Page 11234..1020..»

Category Archives: Tor Browser

How to Run a Rogue Government Twitter Account With an … – The Intercept

Posted: February 22, 2017 at 3:53 am

For this exercise, I decided to pick a highly controversial political topic: Facts. I believe that what we know about reality is based on evidence that can be objectively observed. Thus, I created the completely anonymous (until publishing this article, of course) Twitter account @FactsNotAlt. Heres how I did it.

Threat model

Before we begin, it helps to define a threat model, that is: what we need to protect; who we need to protect it from; what their capabilities are; and what countermeasures prevent or mitigate these threats.

Basically, its impossible to be completely secure all the time, so we need to prioritize our limited resources into protecting what matters the most first. The most important piece of information you need to protect in this case is your real identity.

Law enforcement or the FBI might launch an investigation aimed at learning your identity. It may be to retaliate against you getting you fired, charging you with crimes, or worse. Your Twitter account might also anger armies of trolls who could threaten you, abuse you with hate speech, and try to uncover your identity.

If the FBI opens an investigation aimed at de-anonymizing you, one of the first things theyll do is simply ask Twitter and every other service that they know you use for information about your account. So a critically important countermeasure to take is to ensure that none of the information tied to your account phone numbers, email addresses, or IP addresses youve used while logging into your account lead back to you.

This is true for all accounts you create. For instance, if you supply a phone number while creating your Twitter account, the phone service provider associated with that number shouldnt have information that can lead back to you either.

Another concern: The FBI also might go undercover online and try to befriend you, to trick you into revealing details about yourself or to trick you into clicking a link to hack you. They might make use of informants in the community of people who follow you on Twitter as well. Organized trolls might use the same tactics.

Hiding your IP address with Tor

An IP address is a set of numbers that identifies a computer, or a network of computers, on the internet. Unless you take extra steps, every website you visit can see your IP address. If youre using Twitter while connected to your home or office Wi-Fi network, or your phones data plan, Twitter can tell. If they hand these IP addresses to the FBI, you will very quickly lose your anonymity.

This is where Tor comes in. Tor is a decentralized network of servers that help people bypass internet censorship, evade internet surveillance, and access websites anonymously. If you connect to Twitter while youre using Tor Browser, Twitter cant tell what your real IP address is instead, theyll see the IP address of a random Tor server. Tor servers are run by volunteers. And even if any of the servers bouncing your data around are malicious, they wont be able to learn both who you are and what youre doing.

This is the primary benefit that Tor has over Virtual Private Network, or VPN, services, which try to help users hide their IP addresses. The FBI can go to a VPN service to learn your real IP address (assuming the VPN keeps a record of its users IP addresses, and cooperates with these requests). This isnt true with Tor.

To get started with Tor, download Tor Browser. Its a web browser, like Chrome or Firefox, but all its internet traffic gets routed over the Tor network, hiding your real IP address.

Using Tor Browser is the easiest way to get started, but its not perfect. For instance, a hacker who knows about a vulnerability in Tor Browser can discover your real IP address by tricking you into visiting a website they control, and exploiting that vulnerability the FBI has done this in the past. For this reason, its important to always immediately update Tor Browser when you get prompted.

You can also protect yourself from Tor Browser security bugs by using an operating system thats designed to protect your anonymity, such as Tails or Qubes with Whonix, (Ive written about the latter here). This is more work for you, but it might be worth it. Personally, Im using Qubes with Whonix.

Getting an anonymous email address

Before you can create nearly any account online, you need an email address. While popular email services like Gmail or Yahoo Mail let anyone make an account for free, they dont make it easy to do so anonymously. Most of them require that you verify your identity with a phone number. You can in fact do that anonymously (more on that below), but I prefer using an email provider that is happy to give addresses to anonymous users.

One of these providers is SIGAINT, a darknet-only service that forces all its users to login using Tor to read or send email. The people who run it are anonymous and it contains ads for (sometimes very sketchy, sorry) darknet websites. However, you do end up with a working, anonymous email address.

Update: Feb. 20, 3:10 p.m. ET The SIGAINT service appears to be down right now. Whileits down, you can try Riseup, or set up a burner phone and then tryProtonMail, Gmail, or some other service instead.

If you prefer not to use SIGAINT, another good choice is Riseup, a technology collective that provides email, mailing list, VPN, and other similar services to activists around the world. Accounts are free, and they dont ask for any identifying information, but you do need invite codes from two friends who already use Riseup in order to create an account.

Yet another option is ProtonMail a privacy-friendly email provider based in Switzerland that asks for minimal identifying information and works well over Tor. However, to prevent abuse, they require Tor users to provide a phone number (that they promise not to store) to receive an SMS during account creation. So, if youd like to use ProtonMail instead (or any other email service that requires a phone number when creating an account over Tor), follow the steps below to create an anonymous phone number first.

I decided to use SIGAINT. In Tor Browser, I went to SIGAINTs onion service address, sigaintevyh2rzvw.onion, which I found on their public website. This is a special type of web address that only works in Tor Browser, and not the normal internet. From there, I filled out the form to create a new account.

Thats it. Ive now created a brand new anonymous email address: factsaretrue@sigaint.org.

Getting an anonymous phone number

While attempting to create a Twitter account, I quickly hit a snag. Even if I provide my (anonymous) email address, Twitter wont let me create a new account without first verifying my phone number. (You might get lucky and get the option to skip entering your phone number it doesnt hurt to try but if youre coming from a Tor node that isnt likely.)

This is a problem, because I obviously cant use my real phone number if I want to remain anonymous. So to proceed, I needed to figure out how to get a phone number that isnt tied to my actual identity. This is a common problem when trying to stay anonymous online, so you can follow these instructions any time you need a phone number when opening an account.

There are other ways to do it, but I chose a conceptually simple option: Buy a burner phone anonymously, use it to verify my new Twitter account, and then get rid of it. I wandered around downtown San Francisco looking in convenience stores and pharmacies until I found what I was looking for in a 7-Eleven.

Using cash, I bought the cheapest TracFone handset I could find (an LG 328BG feature phone as in, not a smartphone) as well as 60 minutes worth of voice service, for a total of $62.38 after tax. You might be able to find cheaper cell phone handsets if you look long enough.

If youre going to get a burner phone and want to maintain your anonymity, here are some things to keep in mind:

After buying phone service, youll need to activate the phone. This process will be different with different phone companies. TracFone requires you to activate your handset either by calling their phone number from a different phone obviously not a good option for someone trying to remain anonymous or by activating online at their website. I activated my burner phone online using Tor Browser.

Once youve activated your phone, you can use the phones menu system to learn what your new phone number is. On my LG 328BG, I pressed Menu, selected Settings, and finally Phone Information to find it.

Creating a Twitter account anonymously

Finally, armed with an email address and phone number that arent in any way connected to my real identity, I could create a Twitter account.

Before making an account, grab your laptop and burner phone and go to a public location that isnt your home or office, such as a coffee shop. When you get there, power on your burner phone. Keep in mind that this location is now tied to your burner phone, so you might wish to do this step when youre traveling in another city.

Using Tor Browser, I navigated to https://twitter.com/signup and signed up for a new account. The new account form asked for my full name (Facts Are True), my email address (factsaretrue@sigaint.org), and a password.

After clicking Sign up, I was immediately prompted to enter my phone number. I typed my anonymous phone number and clicked Call me. A Twitter robot called my burner and read out a six-digit number, which I typed into the next page on Tor Browser. It worked great.

With the phone number verification step complete, I powered off my burner phone. Once youre sure you dont need your burner phone anymore, its a good idea to get rid of it.

Toward the end of the signup process, Twitter prompted me to come up with a username. After many tries, I found one I liked: @FactsNotAlt. After clicking through the welcome screen, I was finally logged into my new anonymous account.

I went ahead and confirmed that I control my factsaretrue@sigaint.org email address.

And there you have it. I set up my new account and began tweeting about things that are true.

Maintaining the Twitter account over time

If youre following along, youve now created a completely anonymous Twitter account as well. Congratulations! But your work has only just started. Now comes the hard part: Maintaining this account for months, or years, without making any mistakes that compromise your identity. I wont be following these tips myself with the @FactsNotAlt account Ive already outed myself as the owner. But for anyone who is trying to anonymously maintain a popular Twitter account, here are some things to keep in mind.

Be careful about how you interact with people:

Compartmentalize:

Many successful Twitter accounts have a team of people who run them instead of a single individual. If youre part of such a team, or thinking of sharing access to your existing account with someone new:

And finally, keep in mind that after all this, Twitter can always kick you off for their own reasons. And if your account gets hacked and the email address associated with it is changed, youll have no way to recover it.

Good luck!

More:
How to Run a Rogue Government Twitter Account With an … – The Intercept

Posted in Tor Browser | Comments Off on How to Run a Rogue Government Twitter Account With an … – The Intercept

New ‘Fingerprinting’ Tech Can Track You Anywhere Online – Top Tech News

Posted: at 3:53 am

Banks, retailers and advertisers can track your online activity using Web “fingerprinting” techniques, but these methods usually only work across a single browser. Now, however, new technology can follow you anywhere online — even if you switch browsers.

The new tech makes it possible to establish a unique online fingerprint based not on browser features but on features of a user’s operating system and computer hardware, according to a new study by researchers at Lehigh University and Washington University. The cross-browser fingerprinting technique identifies users with an accuracy of 99.24 percent, compared to AmIUnique’s “state-of-the-art” accuracy of 90.84 percent across a single browser, according to the researchers.

While acknowledging the fingerprinting method could be used for undesirable purposes that violate online privacy, the researchers said the technique could also help service providers authenticate users for improved security.

Tracking Tech Evolving Fast

In their paper, researchers Yinzhi Cao and Song Li of Lehigh University and Erik Wijmans of Washington University in St. Louis described their cross-browser fingerprinting technique as the first to use “many novel OS and hardware features, especially computer graphics ones” to establish identities and track individual online users. They provided both a working demo and open source code online.

“Web tracking is a debatable technique used to remember and recognize past website visitors,” the researchers noted. “On the one hand, web tracking can authenticate users — and particularly a combination of different web tracking techniques can be used for multifactor authentication to strengthen security. On the other hand, web tracking can also be used to deliver personalized service — if the service is undesirable, e.g., some unwanted, targeted ads, such tracking is a violation of privacy.”

Whether people like it or not, Web tracking technology is widely used and evolving quickly, the researchers added, noting that “more than 90 [percent] of Alexa Top 500 Web sites adopt web tracking.”

Possible Defenses: Tor, Virtualization

Cao, Li and Wijmans said their tracking technique outperforms the only other cross-browser fingerprinting technique, which uses IP (Internet Protocol) addresses to track user activity. That technique doesn’t work when IP addresses are dynamically allocated — as when users browse via mobile networks — or changed by switching from home networks to office networks, they said.

By contrast, the new cross-browser tracking technique might even work with some installations of the Tor browser, which normally prevents browser fingerprinting, according to the researchers. They said their technique could probably be blocked by using the Tor browser with its default settings intact or by using machine virtualization, although the latter technique has the disadvantage of being “heavyweight.”

For many online users, Web tracking is a daily issue. The most common sign of being tracked online is when users see ads on different Web sites for products or services they searched for earlier on different sites.

Privacy-focused organizations have developed a number of tools to help users minimize the impact of such tracking. The Electronic Frontier Foundation, for example, offers a tracking tester called Panopticlick that lets users analyze and tweak their browsers and add-ons to maximize privacy protections.

Cao, Li and Wijmans plan to present their research at the Network and Distributed System Security Symposium scheduled for Feb. 26 through March 1 in San Diego.

Image Credit: iStock.

Go here to see the original:
New ‘Fingerprinting’ Tech Can Track You Anywhere Online – Top Tech News

Posted in Tor Browser | Comments Off on New ‘Fingerprinting’ Tech Can Track You Anywhere Online – Top Tech News

New ‘Fingerprinting’ Tech Can Track You Anywhere Online … – NewsFactor Network

Posted: February 19, 2017 at 10:54 am

Banks, retailers and advertisers can track your online activity using Web “fingerprinting” techniques, but these methods usually only work across a single browser. Now, however, new technology can follow you anywhere online — even if you switch browsers.

The new tech makes it possible to establish a unique online fingerprint based not on browser features but on features of a user’s operating system and computer hardware, according to a new study by researchers at Lehigh University and Washington University. The cross-browser fingerprinting technique identifies users with an accuracy of 99.24 percent, compared to AmIUnique’s “state-of-the-art” accuracy of 90.84 percent across a single browser, according to the researchers.

While acknowledging the fingerprinting method could be used for undesirable purposes that violate online privacy, the researchers said the technique could also help service providers authenticate users for improved security.

Tracking Tech Evolving Fast

In their paper, researchers Yinzhi Cao and Song Li of Lehigh University and Erik Wijmans of Washington University in St. Louis described their cross-browser fingerprinting technique as the first to use “many novel OS and hardware features, especially computer graphics ones” to establish identities and track individual online users. They provided both a working demo and open source code online.

“Web tracking is a debatable technique used to remember and recognize past website visitors,” the researchers noted. “On the one hand, web tracking can authenticate users — and particularly a combination of different web tracking techniques can be used for multifactor authentication to strengthen security. On the other hand, web tracking can also be used to deliver personalized service — if the service is undesirable, e.g., some unwanted, targeted ads, such tracking is a violation of privacy.”

Whether people like it or not, Web tracking technology is widely used and evolving quickly, the researchers added, noting that “more than 90 [percent] of Alexa Top 500 Web sites adopt web tracking.”

Possible Defenses: Tor, Virtualization

Cao, Li and Wijmans said their tracking technique outperforms the only other cross-browser fingerprinting technique, which uses IP (Internet Protocol) addresses to track user activity. That technique doesn’t work when IP addresses are dynamically allocated — as when users browse via mobile networks — or changed by switching from home networks to office networks, they said.

By contrast, the new cross-browser tracking technique might even work with some installations of the Tor browser, which normally prevents browser fingerprinting, according to the researchers. They said their technique could probably be blocked by using the Tor browser with its default settings intact or by using machine virtualization, although the latter technique has the disadvantage of being “heavyweight.”

For many online users, Web tracking is a daily issue. The most common sign of being tracked online is when users see ads on different Web sites for products or services they searched for earlier on different sites.

Privacy-focused organizations have developed a number of tools to help users minimize the impact of such tracking. The Electronic Frontier Foundation, for example, offers a tracking tester called Panopticlick that lets users analyze and tweak their browsers and add-ons to maximize privacy protections.

Cao, Li and Wijmans plan to present their research at the Network and Distributed System Security Symposium scheduled for Feb. 26 through March 1 in San Diego.

Image Credit: iStock.

Read the original:
New ‘Fingerprinting’ Tech Can Track You Anywhere Online … – NewsFactor Network

Posted in Tor Browser | Comments Off on New ‘Fingerprinting’ Tech Can Track You Anywhere Online … – NewsFactor Network

How to Stay (Mostly) Anonymous Online – Newsweek – Newsweek

Posted: at 10:54 am

It may only be a slight exaggeration that companies know more about you than you do about yourself.

Fire up your cell phone or laptop if you have any doubts. Companies can predict what you want to buy and show you ads for them. They know your birthday. They can even tell when your teenage daughter is pregnant.

(I’m not making that last one up. Target famously made that discovery a few years ago.)

Try Newsweek for only $1.25 per week

In a series of recent surveysconducted by the Previous Pew Research Center, Americans consumers say they’re afraid they’ve lost control of their personal information and that companies aren’t doing enough to protect the customer data they collect. A majority of Americans (64 percent) have personally experienced a major data breach, the poll found.

“People are interested in disappearing online,” says Caleb Chen, who specializes in digital currency issues for London Trust Media, a provider of private internet products. “It’s a sign of the times.”

Lowering your profile is possible with a few simple steps and the right technology. But absolute anonymity online may be difficultperhaps even impossibleto achieve.

“The ability to eliminate your online footprint completely is a myth,” says David Cox, the CEO of LiquidVPN, a service that helps protect your location identity online. “However, there are many ways we can minimize our online footprint.”

One simple way to sweep up that trail of electronic breadcrumbs you leave is to instruct your browser to not be promiscuous with your personal information. For example, you can tell Chrome to disallow a site to track your physical location under Preferences and then by clicking Settings, followed by Advanced and Content Settings.

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014. Reuters

You can switch to a more privacy-conscious web search engine, like DuckDuckGo.com, that doesn’t collect or share personal information, or use “incognito” mode on your browser, which doesn’t share any personal data with the site you’re visiting.

“Also, stay logged out of online services such as Gmail and Facebook,” says Michael Gregg, president of Houston-based Superior Solutions Inc., an IT consulting firm. “That makes it harder for third parties to track your activity.”

The strategy is sound. If you don’t want everyone knowing who you are, you first have to stop telling everyone who you are. You can start by checking the privacy settings on your favorite social network, which may or may not be easy to find.

For example, on Facebook, you have to click on the arrow next to the question mark on the top left of your screen. Go to “Privacy” to review and change your account settings. On Twitter, you have to click on “Profile and settings” and then “Security and privacy.”

No, they don’t like to make it easyand for obvious reasons. That’s how social networks make their money. You are the product.

It shouldn’t take long to significantly diminish your digital footprint. But there’s still some work to be done before it’s eliminated.

A VPN, or virtual private network, is an application that encrypts your internet traffic and routes it through an intermediary server. As a result, the devices address is masked and third parties can’t track you.

“Most VPN providers utilize shared IP addresses on their servers,” explains Paul Bischoff, a privacy advocate for Comparitech.com, a services comparison site. “Multiple usersdozens, hundreds, and even thousandsare assigned a single IP address. This makes it nearly impossible to trace the activity of a single person in the pool.”

As an added bonus, a VPN allows you to effectively change your location with the click of a button. So if you’re in New York but you want your browser to think you’re in London, you can easily do that.

If you’re serious about eliminating your digital trail, you might also consider switching to the Tor Browser. Tor is a network of volunteer-operated servers that helps improve your privacy and security on the Internet. It works by creating a series of virtual tunnels rather than making a direct connection, which allows you to connect to places online without making a direct connection.

“Think of Tor surfing as taking a flight with stopovers instead of a nonstop,” explains S. Adam Rizzieri, the director of digital marketing for SevenTablets.com, a developer of mobile apps. “The traveler is your internet activity, which is comprised of packets of information. In a direct flight, the traveleryour packet of informationgoes from Point A to B and the originating flight is clear. In Tor browsing, you have layovers. You still get to Point B, but your point of origin is cloaked by layovers at Points C and D.”

And as you might expect, it does make the browsing experience a little slower. But no one will know who you are.

You can also scramble your message securely before sending it, which protects your identity and the information.

“If attackers can’t decipher or read any of the emails, their efforts are largely stymied and the owner of the email address maintains strong privacy and anonymity when it comes to their information being protected,” says Bill Bullock, the CEO of SecureMyEmail, which offers an encrypted email product.

There are hundreds of encryption products, far too many to mention in a single story. But they’re fairly easy to use and often cost little or nothing. For example, a service likeVirtu, which is a simple extension to your Chrome browser, offers military-grade encryption, allows you to control forwarding, permits you to take a message back and even expire an email.

But many of today’s encryption solutions are cumbersome to use, forcing the recipient to download software before they can read your message.

Maybe it’s worth pausing for a moment to ask how we got to this place. How did all of our personal information get carelessly strewn across the internet? While there are many reasons for why companies seem to know so much about us, and why we know comparatively little about them, one explanation seems inescapable: consumers collectively assigned almost no value to their privacy for too long.

And here we are.

In a world without secrets, these steps can ensure that you’ll keep a few more of yours. Checking your privacy settings, switching browsers, using a VPN and adding encryption can certainly help.

“But there’s only one surefire way to be invisible online,” says Ed Brancheau, the chief executive of the digital marketing agency Goozleology. “Don’t go online.”

Consumer advocateChristopher Elliott’s latest book isHow To Be The Worlds Smartest Traveler(National Geographic). You can get real-time answers to any consumer question on his new forum,elliott.org/forum, or by emailing him at chris@elliott.org.

See more here:
How to Stay (Mostly) Anonymous Online – Newsweek – Newsweek

Posted in Tor Browser | Comments Off on How to Stay (Mostly) Anonymous Online – Newsweek – Newsweek

New ‘Fingerprinting’ Tech Can Track You Anywhere Online – CIO Today

Posted: February 14, 2017 at 11:55 pm

Banks, retailers and advertisers can track your online activity using Web “fingerprinting” techniques, but these methods usually only work across a single browser. Now, however, new technology can follow you anywhere online — even if you switch browsers.

The new tech makes it possible to establish a unique online fingerprint based not on browser features but on features of a user’s operating system and computer hardware, according to a new study by researchers at Lehigh University and Washington University. The cross-browser fingerprinting technique identifies users with an accuracy of 99.24 percent, compared to AmIUnique’s “state-of-the-art” accuracy of 90.84 percent across a single browser, according to the researchers.

While acknowledging the fingerprinting method could be used for undesirable purposes that violate online privacy, the researchers said the technique could also help service providers authenticate users for improved security.

Tracking Tech Evolving Fast

In their paper, researchers Yinzhi Cao and Song Li of Lehigh University and Erik Wijmans of Washington University in St. Louis described their cross-browser fingerprinting technique as the first to use “many novel OS and hardware features, especially computer graphics ones” to establish identities and track individual online users. They provided both a working demo and open source code online.

“Web tracking is a debatable technique used to remember and recognize past website visitors,” the researchers noted. “On the one hand, web tracking can authenticate users — and particularly a combination of different web tracking techniques can be used for multifactor authentication to strengthen security. On the other hand, web tracking can also be used to deliver personalized service — if the service is undesirable, e.g., some unwanted, targeted ads, such tracking is a violation of privacy.”

Whether people like it or not, Web tracking technology is widely used and evolving quickly, the researchers added, noting that “more than 90 [percent] of Alexa Top 500 Web sites adopt web tracking.”

Possible Defenses: Tor, Virtualization

Cao, Li and Wijmans said their tracking technique outperforms the only other cross-browser fingerprinting technique, which uses IP (Internet Protocol) addresses to track user activity. That technique doesn’t work when IP addresses are dynamically allocated — as when users browse via mobile networks — or changed by switching from home networks to office networks, they said.

By contrast, the new cross-browser tracking technique might even work with some installations of the Tor browser, which normally prevents browser fingerprinting, according to the researchers. They said their technique could probably be blocked by using the Tor browser with its default settings intact or by using machine virtualization, although the latter technique has the disadvantage of being “heavyweight.”

For many online users, Web tracking is a daily issue. The most common sign of being tracked online is when users see ads on different Web sites for products or services they searched for earlier on different sites.

Privacy-focused organizations have developed a number of tools to help users minimize the impact of such tracking. The Electronic Frontier Foundation, for example, offers a tracking tester called Panopticlick that lets users analyze and tweak their browsers and add-ons to maximize privacy protections.

Cao, Li and Wijmans plan to present their research at the Network and Distributed System Security Symposium scheduled for Feb. 26 through March 1 in San Diego.

Image Credit: iStock.

Read the rest here:
New ‘Fingerprinting’ Tech Can Track You Anywhere Online – CIO Today

Posted in Tor Browser | Comments Off on New ‘Fingerprinting’ Tech Can Track You Anywhere Online – CIO Today

Why Did an Internet Censorship App Send My Phone to … – Gizmodo – Gizmodo

Posted: February 10, 2017 at 2:49 am

Cannabis.com, GayEgypt.com, Circumcision.org, WhitePower.com, and yes, HardSexTube.com are all sites that the Tor Projects new app pointed my iPhone towards this morning. Dont worry, its all for a good cause.

The Open Observatory of Network Interference (OONI) has been around for the last five years or so, but its software suite, Ooniprobe, only existed as command line-installable a desktop software package. Sponsored by the Tor Projectbest known for its mostly secure Tor web browserOoniprobe seeks to map where internet censorship is taking place via a live map. Unsurprisingly, the US is largely unaffected while Russia, China, and Saudi Arabia arent so lucky.

As of today, Ooniprobe is available as an Android or iOS app that even the least computer savvy but censorship-concerned internet user can easily install. That is, if the warnings in the markedly easier installation process dont scare you half to death.

The mere use of ooniprobe might be viewed as a form of espionage, regardless of the laws in your country, the welcome screen warns, we encourage you to consult with a lawyer prior to installing and running ooniprobe. New York is in the middle of a snowstorm, and I dont exactly keep legal counsel on retainer, so that didnt happen. The same screen warns potential users that the app will download data from provocative or objectionable sites (e.g. pornography) as you may already have guessed.

Ooniprobes risks page describes the possibility of severe civil, criminal, or extra-judicial penalties such as being assaulted or targeted for surveillance. Caveating the whole thing is the disclaimer: The risks described below are quite speculative. To our knowledge, no ooniprobe user has ever faced consequences from the risks described below. Hmm.

As to the app itself, the web connectivity test is the meat of its functionality. Essentially it attempts to visit a slew of sites which range from mundane email portals (hotmail.msn.com) to the Air Forces F-35 Lightning II page (jsf.mil). At the same time, a server tries to get to those same pages and if they load differently its flagged in red as potentially censored. Ooniprobes test sites are, as The Atlantic points out, a list built collaboratively between OONI and Citizen Project and aim to catalog crucial services or controversial content most likely to be censored. (Flatteringly, our sister site Jezebel made the cut.)

The app seems to give plenty of false positives. Among the supposedly censored sites were sex toy site realdoll.com, kids.yahoo.com, myspace.com, and metacrawler.com, all of which worked just fine on desktop. Ooniprobes helpful suggestions to avoid being denied the full scope of Real Dolls online retail website are to use open DNS (check), force HTTPS (which most browsers now do by default), or to use the Tor browser (Tor is not presently available on iOS).

Currently, the only other two tests included in this mobile build of Ooniprobe are an HTTP Invalid request test and a standard speed test. The former showed no anomaly and the latter gave me upload, download, and ping times comparable to Ooklas industry-standard speed test.

So what have we learned from this experience? Internet censorship isnt really happening on an infrastructural level in the USat least not in a way this app can detect it. And even though youre unlikely to be sent to a gulag for installing Ooniprobe, pinging WhitePower.com has definitely landed me on some sort of watchlist.

More here:
Why Did an Internet Censorship App Send My Phone to … – Gizmodo – Gizmodo

Posted in Tor Browser | Comments Off on Why Did an Internet Censorship App Send My Phone to … – Gizmodo – Gizmodo

‘Using Tor is a civic act’: A beginner’s guide to the privacy browser – Technical.ly Philly

Posted: at 2:49 am

Browsers are our window into the virtual world.

So often though, we forget that just as we are looking outward, companies are looking inward. Every search we perform is logged and tied to our virtual footprint (and amongst other things, our geographic location). Search surveillance consequences span from differential pricing (like a higher online price if your browser denotes your location as affluent) to the inability for people to access sensitive information in countries with strict censorship laws (countries, for example, restricting access to sites about AIDS). Access to the amount and kinds of information internet architecture provides is unprecedented, and we are only beginning to understand the implications.

This is where The Onion Router (Tor) comes in. The Tor browser obscures any personal ties and information (with a few exceptions) associated with your browsinghistory. When you use Tor, instead of your request going straight from your browser to the site (like from my DuckDuckGosearch right to technical.ly/philly),it reroutes through several different countries. When using Tor, my request then might go through Norway and Germany before reaching technical.ly/philly. You might imagine that when using Tor, you are not only putting shades on your window but also removing your house from the map or Streetview entirely.

The overall strategy of Tor is that the more people who use it, the stronger of a tool it is. For activist and West Philly-based Tor Communications DirectorKatie Krauss, using Tor is not just switching a browser.

Using the Tor browser is a civic act it allows you to protect your right to privacy, and at the same time it helps human rights activists in countries like Iran or China to use the Internet without getting a knock on the door, she said.

The Tor Project also has Philly roots, as cofounder and research director Roger Dingledine used to be a visiting professor at Drexel.

Below are screenshots and some narrative about my experience downloading and using Tor.

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

(Screenshot)

When logging on to Facebook and Gmail, Tor wouldnt have masked my identity (instead it would prevent certain kinds of advertising and tracking). However, both Facebook and Gmail gave me error messages.

(Screenshot)

Unfortunately, this was to no avail. Facebook was alerting me that my account was likely compromised, because my last shown login was from Colombia. After attempting verification steps, I was locked out of both of my accounts.

I contacted Krauss to see if this was typical or Tor-related. She gave me the Facebook loophole: The way to avoid this with Facebook is to use their onion address (put this into the address bar on the Tor browser and it will take you to Facebook): https://facebookcorewwwi.onion/.For more info, she directed me to this Facebook blog post.

Krauss noted that she and several other users she checked with have no problem with Gmail in the Tor browser, though it is possible that the issue was the Tor-Gmail interface.

In the end, it worked for me: I was locked out of Gmail for about 3 hours, but after attempting again, I was able to sign in (though I had to verify with an extra step). While it was frustrating to be locked out of my email for a bit, the experience drove home for me how location dependent verification is (and the potential consequences of such dependence).

Overall, Tor was easy to implement and the inconvenience of switching browser was worth the benefit.Ive since relapsed since I first used it because its faster to go log on in Chrome and I need Google Hangouts for work (I havent been able to use it on Tor) but I am back on Tor now.

As I was browsing and watching the latest news, the onion metaphor made me beyond the technical aspect of Tor: if we imagine that those whose civil rights are most vulnerable are in the center, we can effect change by layering around them even with as simple an act of a browser change.

Jen Rajchel explores the intersection between the humanities and technology. A transplant from Las Vegas, she is a Bryn Mawr grad who has made the Philly suburbs her home.

Read this article:
‘Using Tor is a civic act’: A beginner’s guide to the privacy browser – Technical.ly Philly

Posted in Tor Browser | Comments Off on ‘Using Tor is a civic act’: A beginner’s guide to the privacy browser – Technical.ly Philly

Infected DRM Files Can Reveal Tor Data – Security Intelligence – Security Intelligence (blog)

Posted: February 7, 2017 at 7:51 am

Cybercriminals have been using digital rights management (DRM) files in Windows to transport malware for a while. Social engineering was often an integral part of this process since any attempt to open these files in Windows Media Player (WMP) would then generate a pop-up that redirected the targets default browser to an attacker-controlled website. That website was the beginning of an infection.

Now, attackers are using this process for more than just malware. Researchers recently found that the Tor browser and privacy controls can be affected by a malicious DRM file.

Malicious DRM files work by causing Windows Media Player (WMP) to generate a pop-up requesting permission to redirect the default browser to the content providers website to find out how to obtain the necessary play rights, Hacker House reported. Once a user agrees, he or she is sent to a malware-laden page and the infection process begins. However, this only happens when users attempt to open unlicensed files.

But now, cybercriminals have devised a way for a file with a proper DRM license to redirect the browser without so much as a prompt. Not only could this lead to malware, but it could also contribute to a massive loss of privacy for certain users.

Bleeping Computer, reporting on the Hacker House findings, noted that these DRM files can cause problems when opened in the privacy-enhanced Tor browser. Attackers can capture victims credentials surreptitiously by using cryptographically signed DRM files.

The attackers website appears legitimate to detract attention from the fraudulent URL. Users who interact with the site risk revealing their IP addresses or other credentials through normal system calls. For Tor users, many of whom are using the browser specifically to hide these details, this is a worst case scenario.

Hacker House posted a short video that showed how the malware operators can extract a victims IP with a single click. Its easy to see how a malicious, signed DRM file might also silently ping an attacker-controlled URL to report a victims status and location.

Since the DRM signing process can cost around $10,000, only cybercriminals with deep pockets can fund such a scheme. Those who can afford it, however, have a significant advantage when it comes to spreading malware.

This social engineering scheme is sneaky enough to fool even security-savvy Tor users. To be safe, everyone should avoid all unknown DRM files, no matter how enticing the title may be.

Read more from the original source:
Infected DRM Files Can Reveal Tor Data – Security Intelligence – Security Intelligence (blog)

Posted in Tor Browser | Comments Off on Infected DRM Files Can Reveal Tor Data – Security Intelligence – Security Intelligence (blog)

Windows DRM Files Deanonymize Tor Browser Users – Virus Guides – Virus Guides (blog)

Posted: February 6, 2017 at 2:53 pm

The Hacker House security experts have warned that downloading and opening Windows DRM-protected files can decloak Tor Browser users and reveal their IP addresses.

The attacks via DRM-protected multimedia files in Windows have been known for more than 10 years, though until recently, theyve only been used to spread malware.

Some of the previous attacks tried to make users open and play DRM-protected files. Usually, these files would open in Windows Media Player, and users would see a popup that asked them to visit a URL to validate the files license.

PC users who agreed were transferred to an authorization URL. However, what users dont know is that hackers could modify these links and point victims to exploit kits or malware-laced files.

The Hacker House team has found that the pop up asking users if they wanted to visit the authorization URL would only appear for DRM files which have not been signed with the proper tools.

In case the attacker signed the DRM-protected multimedia files with an official Microsoft SDKs such as Windows Media Encoder or Microsoft Expression Encoder, the popup would not show, and the users player would automatically open an Internet Explorer instance and access the authorization URL.

According to the Hacker House security experts, the cost of properly signing DRM multimedia files ranges around $10,000, a sum that many low-end malware authors arent willing to pay for such a niche attack.

Nevertheless, the same thing doesnt relate to determined state-sponsored hackers or law enforcement agencies, who have the financial and physical resources to support such an attack infrastructure.

For example, law enforcement could host properly signed DRM-protected files on websites pretending to host child pornography. When a user would try to view the file, the DRM multimedia file would use Internet Explorer to ping a server belonging to the law enforcement agency.

Also, this tactic can be used to target ISIS militants trying to view propaganda videos, illegal drug and weapons buyers trying to view video product demos, political dissidents viewing news videos, etc.

See more here:
Windows DRM Files Deanonymize Tor Browser Users – Virus Guides – Virus Guides (blog)

Posted in Tor Browser | Comments Off on Windows DRM Files Deanonymize Tor Browser Users – Virus Guides – Virus Guides (blog)

Microsoft’s DRM can expose Windows-on-Tor users’ IP address – The Register

Posted: at 2:53 pm

Windows users running the Tor browser can be tricked into uncloaking themselves, with a pretty straightforward trick based on Microsoft’s DRM system.

The discovery was made by Hacker House, which says it’s been researching social engineering attacks made using DRM-protected content.

What the UK-based security outfit found is that a pretty straightforward bit of social engineering click on this media file can, at the very least, reveal the user’s real IP address.

Here’s what’s going on: DRM-protected media has to fetch its licence key from a server. If it’s not signed properly, Windows raises a dialogue to warn you.

However, this warning DOES NOT appear if the DRM license has been signed correctly and the Digital Signature Object, Content Encryption Object and Extended Content Encryption Object contain the appropriate cryptographic signing performed by an authorised Microsoft License Server profile, the author writes.

Hide this dialogue, capture a Tor user’s IP address

Microsoft sets high barriers to entry for those who want to start signing media: If you want to build your own Microsoft DRM signing solution the price-tag is around US$10,000, Hacker House notes.

What they’ve seen in the wild is someone managing to generate signed content, apparently without paying that toll.

As these signed WMV files do not present any alert to a user before opening them they can be used quite effectively to decloak users of the popular privacy tool TorBrowser with very little warning, they write.

The risk that media files could expose users is known to Tor, which warns users to run Tails if they want to run media files.

It’s not the first time people have seen social engineering attacks based on media files: the old you need a plug-in to play this file strategy had a Windows DRM variant back in 2013, according to Virus Total.

See the rest here:
Microsoft’s DRM can expose Windows-on-Tor users’ IP address – The Register

Posted in Tor Browser | Comments Off on Microsoft’s DRM can expose Windows-on-Tor users’ IP address – The Register

Page 11234..1020..»