encrypt and sign your data and communication thats effectively unbreakable. It features a versatile key management system as well as access modules for all kinds of public key directories. It is a command line tool with features for easy integration with other applications.

6. KeyScrambler

KeyScrambler is the most useful method that encrypts every single key that you entered or type deep into the Windows kernel to prevent it from being intercepted by keylogging software. The positioning and timing of encryption key allow it to be much more challenging and burdensome for key-loggers to split or defeat KeyScramblers protection.

If you worry about keylogging or doubt that you are being logged whenever you type, this free privacy software is a good way to frustrate the watchmen.

7. Wise Folder Hider

Designed for Windows XP onwards, Wise Folder Hider is freeware that can quickly and safely hide not only the files/folders on local partitions or removable devices but also USB drives or the files/folders on USB drives. The hidden files/folders will be safely hidden no matter whether the drive is accessed in another operating system on the same computer or reinstalled on another computer. The only way to access hidden files/folders/USB is to enter the valid password(s) correctly. Its double password protection can ensure the absolute safety of your files/folders/USB.

8. AntiSpy for Windows 10

While Windows 10 is the most personal version of Windows, Microsofts attempts at knowing you better have alerted many privacy activists. AntiSpy for Windows 10 allows you to disable advertising IDs, SmartScreen filtering, whether apps can access your camera and so on.

Source: TOI

Visit link:
8 privacy tools that will keep you safe online - Techworm

(Image: file photo)

Justice Dept. lawyers are asking a federal court to drop a case against a dark web child porn site because it says it cannot reveal how it used a browser exploit to target thousands of unsuspecting visitors to the site.

A court filing posted late on Friday in Washington state said that because the government is "unwilling to disclose" how it carried out the hacks, it has "no choice but to seek dismissal" of the case.

"The government must now choose between disclosure of classified information and dismissal of its indictment. Disclosure is not currently an option," said the filing.

However, the government's attorneys are asking the case to be reopened once the exploit is no longer classified.

The case, proven to be of the most controversial indictments in recent history, focused on Jay Michaud, a school administrator from Vancouver, WA, who was arrested in July 2015 for viewing child porn images.

Michaud was accused of accessing over a hundred threads on Playpen, a dark web site accessible over the Tor anonymity network, which hosted child abuse imagery for thousands of users.

Feds discovered the server was hosted in the US, and obtained a search warrant that seized the server.

But instead of pulling down the website, the FBI continued to run the website for almost two weeks, as part of efforts to discover the identities of others who accessed the site.

The FBI used a "network investigative technique" -- a hacking tool that in any other hands than the feds would be considered malware -- to deanonymize the users of the Tor browser, a widely used app for easy access to the dark web, during its 2015 investigation into the website.

Little is known about the hacking tool, but it was known to be able to gather real-world information on Playpen visitors, such as IP addresses -- details of which should have been protected by Tor.

But the government refused to reveal the full source code of the exploit in court, and so the judge tossed out the evidence, rendering a significant set-back to the government's case.

Given that the Tor browser uses much of the same code as Firefox, it's long believed that the vulnerability is a zero-day flaw affecting the browser.

In May, Mozilla filed a brief in the Playpen defendant's case asking the FBI to privately disclose the flaw in order to fix the bug that it says would affect the security of "hundreds of millions of users."

A judge is expected to rule on the case in the coming weeks.

Read more:
Justice Dept. drops Playpen child porn case to prevent release of Tor hack - ZDNet

The service offers step-by-step instructions on building ransomware.

A new dark web scheme could allow any wannabe cybercriminal to grab a piece of the ransomware pie for free -- on the condition that any ill-gotten profits are split 50/50.

Ransomware -- a form of malware which encrypts a victim's files and demands a ransom to restore them -- has boomed in the last 18 months. A number of ransomware-as-a-service affiliate schemes allow even the most technically illiterate cyber thief to cash in on a form of crime which cost businesses over a billion dollars last year.

But while these schemes are sold to users for a fee -- be it a one-off payment, or as part of a subscription based service -- this new ransomware operation is providing malicious software to affiliates for free in exchange for a big slice of any successful scores.

The move represents another evolution in ransomware which could make it an even more dangerous threat, because criminals may be tempted to download it and launch a ransomware campaign as they don't need to part with their cash to do so.

"The simplistic and straight-forward design of Dot ransomware enables just about anyone to conduct cybercrime," warn Fortinet researchers, who predict Dot will soon become a big threat to businsesses.

"Although we haven't seen this ransomware in the wild, with the advertisements being made accessible on hacking forums, it's only a matter of time until people start taking the bait."

This particular scheme appeared during mid-February and offers users Dot ransomware. All the user needs to get started is to access to the download via the Tor browser and to register a Bitcoin address -- Bitcoin being the number one method of extorting ransoms.

Once this is done, the authors of Dot provide a guide to getting started, including recommendations of which file types to use to distribute ransomware, as well as recommendations for what ransoms to charge in which countries in order to maximise returns.

The authors even go so far as to provide a dashboard for users to keep track of the number and status of infections. The core of the malicious software service appears to be designed to look as if it's like any other form of legitimate set of software tools.

Dot's authors attempt to position the ransomware as like any other software service.

Offering Dot as a free, commissioned-based service has advantages for both the authors and their affiliates; the ransomware writers have an easy way of spreading their malicious software -- complete with with ongoing significant returns from successful infections -- while the would-be criminals get their hands on ransomware without having to pay.

However, the author has coded Dot to ensure that a technically literate user can't rewire the program to take all the payment for themselves.

Victims are infected with Dot via malicious attachments, which will encrypt their files when run and open a ReadMe HTML, informing them they need to pay a Bitcoin ransom in order to regain access to their data.

See the article here:
New dark web scheme lets wannabe cybercriminals get in on ransomware - for free - ZDNet

Onionshare is a free open source program for Windows, Mac OS X and Linux that enables you to transfer files security using Tor.

File sharing has not changed all that much in the past ten or so years. You can send files to other users in various ways: using email, (s)ftp, file sharing services, or online storage services. There are a couple of other options such as sharing files using USB storage devices and face to face exchanges.

It is difficult to transfer files securely. You could encrypt files before you send or upload them, but someone listening in could dump the data and try to break the encryption.

Face to face may work best, but only if you are not crossing any borders.

Onionshare was designed as a direct response to a passage in Glenn Greenwalds new book in which he described the issues that he was facing getting Snowden file copies from a fellow journalist.

The open source program Onionshare uses the Tor network for anonymity. What happens in the background is the following:

When you want to share files, Onionshare creates a temporary password protected website that is hosted on the Tor network.

Anyone with knowledge of the URL and the password can access the data, and download it to a computer system. Onionshare does not take care of that part of the communication though, so it is up to the user who set up the file transfer to use a secure channel to inform recipients about the availability of the data.

The recipient opens the URL in the Tor browser, and downloads files hosted on it to the local system. All that is left to do afterwards is to close down the site. This happens automatically by default after the first download.

You may stop this from being the case though if multiple users need to download the file, or if you want to keep it available in case it needs to be downloaded again.

The program -- we have tested the Windows version -- is easy to use. You need to install it on your system, and may launch it right after installation.

Note: You need to run Tor Browser on your system. If you don't have it, download it from the official Tor Project website.

The interface supports drag and drop operations, but you may also hit the add files or add folder button instead to use the file browser. Hit the "start sharing" button afterwards, and wait for the program to create the site in the background. If things go well, you get a custom URL the files or folders you selected are made available on.

Anyone with the url may download those then using Tor.

Passwords are not set up by default. To set up one, click on File > Settings. There you need to switch either to connect using control port, or connect using socket file. The password authentication option becomes available immediately afterwards.

Onionshare is an easy to use, yet anonymous cross-platform file transfer program. You can increase the protection beyond just requiring a password to download the files by encrypting the files.

Now You: Which programs do you use when you need to transfer files over the Internet?

Author Rating

Software Name

Onionshare

Software Category

Internet

Landing Page

You are here: Home > Software > Onionshare: secure file transfers using Tor

Read the original:
Onionshare: secure file transfers using Tor - Ghacks Technology News

If youve paid any attention to online marketplaces for illegal goods like the now-defunct Silk Road or the FBIs investigations into criminal in cyberspace, chances are youve heard the term dark web. Curious about what it means? Youve come to the right place.

The dark web is sometimes called onionland because of its content accessible only using services like Tor. The rest of the internet is simply referred to as the clearweb, since it isnt generally encrypted.

The dark web works just about the same as the regular internet: it uses the same TCP/IP framework to transmit HTTP and FTP traffic within and between networks, over the same phone, cable or FiOS lines that carry regular internet traffic. Content on the dark web consists of HTML webpages and their assets, just like it does on the rest of the web. In fact, under the hood, the dark web is the same as the regular web, with two important exceptions that also distinguish the dark web from the deep web.

First: the dark web isnt indexed by search engines. Second, content on the dark web cant be accessed with regular web browsing software alone; additional software is required to make the networks talk to one another.

This is because content on the dark web is hosted on overlay networks, which are physically connected to the internet but arent accessible to web crawlers. That relative inaccessibility is because the dark web uses a complete, but fundamentally different, network addressing system than the web addresses most of us know and use. Browsers like Chrome and Firefox are programmed to access website files using the DNS index, which turns a files unique address on its unique server into a string of text that you can type into your address bar. Sites indexed by the DNS registry are accessible via top-level domains like .com and .org, among others. After ICANN opened up the suffixing system to other strings of text, we started to see web addresses that look like home.cern and bit.ly but you can still type those into your address bar and get to a website, because theyre in the official DNS registry. Dark websites dont participate in the DNS system, and web crawlers dont have the software to get onto the dark web, so the dark web and the clearweb dont really cross-pollinate.

Content obscured in this way can still be accessed, but you need the right software. Its a bit like a Wi-Fi network that doesnt broadcast its SSID: you can only get access if you already know exactly how to find it. Some content accessible only through Tor is hosted at a .onion pseudo-top-level domain, which means that in the right software, you might type in foobar.onion and get to the Foobar dark website.

Such software, including the Tor browser bundle, is capable of bridging the differences in network behavior between the dark web and the clearweb. But that only works when youre using a compatible browser and have the right encryption. Tor, Freenet and I2P are the most commonly cited examples of software capable of accessing the dark web. Typing a .onion address into your Chrome address bar wont get you anywhere. Furthermore, many if not most .onion sites are generated sixteen-character non-mnemonic alphanumeric strings, rather than being composed of words like most clearweb URLs.

There also exists a difference in the path web traffic takes on the clearnet versus the dark web. Tor is valuable because it sends your own web traffic through multiple different network nodes, masking its origin and destination. Theres significant overlap between VPNs and the dark web; both services use encryption and multiple network nodes to anonymize traffic. But VPNs deal with clearweb sites that participate in the DNS system, while dark web browsers deal with domains not recognized by ICANN.

The structure of the dark web makes it anonymizing, which means that first and foremost, its used for anonymous communication and web browsing. This accounts for the vast majority of network traffic through Tor. Why seek out anonymity? To read and write about things that might get you in trouble, like political dissent or whistleblowing. The same technology that enables Tor is capable of tunneling out from behind the Great Firewall of China, and the US government contributes to the development of such software.

Anonymity also brings out those who wish to do illegal things. A 2014 study found that of the different kinds of sites on the dark net, there are more markets devoted to drugs and guns than any other kind of dark site, including forums, bitcoin laundering, hacking, fraud, whistleblowing and even regular old porn.

To paraphrase Jim Jeffries, if you want to murder someone, you cant just walk up to Pier 31 and shout GUNS, WHO WANTS TO SELL ME SOME GUNS!? But with a website like an evil eBay that lists weapons and other contraband for sale, all of a sudden you dont have to know someone with black market connections. You just have to be able to install some software.

Tor hidden services are the other thing the dark web does, and theyre what gives the dark web its shady reputation. Hidden services refers to dark sites where both the host and the visitor are anonymous to one another. That technology enables dark web sites that host illegal content to persist. Hidden services account for only 1.5% of the Tor network volume. But the overwhelming majority of resources requested over Tor hidden services fully 80% of that traffic were requests from child abuse sites. Outgoing traffic from the dark web flowed mainly between botnets and their hidden control servers. More detail on Tors traffic patterns and how much of its total bandwidth is used for illegal activities is available in a blog post by the Tor project.

The dark web is notoriously dodgy territory for both buyers and sellers. Law enforcement has been chipping away at the nominal anonymity afforded by software like Tor, and anything of interest on the dark web is as likely to be a scam as it is to be a honeypot. Between social engineering and software vulnerabilities, it is a realm best accessed while wielding some trustworthy anti-malware.

For a long time, the Silk Road was the biggest game in darknet commerce. It allowed users to sell a great many illegal things, and inspired a number of similarly designed copycat markets. Transactions there were conducted in bitcoins and other virtual currency, and then goods were shipped through the mail. But a high-profile bust and ensuing court case put several Silk Road admins in jail. The media spotlight has impinged on the Silk Roads relative obscurity, reducing its value as a black marketplace.

From Tumblr.

While Uncle Sam contributes to the development of Tor and similar anonymity resources, the government is also known to take more of a proprietary approach, considering even the dark web to be within American jurisdiction when site hosting is in question. The FBI paid Carnegie Mellon to crack Tor in pursuit of a criminal case. They even waded into the muck and ran a huge sting operation on Playpen, a darknet child porn site by taking over control of the site and running it for weeks as a poisoned well to catch its users.

The dark net is an excellent example of how difficult it is to preventcriminals from using anonymizing services designed to protect honest dissenters. Tors anonymizing functions are critically important to people who rely on it to discuss sensitive topics without fear of reprisal. The debate over how much light should be shone into the dark web is an ongoing topic of discussion. How much illegal activity should be allowed to maintain Tors positive benefits, and is there a way to unmask child molesters and other illicit activity without compromising the security that makes the dark web work?

Now read: 19 ways to stay anonymous and protect your privacy online

Check out our ExtremeTech Explains series for more in-depth coverage of todays hottest tech topics.

Link:
ExtremeTech explains: All about the dark web, and how to use it - ExtremeTech

Free privacy software

Online privacy is a hot topic, with even world leaders weighing in on the subject. Many of the big-name websites and companies will track your activities to deliver targeted advertising, and can build up an astonishingly detailed profile including your interests, spending habits, age, location and more.

If you would prefer to keep your personal details private, a VPN or proxy tool will help. See our guide to setting up and maintaining a VPN.

As well as preventing third parties building up a profile of you, the best free privacy software can open up the web, granting you access to sites blocked in your country, to access region-locked content when you're travelling away from home, and to add a layer of protection when you use a public Wi-Fi network.

A whole browser dedicated to your privacy, Tor Browser is the cornerstone of any privacy toolkit

Tor Browser is probably the best-known anonymous browsing tool out there, and it is described as a 'censorship circumvention tool'.

Tor Browser has a vast following in the online privacy and security communities. It works by bouncing your communication through numerous encrypted node on the internet, making it impossible to determine your location or other identifying information.

Tor Browser employs complex technology, but is refreshingly accessible. It's based on the same code as Firefox, and guides you through the process of getting online one step at a time.

It uses different connection methods depending on what you're trying to achieve, but there's no need to understand the details because it's all taken care of for you. This combination of effective protection and ease of use makes Tor Browser the best free privacy software you can download today.

Download here: Tor Browser

Privoxy gives you total control over your privacy, but the options might be overwhelming

Privoxy is a web proxy tool that's available not only for Mac, Windows and Linux, but also Android and iOS. It is a tremendously powerful tool, but you'll need to invest a little time and effort to get it up and running.

Privoxy can be used in conjunction with just about any web browser, which is a big bonus; simply set the browser to run its traffic through the tool.

However, one of Privoxy's key features could also be a drawback for new users: it gives you very granular control over privacy settings, and configuring them is very much a manual process. There's a helpful quick start guide available, but it has the potential to be off-putting.

That said, if you're happy to persevere, this free privacy software lets you set up advanced filters that will not only ensure you remain anonymous online, but also protect you against unwanted ads.

Download here: Privoxy

Free privacy software that protects your identity by hiding your IP address from prying eyes

Hotspot Shield VPN is available in two flavors: a free, ad-supported one, and a paid-for version that offer unlimited bandwidth. Hotspot Shield hides your IP address and provides encrypted traffic tunnelling (ideal for use on public Wi-Fi networks) to improve security and ensure privacy.

You may not want to use Hotspot Shield at all time. For instance, you may only be interested in using it to access certain sites that are blocked in your country. In this case you can create shortcuts to individual sites in the Hotspot Shield window which will enable protection before launching the sites. Protection can also be toggled on an off with a single click.

The paid-for version, Hotspot Elite, only costs a few pounds or dollars a month, but it's worth trying the free edition first before opening your wallet. Its additional features, including ad-free browsing and dedicated customer support, make it a tempting proposition.

Download here: Hotspot Shield VPN

Free and user-friendly, TunnelBear is VPN made easy but keep an eye on the data limit

In addition to anonymous browsing, free VPN tool TunnelBear can also be used to bypass traffic-shaping and throttling put in place by ISPs.

The free version of TunnelBear gives you up to 500MB of data each month, but if this isn't enough, unlimited data is available for a subscription fee, with prices starting at US$4.16 per month (about 3, AU$6).

Whether you go premium or stick with the free version, you can share a single account between up to five phones, tablets, Windows PCs or Macs.

Configuration is incredibly simple, and TunnelBear's free privacy software can be used with any browser. It's probably the most accessible VPN tool there is, and is just about impossible not to recommend.

Download here: TunnelBear

A great VPN tool for protecting your privacy online, but free users have to wait their turn

Another multi-platform VPN tool, CyberGhost VPN is available as a free ad-supported app, as well as a paid-for edition offering better performance and more features.

For day-to-day or occasional use, the free version should be perfectly adequate. Configuration is very simple, with the only potential stumbling block being the installation of a virtual network adaptor.

With a single click, CyberGhost VPN will activate, giving the impression that you're browsing from another country. The free privacy software also lets you keep an eye on how much traffic you've transferred through the service using a handy graph.

The downside of using the free version is that there's a limited numbers of spaces on the servers, so you may have to wait to gain access (although you're unlikely to be kept hanging for long).

Download here: CyberGhost VPN

Excerpt from:
The best free privacy software 2017 - TechRadar

For this exercise, I decided to pick a highly controversial political topic: Facts. I believe that what we know about reality is based on evidence that can be objectively observed. Thus, I created the completely anonymous (until publishing this article, of course) Twitter account @FactsNotAlt. Heres how I did it.

Threat model

Before we begin, it helps to define a threat model, that is: what we need to protect; who we need to protect it from; what their capabilities are; and what countermeasures prevent or mitigate these threats.

Basically, its impossible to be completely secure all the time, so we need to prioritize our limited resources into protecting what matters the most first. The most important piece of information you need to protect in this case is your real identity.

Law enforcement or the FBI might launch an investigation aimed at learning your identity. It may be to retaliate against you getting you fired, charging you with crimes, or worse. Your Twitter account might also anger armies of trolls who could threaten you, abuse you with hate speech, and try to uncover your identity.

If the FBI opens an investigation aimed at de-anonymizing you, one of the first things theyll do is simply ask Twitter and every other service that they know you use for information about your account. So a critically important countermeasure to take is to ensure that none of the information tied to your account phone numbers, email addresses, or IP addresses youve used while logging into your account lead back to you.

This is true for all accounts you create. For instance, if you supply a phone number while creating your Twitter account, the phone service provider associated with that number shouldnt have information that can lead back to you either.

Another concern: The FBI also might go undercover online and try to befriend you, to trick you into revealing details about yourself or to trick you into clicking a link to hack you. They might make use of informants in the community of people who follow you on Twitter as well. Organized trolls might use the same tactics.

Hiding your IP address with Tor

An IP address is a set of numbers that identifies a computer, or a network of computers, on the internet. Unless you take extra steps, every website you visit can see your IP address. If youre using Twitter while connected to your home or office Wi-Fi network, or your phones data plan, Twitter can tell. If they hand these IP addresses to the FBI, you will very quickly lose your anonymity.

This is where Tor comes in. Tor is a decentralized network of servers that help people bypass internet censorship, evade internet surveillance, and access websites anonymously. If you connect to Twitter while youre using Tor Browser, Twitter cant tell what your real IP address is instead, theyll see the IP address of a random Tor server. Tor servers are run by volunteers. And even if any of the servers bouncing your data around are malicious, they wont be able to learn both who you are and what youre doing.

This is the primary benefit that Tor has over Virtual Private Network, or VPN, services, which try to help users hide their IP addresses. The FBI can go to a VPN service to learn your real IP address (assuming the VPN keeps a record of its users IP addresses, and cooperates with these requests). This isnt true with Tor.

To get started with Tor, download Tor Browser. Its a web browser, like Chrome or Firefox, but all its internet traffic gets routed over the Tor network, hiding your real IP address.

Using Tor Browser is the easiest way to get started, but its not perfect. For instance, a hacker who knows about a vulnerability in Tor Browser can discover your real IP address by tricking you into visiting a website they control, and exploiting that vulnerability the FBI has done this in the past. For this reason, its important to always immediately update Tor Browser when you get prompted.

You can also protect yourself from Tor Browser security bugs by using an operating system thats designed to protect your anonymity, such as Tails or Qubes with Whonix, (Ive written about the latter here). This is more work for you, but it might be worth it. Personally, Im using Qubes with Whonix.

Getting an anonymous email address

Before you can create nearly any account online, you need an email address. While popular email services like Gmail or Yahoo Mail let anyone make an account for free, they dont make it easy to do so anonymously. Most of them require that you verify your identity with a phone number. You can in fact do that anonymously (more on that below), but I prefer using an email provider that is happy to give addresses to anonymous users.

One of these providers is SIGAINT, a darknet-only service that forces all its users to login using Tor to read or send email. The people who run it are anonymous and it contains ads for (sometimes very sketchy, sorry) darknet websites. However, you do end up with a working, anonymous email address.

Update: Feb. 20, 3:10 p.m. ET The SIGAINT service appears to be down right now. Whileits down, you can try Riseup, or set up a burner phone and then tryProtonMail, Gmail, or some other service instead.

If you prefer not to use SIGAINT, another good choice is Riseup, a technology collective that provides email, mailing list, VPN, and other similar services to activists around the world. Accounts are free, and they dont ask for any identifying information, but you do need invite codes from two friends who already use Riseup in order to create an account.

Yet another option is ProtonMail a privacy-friendly email provider based in Switzerland that asks for minimal identifying information and works well over Tor. However, to prevent abuse, they require Tor users to provide a phone number (that they promise not to store) to receive an SMS during account creation. So, if youd like to use ProtonMail instead (or any other email service that requires a phone number when creating an account over Tor), follow the steps below to create an anonymous phone number first.

I decided to use SIGAINT. In Tor Browser, I went to SIGAINTs onion service address, sigaintevyh2rzvw.onion, which I found on their public website. This is a special type of web address that only works in Tor Browser, and not the normal internet. From there, I filled out the form to create a new account.

Thats it. Ive now created a brand new anonymous email address: factsaretrue@sigaint.org.

Getting an anonymous phone number

While attempting to create a Twitter account, I quickly hit a snag. Even if I provide my (anonymous) email address, Twitter wont let me create a new account without first verifying my phone number. (You might get lucky and get the option to skip entering your phone number it doesnt hurt to try but if youre coming from a Tor node that isnt likely.)

This is a problem, because I obviously cant use my real phone number if I want to remain anonymous. So to proceed, I needed to figure out how to get a phone number that isnt tied to my actual identity. This is a common problem when trying to stay anonymous online, so you can follow these instructions any time you need a phone number when opening an account.

There are other ways to do it, but I chose a conceptually simple option: Buy a burner phone anonymously, use it to verify my new Twitter account, and then get rid of it. I wandered around downtown San Francisco looking in convenience stores and pharmacies until I found what I was looking for in a 7-Eleven.

Using cash, I bought the cheapest TracFone handset I could find (an LG 328BG feature phone as in, not a smartphone) as well as 60 minutes worth of voice service, for a total of $62.38 after tax. You might be able to find cheaper cell phone handsets if you look long enough.

If youre going to get a burner phone and want to maintain your anonymity, here are some things to keep in mind:

After buying phone service, youll need to activate the phone. This process will be different with different phone companies. TracFone requires you to activate your handset either by calling their phone number from a different phone obviously not a good option for someone trying to remain anonymous or by activating online at their website. I activated my burner phone online using Tor Browser.

Once youve activated your phone, you can use the phones menu system to learn what your new phone number is. On my LG 328BG, I pressed Menu, selected Settings, and finally Phone Information to find it.

Creating a Twitter account anonymously

Finally, armed with an email address and phone number that arent in any way connected to my real identity, I could create a Twitter account.

Before making an account, grab your laptop and burner phone and go to a public location that isnt your home or office, such as a coffee shop. When you get there, power on your burner phone. Keep in mind that this location is now tied to your burner phone, so you might wish to do this step when youre traveling in another city.

Using Tor Browser, I navigated to https://twitter.com/signup and signed up for a new account. The new account form asked for my full name (Facts Are True), my email address (factsaretrue@sigaint.org), and a password.

After clicking Sign up, I was immediately prompted to enter my phone number. I typed my anonymous phone number and clicked Call me. A Twitter robot called my burner and read out a six-digit number, which I typed into the next page on Tor Browser. It worked great.

With the phone number verification step complete, I powered off my burner phone. Once youre sure you dont need your burner phone anymore, its a good idea to get rid of it.

Toward the end of the signup process, Twitter prompted me to come up with a username. After many tries, I found one I liked: @FactsNotAlt. After clicking through the welcome screen, I was finally logged into my new anonymous account.

I went ahead and confirmed that I control my factsaretrue@sigaint.org email address.

And there you have it. I set up my new account and began tweeting about things that are true.

Maintaining the Twitter account over time

If youre following along, youve now created a completely anonymous Twitter account as well. Congratulations! But your work has only just started. Now comes the hard part: Maintaining this account for months, or years, without making any mistakes that compromise your identity. I wont be following these tips myself with the @FactsNotAlt account Ive already outed myself as the owner. But for anyone who is trying to anonymously maintain a popular Twitter account, here are some things to keep in mind.

Be careful about how you interact with people:

Compartmentalize:

Many successful Twitter accounts have a team of people who run them instead of a single individual. If youre part of such a team, or thinking of sharing access to your existing account with someone new:

And finally, keep in mind that after all this, Twitter can always kick you off for their own reasons. And if your account gets hacked and the email address associated with it is changed, youll have no way to recover it.

Good luck!

More:
How to Run a Rogue Government Twitter Account With an ... - The Intercept

Banks, retailers and advertisers can track your online activity using Web "fingerprinting" techniques, but these methods usually only work across a single browser. Now, however, new technology can follow you anywhere online -- even if you switch browsers.

The new tech makes it possible to establish a unique online fingerprint based not on browser features but on features of a user's operating system and computer hardware, according to a new study by researchers at Lehigh University and Washington University. The cross-browser fingerprinting technique identifies users with an accuracy of 99.24 percent, compared to AmIUnique's "state-of-the-art" accuracy of 90.84 percent across a single browser, according to the researchers.

While acknowledging the fingerprinting method could be used for undesirable purposes that violate online privacy, the researchers said the technique could also help service providers authenticate users for improved security.

Tracking Tech Evolving Fast

In their paper, researchers Yinzhi Cao and Song Li of Lehigh University and Erik Wijmans of Washington University in St. Louis described their cross-browser fingerprinting technique as the first to use "many novel OS and hardware features, especially computer graphics ones" to establish identities and track individual online users. They provided both a working demo and open source code online.

"Web tracking is a debatable technique used to remember and recognize past website visitors," the researchers noted. "On the one hand, web tracking can authenticate users -- and particularly a combination of different web tracking techniques can be used for multifactor authentication to strengthen security. On the other hand, web tracking can also be used to deliver personalized service -- if the service is undesirable, e.g., some unwanted, targeted ads, such tracking is a violation of privacy."

Whether people like it or not, Web tracking technology is widely used and evolving quickly, the researchers added, noting that "more than 90 [percent] of Alexa Top 500 Web sites adopt web tracking."

Possible Defenses: Tor, Virtualization

Cao, Li and Wijmans said their tracking technique outperforms the only other cross-browser fingerprinting technique, which uses IP (Internet Protocol) addresses to track user activity. That technique doesn't work when IP addresses are dynamically allocated -- as when users browse via mobile networks -- or changed by switching from home networks to office networks, they said.

By contrast, the new cross-browser tracking technique might even work with some installations of the Tor browser, which normally prevents browser fingerprinting, according to the researchers. They said their technique could probably be blocked by using the Tor browser with its default settings intact or by using machine virtualization, although the latter technique has the disadvantage of being "heavyweight."

For many online users, Web tracking is a daily issue. The most common sign of being tracked online is when users see ads on different Web sites for products or services they searched for earlier on different sites.

Privacy-focused organizations have developed a number of tools to help users minimize the impact of such tracking. The Electronic Frontier Foundation, for example, offers a tracking tester called Panopticlick that lets users analyze and tweak their browsers and add-ons to maximize privacy protections.

Cao, Li and Wijmans plan to present their research at the Network and Distributed System Security Symposium scheduled for Feb. 26 through March 1 in San Diego.

Image Credit: iStock.

Go here to see the original:
New 'Fingerprinting' Tech Can Track You Anywhere Online - Top Tech News

Banks, retailers and advertisers can track your online activity using Web "fingerprinting" techniques, but these methods usually only work across a single browser. Now, however, new technology can follow you anywhere online -- even if you switch browsers.

The new tech makes it possible to establish a unique online fingerprint based not on browser features but on features of a user's operating system and computer hardware, according to a new study by researchers at Lehigh University and Washington University. The cross-browser fingerprinting technique identifies users with an accuracy of 99.24 percent, compared to AmIUnique's "state-of-the-art" accuracy of 90.84 percent across a single browser, according to the researchers.

While acknowledging the fingerprinting method could be used for undesirable purposes that violate online privacy, the researchers said the technique could also help service providers authenticate users for improved security.

Tracking Tech Evolving Fast

In their paper, researchers Yinzhi Cao and Song Li of Lehigh University and Erik Wijmans of Washington University in St. Louis described their cross-browser fingerprinting technique as the first to use "many novel OS and hardware features, especially computer graphics ones" to establish identities and track individual online users. They provided both a working demo and open source code online.

"Web tracking is a debatable technique used to remember and recognize past website visitors," the researchers noted. "On the one hand, web tracking can authenticate users -- and particularly a combination of different web tracking techniques can be used for multifactor authentication to strengthen security. On the other hand, web tracking can also be used to deliver personalized service -- if the service is undesirable, e.g., some unwanted, targeted ads, such tracking is a violation of privacy."

Whether people like it or not, Web tracking technology is widely used and evolving quickly, the researchers added, noting that "more than 90 [percent] of Alexa Top 500 Web sites adopt web tracking."

Possible Defenses: Tor, Virtualization

Cao, Li and Wijmans said their tracking technique outperforms the only other cross-browser fingerprinting technique, which uses IP (Internet Protocol) addresses to track user activity. That technique doesn't work when IP addresses are dynamically allocated -- as when users browse via mobile networks -- or changed by switching from home networks to office networks, they said.

By contrast, the new cross-browser tracking technique might even work with some installations of the Tor browser, which normally prevents browser fingerprinting, according to the researchers. They said their technique could probably be blocked by using the Tor browser with its default settings intact or by using machine virtualization, although the latter technique has the disadvantage of being "heavyweight."

For many online users, Web tracking is a daily issue. The most common sign of being tracked online is when users see ads on different Web sites for products or services they searched for earlier on different sites.

Privacy-focused organizations have developed a number of tools to help users minimize the impact of such tracking. The Electronic Frontier Foundation, for example, offers a tracking tester called Panopticlick that lets users analyze and tweak their browsers and add-ons to maximize privacy protections.

Cao, Li and Wijmans plan to present their research at the Network and Distributed System Security Symposium scheduled for Feb. 26 through March 1 in San Diego.

Image Credit: iStock.

Read the original:
New 'Fingerprinting' Tech Can Track You Anywhere Online ... - NewsFactor Network