Tor Browser Bundle – Free download and software reviews …

Pros

Good for privacy

Cons

Takes a little bit of understanding

Pros

There were no pros to this program.

Cons

After one search, the results came up empty. After re-installing, the results continued to come up empty.

There is NO UNINSTALL feature. I deleted the program directory and hope that it is actually gone from my computer!

Summary

Do not waste your time downloading this program. You will be disappointed and frustrated.

Pros

None. It's junk.

Cons

Forget this poorly designed piece of garbage. It just plain doesn't work and it's not supported.

The only website that loads is the "Tor Blog". Everything else returns a "bad gateway" message.

Forget about asking for help on the blog. Your "ask a question" message will be rejected because you didn't enter qualifying "tags". There's a link to suggested tags but they're all rejected too. Utterly useless.

I used the "Contact Us" form and they suggested using the "Ask a Question" button on the blog, even after I told them it didn't work because of the asinine "tags" requirement,.

Don't waste your time on this unsupported crap.

Summary

=

Pros

This is really a no brainer is you want to browse anonymously

Cons

can be slow at times but no big deal

Pros

Excelent Project :)Some popular but not easy to find Onion Links:

Hidden Wiki hiwiki544q5q4gbt.onionUncensored Hidden Wiki uhwiki36pbooodfj.onionAlphaBay alphabay54qdm7bn.onionNucleus nucleus4owfwglww.onionSilkRoad V3 reloadxuwmn4gkbe.onion

Cons

i think there is nothing bad about it

Pros

-Reliable-Privacy is great-Secure

Cons

-Slow at times

Pros

Obvious HUGE pros long as one is careful and does there research before using Tor. Im using it solely to get around web filtering at work. GOOD JOB to the folk who decided to not try because they get spooked. Stay smart until your ready for Tor 🙂

Cons

Can cause some problems, just dont be stupid ; )

Summary

Like privacy? Like going around your work places Blocker? This is the thing for you!

Pros

Greate software!

Cons

Greate software!

Pros

It is kind of a cool search tool with apps and much to read and discover. Some of the content is not accessed on the regular web and that is both a blessing for surfers and a curse for TOR's administration, I would think. TOR's administration must have their hands full putting out fires as some of the websites have been raided by the FBI apparently. I'll leave the discussion at that point and leave it to those who wish to research more on the specifics.

Cons

For the average Internet user or just to surf the web, using TOR is fraught with too many warnings about turning off plug ins and many other things people normally do and the reason is security so that you will not break privacy and reveal your IP address, etc. But trying it is a different experience and a lesson in Internet security to some extent.

Summary

The surfing experience lacks the ease and shine of the regular Internet. It is good for users who are concerned about their privacy to quite an extent such as Wikileaks contributors or whistle blowers or if you are in a witness protection program somewhere. Seriously.

Pros

Lets you browse internet without government trying to get up your ass and without companies trying to track everything you do so they can get you to watch their ads to make half a penny off of you. I hate how so many companies wouldnt mind wasting a day of your life to get a few cents from advertising. Its disgusting

Cons

Are none if you download real tor. Its a simple browser and less invasive than any other I know. As in, its not in the battle between firefox, chrome and explorer to become your default browser. Tor is just there when you need it, and stays out of your face completely unless you need it.

https://www.torproject.org/download/download.html.en

Summary

Bing is probably the worst search engine out there. I believe it accepts payments in return for higher placing on the search result so its no wonder that some bullshizz sites come up before the real site when using bing. i tried to download first search result and it was CLEARLY not the real tor but some cookie/virus.

Please Wait

Read the original:

Tor Browser Bundle - Free download and software reviews ...

Experts taught us how to look for online extremism in Monterey County — and what we found is surprising. – Monterey County Weekly

The good news is that online extremism is not thriving in Monterey County as it is elsewhere in the country. The bad news is that corporate gatekeepers keep so much of whats happening on the internet private and proprietary that its impossible to be sure of the above.

TheWeeklyrecently reported on a new research team at the Middlebury Institute of International Studies that uses tech tools to track hate speech, incitement to violence, and how people get radicalized on the internet. As part of the Center on Terrorism, Extremism, and Counterterrorism, they are contributing to a growing field focused on turning the internet into a less dangerous place.

In the spirit of collaboration, CTEC Deputy Director Kris McGuffie and Digital Research Lead Alex Newhouse agreed to train theWeekly, providing a tutorial on how to search for online extremists tied to a certain geographic region, in this case, Monterey County.

The first thing to understand, Newhouse says, is the goals of the extremists on the internet. They want to radicalize as many people as possible, which means they must operate on mainstream social networks like Facebook or YouTube. These platforms have weaknesses that can be exploited, like the tendency of polarizing content to go viral.

After priming audiences with subtle messages of hate, extremists hope to recruit more people into their movement and they do so on niche online communities. They target individual users on video game forums, apps like Discord, or certain groups on Reddit.

Finally, extremists need to develop their groups identity, plan gatherings or demonstrations and eventually violent attacks. That activity happens in designated digital communities, with some known examples being Iron March, Stormfront, KiwiFarms and 8kun.

Each of these online spaces, from Facebook through 8kun, can be classified according to how easily accessible and searchable it is. Theres the regular internet, or Clearnet, which is indexed by search engines and is easy to navigate. The Grey Web refers to invite-only groups or spaces that you have to already know about to reach. The most hidden part of the internet is called the Dark Web. It will never show up on Google results and getting to it requires specialized software such as a Tor browser. The Dark Web is where child pornography is distributed, drug deals are conducted, and where neo-Nazis make plots.

After going over the basics, Newhouse talks about the methods of investigation. This tutorial is taking place on Zoom, so Newhouse begins sharing his screen. The first stop is Facebook where he quickly locates a certain politically focused page with Monterey County in its name. He scrolls down to reach the sidebar suggesting Related Pages. This sidebar is populated by a recommendation algorithm, which is one of the main ways regular users on innocuous pages get funneled toward extremist pages.

Facebooks recommendation algorithm is completely broken down, sending you to ever more extremist content, Newhouse says. Its like a rabbit hole of radicalization. YouTube has been shamed into changing a similar recommendation algorithm, but it remains in place on Facebook. Newhouse goes through a few Related Pages, but nothing alarming comes up.

Next up, Newhouse opens up a website calledIron March Exposed, a database of leaked posts from the now-defunct fascist chat platform Iron March. A keyword search for Monterey yields a post from May 20, 2015 by a user known only as Jakob. Jakob says hes 18 and finishing up high school somewhere in or near Monterey. He says hes an Eagle Scout and a Senior Patrol Leader and his goal is to become a U.S. Air Force pilot. Jakob is also well-read, and he rattles off his fascist credentials: My preferred authors are George Lincoln Rockwell, Julius Evola, Benito Mussolini and Machiavelli, and I have just started reading Mein Kampf, he writes. His classmates just never seemed to get it: I am joining because of the lack of like-minded people around me. I went into high school smoking weed, thinking race-mixing was fine and thinking gays were alright. To end his post, Jakob notes that he is very good at shooting. I grew up around firearms and have plenty of training with rifles and shotguns and handguns alike.

(Deputy Scout Executive Eric Tarbox says he searched the Boy Scouts database but could not identify any Eagle Scout or a Senior Patrol Leader with a matching age and name.)

After Iron March shut down, white supremacists migrated to Discord, among other places. And there was a leak from that platform as well, Newhouse says, while navigating to Discord Leaks, a database hosted by a media outlet called Unicorn Riot. Another place to hunt for hate speech is 4plebs.org, where conversations that took place on 4chan, an anonymous internet forum, are archived.

This type of work is quite manual, and extremism researchers are assisted by their accumulation of knowledge about memes, slang and violent ideologies. Clues such as user names and email addresses can sometimes be tracked and cross-checked on different platforms to discover more details about profiles of users.

But without too many concrete local results, Newhouse moves on another set of techniques those involving the collection of large amounts of data for further analysis. Relatively few social media companies make their data accessible for downloading by researchers and analysts. Examples of transparent companies with what are known as open APIs, or application programming interfaces include Twitter, Reddit and Telegram. (Facebook and Instagram, by contrast, do not allow data to be downloaded in bulk.)

After learning how to download as many as 18,000 tweets at a time, theWeeklywrote some of its own lines of code using the software language R. Every tweet posted over the past week or so and linked to a location within a 30-mile radius of Monterey Countys geographic center entered into a new dataframe. Next, theWeeklysearched the dataframe for certain polarizing terms and codewords, like #Obamagate and QAnon. Many of the resulting tweets were from ordinary people simply remarking on the news of the day. Some led to anonymous accounts like @LawlessBorders located in Freedom, USA and devoted to incendiary anti-immigrant rhetoric. The search also turned up a Santa Cruz resident by the name Justin Rothling. He is a proponent of the QAnon conspiracy theory, according to which a secret cabal of pedophiles within the U.S. government is plotting against President Donald Trump.

Its not always easy to classify online behavior as extremist, and a good example is the case of @DaveOv10, the not-so-well-hidden Twitter identity of Dave Overton, an associate professor of warfare of the Naval War College who teaches at the Naval Postgraduate School in Monterey. At least once, Overton promoted the #plandemic conspiracy theory, which serves to undermine public health efforts aimed at sopping Covid-19. He also a amplifies dangerous rhetoric by using hashtags #EnemyOfThePeople to attack the press. But his primary issue of concern appears to be the exoneration of Michael Flynn, Trumps former national security adviser.

The Michael Flynn cause overlaps with QAnon but is not the same thing, says Marc-Andr Argentino, who is conducting his doctoral research on the QAnon theory at Concordia University. The user probably navigates and consumes similar conservative root media as QAnon adherents, probably also consumes some conspiracy theory content based on his posts, Argentino says.

Overton declined an interview request, but writes by email that the opinions expressed were his and not of any government institution.

Do you want to join the mission to stop hate in Monterey County? A number of local groups make that part of their mission.

This story was edited to clarify that Dave Overton is an employee not of the Naval Postgraduate School but of the Naval War College.

Originally posted here:

Experts taught us how to look for online extremism in Monterey County -- and what we found is surprising. - Monterey County Weekly

Exorcist Ransomware and CIS Exclusion – Security Boulevard

This year has been a bumper year for ransomware and its operators. Ransomware gangs are demanding millions; if those millions are not paid in time, then data stolen before encryption is either released to the public or sold to the highest bidder. Big names in the cybercriminal underground have returned with an entirely new ransomware familynamely Evil Corp and its new creation WastedLocker. Not only is there a return to form for old hands, but new ransomware strains also seem to be bursting up like mushrooms after a spell of rain. NetWalker and Exorcist immediately come to mind. The latter is the subject of this article.

Discovered in late July by MalwareHunterTeam, the Exorcist ransomware is so new to the scene that information on it had been incredibly sparse. That was until Leandro Velasco published an article shedding much of the codes mysteryand in great depth. The article is a must-read for anybody wanting a technical analysis of the ransomware. In providing a brief overview of Exorcist, it seems to be distributed via a Pastebin PowerShell script that runs in memory. The script takes from lessons learned by Sodinokibi affiliates and is based on the Invoke-ReflectivePEInjection.ps1 script, further optimized to include a function that passes a base64 executable into the main function of the script. It is also possible that the script is generated by the no-longer-supported Empire framework.

The code itself is not obfuscatedwhile common practice with other types of malware, it is often not deemed necessary for ransomware by its developers. Part of the reason for this is that the encryption process is in itself very noisy and once that begins, any pretense of stealth is quickly forgotten and speed is the main requirement. Some ransomware strains do obfuscate their code, but it is not an unwritten rule that all malware be obfuscated.

The malwares first operation is to check the geolocation of the infected machine, which is done by checking the language and keyboard layout of the machine in question. If the result is any of the nations that make up the Commonwealth of Independent States (CIS)which includes many of the nations that made up the Eastern Block during the Cold War and now still have close ties to Russiathe malwares operations are immediately stopped. Why this is done is discussed in greater depth in the second part of this article.

Screenshot of a ransom demanding message displayed by Exorcist ransomware:

If the geolocation check returns a nation not making up a part of the CIS, the ransomware executes several commands that disable and remove system backups. The commands will also look to terminate any system processes that may prevent encryption of certain file types. This is followed by the malware writing the public encryption key and the private key, as well as the file extension used to disk. Before encryption occurs, the malware will extract information including the username, hostname, OS version and keyboard layout and send those to a server under the attackers control. Once this is complete encryption begins utilizing multiple threads to drastically decrease the time to encrypt data. Finally, the wallpaper of the system is changed and the ransom note is dropped.

If you feel that you may have suddenly become a victim of Exorcist, there are a few tell-tale signs. First, the wallpaper announcing youve become a victim reads as follows:

ENCRYPTEDREAD decrypt.htafile for details

When the ransom note is opened it will read:rnyZoV DecryptAll your data has been encrypted with Exorcist Ransomware.Do not worry: you have some hours to contact us and decrypt your data by paying a ransom.To do this, follow instructions on this web site: hxxp://217.8.117.26/payAlso, you can install Tor Browser and use this web site: hxxp://4dnd3utjsmm2zcsb.onion/payIMPORTANT: Do not modify this file, otherwise you will not be able to recover your data!

Your authorization key:

An authorization key will be provided by the attacker once the ransom is paid. However, to find out what the ransom is the victim needs to download a Tor browser and visit the address provided. It is unclear if the ransom amount is fixed at 5000 USD in Bitcoin or changes from victim to victim, depending on what the attacker perceives they can pay. The website reads as follows:Exorcist RansomwareOrderIf the payment isnt made until 2020-07-25 10:33:57, decryptor price will be increased 3 times

Whats the matter?All your files have been encrypted with Exorcist Ransomware.

The only way to decrypt them back is to buy Exorcist Decryption Tool.

The price is 5000$

It will scan all your network and check all encrypted files and decrypt them.

We accept Bitcoin (BTC) cryptocurrencies.

To be sure we have the decryptor and it works you can use Free Decrypt and decrypt only one file for free. But the only file you can decrypt is image (PNG, JPG, BMP), maximum size 3 MB, because they are usually not valuable.

Instruction:You need to create a crypto wallet. You can read more about crypto wallets here: hxxps://bit.ly/379vYBtLearn how to buy cryptocurrency (Bitcoin). Some links where you can find information here:Bitcoin: hxxps://bit.ly/38nohHMCopy the wallet number from the address field (depending on what you have chosen) and transfer the necessary amount of cryptocurrency to it. You can read more about translations here: hxxps://bit.ly/36br2dKAfter paying the ransom, your files will be decrypted and you will be able to continue your work.

IMPORTANT: When transferring funds, carefully check the details to avoid errors and loss of funds. Your files will be decrypted only when transferring funds to our wallet.

Free decrypt

PaymentDecryptor price: 5000$Pay in Bitcoin:bc1qyzjj2hrjr3sspjwj9ckd02fz8kmynj9xkjrkgv0.561799 BTCWhen funds reach one of these addresses, you automatically get decryption tool.

ChatType Message

Performing a search at the time of writing on the provided address in the ransom note reveals that no funds have been transferred to this address as of yet. Given how new the ransomware is, this is not a surprise. Further, no victims have announced publicly that they have fallen victim to Exorcist to the best of this writers knowledge. It may be that Exorcist has not seen wide distribution yet, as it may still be in development or slowly ramping up operations.

While there seem to be no active campaigns making headlines at the moment, this is probably not likely to last. One bit of news that emerged recently is that a hacker released a list of IP addresses for more than 900 Pulse Secure VPN enterprise servers. The list published in plaintext also included several usernames and passwords. The release was made on a Russian underground hacker forum, which is known to have multiple ransomware gangs contributing and actively posting. The list includes Sodinokibi, NetWalker, Lockbit, Avaddon, Makop and importantly for the purposes of this article Exorcist. In general, the forum is used by the gangs to hire more developers or affiliates tasked with distributing the ransomware.

The reason why the dump of Pulse Secure VPN credentials would make headlines is that many of the above-mentioned gangs have actively been targeting known vulnerabilities in VPNs to compromise an enterprise network. As the dump was done free of charge and in plain text, those using unpatched VPN products should be worried enough to patch them as a matter of priorityit may be that in the near future major enterprises will be seeing the Exorcists wallpaper and ransom note and be visiting their website.

The main reason why the developers behind Exorcist and several other malware families tend to not want to infect computers in Russia, its neighbors, and the countrys interest in the geopolitical stage is that the Russian government turns a blind eye to cybercrime conducted by nationals, as long as Russia and its interests are not targeted. This is why a quick internet search will reveal cybercriminals wanted in the U.S. or Europe posing in front of luxury cars bought with the proceeds from their criminal activity.

Further, it seems to be the case that rather than bringing these people to justice, Russian Intelligence will employ their expertise to supplement their own cyber warfare and cyber espionage operations. These rumors began some 20 years ago and recent events seem to prove they were closer to reality, further supported by skilled coders in the CIS and their earning potential. For many, it is far more lucrative to hack and be approached by the intelligence agencies in question than to work within the IT sector. Since immunity seems to be granted to hackers as long as they leave Russian interests alone, becoming a hacker seems to be more of a logical financial decision than the perceived view by most of society as hackers being social pariahs.

This scenario was further confirmed in 2019 when the Russian government passed laws that enabled the creation of a self-contained internet modeled after the one implemented successfully in China. A report published investigating the new law and its expected effects believed that the law would help further flame the flames of cybercrime, whether state-sponsored or independent, financially motivated hackers, and further the status quo mentioned above. The funny thing is the law would make it easier to crack down on hackers within Russian borders; however, attacks on Russias rivals such as the U.S. are seen as serving Russian interests even if done by cybercriminals.

An article about the relationship between the Russian government and its hackers, as well as hackers in neighboring states, concluded:

The availability of highly skilled and technically well-versed individuals also presents a pool of potential proxies that can be mobilized at a moments notice. Often, people will mobilize themselves and take political action in support of the government, as has happened in Estonia in 2007 and in Ukraine since 2014. Governments differ in their ability to catalyze such activity and the extent to which they are in a position to merely endorse, orchestrate, or actively direct their outcomes. In countries where public institutions and the states ability to exercise control have deteriorated, it is an uphill battle to break the increasingly entrenched incentive structures reinforcing existing proxy relationships. Meanwhile, the controversy over law enforcement cooperation, including mutual legal assistance and extradition, shows the limits of international cooperation and external influence. The phenomenon described in this chapter is therefore a cautionary tale of the potential pitfalls when a state significantly weakens or collapses and the consequences that will reverberate for decades to come.

For those tasked with defending networks against Exorcist and other ransomware gangs, expecting those who committed the crime to be arrested and brought to book is a pipe dream. Rather, the focus should be to do everything possible to prevent the attack in the first place.

Recent Articles By Author

Continued here:

Exorcist Ransomware and CIS Exclusion - Security Boulevard

Heres What We Know About the Recon Dark Web Search Engine – TechNadu

While traditional search engines, by definition, dont work for the Dark Web, several sites let you find information on this hidden section of the internet with relative ease. Engines that let you search Dark Web markets in particular abound.

Recon is one of the most recent examples of a darknet market search engine. So what do we know about it?

Source: The Onion Web

Recon is a tool that users can access to explore multiple Darknet markets simultaneously. So its in direct competition with other sites, such as Kilos. Instead of having to visit or even know about all these different markets, you can use a single place compare and contrast items on offer. It also makes it easier to find these markets in the first place!

While we dont know the real identity of the person (or persons) behind Recon, it seems pretty clear that one HugBunter administrates the site. This is supposedly the same HugBunter behind Dread a Reddit-style forum for users of the Dark Web to congregate.

Dread made the news in September of 2019 when HugBunters dead mans switch was activated, but someone using that name has returned in the meantime, and Dread is still online. So as far as anyone knows, Recon comes from the same family of sites.

Recon exists on the Tor network, so youll need to visit the reconponydonugup.onion site using the Tor browser.

However, if you are curious to see it for yourself, dont just jump in using a Tor Browser copy. Be sure to properly protect yourself by at least using a VPN to hide your Tor access from the ISP.

Recommended: 7 Best No-Logs VPN Services in 2020

Recon uses several different methods to let users search listing and information across multiple markets. It uses historical market data as a part of the search resource, but the most powerful aspect of Recon is its API or application programmer interface.

Owners of darknet markets who want people to find products on their sites through Recon can choose to integrate the API with their site. Recon then gets regular updates from these sites to ensure the listings users find through Recon are up to date.

This is different from how a surface web search engine works, which crawls the public web for information and then lets you search it. Since Dark Web sites cant be crawled in this way, search engines like Recon are the only real way to discover or quickly search across various websites.

Recon doesnt seem to be fundamentally different from other Dark Web market search tools. In other words, you cant buy anything from Recon directly. It only shows you the way to another market that has the products youre looking for.

It means there are plenty of illegal items of every description on offer. The most prominent of these Dark Web market items are drugs, but firearms and fake documents are also popular. If you want to know more about the sorts of things that are sold on the Dark Web, check out our article on the subject.

Of course, there are also plenty of intangible products. Information is always a hot commodity, and the Dark Web is a great place to buy and sell it. This can include stolen user information, the fruits of corporate espionage, or malware. If its digital, only the imagination limits whats possible.

Not everything sold on these hidden markets is illegal. Some of it isnt even very interesting, actually.

Recon displays a wealth of information for every market that it lists. The specific information includes:

Recon lists markets that dont have any connection with them, but any market owner apparently can claim their profile page via their PGP keys. So when a profile is claimed, everyone can be fairly sure its the real owner who has done so, despite the known problems with PGP.

Speaking of PGP keys, that seems to be the fastest way to find vendors in Recon. Since they all post their public PGP keys to allow people to contact them securely, Recon uses these keys as a quick lookup.

So if one already has the PGP key of a vendor you want, its as simple as pasting it into the Find a vendor bar.

Must Read: How To Use PGP Encryption for Secure Communication

While Dark Web markets get taken down regularly, these search engines seem to be a little more robust because they take a small cut after strictly acting as middlemen. Sure, when it comes to illegal goods, the middleman still shares in the guilt.

However, neither the buyers nor sellers know the true identity of the people behind Recon. As long as the technical protection remains in place and none of the humans in the loop fold, theres little authorities can actually do.

On the other hand, this also means its extra risky to actually use these facilities considering that when they are taken over by the law, they turn into traps instead.

Either way, we can never recommend using the dark web to commit crimes of any kind, but it never hurts to know whats lurking in the internets dark underbelly.

Read the rest here:

Heres What We Know About the Recon Dark Web Search Engine - TechNadu

Multiple zero-days in Tor have been disclosed online – TechRadar

After unsuccessfully trying to report bugs to the Tor Project for years, a security researcher has publicly disclosed two zero-day vulnerabilities which impact both the Tor network and the Tor browser.

In two recent blog posts, Dr. Neal Krawetz announced that he has decided to go public with details on multiple zero-days in Tor after the Tor Project failed to address the security issues he reported. Krawetz also plans to reveal at least three more Tor zero-days including one that can be exploited to show the real-world IP addresses of Tor servers.

Krawetz provided further insight on his difficulties dealing with the Tor Project as a security researcher over the years in a blog post, saying:

After my public shaming of the Tor Project (in 2017), they changed their web site design to make it easier to report vulnerabilities. They also opened up their bug bounty program at HackerOne. Unfortunately, while it is easier now to report vulnerabilities to the Tor Project, they are still unlikely to fix anything. I've had some reports closed out by the Tor Project as 'known issue' and 'won't fix'. For an organization that prides itself on their secure solution, it is unclear why they won't fix known serious issues.

The first of the two zero-days disclosed by Krawetz could be used by organizations and ISPs to block users from connecting to the Tor Network. To do this, they would need to scan network connections for a distinct packet signature that is unique to Tor traffic. The packet could even be used to block Tor connections from initiating which would prevent users from connecting to the service at all.

While the first zero-day could be leveraged to detect direct connections to Tor guard nodes that allow users to connect to the Tor Network, the second zero-day can be used to detect indirect connections. These connections are used to create Tor bridges which are a special type of entry point into the network that can be used when direct access to the Tor network is blocked by companies or ISPs.

According to Krawetz, connections to Tor bridges can also be easily detected using a technique similar to tracking specific TCP packets.

Now that two-zero days affecting Tor have been disclosed with the possibility of three more being disclosed in the future, Tor users in countries with oppressive regimes such as North Korea and Syria soon may be unable to use the service. Hopefully though, the Tor Project will realize the seriousness of the zero-days disclosed by Krawetz and make an effort to fix them before this can happen.

Via ZDNet

Follow this link:

Multiple zero-days in Tor have been disclosed online - TechRadar

Nuts and Bolts: Understanding cyber risks and commonly used tools – The New Times

Recently, one of the most popularised and confounding hacks on Twitter took place. Twitter accounts of major companies and individuals were hacked by a scam promoting bitcoin.

Twitter handles of renowned personalities such as Barack Obama, Apple, Joe Biden, Bill Gates were among those hacked accounts.

Cyber threats have increased during Covid-19 pandemic as more users embraced online lifestyle. Google recently reported blocking more than 18 million predatory emails every day, as well as 240 million daily spam messages.

At any company or business, allowing employees access to work from work may offer advantages, but it could also open the company to a host of dangers.

Many different threats lurk online, ranging from con artists who use email and the web to trick users into giving up personal information, to malicious software that can steal important company data or corrupt files.

Maintaining a good online safety policy can help one avoid these threats and keep their business safe.

Online safety or cyber safety includes minimizing vulnerabilities and threats while on the internet and maximizing user awareness on security risks to private information.

Among the most common threats include phishing scams, identity theft, ransomware, malware, viruses and other online threats.

To be safe online, awareness about threats and risks that comes with the internet is the first step.

Below are some of the commonly used online tools that will help businesses and even individuals to improve online safety:

Tor Browser Project

Tor is free and open-source software for enabling anonymous communication which prevents anyone watching your Internet connection from knowing the sites you visit or your physical location. Its free tools include a desktop browser and a proxy app for an Android device.

HTTPS Everywhere

HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. HTTPS Everywhere is a collaboration between The Tor Project and the Electronic Frontier Foundation.

DuckDuckGO

DuckDuckGo is an Internet search engine that doesnt store your search history or sell your information to advertisers that track you across the web. DuckDuckGo avoids personalized search results. Instead, it focuses on returning the best results, generated from hundreds of individual sources, including other search engines, such as Bing and Yahoo.

editor@newtimesrwanda.com

Read the original here:

Nuts and Bolts: Understanding cyber risks and commonly used tools - The New Times

Tor Browser 9.5.1 Download – TechSpot

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Note: You can also download the latest beta version, Tor Browser 10 Alpha 1 here.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Welcome Screen

Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.

Censorship circumvention configuration

This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.

Proxy help information

The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.

As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users' experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.

Other

What's New:

Tor Browser 9.5.3 is now available from the Tor Browser download page and also from our distribution directory. This release updates Firefox to 68.11.0esr, NoScript to 11.0.34, and Tor to 0.4.3.6.

Also, this release features important security updates to Firefox.

The full changelog since Tor Browser 9.5.1 is:

All Platforms

Note: We are aware of a bug that allows javascript execution on the Safest security level (in some situations). We are working on a fix for this. If you require that javascript is blocked, then you may completely disable it by:

The full changelog since Tor Browser 9.0.5 is:

All Platforms

Build System Windows

Read more:

Tor Browser 9.5.1 Download - TechSpot

I Cut The Big Five Tech Giants From My Life And It Was Hell – Gizmodo Australia

A couple of months ago, I set out to answer the question of whether its possible to avoid the tech giants. Over the course of five weeks, I blocked Amazon, Facebook, Google, Microsoft, and Apple one at a time, to find out how to live in the modern age without each one.

This article was originally published in 2019 and has been updated since its original publication.

To end my experiment, Im going to see if I can survive blocking all five at once.

Not only am I boycotting their products, a technologist named Dhruv Mehrotra designed a special network tool that prevents my devices from communicating with the tech giants servers, meaning that ads and analytics from Google wont work, Facebook cant track me across the internet, and websites hosted by Amazon Web Services, or AWS, hypothetically wont load.

I am using a Linux laptop made by a company named Purism and a Nokia feature phone on which I am relearning the lost art of T9 texting.

I dont think I could have done this cold turkey. I needed to wean myself off various services in the lead-up, like an alcoholic going through the 12 steps. The tech giants, while troubling in their accumulation of data, power, and societal control, do offer services that make our lives a hell of a lot easier.

Earlier in the experiment, for example, I realised I dont know how to get in touch with people without the tech giants. Google, Apple, and Facebook provide my rolling Rolodex.

So in preparation for the week, I export all my contacts from Google, which amounts to a shocking 8,000 people. I have also whittled down the over 1,500 contacts in my iPhone to 143 people for my Nokia, or the number of people I actually talk to on a regular basis, which is incredibly close to Dunbars number.

I wind up placing a lot of phone calls this week, because texting is so annoying on the Nokias numbers-based keyboard. I find people often pick up on the first ring out of concern; theyre not used to getting calls from me.

On the first day of the block, I drive to work in silence because my rented Ford Fusions SYNC entertainment system is powered by Microsoft. Background noise in general disappears this week because YouTube, Apple Music, and our Echo are all bannedas are Netflix, Spotify, and Hulu, because they rely on AWS and the Google Cloud to get their content to users.

The silence causes my mind to wander more than usual. Sometimes this leads to ideas for my half-finished zombie novel or inspires a new question for investigation. But more often than not, I dwell on things I need to do.

Many of these things are a lot more challenging as a result of the experiment, such as when I record an interview with Alex Goldman of the podcast Reply All about Facebook and its privacy problems.

I live in California, and Alex is in New York; we would normally use Skype, but thats owned by Microsoft, so instead we talk by phone and I record my end with a handheld Zoom recorder. That works fine, but when it comes time to send the 386 MB audio file to Alex, I realise I have no idea how to send a huge file over the internet.

My Gmail alternativesProtonMail and Riseuptell me the file is too large; they tap out at 25 MB. Google Drive and Dropbox arent options, Dropbox because its hosted by Amazons AWS and relies on Google for sign-in. Other file-sharing sites also rely on the tech giants for web hosting services.

Before resorting to putting the file on a thumb drive and dropping it in a IRL mailbox, I call up my tech freedom guru, Sean OBrien, who heads Yale Law Schools Privacy Lab. He also does marketing work for Purism, the company that makes my laptop. OBrien tries to avoid tech giants in favour of open source technologies, so I figure he might be able to help.

OBrien directs me first to Send.Firefox.com, an encrypted file-sharing service operated by Mozilla. But it uses the Google Cloud, so it wont load. OBrien then sends me to Share.Riseup.net, a file-sharing service from the same radical tech collective that is hosting my personal email, but it only works for files up to 50 MB.

OBriens last suggestion is Onionshare, a tool for sharing files privately via the dark web, i.e. the part of the web thats not crawled by Google and requires the Tor browser to get to. I know this one actually. My friend Micah Lee, a technologist for the Intercept, made it. Unfortunately, when I go to Onionshare.org to download it, the website wont load.

Hah, yes, emails Micah when I ask about it. Right now its hosted by AWS.

As I encountered at the beginning of this experiment, Amazons most profitable business isnt retail; its web hosting. Countless apps and websites rely on the digital infrastructure provided by AWS, and none of them are working for me this week.

Micah suggests I download it from Github, but thats owned by Microsoft. Thankfully, OBrien tells me I can download the Onionshare program directly from Micahs server via command line on my Linux computer. He has to walk me through it step-by-step, but it works. Im able to run Onionshare, drop my file into it, creating a temporary onion site; I send the URL for the onionsite to Alex so he can download it via the Tor browser. Once he downloads it, I tell Onionshare to stop sharing, which takes the onion site down, erasing the file from the web.

(In the end, Alex doesnt even wind up using my audio for Reply Alls year-end finale. Sigh.)

I realise thats a long story about sharing one file, but its a nice summation of what online tasks are like this week. There are workarounds for services offered by the tech giants, but they take extra research to find and are often more difficult to use. I wind up in strange parts of the internet, using Ask.com (formerly known as Ask Jeeves) as my search engine, for example, after I ixnay Google.com and realise DuckDuckGo is hosted by AWS.

But Ask.com is not necessarily a great replacement: its owned by IAC, the media and dating company behemoth. Ive just traded one huge corporation seeking to monetise my searches for another, less competent one.

Some strange things are delightful: I discover that my Nokia phone can play the radio, so when I go running, I listen to NPR instead of my usual go-tos: Spotify, a podcast, or an audiobook. Im planning a trip to South Africa, and wind up in charming conversations with the travel agents I have to call for help; its more costly and less efficient to book via a travel agency, but its the only option because travel-booking websites arent working for me.

Something not delightful is my Nokia 3310s camera; it takes terrible, dark photos. I have an old Canon point-and-shoot digital camera, but I find I dont take many photos this weekbecause without Facebook and Instagram, I dont have anywhere to share them.

Sometimes I just cant find a digital replacement. Venmo wont work without a smartphone, so I pay our babysitter in cash. I start using a physical calendar to keep track of my schedule. When it comes to getting around, Marble Maps is an option, but Im confused by the interface, so I stick to places I know, and buy a physical map as a back-up.

Its funny because Nokia used to have amazing navigation with Navtech, a technologist says to me one day when Im talking about how hard driving is without mapping apps, but then they sold themselves to Microsoft.

Fuck, I think, my Nokia 3310 might be made by Microsoft.

But it turns out, while Microsoft did buy Nokias mobile devices division for $US7.2 billion in 2014, it sold Nokias feature phone assets two years later for a painful write-down, $US350 million, to Foxconn (of Apple outsourcing fame) and to HMD Global, a Finnish firm helmed by a former Nokia executive. HMD Global now uses Nokias intellectual property, i.e. brand, to sell phones. Most Nokia phones are Android smartphones, but theres a line of classic phones, including the 3310, which run an operating system called FeatureOS made by Foxconn.

My Nokia 3310 is not a tech giant phone, but its certainly tech giant adjacent.

To find out why the HMD Global is still selling dumbphones, I call its Hong Kong-based chief product officer, Juho Sarvikas. Sarvikas tells me that the company thought the core market for classic phones would be in Asia and Africa, where smartphones are less prevalent, but he says the devices have done surprisingly well in America.

Digital well-being is a concrete area now, he says. When you want to go into detox mode or if you want to be less connected, we want to be the company that has the toolkit for you.

So these phones are the nicotine patch for smartphone addiction, I say.

He laughs, Ive never put it that way before, but yes.

I had assumed that the phones were for parents who wanted their kids to have phones sans a pipeline to social media and apps.

That too, says Sarvikas.

Many people I talk to about this experiment liken it to digital veganism. Digital vegans reject certain technology services as unethical; they discriminate about the products they use and the data they consume and share, because information is power, and increasingly a handful of companies seem to have it all.

When I meet a full-time practitioner of the lifestyle, Daniel Kahn Gillmor, a technologist at the ACLU, Im not totally surprised to discover hes an actual vegan. I am surprised by the lengths to which hes gone to avoid the tech giants: he doesnt have a mobile phone and prefers to pay for things with cash.

My main concern is people being able to lead autonomous healthy lives that they have control over, Gillmor tells me during a chat via Jitsi, an open-source video-conferencing service that will work on any web browser. Theres no proprietary app you have to download and it doesnt require you to create an account.

Gillmor hosts his own email and avoids most social media networks (he makes exceptions for Github and Sourceforge, because hes an open source developer who wants to share his code with others). He refers to joining social networks as being bait that lures other people into surveillance traps.

Gillmor thinks people will have better lives if they arent being data-mined and monetized by companies that increasingly control the flow of information.

I have the capacity to make this choice. I know a lot of people would like to sign off but cant for financial reasons or practical reasons, he tells me. I dont want to come across as chastising people who dont make this choice.

And there are definitely costs to the choice. How things are structured determines the decisions people can make socially, he says. Like you didnt get invited to a party [via Facebook] because you chose not to be part of a surveillance economy.

Gillmor teaches digital hygiene classes where he tries to get people to think about their privacy and security. He usually starts the class by asking people if they know when their phones are communicating with cell towers. Most people say, When I use it, but the answer is, anytime its on, he says.

He wants people to think about their own data trails but also when they are creating data trails for other people, such as when a person uploads their contacts to a technology servicesharing information with the service that those contacts might not want shared.

Once the data is out there, it can be misused in ways we dont expect, he says.

But he thinks its going to take more than actions by individuals. We need to think of this as a collective action problem similar to how we think about the environment, he says. Our society is structured so that a lot of people are trapped. If you have to fill out your timesheet with an app only available on iPhone or Android, you better have one of those to get paid.

Gillmor wants lawmakers to step in, but he also thinks it can be addressed technologically, by pushing for interoperable systems like we have for phone numbers and email. You can call anyone; you dont need to use the same phone carrier as them. And you can take your phone number to a different carrier if you want (thanks to lawmaker intervention).

When companies cant lock us into proprietary ecosystems, we have more freedom. But that means Facebook would have to let a Pinterest user RSVP for an event on its site. And Apple would need to let you Facetime an Android user.

No one wants to give the keys out when they have customer lock-in.

The Amazon block continues to be the most challenging one for me.

My friend Katie is in town from New York; we have plans to meet for dinner one night at a restaurant near my house, an event marked on my physical calendar. On the morning we are to meet, I get an email from her to my Riseup account with the subject line, What is happening.

Katie had been sending me messages for days via Signal, but I hadnt gotten them because Signal is hosted by AWS. When she didnt hear from me, she sent an ARE YOU GETTING MY TEXTS email to Gmail, and got my away message directing her to my Riseup account.

I tell her dinner is still a go, but its a reminder of the costs of leaving these services. I can opt out, but people might not realise Ive left, or might forget, even if they do know.

One day, I ask my husband, Trevor, who declined to do the block with me because he has a real job, what the hardest part of my experiment is for him. I never know if youre going to respond to my texts, he says.

What do you mean? I ask. What have I not responded to?

I sent you some messages on Signal, Trevor says, having forgotten I am off it.

The block provides constant conversation fodder, and I find myself in conversations more often because, at social gatherings, I dont have a smartphone to stare at.

An Ivy League professor tells me he regularly employs a Google blocker. I had to disable it when I paid my taxes because they have Google Analytics on the IRS website, he says. It was kind of horrifying.

People under 35 are intrigued (and sometimes jealous) of life without a smartphone; people over 35 just seem nostalgic.

One night, I run into Internet Archive founder Brewster Kahle, who is delighted to hear about the block. Its hard to get away from technology, he says. A friend was just telling me about trying to get a TV that wasnt smart and didnt have a microphone. It was impossible. He wound up getting a 27-inch [computer] monitor.

Sometimes we make the choice to bring technology into our lives, but sometimes its forced upon us. Television makers have turned their products into surveillance machines that collect what we watch and what we dont watch and sometimes even what we say, and thats just how most TVs come now.

This week, I stop watching TV altogether because we dont have cable and internet TV isnt an option. I hadnt meant to make this experiment a rejection of all technologybut it happens despite my intentions.

Im most frustrated by this with my phone. I would love to be using a tech-giant free smartphone, but they arent really commercially available yet. If you want one, you need to be technically savvy and install a custom operating system on special phone models. That will hopefully change soon, with commercial offerings on the horizon from Eelo and Purism.

In the past, I would have assumed that idealistic projects like these were doomed, but there seems to be a heightened awareness these days of the dystopia created by the tech giants. Everywhere I look, I see criticism of the Frightful Five.

A writer I know pens an op-ed in the New York Times: Hate Amazon? Try living without it. (She didnt actually live without it.) A CNBC tech reporter reveals she gave up Facebook and Instagram for three months and that it made her a lot happier. A CBS reporter tries and fails to quit Google. A Vice writer gives all the giants up for a month (but not as rigorously as I did). The New York Times writes about apps tracking peoples locations with horrifying regularity and granularity.

The tech giants laid down all the basic infrastructure for our data to be trafficked. They got us to put our information into public profiles, to carry tracking devices in our pockets, and to download apps to those tracking devices that secretly siphon data from them.

Are Americas technology companies serving as instruments of freedom or instruments of control? asks a Californian politician.

Its in the air. The tech giants were long revered for making the world more connected, making information more accessible, and making commerce easier and cheaper. Now, suddenly, they are the targets of anger for assisting the spread of propaganda and misinformation, making us dangerously dependent on their services, and turning our personal information into the currency of a surveillance economy.

The world is flawed, and, fairly or not, the tech titans are increasingly being blamed.

A new book about surveillance capitalism by Harvard Business School professor Shoshana Zuboff argues that the extreme mining and manipulation of our data for profit is making an inescapable panopticon the driver of our economy.

Zuboffs publicist sent me an advance copy as an e-book, and Ive really been enjoying it, but I have to put it down this week because I cant read it on my Kindle. Instead, Im reading a physical bookHenry Thoreaus Walden, which I ordered from Barnes & Noble. It too is full of calls to re-immerse ourselves in the natural world and not get too caught up in the distractions of modern life.

But, because it was published in 1854, it warns people to get away from work and newspapers rather than smart devices and screens.

For ideas about what the government can do about all this, I call Lina Khan, a fellow at the Open Markets Institute who wrote a blockbuster paper on the need to regulate Amazons monopoly power. (At least its a blockbuster by academic standards.)

Khan is in New York doing an academic fellowship at Columbia University where she is working on more papers. Khan doesnt have a Prime account and avoids Gmail. Right before I call her, I see a tweet from a video producer at the Washington Post who got bombarded with baby ads after she had a stillborn delivery.

Please, Tech Companies, I implore you: If your algorithms are smart enough to realise that I was pregnant, or that Ive given birth, then surely they can be smart enough to realise that my baby died, and advertise to me accordingly or maybe, just maybe, not at all, she wrote in yet another reminder that privacy invasions have real harms.

I recount the story to Khan at the beginning of our call and say that this type of anger seems to be on the rise.

The tech companies own actions are prompting the tide to turn. It is a belated reckoning, but it seems to be a reckoning nonetheless, she says. Companies started monetizing user data far before most users even realised their data was valuable, let alone being collected by private actors. If users had been told that the price for access would be near-total surveillance, would they have agreed? Would companies have been forced to offer different business models?

Khan thinks law enforcers need to get involved to keep these companies from using anti-competitive tactics to dominate the business landscape, as public officials did in the 90s against Microsoft.

Several of the big tech firms have acquired rivals and inhibited competitors through predatory conduct, she says, a topic thats been in the news recently with the exposure of Facebook emails where CEO Mark Zuckerberg talks about cutting off then-viral video service Vines access to the Facebook social graph. They have engaged in practices that, a few decades ago, were widely considered monopolistic. We need investigations by the Department of Justice, the Federal Trade Commission, or state attorneys general.

Europe is on the case, its regulators fining Google and saying Facebook cant combine users data from Facebook, WhatsApp, and Instagram without their consent. But antitrust regulators in the U.S. have stayed away from these companies because their services are cheap or free, so theyre perceived as pro-consumer, which is ultimately what regulators want to encourage. But how does that work when the consumer is what the company is selling?

An uncomfortable idea I keep coming up against this week is that, if we want to get away from monopolies and surveillance economies, we might need to rethink the assumption that everything on the internet should be free.

So when I try to create a fourth folder in ProtonMail to organise my email and it tells me that I need to upgrade from a free to a premium account to do so, I decide to fork over 48 euros (about $75) for the year. In return, I get a 5 GB email account that doesnt have its contents scanned and monetized.

However, Im well aware that not everyone has $75 to spare for something that they can easily get for free, so if thats the way things go, the rich will have privacy online and the poor (and most vulnerable) will have their data exploited.

The previous week, my 1-year-old, Ellev, started saying that Alexa is scary and spooky, concepts she learned while trick-or-treating. Its not unreasonable; I can see how a disembodied voice thats always there and always listening would be disconcerting to a toddleror really any normal human being.

But this week, she keeps crying for Alexa, wanting her to play Baby shark and other music that is otherwise absent from our home. I miss Alexa, she says, and I feel terrible both for depriving her and for making her dependent on an AI at such a young age.

On the last day of the block, Trevor and I are flying to New York, and hes begging me to end the experiment early so we can use the iPad to keep Ellev happy. However, Im adamant about maintaining the blockade for the six-hour flight.

Im changing my seat to a different part of the plane, Trevor warns, kiddingly.

Trevor charges the iPad up in case my will falters. But I hold strong. We read books with Ellev, doodle on a magnetic drawing board, sing songs, and play for at least an hour with sticky, flexible Wizzle sticks that come in her Alaska Airlines snack pack. She sleeps for the last hour and a half of the flight, something she doesnt usually do if there is an iPad available.

That was Ellevs 26th flight. In the taxi after we land, Trevor turns to me and says, Thats the easiest flight weve ever had with her.

We get to our Airbnb in Brooklyn, which I booked months before the experiment. (It should technically be banned because Airbnb is hosted by AWS.) Theres a lock box on the outside of the apartment building that I open with a four-digit code. Inside is a key that gets us into the building and the same four-digit code opens a digital lock on the apartments door. I had written down the address and code on a piece of paper knowing I wouldnt be able to access the Airbnb website.

We get in with no problem. Were starving so head to a restaurant we passed in our taxi. Afterward, we need groceries, but Ellev is melting down, so I head to the Airbnb while Trevor goes to shop. I get into the building with the key, but once Ellev and I climb four flights of stairs to the apartment, I realise I dont have the piece of paper with the door code on itand I dont remember the code.

Ellev is crying and trying to turn the doorknob. I start to feel that desperate panic of an earlier age that nowadays accompanies a dying smartphone battery.

My laptop is inside the locked apartment. I use a password manager, stored on that laptop, to get into all my online accounts, so I couldnt get into Airbnb on another computer even if I wanted to toss in the towel on the blockade.

A masochistic part of my brain reminds me that I am in this mess because I used a site hosted by AWS. I could have just booked a normal hotel room via the phone, and then I would be picking up a new key card at this very moment. Technology creates the problems that technology solves, and vice versa.

While soothing Ellev, I try a bunch of different combinations on the lock based on my vague recollection of what the four numbers are. One of them works. As soon as I get inside, I plug my iPhone into the charger, relieved Ill resume using it the next day.

Critics of the big tech companies are often told, If you dont like the company, dont use its products. I did this experiment to find out if that is possible, and I found out that its notwith the exception of Apple.

These companies are unavoidable because they control internet infrastructure, online commerce, and information flows. Many of them specialize in tracking you around the web, whether you use their products or not. These companies started out selling books, offering search results, or showcasing college hotties, but they have expanded enormously and now touch almost every online interaction. These companies look a lot like modern monopolies.

Since the experiment ended, Ive resumed using the tech giants services, but I use them less. I deliberately seek out alternatives to do what I can, as a consumer, not to help them monopolize the market.

But the experiment went beyond that for me; it made me reexamine the role of tech in my life more widely. It broke me of that modern bad habit of swiping through my phone looking for a distraction rather than engaging with the people around me or seeking stimulation in my real world environment.

Read the original post:

I Cut The Big Five Tech Giants From My Life And It Was Hell - Gizmodo Australia

How to prevent being tracked while reading your Gmail – The Verge

All of those obnoxious marketing emails that crowd your inbox arent just pushing a product. Theyre also tracking whether youve opened the email, when you opened it, and where you were at the time by embedding tracking software into the message. Just type email tracking into your search engine and watch all the software apps appear.

There are a variety of methods used to track emails. For example, one of the simplest is a redirect link. Lets say you click a link in a promotional email that leads to the page for a product you want to buy. The link has been coded to be trackable; it will go to another server with a variety of data, like what browser you are using or where you clicked the link from, before it takes you to the article.

But while its fairly easy to spot a redirect link (for one thing, you can often spot all the additional code added to the URL), there are other methods that arent quite so obvious. The method that were looking at here is tracking pixels.

How does it work? A single tracking pixel is embedded into the email, usually (but not always) hidden within an image or a link. When the email is opened, code within the pixel sends the info back to the companys server.

There have been some attempts to restrict the amount of information that can be transmitted this way. For example, since 2014, Google has served all images through its own proxy servers, which could hide your location from at least some tracking applications. Extensions such as Ugly Mail and PixelBlock have been developed to block trackers on Chrome and Firefox. And there are alternative browsers that emphasize privacy such as Brave and the Tor Browser.

There is also a simple step you can take to avoid most trackers: stop your email from automatically loading images, since images are where the majority of these pixels hide. You wont be able to avoid all of the trackers that might be hidden in your email this way, but you will stop many of them.

Note that this will also turn off Gmails dynamic email feature, which makes email messages more interactive.

Here is the original post:

How to prevent being tracked while reading your Gmail - The Verge

How to avoid being tracked while reading through your Gmail – Winged Express

All of individuals obnoxious marketing e-mail that crowd your inbox are not just pushing a merchandise. They are also tracking whether youve opened the e mail, when you opened it, and where by you were being at the time by embedding monitoring program into the concept. Just kind email tracking into your research engine and watch all the application apps show up.

There are a wide range of procedures employed to track e-mail. For instance, a person of the most basic is a redirect website link. Let us say you click on a backlink in a advertising electronic mail that qualified prospects to the web site for a product you want to get. The hyperlink has been coded to be trackable it will go to yet another server with a wide range of facts, like what browser you are working with or in which you clicked the url from, right before it will take you to the report.

But even though it is reasonably uncomplicated to place a redirect url (for one matter, you can usually place all the supplemental code additional to the URL), there are other methods that arent very so apparent. The method that were seeking at below is tracking pixels.

How does it work? A single tracking pixel is embedded into the e-mail, generally (but not always) hidden in an impression or a connection. When the e mail is opened, code within the pixel sends the details again to the companys server.

There have been some tries to restrict the volume of info that can be transmitted this way. For example, considering that 2014, Google has served all photos by way of its own proxy servers, which could disguise your area from at least some monitoring programs. Extensions such as Ugly Mail and PixelBlock have been created to block trackers on Chrome and Firefox. And there are substitute browsers that emphasize privateness such as Brave and the Tor Browser.

There is also a very simple step you can acquire to keep away from most trackers: quit your electronic mail from routinely loading pictures, since pictures are in which the majority of these pixels disguise. You will not be ready to avoid all of the trackers that may well be hidden in your e mail this way, but you will end many of them.

Note that this will also transform off Gmails dynamic email aspect, which would make e mail messages a lot more interactive.

Turn graphic autoloading off in Gmails settings.

In options for your cellular Gmail account, scroll down to Images.

You can now disable the autoloading of pictures.

The rest is here:

How to avoid being tracked while reading through your Gmail - Winged Express

The Tor project falters: a third of the workforce is fired – InTallaght

Although we are talking about the Deep Web or Dark Web, we are actually referring to one of the best-known Darknet networks such as Tor (although it is not the only one). The Tor Project (or Proyecto Tor Inc), is an NGO founded in 2006 that seeks to offer a way to use the Internet with as much privacy as possible, routing traffic through multiple servers and encrypting it every step of the way. Currently, they had up to 35 people working in the core of his service, something that has been radically altered by the coronavirus health alert. In fact, they have had to fire a third of the workforce to be able to move on.

Tors history dates back to the 1990s when the first research designs and onion routing prototypes were deployed. Already in the 2000s work began on the Tor project, The Onion Routing. This led to the creation of the non-profit organization in 2006, beginning to develop bridges with the Tor network to face censorship. His success grew with the passage of time and events such as the Arab Spring or the Snowden reliefs in 2013, triggered his success.

Tor, like any other organization in the world, has been hit in the middle of the crisis COVID-19. This is affecting large companies, but especially SMEs, freelancers and non-profit organizations. In fact, they confirm that it has hit them very hard and that they have had to make drastic decisions to try to secure their future.

Without going any further, they have had to fire 13 people who helped make the Tor network available to millions of people around the world. From now on, the main work will continue with 22 people They will continue to develop the Tor Browser and the entire ecosystem of software related to the Tor anonymous network.

They take advantage of the statement to remember that the world will no longer be the same when the crisis of the coronavirus COVID-19 ends. They think it will be necessary to ensure privacy and secure access to information will become a priority. For all this, they have made the difficult decision to try to secure the future of the Tor project with the dismissal of a third of its staff, 13 people from the team in total.

Will it be enough to keep Tor project running smoothly?

Follow this link:

The Tor project falters: a third of the workforce is fired - InTallaght

On the Darknet Side: The Role of Crypto as a Means of Exchange – Cointelegraph

Due to the transition of many people around the world into a stay at home mode, where the only viable way of communicating and receiving something is through the global network, some new information regarding darknet activity has begun to surface.

In the time of COVID-19, there has been an increase in both the activity of cyber fraudsters using the capabilities of cryptocurrencies and general illegal activity on the World Wide Web.

Of course, not all darknet operators are using the epidemic for malicious advantage, and comply with the code of honor. Nonetheless, Cointelegraph decided to figure out how Bitcoin is associated with the darknet, whether the global pandemic affects illegal crypto operations, and how authorities around the world are coping.

Digital assets are used in many areas, including acting as a means of payment on the darknet by those seeking maximum anonymity while performing operations deemed questionable by regulators.

Cryptocurrencies are especially popular with sellers of items like illegal drugs, weapons and other restricted goods. Darknet users provide impetus to markets in the network by using special software such as the TOR browser to circumvent inaccessibility to such goods through the use of crypto, with its pseudo-anonymity for transactions. These kinds of transactions and the concept of decentralization itself has put limitations on the control of global intelligence agencies.

Sellers of illegal goods latched on to the decentralized principle of cryptocurrencies early on, using them long before Bitcoin (BTC) became a household name. A striking case is the online market Silk Road, launched as part of the darknet. It relied heavily on Bitcoin while the token was still a mystery to many back in 2011.

On the darknet, all connections are established between trusted nodes through special protocols and ports. All IP addresses are hidden, so its not possible to enter the darknet through familiar browsers such as Chrome, Firefox or Safari. The entire network operates on the principle of decentralization and is not controlled by any authority. Due to this, users receive some degree of security, since many sites in the darknet use TOR encryption protocols, which hide the identities of users and replace their IP addresses.

There are many sites selling illicit goods on the darknet, among which AlphaBay and Oasis stand out. They have arguably caused the price of privacy-oriented cryptocurrency Monero (XMR) to skyrocket in the past after adding the token as a payment option. Anonymous token transactions have allowed the dark network to progress, but this has, in turn, developed a connection between cryptocurrencies and illegal activity in the minds of many people today.

Aleksadnr Lazarenko, the head of the R&D department at Group-IB one of the biggest providers of solutions aimed at detecting and preventing cyber attacks shared his opinion with Cointelegraph on why cryptocurrencies are popular among criminals:

Despite the fact that transactions carried out in Bitcoin are noted for their transparency, they still grant cybercriminals with considerable anonymity. Since cryptocurrencies are normally decentralized and do not belong to some particular national jurisdiction, operations with their use are not that closely monitored by monetary authorities. Another obvious reason that explains cybercriminals passion for cryptocurrencies, is no need to disclose valid personal information for their holders.

There is still an opinion that BTC and other cryptocurrencies are used only for criminal purposes. However, offshore banking systems are more suitable for financing terrorist activities and money laundering than an anonymous decentralized network through which payments pass.

Undoubtedly, BTC helped to run the darknet economy of Silk Road, but marketplaces on the darknet have begun to close up shop over the last few years and for good reason. According to Chainalysis experts, darknet deals flourished in 2019, especially thanks to cryptocurrencies. However, these online assets are subject to sharp fluctuations in price, which affects their use on the darknet.

Carles Lopez-Penalver, cybercrime analyst at Chainalysis, told Cointelegraph that sellers reduced their activity during periods of decline in the BTC price, fearing that the funds they accept may not be worth anything the next day:

While we think darknet markets are resilient and here to stay, it was interesting to observe that darknet market revenue fell much more than we expected following Bitcoins recent major price drop associated with COVID-19.

Nevertheless, experts agree that no matter what the price rate of a particular cryptocurrency is, they will still be popular on the darknet. Lazarenko opined:

Cryptocurrency is de facto the main currency of the underground, therefore, it will definitely be popular. The extent of its popularity and use will directly depend on the state of the underground market if it grows, there are likely to be more transactions in cryptocurrencies. When it comes to the main payers on this market, there are few cryptocurrencies that can compare to Bitcoin in their popularity, perhaps, well see the growth of Ethereum 2.0, once it sees the world, but it is still likely to be behind Bitcoin.

Despite the decline in cryptocurrency operations on the darknet, criminal activity seems to be moving to distributed platforms and encrypted applications, and this is where Telegram Open Network may come in.

Many think that TON will be a new darknet, and here is why. The usual websites that users see when opening a link in a browser work on the basis of the Transmission Control Protocol, Internet Protocol and Hypertext Transfer Protocol. TCP is responsible for the reliable transfer of the byte stream from one computer to another, IP is for routing the dataset or determination of all data transfer points, and HTTP works one level higher, allowing for information to be encoded in the form of documents.

Overlay networks such as TOR or a VPN can be created based on these protocols. Most of them are designed to eliminate privacy issues like low security and lack of anonymity. The Telegram team has proposed another one TON Sites. Technically, the sites created on the TON network will look like regular web pages, but the difference is that content will not be stored on any server but rather distributed across network nodes and users. Instead of IP addresses on this network, there will be an Abstract Datagram Network Layer protocol providing encryption by default, while access to regular HTTP sites and vice versa will be possible through gateways.

Not surprisingly, some analysts see TON sites as an element of a technologically advanced darknet platform, the core of which is the Gram cryptocurrency. Russian law enforcement authorities have thus voiced concerns about the platform, publishing a notice in March that called on contractors to investigate and block anonymous networks, including both TOR and TON as targets.

Moreover, darknet platforms like TOR or potentially TON dont solely utilize cryptocurrencies, but also blockchain technology as a whole. There are already a few projects that are actively using the blockchain in order to access their resources. Experts at Chainalysis confirmed:

There are some markets and fraud shops that have implemented blockchain technology beyond a mode of currency. Multiple carding shops and some small drug shops operate through Blockchain DNS, which uses Namecoin and Emercoin to protect marketplaces against ISP DNS blocking to make sure their customers are able to access their marketplace.

Regulators around the world are increasingly concerned about the role of cryptocurrencies in money laundering and the financing of various illegal activities. Since the beginning of 2020, many governments have begun to actively combat this situation, and have introduced various legal measures designed to strengthen their protection against financial cybercrime.

According to Chainalysis, the number of darknet users directly relates to how strict government policies are toward the internet. Therefore, the darknet is mainly used in the United States, Russia and some European countries such as Germany, the Netherlands and France.

Echoing moves by Russia, where the central bank periodically introduces strict recommendations on how financial institutions should detect suspicious transactions including digital currency exchange, the U.S. law enforcement and regulatory agencies established a cryptocurrency intelligence program in March that proposed new rules and tax reporting requirements to help pave the way for the widespread adoption of blockchain technology.

At the end of March, the International Criminal Police Organization announced a partnership with South Korean data intelligence startup S2W Lab to analyze darknet activity, including cryptocurrency transactions. However, it is not yet clear how effective their measures will be, as users on the dark side of the net tend to find new ways of continuing their illegal activities one way or another.

Visit link:

On the Darknet Side: The Role of Crypto as a Means of Exchange - Cointelegraph

New bill threatens journalists ability to protect sources – TechCrunch

Runa Sandvik works on digital security for journalists, founded upon her experiences working at The New York Times, the Freedom of the Press Foundation and The Tor Project.

Online child exploitation is a horrific crime that requires an effective response. A draft bill, first proposed by Sen. Lindsey Graham (R-SC) in January, intends to provide exactly that. However, technology experts warn the bill not only fails to meet the challenge, it creates new problems of its own. My job is to enable journalists to do their work securely to communicate with others, research sensitive stories and publish hard-hitting news. This bill introduces significant harm to journalists ability to protect their sources.

Under the Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act, a government commission would define best practices for how technology companies should combat this type of material. On the surface, EARN IT proposes an impactful approach. A New York Times investigation in September found that many tech companies failed to adequately police sexual abuse imagery on their platforms. The investigation highlighted features, offered by these companies, that provide digital hiding places for perpetrators.

In reality, the criticized features are exactly the same ones that protect our privacy online. They help us read The Washington Post in private and ensure we only see authentic content created by the journalists. They allow us to communicate with each other. They empower us to express ourselves. And they enable us to connect with journalists so the truth can make the page. This raises the question of whether the bill will primarily protect children or primarily undermine free speech online.

It should be pointed out that EARN IT does not try to ban the use of these features. In fact, the bill does not specifically mention them at all. But if we look at how companies would apply the best practices, it becomes clear that the government is intending to make these features difficult to provide, that the government is looking to discourage companies from offering and increasing the use of these features. By accepting EARN IT, we will give up our ability and our childrens future abilities to enjoy online, social, connected and private lives.

Four of the best practices relate to requiring companies to have the ability to identify child sexual abuse material. Unfortunately, its not possible to identify this material without also having the ability to identify any and all other types of material like a journalist communicating with a source, an activist sharing a controversial opinion or a doctor trying to raise the alarm about the coronavirus. Nothing prevents the government from later expanding the bill to cover other illegal acts, such as violence or drugs. And what happens when foreign governments want to have a say in what is legal and what is not?

Our digital life is protected by the same features that allow some bad people to do bad things online. They protect us as we visit The Washington Post website, use the Signal app to contact one of its journalists or use the Tor Browser to submit information to their anonymous tip line. These features all enable privacy, a core component of the journalistic process. They enable journalists to pursue and tell the truth, without fear or favor. And not just in the U.S., but globally. We should empower and enable this work, not sabotage it by removing crucial capabilities, even in the name of child protection.

The same New York Times investigation found that law enforcement agencies devoted to fighting online child exploitation were left understaffed and underfunded, even as they were asked to handle far larger caseloads. The National Center for Missing and Exploited Children (NCMEC), established by Congress in 1984 to reduce child sexual exploitation and prevent child victimization, was ill equipped for the expanding demands. Its worth asking, then, why EARN IT does not instead empower these agencies with additional resources to solve crimes.

We must consider the possibility that this bill fails to achieve its stated goal. That it will not protect children online, and will introduce harm to their digital presence and ability to speak freely. Everyone deserves good security, and its on us to find ways to prevent harm without compromising on our digital rights. To force companies to weaken our protection to give law enforcement greater insight would be the equivalent of forcing people to live without locks and curtains in their homes. Are we willing to go that far?

Thats not to say we have to accept no solution. But it cant be this one.

Excerpt from:

New bill threatens journalists ability to protect sources - TechCrunch

Tor Browser 9.0.9 Download – TechSpot

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Note: You can also download the latest beta version, Tor Browser 9.5.11 Alpha here.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Welcome Screen

Our old screen had way too much information for the users, leading many of them to spend great time confused about what to do. Some users at the paper experiment spent up to 40min confused about what they needed to be doing here. Besides simplifying the screen and the message, to make it easier for the user to know if they need to configure anything or not, we also did a 'brand refresh' bringing our logo to the launcher.

Censorship circumvention configuration

This is one of the most important steps for a user who is trying to connect to Tor while their network is censoring Tor. We also worked really hard to make sure the UI text would make it easy for the user to understand what a bridge is for and how to configure to use one. Another update was a little tip we added at the drop-down menu (as you can see below) for which bridge to use in countries that have very sophisticated censorship methods.

Proxy help information

The proxy settings at our Tor Launcher configuration wizard is an important feature for users who are under a network that demands such configuration. But it can also lead to a lot of confusion if the user has no idea what a proxy is. Since it is a very important feature for users, we decided to keep it in the main configuration screen and introduced a help prompt with an explanation of when someone would need such configuration.

As part of our work with the UX team, we will also be coordinating user testing of this new UI to continue iterating and make sure we are always improving our users' experience. We are also planning a series of improvements not only for the Tor Launcher flow but for the whole browser experience (once you are connected to Tor) including a new user onboarding flow. And last but not least we are streamlining both our mobile and desktop experience: Tor Browser 7.5 adapted the security slider design we did for mobile bringing the improved user experience to the desktop as well.

Other

What's New:

This release features important security updates to Firefox.

This release updates Firefox to 68.6.0esr and NoScript to 11.0.15.

Note: We are aware of a bug that allows javascript execution on the Safest security level (in some situations). We are working on a fix for this. If you require that javascript is blocked, then you may completely disable it by:

The full changelog since Tor Browser 9.0.5 is:

All Platforms

Build System Windows

Read more:

Tor Browser 9.0.9 Download - TechSpot

Tor Project lets go of a third of staff due to COVID-19 – Privacy News Online

The Tor Project, the non profit organization behind the Tor (The Onion Router) Browser, has let go of roughly a third of its staff due to the COVID-19 crisis. Tor is known as a private browser developed for use by dissidents in oppressive countries and others that need their internet use anonymized. Tech companies and organizations around the world have been affected by this pandemic, and its sobering to see the Tor Project have to let go of staff during this time period where Tor use is arguably ever more crucial.

They wrote in a post on the Tor blog announcing the news:

Tor, like much of the world, has been caught up in the COVID-19 crisis. Like many other nonprofits and small businesses, the crisis has hit us hard, and we have had to make some difficult decisions.

As an example of how the privacy industry has been affected by COVID-19. The annual Internet Freedom Festival is supposed to be taking place between April 20th and April 24th with the Tor Project hosting a Tor Village as one of the main attractions; however, the event has been canceled for this year.

The post continued with an affirmation that Tor Browser development will go on:

We had to let go of 13 great people who helped make Tor available to millions of people around the world. We will move forward with a core team of 22 people, and remain dedicated to continuing our work on Tor Browser and the Tor software ecosystem.

As governments and companies around the world up their surveillance of their citizens as a way of corralling this pandemic and the average American becomes more dependent on their internet connection to work and live life, privacy awareness has been rising. It is unfortunate that the Tor Project needs to let go of staff during such a crucial time; however, the move was made to ensure Tors continuity into the future. Tors post continued:

The world wont be the same after this crisis, and the need for privacy and secure access to information will become more urgent. In these times, being online is critical and many people face ongoing obstacles to getting and sharing needed information. We are taking todays difficult steps to ensure the Tor Project continues to exist and our technology stays available.

Privacy is more important now than ever. The Tor Project is an established part of the privacy ecosystem and though it has suffered a hit, it will go on. On the VPN end of the privacy ecosystem, Private Internet Access has expanded its network, VPN connection features, and is also expanding its workforce with new hires. While the COVID-19 pandemic has affected PIAs work culture as well as social distancing has been implemented, and caused governments to seek more surveillance powers, the privacy world will continue on.

Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization. Caleb holds a Master's in Digital Currency from the University of Nicosia as well as a Bachelor's from the University of Virginia. He feels that the world is moving towards a better tomorrow, bit by bit by Bitcoin.

Continue reading here:

Tor Project lets go of a third of staff due to COVID-19 - Privacy News Online

Tor Project lays off staff as COVID-19 applies the pressure – proprivacy.com

Revelations that the Tor Project had to lay off a third of its staff this week sent shock waves through the privacy community. The news came after the nonprofit organization was forced to downsize due to the economic impact caused by the global coronavirus pandemic.

Support Tor

Tors Onion browser is considered by privacy advocates to be an essential service for maintaining privacy and anonymity online. The free browser is a vital utility for at-risk individuals including journalists, human rights campaigners, lawyers, protesters, and political dissidents, to name a few.

The recent announcement came from Tors blog. The dispiriting post explained that unfortunately staff were being laid off due to a sudden acute decrease in funding.

Tor, like much of the world, has been caught up in the COVID-19 crisis. Like many other nonprofits and small businesses, the crisis has hit us hard, and we have had to make some difficult decisions. We had to let go of 13 great people who helped make Tor available to millions of people around the world.

For privacy advocates living the world over, Tors sudden need to downsize can be considered a cause for concern. Since the pandemic started, governments worldwide have passed emergency regulations that allow for increased tracking and surveillance. And, while the need to tackle COVID-19 is indubitable, it is also critical to consider how new tracking measures may affect citizens' future privacy.

Fortunately, several governments are imposing temporary measures with sunset clauses. This is acceptable, because it ensures that any increased surveillance is measured, appropriate, and limited in its nature. However, not every country is imposing these important sunset clauses into their emergency measures - which is leading to concern from groups like Privacy International, Digital Rights Watch, Fight For the Future, and from individuals like Edward Snowden.

The world won't be the same after this crisis, and the need for privacy and secure access to information will become more urgent.

Isabela's warning is a sentiment echoed by leading privacy organizations worldwide, which agree that a potential for grave privacy-crumbling repercussions exists.

On the one hand, reasonable and measured responses to help combat the spread of COVID-19 are entirely necessary. On the other, it is essential for governments to be held accountable, for privacy to be maintained, for human rights to be respected, and for essential privacy services like Tor to remain available to people who require them - both during and following the pandemic.

Help Tor

After all, the loss of any vital privacy services because of the pandemic would signal a huge loss for citizens everywhere, eliminating their ability to communicate and protest against oppression, discrimination, prejudice, and totalitarianism around the globe.

For Tor, which relies on donations to perform upkeep on its platform, the economic impact of the pandemic is already being felt. The hardship caused by the pandemic has led to a drop in the number and size of donations. Thankfully, however, the firm is confident that it will be able to keep providing its services to users with its remaining team members.

We are terribly sad to lose such valuable teammates, and we want to let all our users and supporters know that Tor will continue to provide privacy, security, and censorship circumvention services to anyone who needs them.

The services provided by Tor continue to be important to huge numbers of people located around the world. And, for Tor to continue developing and maintaining its servers and software - including the Tor Browser Bundle and the Tor anonymity network - it will continue to require donations from citizens.

We understand that COVID-19 is causing huge amounts of hardship across the board, and that it's hard to think about donating during such a crisis. However, if privacy is something you are passionate about and you are in the fortunate position to be able to donate something, Tor is a worthy cause that will benefit from even a small donation.

Donate to Tor

Excerpt from:

Tor Project lays off staff as COVID-19 applies the pressure - proprivacy.com

How to use the Tor browser – Technobezz

Tor stands for The Onion Routing. Onion routing means that when you connect to the internet, all your internet traffic is routed through multiple servers along with being encrypted at each step. So, the uniqueness of the Tor browser is that it offers privacy and its code is free and open-source.

In this age, when almost the whole world is connected online, there are also the problems of online tracking, censorship, and surveillance which can be real hurdles for those who do not want their identities to be revealed online or want to have censor-free internet access. For them, the Tor browser can act as a savior. Using the Tor browser, one can connect to the internet anonymously. Even if someone tries to monitor the internet traffic of a Tor browser user, they will only be able to see that you are using Tor.

See also: What Is The Best Internet Browser For Mac?

Go to https://www.torproject.org/download/ and click on the download option for the operating system on which you want to install Tor. You must use the official link to download Tor otherwise you might end up install some malware on your system in place of Tor. After downloading the setup, its installation is like any other normal software installation. E.g. for Windows OS, just double click on the setup file downloaded and confirm any prompt shown in a dialog box asking whether you want to install this software. Now, just wait for it to finish installing.

The Tor browser is portable software. So, once you have installed it, you can run it from a USB drive too. You just need to select a location (which can be USB drive too) to install during the setup.

There are some initial settings that you need to do when you run the Tor browser for the first time.

See the rest here:

How to use the Tor browser - Technobezz

A right to digital self-defense will prevent abuse of COVID-19 surveillance apps | TheHill – The Hill

Apple and Google recently announcedthey will jointlylaunch digital contact tracing tools to combat COVID-19. Their Bluetooth technology will allow Android and iOS phones to communicate and track when individuals pass within six feet of someone who tested positive for the novel coronavirus. Apple and Google are not alone. Around the world, countries including the UK, China, Taiwan, and South Korea have implemented comparable programs.

While these steps appear desirable, they raise serious risks for autonomy, privacy, and data security. The information collected could be used for commercial purposes, hacked by cybercriminals, or used to discriminate against individuals with COVID-19 or other health conditions. Moreover, it is difficult to establish whether the apps are beneficial and surveillance methods implemented now may persist long after the pandemic subsides.

To address these concerns, Apple and Google promised there will be strong protections around user privacy and emphasized that transparency and consent are of utmost importance. However, tech companies have repeatedly failed to protect user privacy and security; the time to rely on privacy legislation and industry self-regulation has passed. Instead of those top down approaches, which privilege legislators, lobbyists, and tech companies over individuals, we argue for a bottom-up approach.

State and federal lawmakers should create a right to digital self-defense ensuring that Americans can freely use anonymity, privacy, and cybersecurity tools to shield themselves against widespread and relentless data collection by private and public actors. Some examples of these tools are the TOR browser, virtual private networks (VPNs), personal servers such as the FreedomBox, and low-tech solutions such as clothing that disrupts facial recognition.

There are many more available tools of digital self-defense, and not all of them will be relevant to COVID-19 apps; nevertheless, recognition of a right to digital self-defense may serve as a catalyst to the development of new tools, covering different platforms, operating systems and scenarios.

While some of these tools are widely available, their use often comes at a cost. Specifically, people who adopt them may be subjected to increased government scrutiny. On the public side for example, the FBI usedspywareto track Tor users activity. Whether such surveillance constitutes an illegal search under the Fourth Amendment remains anunresolvedlegal question. In this context, people may wish to protect their privacy and cybersecurity even if they have committed no crimes.

On the private side, platforms such as Netflix and Hulu often refuse access to people who use these tools of digital self-defense. Some platforms, including Google, penalize users by requiring them to complete time-consuming CAPTCHAs thattrain the companys algorithmsto identify objects such as street signs and fire hydrants. These mechanisms frustrate users and encourage them to sacrifice privacy for easier access to services.

The right to digital self-defense may find support in the Bill of Rights, which was designed to protect states and their citizens from government tyranny. In the information age, we are witnessing the emergence of a new oppressive force digital tyranny, where tech companies threaten our privacy and security through widespread surveillance, profiling, and manipulation. They often work with federal agencies through public-private partnerships, such as the collaboration between Amazon Ring and up to400 law enforcement authorities.

Public-private partnerships including those directed at COVID-19 tracking can excuse federal agencies from respecting individual rights and freedoms because tech platforms conduct the surveillance, and most constitutional protections provided by the Bill of Rights do not extend to these private actors. Once the data is obtained, they pass it to their government partners. But the Bill of Rights is of limited effectiveness in the information age if it doesnt also extend to technology companies.

Some may argue that a right to digital self-defense is unnecessary because people can always choose not to opt-in to a contact tracing program. However, this criticism is rooted in outdated notions of consent. Tech companies have a history of using deceptive methods to influence peoples choices. They use deceptivechoice architectureto nudge people to consent. Besides, some surveillance programs are not optional; Chinas mandated contract tracing app Health Code controls where citizens may travel, and U.S. programs could shift in that direction.

Others might contend that a more desirable approach is to demand that tech companies take privacy and security more seriously. However, platforms have no obligation to implement safeguards beyond what the law requires, and U.S. privacy laws are inadequate and overly susceptible toinfluence by industry lobbyists.

A federal right to digital self-defense can serve as a foundation on which state lawmakers can build. For example, the Health Information Portability and Accountability Act (HIPAA) sets a national floor for health privacy, and states can pass their own laws that provide protection above and beyond what HIPAA mandates.

Alternatively, states could establish the right to digital self-defense on their own by statute and incorporate it into their constitutions. In states where citizens can pass their own laws through ballot initiates, such as California and Alaska, the right could be implemented by the people, thus bypassing state legislatures, and stifling lobbyist efforts to water down legislation.

The COVID-19 pandemic is a public health emergency, but widespread surveillance carried out by private actors is not the solution. Given Big Techs track record, the social cost of widespread surveillance likely outweighs potential benefits, especially if tracking persists beyond the pandemic.

Lawmakers should codify a right to digital self-defense and encourage Americans to use anonymity, privacy, and cybersecurity tools to ensure that their privacy and security are not threatened by digital tyranny.

Ido Kilovaty is an assistant professor of law at The University of Tulsa College of Law, visiting faculty fellow at Yale Law Schools Center for Global Legal Challenges and an affiliated fellow at Yale Law Schools Information Society Project. He was a 2028-2019 Cybersecurity Policy Fellow at New America.

Mason Marks is assistant professor at Gonzaga University School of Law and an affiliated fellow at Yale Law Schools Information Society Project. In addition to a law degree from Vanderbilt University, he also holds an M.D. from Tufts University School of Medicine.

Read more from the original source:

A right to digital self-defense will prevent abuse of COVID-19 surveillance apps | TheHill - The Hill

DDoS in the Time of COVID-19: Attacks and Raids – Security Boulevard

There is no escaping it. COVID-19 is dominating headlines and has impacted virtually every corner of the world. Like most people at this point, Im 30 days into isolation and trying everything in my power to ignore the elephant in the room and the politics that go along with it.

Unfortunately, or fortunately, cyber security is an essential business. As a result, those working in the field are not getting to experience any downtime during a quarantine. Many of us have been working around the clock, fighting off waves of attacks and helping other essential businesses adjust to a remote work force as the global environments change.

Along the way we have learned a few things about how a modern society deals with a pandemic. Obviously, a global Shelter-in-Place resulted in an unanticipated surge in traffic. As lockdowns began in China and worked their way west, we began to see massive spikes in streaming and gaming services. These unanticipated surges in traffic required digital content providers to throttle or downgrade streaming services across Europe, to prevent networks from overloading.

The COVID-19 pandemic also highlights the importance of service availability during a global crisis. Due to the forced digitalization of the work force and a global Shelter-in-Place, the world became heavily dependent on a number of digital services during isolation. Degradation or an outage impacting these services during the pandemic could quickly spark speculation and/or panic.

[You may also like: COVID-19: The Rise of the Telecommuter & the Impacts on Businesses]

For example, as COVID-19 began to take a toll on Australias economy, there became a rush of suddenly unemployed citizens needing to register for welfare services on MyGov, Australias government service portal. This natural spike in traffic ended up causing an outage on the morning of March 23rd, requiring Government Services Minister Stuart Roberts to walk back his initial claims that the portal had suffered from a DDoS attack, naturally causing panic and speculation among those desperately seeking government assistance.

In France, Assistance Publique Hpitaux de Paris, the university hospital trust managing 39 public hospitals in the area, found itself a victim of a DDoS attack on March 22nd, just as France begin to deal with a surge in COVID-19 related cases. The attack was reported to have only lasted an hour and did not cause any significant damage.

The problem was, upon further review, in order to deal with the attack, there was a reduction in internet access. Typically, during any other day, this reduction would not have had an impact, but due to the pandemic and a remote, non-essential work force, employees outside of the hospitals network were blocked from external access during this attack, resulting in the inability to access email, Skype or remote application.

[You may also like: Preserving Business Continuity During the Coronavirus Pandemic]

In addition to this attack, the Brno University Hospital in the Czech Republic was hit a week earlier with a cyber-attack that force the hospital to shut down their entire network, resulting in the cancellation of surgeries.

And if that wasnt enough, a food delivery service in Germany experienced a DDoS attack from an extortionist. Lieferando.de, also known as takeaway.com, is a takeaway food service that delivers from more than 15,000 restaurants in Germany. During this global pandemic, citizens of the world have become very dependent on take away food services as part of the effort to help flatten the curve. Unfortunately, an extortionist attempted to capitalize on this by launching a Ransom Denial of Service (RDoS) attack on Takeaway, demanding 2 BTC ($11,000) to stop the attack. As a result, some orders were able to be accepted but were never delivered, forcing Germans to find another option for the night.

It should come as no surprise that law enforcement agencies around the world are particularly interested in taking down those looking to profit from COVID-19. They are also interested in kicking down doors of those who are conducting DDoS attacks during the pandemic.

[You may also like: How to Protect Your VPN: Lessons From a DDoS Attack Test]

On April 10th, a 19-year-old from Breda, Netherlands, was arrested for conducting a DDoS attack on March 19th against MijnOverheid.nl and Overhied.nl. Both of these websites are government-related and were providing Dutch citizens with important government information related to the pandemic.

Its truly unfortunate to see teenagers in the middle of a pandemic targeting critical infrastructure, preventing access to emergency regulations and advisories, but what did we expected? A cease-fire? In order to prevent additional DDoS attacks, a week prior to the Breda arrest, Dutch police shut down 15 stresser services. While these services were not listed, I can tell you, the raid was largely unnoticeable. Part of the problem can be found between the words of Jeroen Niessen, Dutch Police:

With preventive actions, we want to protect people as much as possible against DDoS attacks.By taking booters and their domain names offline, we make it difficult for cyber criminals.We have now put quite a few on black.If they pop up elsewhere, we will immediately work on it again.Our goal is to seize more and more booters

If they pop up elsewhere, we will immediately work on itagain.

In my opinion, it sounds like the police finally understand that raids are a losing battle without total commitment. If theres one thing we learned from the 2019 raid of KV solution, a bulletproof hosting provider, it was that when one criminal falls, dozens are willing to replace them.

For example, in 2018 the Department of Justice took down 15 stresser services as part of an effort to prevent DDoS attacks. The domain seized are listed below:

[You may also like: Are Darknet Take-Downs Effective?]

The problem is, taking down a stresser service is pointless when there are so many criminals using public services and corporations to mask their identities. Until there is cooperation and commitment to removing the DDoS threat completely, it will always linger, rearing its nasty head in the worst moments. Due to the lack of commitment between the global law enforcement community and the security community, we are unable to see a meaningful impact in the DDoS landscape.

Its really not that difficult to find a stresser service today. In fact, you can find these criminals openly advertising their services on major search enginesno Tor browser or Darknet Market required. While search engines could simply de-index these services, they choose not to. Instead, they elect to profit from your misfortune. Below are a handful of sites found on popular search engine using the terms booter or stresser:

powerstresser.pro, freeboot.to, instant-stresser.to, meteor-security.to, layer7-security.to, stressthem.to, stress.to, stress.gg, booter.vip, bootstresser.com, bootyou.net, defconpro.net, str3ssed.co, ts3booter.net, vdos-s.co, webstresser.biz, hardstresser.com, havoc-security.pw, synstresser.to, dosninja.com, stresser.wtf, thunderstresser.me, ripstresser.rip, astrostress.com, botstress.to, dotn3t.org, nightmarestresser.to, silentstress.wtf, torstress.com, xyzbooter.net, databooter.to.

[You may also like: COVID-19 Shows the Importance of Protecting Availability]

After reviewing the list, Officer Jeroen Niessens statement becomes clearer. Whether or not these current websites are associated with the original criminal groups or cloned, multiple stressers with notorious names have been reappearing. In general, I think its fair to say that while raids are disrupting criminals, they have hardly put a dent in the overall activity or economy of the DDoS-as-a-Service industry. Takedowns only represent a temporary solution, and this has become clear during the pandemic.

Unfortunately, the threat landscape continues to evolve during a pandemic. Criminals are clearly not taking time off.Worst of all, not only is the public cloud fully in scope for cybercriminals looking to compromise enterprise equipment, but due to the ongoing pandemic and the remote digitalization of the work force, remote software and digital services have come under fire from opportunist criminals.

I think during this time of chaos and uncertainty we really need to reflect on our impact and ability to secure the digital workforce and ask ourselves, are we protecting criminals due to privacy concerns or is there more we could do to remove and eliminate the DDoS threat?

Download Now

Read more here:

DDoS in the Time of COVID-19: Attacks and Raids - Security Boulevard

Nonprofit Behind Tor Browser Cuts Staff, Citing COVID-19 Impact – PCMag

The nonprofit behind the privacy-enhancing Tor browser has been forced to lay off some staff, citing the economic impact from COVID-19.

Like many other nonprofits and small businesses, the crisis has hit us hard, and we have had to make some difficult decisions, The Tor Project wrote in a blog post on Friday. We had to let go of 13 great people who helped make Tor available to millions of people around the world.

The Tor browser is perhaps best known for letting you visit sketchy websites on the Dark Web. But its also an important tool that can help you surf the internet anonymously. The browser can do this by ferrying your internet connection through a network of volunteer-operated servers, which can prevent ISPs and governments from tracking your web activities.

In some countries, Tor can also circumvent local government attempts to censor the internet, making it an important tool for activists, journalists and internet users to access the web, unfiltered.

For financing, the Tor Project partly relies on grants from US government groups such as the National Science Foundation, the US State Department and DARPA, which fund it for anti-censorship and privacy research. The group also pulls in donations from Mozilla, DuckDuckGo, and internet users. At the end of 2019, the Tor Project raised $833,956 from individuals, the most its ever raised before in a single year.

What exactly prompted the nonprofit to make the layoffs wasnt clearly spelled out in todays blog post. But the group still has a core team made up of 22 people, who remain dedicated to supporting the browser and the Tor ecosystem.

In these times, being online is critical and many people face ongoing obstacles to getting and sharing needed information, the nonprofit said in the blog post. We are taking todays difficult steps to ensure the Tor Project continues to exist and our technology stays available.

It remains unclear how the cuts will affect future releases of the browser. Weve reached out to the Tor Project for comment. In the meantime, the groups blog post says: We want to let all our users and supporters know that Tor will continue to provide privacy, security, and censorship circumvention services to anyone who needs them.

You can visit the donation page for the Tor Project here.

Read more:

Nonprofit Behind Tor Browser Cuts Staff, Citing COVID-19 Impact - PCMag