Category Archives: Tor Browser

It may only be a slight exaggeration that companies know more about you than you do about yourself.

Fire up your cell phone or laptop if you have any doubts. Companies can predict what you want to buy and show you ads for them. They know your birthday. They can even tell when your teenage daughter is pregnant.

(I'm not making that last one up. Target famously made that discovery a few years ago.)

Try Newsweek for only $1.25 per week

In a series of recent surveysconducted by the Previous Pew Research Center, Americans consumers say they're afraid they've lost control of their personal information and that companies aren't doing enough to protect the customer data they collect. A majority of Americans (64 percent) have personally experienced a major data breach, the poll found.

"People are interested in disappearing online," says Caleb Chen, who specializes in digital currency issues for London Trust Media, a provider of private internet products. "It's a sign of the times."

Lowering your profile is possible with a few simple steps and the right technology. But absolute anonymity online may be difficultperhaps even impossibleto achieve.

"The ability to eliminate your online footprint completely is a myth," says David Cox, the CEO of LiquidVPN, a service that helps protect your location identity online. "However, there are many ways we can minimize our online footprint."

One simple way to sweep up that trail of electronic breadcrumbs you leave is to instruct your browser to not be promiscuous with your personal information. For example, you can tell Chrome to disallow a site to track your physical location under Preferences and then by clicking Settings, followed by Advanced and Content Settings.

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014. Reuters

You can switch to a more privacy-conscious web search engine, like DuckDuckGo.com, that doesn't collect or share personal information, or use "incognito" mode on your browser, which doesn't share any personal data with the site you're visiting.

"Also, stay logged out of online services such as Gmail and Facebook," says Michael Gregg, president of Houston-based Superior Solutions Inc., an IT consulting firm. "That makes it harder for third parties to track your activity."

The strategy is sound. If you don't want everyone knowing who you are, you first have to stop telling everyone who you are. You can start by checking the privacy settings on your favorite social network, which may or may not be easy to find.

For example, on Facebook, you have to click on the arrow next to the question mark on the top left of your screen. Go to "Privacy" to review and change your account settings. On Twitter, you have to click on "Profile and settings" and then "Security and privacy."

No, they don't like to make it easyand for obvious reasons. That's how social networks make their money. You are the product.

It shouldn't take long to significantly diminish your digital footprint. But there's still some work to be done before it's eliminated.

A VPN, or virtual private network, is an application that encrypts your internet traffic and routes it through an intermediary server. As a result, the devices address is masked and third parties can't track you.

"Most VPN providers utilize shared IP addresses on their servers," explains Paul Bischoff, a privacy advocate for Comparitech.com, a services comparison site. "Multiple usersdozens, hundreds, and even thousandsare assigned a single IP address. This makes it nearly impossible to trace the activity of a single person in the pool."

As an added bonus, a VPN allows you to effectively change your location with the click of a button. So if you're in New York but you want your browser to think you're in London, you can easily do that.

If you're serious about eliminating your digital trail, you might also consider switching to the Tor Browser. Tor is a network of volunteer-operated servers that helps improve your privacy and security on the Internet. It works by creating a series of virtual tunnels rather than making a direct connection, which allows you to connect to places online without making a direct connection.

"Think of Tor surfing as taking a flight with stopovers instead of a nonstop," explains S. Adam Rizzieri, the director of digital marketing for SevenTablets.com, a developer of mobile apps. "The traveler is your internet activity, which is comprised of packets of information. In a direct flight, the traveleryour packet of informationgoes from Point A to B and the originating flight is clear. In Tor browsing, you have layovers. You still get to Point B, but your point of origin is cloaked by layovers at Points C and D."

And as you might expect, it does make the browsing experience a little slower. But no one will know who you are.

You can also scramble your message securely before sending it, which protects your identity and the information.

"If attackers can't decipher or read any of the emails, their efforts are largely stymied and the owner of the email address maintains strong privacy and anonymity when it comes to their information being protected," says Bill Bullock, the CEO of SecureMyEmail, which offers an encrypted email product.

There are hundreds of encryption products, far too many to mention in a single story. But they're fairly easy to use and often cost little or nothing. For example, a service likeVirtu, which is a simple extension to your Chrome browser, offers military-grade encryption, allows you to control forwarding, permits you to take a message back and even expire an email.

But many of today's encryption solutions are cumbersome to use, forcing the recipient to download software before they can read your message.

Maybe it's worth pausing for a moment to ask how we got to this place. How did all of our personal information get carelessly strewn across the internet? While there are many reasons for why companies seem to know so much about us, and why we know comparatively little about them, one explanation seems inescapable: consumers collectively assigned almost no value to their privacy for too long.

And here we are.

In a world without secrets, these steps can ensure that you'll keep a few more of yours. Checking your privacy settings, switching browsers, using a VPN and adding encryption can certainly help.

"But there's only one surefire way to be invisible online," says Ed Brancheau, the chief executive of the digital marketing agency Goozleology. "Don't go online."

Consumer advocateChristopher Elliott's latest book isHow To Be The Worlds Smartest Traveler(National Geographic). You can get real-time answers to any consumer question on his new forum,elliott.org/forum, or by emailing him at chris@elliott.org.

See more here:
How to Stay (Mostly) Anonymous Online - Newsweek - Newsweek

Banks, retailers and advertisers can track your online activity using Web "fingerprinting" techniques, but these methods usually only work across a single browser. Now, however, new technology can follow you anywhere online -- even if you switch browsers.

The new tech makes it possible to establish a unique online fingerprint based not on browser features but on features of a user's operating system and computer hardware, according to a new study by researchers at Lehigh University and Washington University. The cross-browser fingerprinting technique identifies users with an accuracy of 99.24 percent, compared to AmIUnique's "state-of-the-art" accuracy of 90.84 percent across a single browser, according to the researchers.

While acknowledging the fingerprinting method could be used for undesirable purposes that violate online privacy, the researchers said the technique could also help service providers authenticate users for improved security.

Tracking Tech Evolving Fast

In their paper, researchers Yinzhi Cao and Song Li of Lehigh University and Erik Wijmans of Washington University in St. Louis described their cross-browser fingerprinting technique as the first to use "many novel OS and hardware features, especially computer graphics ones" to establish identities and track individual online users. They provided both a working demo and open source code online.

"Web tracking is a debatable technique used to remember and recognize past website visitors," the researchers noted. "On the one hand, web tracking can authenticate users -- and particularly a combination of different web tracking techniques can be used for multifactor authentication to strengthen security. On the other hand, web tracking can also be used to deliver personalized service -- if the service is undesirable, e.g., some unwanted, targeted ads, such tracking is a violation of privacy."

Whether people like it or not, Web tracking technology is widely used and evolving quickly, the researchers added, noting that "more than 90 [percent] of Alexa Top 500 Web sites adopt web tracking."

Possible Defenses: Tor, Virtualization

Cao, Li and Wijmans said their tracking technique outperforms the only other cross-browser fingerprinting technique, which uses IP (Internet Protocol) addresses to track user activity. That technique doesn't work when IP addresses are dynamically allocated -- as when users browse via mobile networks -- or changed by switching from home networks to office networks, they said.

By contrast, the new cross-browser tracking technique might even work with some installations of the Tor browser, which normally prevents browser fingerprinting, according to the researchers. They said their technique could probably be blocked by using the Tor browser with its default settings intact or by using machine virtualization, although the latter technique has the disadvantage of being "heavyweight."

For many online users, Web tracking is a daily issue. The most common sign of being tracked online is when users see ads on different Web sites for products or services they searched for earlier on different sites.

Privacy-focused organizations have developed a number of tools to help users minimize the impact of such tracking. The Electronic Frontier Foundation, for example, offers a tracking tester called Panopticlick that lets users analyze and tweak their browsers and add-ons to maximize privacy protections.

Cao, Li and Wijmans plan to present their research at the Network and Distributed System Security Symposium scheduled for Feb. 26 through March 1 in San Diego.

Image Credit: iStock.

Read the rest here:
New 'Fingerprinting' Tech Can Track You Anywhere Online - CIO Today

Cannabis.com, GayEgypt.com, Circumcision.org, WhitePower.com, and yes, HardSexTube.com are all sites that the Tor Projects new app pointed my iPhone towards this morning. Dont worry, its all for a good cause.

The Open Observatory of Network Interference (OONI) has been around for the last five years or so, but its software suite, Ooniprobe, only existed as command line-installable a desktop software package. Sponsored by the Tor Projectbest known for its mostly secure Tor web browserOoniprobe seeks to map where internet censorship is taking place via a live map. Unsurprisingly, the US is largely unaffected while Russia, China, and Saudi Arabia arent so lucky.

As of today, Ooniprobe is available as an Android or iOS app that even the least computer savvy but censorship-concerned internet user can easily install. That is, if the warnings in the markedly easier installation process dont scare you half to death.

The mere use of ooniprobe might be viewed as a form of espionage, regardless of the laws in your country, the welcome screen warns, we encourage you to consult with a lawyer prior to installing and running ooniprobe. New York is in the middle of a snowstorm, and I dont exactly keep legal counsel on retainer, so that didnt happen. The same screen warns potential users that the app will download data from provocative or objectionable sites (e.g. pornography) as you may already have guessed.

Ooniprobes risks page describes the possibility of severe civil, criminal, or extra-judicial penalties such as being assaulted or targeted for surveillance. Caveating the whole thing is the disclaimer: The risks described below are quite speculative. To our knowledge, no ooniprobe user has ever faced consequences from the risks described below. Hmm.

As to the app itself, the web connectivity test is the meat of its functionality. Essentially it attempts to visit a slew of sites which range from mundane email portals (hotmail.msn.com) to the Air Forces F-35 Lightning II page (jsf.mil). At the same time, a server tries to get to those same pages and if they load differently its flagged in red as potentially censored. Ooniprobes test sites are, as The Atlantic points out, a list built collaboratively between OONI and Citizen Project and aim to catalog crucial services or controversial content most likely to be censored. (Flatteringly, our sister site Jezebel made the cut.)

The app seems to give plenty of false positives. Among the supposedly censored sites were sex toy site realdoll.com, kids.yahoo.com, myspace.com, and metacrawler.com, all of which worked just fine on desktop. Ooniprobes helpful suggestions to avoid being denied the full scope of Real Dolls online retail website are to use open DNS (check), force HTTPS (which most browsers now do by default), or to use the Tor browser (Tor is not presently available on iOS).

Currently, the only other two tests included in this mobile build of Ooniprobe are an HTTP Invalid request test and a standard speed test. The former showed no anomaly and the latter gave me upload, download, and ping times comparable to Ooklas industry-standard speed test.

So what have we learned from this experience? Internet censorship isnt really happening on an infrastructural level in the USat least not in a way this app can detect it. And even though youre unlikely to be sent to a gulag for installing Ooniprobe, pinging WhitePower.com has definitely landed me on some sort of watchlist.

More here:
Why Did an Internet Censorship App Send My Phone to ... - Gizmodo - Gizmodo

Browsers are our window into the virtual world.

So often though, we forget that just as we are looking outward, companies are looking inward. Every search we perform is logged and tied to our virtual footprint (and amongst other things, our geographic location). Search surveillance consequences span from differential pricing (like a higher online price if your browser denotes your location as affluent) to the inability for people to access sensitive information in countries with strict censorship laws (countries, for example, restricting access to sites about AIDS). Access to the amount and kinds of information internet architecture provides is unprecedented, and we are only beginning to understand the implications.

This is where The Onion Router (Tor) comes in. The Tor browser obscures any personal ties and information (with a few exceptions) associated with your browsinghistory. When you use Tor, instead of your request going straight from your browser to the site (like from my DuckDuckGosearch right to technical.ly/philly),it reroutes through several different countries. When using Tor, my request then might go through Norway and Germany before reaching technical.ly/philly. You might imagine that when using Tor, you are not only putting shades on your window but also removing your house from the map or Streetview entirely.

The overall strategy of Tor is that the more people who use it, the stronger of a tool it is. For activist and West Philly-based Tor Communications DirectorKatie Krauss, using Tor is not just switching a browser.

Using the Tor browser is a civic act it allows you to protect your right to privacy, and at the same time it helps human rights activists in countries like Iran or China to use the Internet without getting a knock on the door, she said.

The Tor Project also has Philly roots, as cofounder and research director Roger Dingledine used to be a visiting professor at Drexel.

Below are screenshots and some narrative about my experience downloading and using Tor.

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

When logging on to Facebook and Gmail, Tor wouldnt have masked my identity (instead it would prevent certain kinds of advertising and tracking). However, both Facebook and Gmail gave me error messages.

(Screenshot)

Unfortunately, this was to no avail. Facebook was alerting me that my account was likely compromised, because my last shown login was from Colombia. After attempting verification steps, I was locked out of both of my accounts.

I contacted Krauss to see if this was typical or Tor-related. She gave me the Facebook loophole: The way to avoid this with Facebook is to use their onion address (put this into the address bar on the Tor browser and it will take you to Facebook): https://facebookcorewwwi.onion/.For more info, she directed me to this Facebook blog post.

Krauss noted that she and several other users she checked with have no problem with Gmail in the Tor browser, though it is possible that the issue was the Tor-Gmail interface.

In the end, it worked for me: I was locked out of Gmail for about 3 hours, but after attempting again, I was able to sign in (though I had to verify with an extra step). While it was frustrating to be locked out of my email for a bit, the experience drove home for me how location dependent verification is (and the potential consequences of such dependence).

Overall, Tor was easy to implement and the inconvenience of switching browser was worth the benefit.Ive since relapsed since I first used it because its faster to go log on in Chrome and I need Google Hangouts for work (I havent been able to use it on Tor) but I am back on Tor now.

As I was browsing and watching the latest news, the onion metaphor made me beyond the technical aspect of Tor: if we imagine that those whose civil rights are most vulnerable are in the center, we can effect change by layering around them even with as simple an act of a browser change.

Jen Rajchel explores the intersection between the humanities and technology. A transplant from Las Vegas, she is a Bryn Mawr grad who has made the Philly suburbs her home.

Read this article:
'Using Tor is a civic act': A beginner's guide to the privacy browser - Technical.ly Philly

Cybercriminals have been using digital rights management (DRM) files in Windows to transport malware for a while. Social engineering was often an integral part of this process since any attempt to open these files in Windows Media Player (WMP) would then generate a pop-up that redirected the targets default browser to an attacker-controlled website. That website was the beginning of an infection.

Now, attackers are using this process for more than just malware. Researchers recently found that the Tor browser and privacy controls can be affected by a malicious DRM file.

Malicious DRM files work by causing Windows Media Player (WMP) to generate a pop-up requesting permission to redirect the default browser to the content providers website to find out how to obtain the necessary play rights, Hacker House reported. Once a user agrees, he or she is sent to a malware-laden page and the infection process begins. However, this only happens when users attempt to open unlicensed files.

But now, cybercriminals have devised a way for a file with a proper DRM license to redirect the browser without so much as a prompt. Not only could this lead to malware, but it could also contribute to a massive loss of privacy for certain users.

Bleeping Computer, reporting on the Hacker House findings, noted that these DRM files can cause problems when opened in the privacy-enhanced Tor browser. Attackers can capture victims credentials surreptitiously by using cryptographically signed DRM files.

The attackers website appears legitimate to detract attention from the fraudulent URL. Users who interact with the site risk revealing their IP addresses or other credentials through normal system calls. For Tor users, many of whom are using the browser specifically to hide these details, this is a worst case scenario.

Hacker House posted a short video that showed how the malware operators can extract a victims IP with a single click. Its easy to see how a malicious, signed DRM file might also silently ping an attacker-controlled URL to report a victims status and location.

Since the DRM signing process can cost around $10,000, only cybercriminals with deep pockets can fund such a scheme. Those who can afford it, however, have a significant advantage when it comes to spreading malware.

This social engineering scheme is sneaky enough to fool even security-savvy Tor users. To be safe, everyone should avoid all unknown DRM files, no matter how enticing the title may be.

Read more from the original source:
Infected DRM Files Can Reveal Tor Data - Security Intelligence - Security Intelligence (blog)

Windows users running the Tor browser can be tricked into uncloaking themselves, with a pretty straightforward trick based on Microsoft's DRM system.

The discovery was made by Hacker House, which says it's been researching social engineering attacks made using DRM-protected content.

What the UK-based security outfit found is that a pretty straightforward bit of social engineering click on this media file can, at the very least, reveal the user's real IP address.

Here's what's going on: DRM-protected media has to fetch its licence key from a server. If it's not signed properly, Windows raises a dialogue to warn you.

However, this warning DOES NOT appear if the DRM license has been signed correctly and the Digital Signature Object, Content Encryption Object and Extended Content Encryption Object contain the appropriate cryptographic signing performed by an authorised Microsoft License Server profile, the author writes.

Hide this dialogue, capture a Tor user's IP address

Microsoft sets high barriers to entry for those who want to start signing media: If you want to build your own Microsoft DRM signing solution the price-tag is around US$10,000, Hacker House notes.

What they've seen in the wild is someone managing to generate signed content, apparently without paying that toll.

As these signed WMV files do not present any alert to a user before opening them they can be used quite effectively to decloak users of the popular privacy tool TorBrowser with very little warning, they write.

The risk that media files could expose users is known to Tor, which warns users to run Tails if they want to run media files.

It's not the first time people have seen social engineering attacks based on media files: the old you need a plug-in to play this file strategy had a Windows DRM variant back in 2013, according to Virus Total.

See the rest here:
Microsoft's DRM can expose Windows-on-Tor users' IP address - The Register

The Hacker House security experts have warned that downloading and opening Windows DRM-protected files can decloak Tor Browser users and reveal their IP addresses.

The attacks via DRM-protected multimedia files in Windows have been known for more than 10 years, though until recently, theyve only been used to spread malware.

Some of the previous attacks tried to make users open and play DRM-protected files. Usually, these files would open in Windows Media Player, and users would see a popup that asked them to visit a URL to validate the files license.

PC users who agreed were transferred to an authorization URL. However, what users dont know is that hackers could modify these links and point victims to exploit kits or malware-laced files.

The Hacker House team has found that the pop up asking users if they wanted to visit the authorization URL would only appear for DRM files which have not been signed with the proper tools.

In case the attacker signed the DRM-protected multimedia files with an official Microsoft SDKs such as Windows Media Encoder or Microsoft Expression Encoder, the popup would not show, and the users player would automatically open an Internet Explorer instance and access the authorization URL.

According to the Hacker House security experts, the cost of properly signing DRM multimedia files ranges around $10,000, a sum that many low-end malware authors arent willing to pay for such a niche attack.

Nevertheless, the same thing doesnt relate to determined state-sponsored hackers or law enforcement agencies, who have the financial and physical resources to support such an attack infrastructure.

For example, law enforcement could host properly signed DRM-protected files on websites pretending to host child pornography. When a user would try to view the file, the DRM multimedia file would use Internet Explorer to ping a server belonging to the law enforcement agency.

Also, this tactic can be used to target ISIS militants trying to view propaganda videos, illegal drug and weapons buyers trying to view video product demos, political dissidents viewing news videos, etc.

See more here:
Windows DRM Files Deanonymize Tor Browser Users - Virus Guides - Virus Guides (blog)

Orfox is built from the same source code as Tor Browser (which is built upon Firefox), but with a few minor modifications to the privacy enhancing features to make them compatible with Firefox for Android and the Android operating system.

Orfox REQUIRES Orbot app for Android to connect to the Tor network.

In as many ways as possible, we adhere to the design goals of Tor Browser (https://www.torproject.org/projects/torbrowser/design/), by supporting as much of their actual code as possible, and extending their work into the additional Android components of Firefox for Android.

** Also, includes NoScript and HTTPSEverywhere add-ons built in!

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

Learn more at: https://guardianproject.info/apps/orfox

* * How is Orfox different than Tor Browser for desktop?

* The Orfox code repository is at https://github.com/guardianproject/tor-browser and the Tor Browser repository is here:https://gitweb.torproject.org/tor-browser.git/. The Orfox repository is a fork of the Tor Browser repository with the necessary modification and Android-specific code as patches on top of the Tor Browser work. We will keep our repository in sync with updates and release of Tor Browser.

* Orfox is built from the Tor Browser repo based on ESR38 (https://dev.guardianproject.info/issues/5146https://dev.guardianproject.info/news/221) and has only two modified patches that were not relevant or necessary for Android

* Orfox does not currently include the mobile versions of the Tor Browser * Button, but this we will be added shortly, now that we have discovered how to properly support automatic installation of extensions on Android (https://dev.guardianproject.info/issues/5360)

* Orfox currently allows for users to bookmark sites, and may have additional data written to disk beyond what the core gecko browser component does. We are still auditing all disk write code, and determining how to appropriately disable or harden it. (https://dev.guardianproject.info/issues/5437)

* * How is Orfox different than Orweb?

Orweb is our current default browser for Orbot/Tor mobile users (https://guardianproject.info/apps/orweb) that has been downloaded over 2 million times. It is VERY VERY SIMPLE, as it only has one tab, no bookmark capability, and an extremely minimal user experience.

Orweb is built upon the bundled WebView (Webkit) browser component inside of the Android operating system. This has proven to be problematic because we cannot control the version of that component, and cannot upgrade it directly when bugs are found. In addition, Google has made it very difficult to effectively control the network proxy settings of all aspects of this component, making it difficult to guarantee that traffic will not leak on all devices and OS versions.

Orweb also only provides a very limited amount of capability of Tor Browser, primarily related to reducing browser fingerprinting, minimizing disk writes, and cookie and history management. It trys to mimic some of the settings of Tor Browser, but doesnt actually use any of the actual code written for Tor Browser security hardening.

Read the original here:
Orfox: Tor Browser for Android - Android Apps on Google Play

J.M. Porup (UK) - Jan 9, 2017 1:42 pm UTC

Techno Fishy

When Mike Tigas first created the Onion Browser app for iOS in 2012, he never expected it to become popular. He was working as a newsroom Web developer at The Spokesman-Review in Spokane, Washington, at the time, and wanted a Tor browser app for himself and his colleagues. Expecting little interest, he then put Onion Browser on the Apple App Store at just $0.99/0.69, the lowest non-zero price that Apple allows.

Fast forward to 2016, and Tigas found himself living in New York City, working as a developer and investigative journalist at ProPublica, while earning upwards of $2,000 a month from the appand worrying that charging for it was keeping anonymous browsing out of the hands of people who needed it.

"Given recent events, many believe it's more important than ever to exercise and support freedom of speech, privacy rights, and digital security," he wrote in a blog post. "I think now is as good a time as ever to make Onion Browser more accessible to everyone."

Global concerns also influenced his decision. "Iran is not technically a country where you can get an iPhone, but on the grey market you can," he told Ars. "People over there can't get apps you have to pay for, because you have to have a credit card that Apple actually accepts," he added, noting that economic sanctions forbid Apple from selling to Iranian iOS users.

Onion Browser is the leading, community-supported Tor Web browser for iOS, but it lacks some of the features available for Tor Browser (Linux, MacOS, Windows) and OrFox (Android), due to technical roadblocks peculiar to iOS. (The Tor Project has so far declined to officially endorse an app for iOS.)

Onion Browser for iOS.

Onion Browser settings

The two biggest challenges Tor developers on iOS face, as Tigas outlined in this blog post on the Tor Project website, are Apple's requirement that all browsers use the iOS WebKit rendering engine, and the inability to run Tor as a system-wide service or daemon on iOS.

Developers have found workarounds to both problems, and iOS users can soon expect to see a new, improved Onion Browser, as well as a Tor VPN that routes all device traffic over Torprobably in the first quarter of 2017.

Unlike the Tor or OrFox, Onion Browser is not based on the Firefox Gecko rendering engine. This is goodOnion Browser is not vulnerable to Firefox exploitsbut also bad, because code cannot be reused.

A further challenge, Tigas said, is that Apples WebKit APIs "dont allow a lot of control over the rendering and execution of Web pages, making a Tor Browser-style security slider very difficult to implement."

Many of iOS's multimedia features don't use the browser's network stack, making it difficult to ensure the native video player does not leak traffic outside of Tor.

"Onion Browser tries to provide some functionality to block JavaScript and multimedia, but these features arent yet as robust as on other platforms," Tigas wrote.

Moreover, it doesn't support tabbed browsing, and the UX is pretty basic, but Tigas is working on a rewrite based on Endless. "It adds a lot of important features over the existing Onion Browser, he said, like a nicer user-interface with tabbed browsing, HTTPS Everywhere, and HSTS Preloading. Theres a new version of Onion Browser in the works thats based on Endless that will hopefully enter beta testing this month."

Originally posted here:
The official Tor browser for iOS is free to use | Ars Technica

Tor browser in one of the best way to access blocked websites easily in schools, colleges and workplace. But if you started using Tor browser, then you came to know that it cannot play videos. This is because it doesnt contains flash/Shockwave player in it.

When you visit any video sites like YouTube or any other flash based sites you will be notified with an error message saying Install missing plugin. When you tried to install that plugin it still wont play video. Wondering why it happens? and how to install flash player in tor browser? Before we go to this point lets know whats this Tor Browser is all about.

First thing you should know about Tor Browser is, Tor is free and open source for Windows, Mac, Linux/Unix, and Android. This browser is designed to protect your privacy. By default Tor browser doesnt allow you to enable any plugins, this is because Plugins operate independently from Firefox and can perform activity on your computer that ruins your anonymity. So they disable all plugin by default and never recommend to install any plugin in your tor browser. But if you dont care about anonymity and just want to unblock blocked site, then go ahead and install any plugins you want. But installing and enabling flash player in tor browser is little tricky. I will show you how to do that.

Update (07-Jan-2014):

It looks like latest version (3.5) of Tor browser supports flash player without doing all the below steps. The only thing you need to do is install flash player on your Windows O.S, to verify installation follow 3rd step. Once you install flash player on your O.S, go and activate Flash Plugin on Tor browser by following 8th Step.

Tip: Tor site blocked? then you can download Tor via email: log in to your Gmail account and mail gettor@gettor.torproject.org. If you include the word help in the body of the email, it will reply with instructions.

2. Visit any Video streaming site like youtube.com you will see missing plugin alert. Install Flash player by clicking that alert.

3. Now locate where Flash player was installed in your computer. By default it will be installed in C:WindowsSysWOW64MacromedFlash open that directory.

4. Next open the tor browser folder. In my case I have installed in C:Tor Browser. Navigate to C:Tor BrowserFirefoxPortableDataplugins

5. Copy all the flash files which you have seen in step 2 and paste it in the location C:Tor BrowserFirefoxPortableDataplugins folder

6. Now launch your tor browser and click on Tor icon which is located behind the address bar. In the drop down menu select thePreferences option

7. Now in the Pop up menu select the Security Settings tab and uncheck Disable browser plugins (such as Flash) option and click ok

8. Now we have to enable Flash player plugin in tor browser. To do that, click on the TorBrowser drop down menu at top left corner and select Add-ons options (or) press Ctrl+Shift+A

9. Next in that plugin list you will see Shockwave Flash Now click Enable button and Restart Tor Browser.

Thats it. Now you have successfully installed Flash Player plugin on our tor browser to play video. Now open any flash based sites like youtube and start watching videos. But it doesnt play video directly. Every time you open video you will see a message saying click here to activate the adobe flash plugin click on that message to start playing video.

See the article here:
How to Install Flash Player in Tor Browser - A Shout