Category Archives: Tor Browser

Heres an overview of some of last weeks most interesting news and articles:

Microsoft offers rewards for security bugs in Microsoft TeamsMicrosoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform.

Tackling cross-site request forgery (CSRF) on company websitesEveryone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldnt do that (they will usually offer a canned hackers can steal your credentials if you do explanation) Cross-Site Request Forgery (CSRF) is that reason.

Phishers perfect targets: Employees getting back to the officePhishers have been exploiting peoples fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start, and will continue to do it for as long it affects out private and working lives.

Data breaches and network outages: A real and growing cost for the healthcare industryOne year into the COVID-19 pandemic, the Infoblox report reveals major challenges the healthcare industry faced as IT workers scrambled to secure protected health information (PHI) and the infrastructure against the pandemics complex cybersecurity and networking challenges.

How to stay ahead of the rise of synthetic fraudThere are a number of reasons why synthetic fraud is on the rise, but there are also actions banks and other financial institutions can take to prevent this growing trend from doing damage.

Only 14% of domains worldwide truly protected from spoofing with DMARC enforcementWhile the DMARC enforcement rate increases, 3 billion messages per day are still spoofing the senders identity, Valimail reveals. Email continues to be an effective way to communicate and use has increased during a year of global pandemic, and hackers continue to use email as a primary attack vector, stressing that email security is not going away.

(IN)SECURE Magazine issue 68 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 68 has been released. Its a free download, no registration required.

Hidden areas of security and the future of hybrid workingWith the UK governments roadmap out of lockdown underway, it is predicted that employers will strive to keep the element of flexibility by moving to hybrid working models.

The financial impact of cybersecurity vulnerabilities on credit unionsCybersecurity vulnerabilities among credit unions and their vendors create the potential for large financial impacts to the credit union industry, according to a Black Kite report.

Cybercriminals capitalizing on our reliance on the cloud90% of cyberattacks on cloud environments in the last 12 months involved compromised privileged credentials, according to a research from Centrify.

5G network slicing vulnerability leaves enterprises exposed to cyberattacksAdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operators 5G network, leaving enterprise customers exposed to malicious cyberattack.

Remote workers admit to playing a significant part in increasing their companys cybersecurity risksThe COVID-19 generation of remote workers are admitting to playing a significant part in increasing the cybersecurity risks facing their companies. An Opinium research shows 54% are regularly using their work device for personal purposes, including sharing work equipment with family members.

70% of organizations recognize the importance of secure coding practicesA research from Secure Code Warrior has revealed an attitudinal shift in the software development industry, with organizations bucking traditional practices for DevOps and Secure DevOps.

What businesses need to know to evaluate partner cyber resilienceMany recent high-profile breaches have underscored two important cybersecurity lessons: the need for increased scrutiny in evaluating access and controls of partners handling valuable customer data, and the imperativeness of assessing a third partys (hopefully multi-layered) approach to cyber resilience.

Why DDI technology is fundamental for multicloud successDDI technology, which integrates Domain Name System, Dynamic Host Configuration Protocol and IP Address Management functions, can help provide the solution to meet complexity and security risks head on.

80% of security leaders would like more control over their API securityThere are major gaps in API security based on insights from over 100 senior security leaders at large enterprises in the United States and Europe, an Imvision report reveals.

How to get affordable DV certificates for onion sitesThe Tor Project, the nonprofit developers of the Tor network and Tor Browser, have announced two exciting developments for onion services: affordable DV certificates for v3 onion sites from HARICA, and new, easy onion site setup guides.

Using memory encryption in web applications to help reduce the risk of Spectre attacksTheres nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Rttger and Artur Janc earlier this month in a nutshell, they showed how the Spectre vulnerability can be used to exfiltrate cross-origin data from any website.

Rapid increase in security tools causing alert fatigue and burn outOn average, enterprises maintain 19 different security tools, with only 22% of such tools serving as vital to primary security objectives, a ReliaQuest survey reveals.

Cybersecurity awareness is too often a part-time effortSANS announced the release of a report which analyzes the data of over 1,500 security awareness professionals from around the world to benchmark how organizations are managing human risk and provides data-driven action items to mature awareness programs.

Special pricing on CISSP and CCSP training bundleWhether youre motivated by career advancement, higher pay or inspiring a safe and secure cyber world, the (ISC) CISSP and CCSP certifications are professional game-changers. And now through April 30th, you can save 10% on Official (ISC) CISSP or CCSP Online Self-Paced Training when bundled with your exam.

New infosec products of the week: March 26, 2021A rundown of the most important infosec products released last week.

More here:
Week in review: Phishers' perfect targets, evaluating partner cyber resilience, new issue of (IN)SECURE - Help Net Security

Federal Police in Australia now can swarm the Dark Web and look for online crimes committed against the laws and citizens of the country, being one of the firsts in enforcing justice on the internet. While various laws protect people from the internet already, the Dark Web is a different topic as it moves away from the "surface."

(Photo : Photo by Sora Shimazaki from Pexels)

At first knowledge of the Dark Web, most of the transactions and happening within it are illegal, shady, and scary, which compromises different people and has no regard for privacy and safety of different users. Moreover, the Dark Web is one of the most elusive platforms as it requires a sophisticated way to get inside it, using the infamous "Tor Browser" to get in the platform.

Initial misconceptions on the Dark Web are mostly illegal, with people engaging in ruthless acts and behavior on the "dark side of the internet" mostly because their IP addresses are hidden and safeguarded. Moreover, people are not that mistaken, as the main purpose of the dark web is to hide personal information and location so that they can engage in nefarious activities.

Read Also: Ford vs. Tesla: Spokesperson Calls FSD Feature a 'Vaporware' After Popular Investor Calls Out Ford!

According toZD Neton Sunday, March 21, the "Hacking Bill" that was passed to Australia's parliamentary is already in motion, and the Commissioner of Australia's Federal Police (AFP) Reese Kershaw presses down its importance. The bill would help in serving up warrants, tracking down, and arresting people that are engaging in illegal activities on the Dark Web.

The main purpose of this bill is to protect Australia and its citizens, as well as focus on Australian citizens that engage in the malicious acts that are deemed illegal of the country's laws and regulations. In addition to that, this would be an extensive police search, particularly as the Dark Web is a highly complicated platform on the internet.

The AFP would do their best to gather intelligence and track down the illegal activities within their jurisdiction, and reduce the number of people engaging in illegal activities within the country. The Dark Web has resulted in a lot of identity theft and sale from several people, along with arms, drugs, and sexual harassment clips circulating on it.

Kasperskysays that the Dark Web is only accessible by specific websites in the "surface internet" which is the most used aspect or side of the internet that is known to man. With this, people are transported to a new dimension or clarity that allows people to see the different sides of the internet, showing mostly its darker side.

(Photo : Screenshot from Tor Browser)

The Australian authorities have reiterated that there are three parameters of the warrants for the online crimes committed, and the Hacking Bill could be applied for other countries in catching Dark Web crimes. The bill could help in jumpstarting the jurisdiction within the dark web for other nations, essentially helping in reducing crimes and illegal activities.

Related Article:Your iPhone is Vulnerable to Hijacking Calls and Texts; These Secret Codes Could Help You Avoid Them

This article is owned by Tech Times

Written by Isaiah Alonzo

2018 TECHTIMES.com All rights reserved. Do not reproduce without permission.

Continued here:
Dark Web to be Soon Infiltrated by Police in Australia's New Law - Tech Times

Deep web browsers are programs or applications that allow access to non-indexed websites. Each browser interprets information from different types of files and onion sites on the deep web. These browsers allow viewing of text documents and embedded files. In addition, it allows you to visit onion websites and do activities within the deep web. In other words, link one site to another, print, send and receive mail, among other functionalities.

Getting into the deep web is not difficult, but finding links to "onion" domains on the internet is different. Surely you have heard of Tor Browser as a 'gateway', but there are other options as well. Web browsers like Safari or Chrome are not an option as they will not work. However, there are other browsers besides the Tor browser that serve to enter the deep web or dark web.

It is recommended to use a VPN before you start surfing the deep web. Thus, in this way, you remain anonymous and guarantee the privacy of your personal information. Furthermore, this ensures that you hide the trail of all your activity on the dark web. Although, obviously, this will have a significant impact on browsing speed.

Tor Browser, this browser is the best known to enter the deep web. It is based on Firefox, but with the pre-installation of the Tor proxy, as well as modified versions of the HTTPS Everywhere and NoScript extensions. It is available for Windows, macOS, Linux and Android, and has a 'special' design for deep web browsing. Also, there is no need to delete browsing or history data as closing the Tor browser will erase everything.

Tor's main objective is to ensure that the internet can provide and protect the identity of users. That is, it aims to prevent the information that a user sends to get to him (his IP address) from being tracked. However, Tor's most common use is to take advantage of its features to achieve a certain degree of privacy in web browsing on the internet. Without being specially designed for it.

Invisible Internet Project is a deep web browser that is available for Windows, macOS, Linux and Android, just like Tor Browser. In addition to being able to access the deep web, we can also use it as a normal web browser. In this case, it is not based on the Tor network, which can also be used, but instead uses its own network so that we can surf anonymously.

All connections are encrypted, including public and private keys, and traffic is 'routed', like in the Tor browser, to avoid tracking. On the other hand, it offers as a peculiarity the storage of files in a decentralized way. But it is much more complicated to configure.

Mozilla's web browser, Firefox, is usually the favorite alternative to Google Chrome. And it is very similar, yes, but it goes beyond the Google option, offering us possibilities to enter the deep web. It is available on Windows, macOS, Linux and Android, like the previous ones, but it can also be used on iOS devices, and it is certainly easier to use than those mentioned above.

Now, to access the deep web with this Firefox browser, you must change a configuration: we access configurations within the address bar, and we will have to locate the option network.dns.blockDotOnion to mark it as 'False' for, in the last place, restart.

This deep web browser has slightly more limited availability. Because we can only download and install it on Windows, macOS and Linux, not available for mobile devices. However, it is based on the same source code as the Tor browser. So if you are a TOR browser user it will be easy to use. However, there are important changes to highlight, such as a system to protect the user's IP address in any type of activity.

Not even sophisticated malware could discover the computer's IP address. This according to its developers, even having administrator privileges on the system. But it is not a conventional web browser, but part of the Whonix operating system, which runs inside a virtual machine and has more useful tools.

This last option, again, is not a conventional web browser, but it is a complete operating system. So again, we can use it on any computer. Like Whonix, the source code on which the operating system is based is that of Tor Browser, but it also has a sophisticated multi-layer system to protect the user's security and identity. Meta-proxy encryption, for example, or file system encryption among many others, and sandbox isolation for applications..

Remember to do it with caution, safely and anonymously using the TOR browser.

"Hidden Answers" is a community in Darknet, where any user can ask about the use and the investment when buying BITCOIN.

The hidden wiki is an encyclopedia like Wikipedia, which is in the deep web, is one of the most complete guides to access the pages with onion links.

Do you really want to enter? Warning: the content of this publication is merely informative, you are solely responsible for what you do with that information.

Anna needs your help, she is still in danger, she could be in a very disturbing place (listen well to the song, you can have a solution to help her, but if you make a mistake).

Remember to access the Deep web links in a safe and anonymous way. Take the opportunity to visit those links with caution.

Visit link:
Deep Web Browsers - Tor Links - Onion Links (2021)

Todays malware is a lot like a car. Both cars and malware are made up of many components that enable them to run. Cars have different parts like engines, tires, and steering wheels; malware has loaders, payloads, and command modules.

Recently, researchers at Avast Threat Labs spent time looking at a specific part that malware authors use to make their cars. Its called a crypter, which is a tool used to hide malicious parts of code using encryption in an effort to appear as harmless and more difficult to read. Malware authors use this technique to hide their malicious code from researchers, antivirus and security software. From a malware authors point of view, a crypter is an important tool to counter protections against malware. From a researcher point of view, though, being able to identify a crypter helps us better and more quickly identify new malware when that malware has this component in it.

Our researchers looked into a specific crypter that were calling OnionCrypter. Weve chosen this name because this particular crypter uses multiple techniques to make it harder for researchers, antivirus, and security software to read the information that it protects. Put simply, the information is hidden within the layers of the onion of its encryption. OnionCrypter is unusual because of the way it uses multiple layers to hide its information. Its important to note that the name reflects the many layers this crypter uses, and its in no way related to the Tor browser or network.

We also found that OnionCrypter has been widely used since 2016 by some of the best known and most prevalent malware families such as Ursnif, Lokibot, Zeus, AgentTesla, and Smokeloader, among others. In the last three years, we have protected almost 400,000 Avast users around the world from malware that makes use of OnionCrypter. The chart below shows the different malware families we found using OnionCrypter.

Because of how long OnionCrypter has been around and how widely its used, our researchers believe that the authors of OnionCrypter offer it for sale as a service. This makes sense: weve seen the market for malware mature so that some people and companies offer specific, specialized services. Consistent with that kind of mature market, we also believe the authors of OnionCrypter offer customization for their customers, helping to make it even less detectable. In advertising on forums, this is frequently advertised as a fully undetectable (FUD) crypter.

With the information that Avast researchers have found on OnionCrypter, were making it easier for us and others to detect not only OnionCrypter, but also anything that uses it.

Returning to the car analogy, weve identified a specific part in the engine that many malware families use. Now, were able to look for that part and examine it more closely when we find it in something new our research has shown us that in these cases, its a new kind of malware. Our teams capability for deep research is good for both Avast customers and also for everyone else because this information helps inform those who design and improve upon security software.

To read more about OnionCryper and how it works, check out Jakub Kalos posting on Avast Decoded.

See the rest here:
OnionCrypter Threat Research | Avast - Security Boulevard

Matt Stankiewicz, Managing Counsel at The Volkov Law Group, joins us for a post looking into the CFTCs recent inquiry into Binance.

On Friday March 12, Bloomberg News reported that the Commodity Futures Trading Commission (CFTC) has opened an inquiry into Binance Holdings Ltd. (Binance) to investigate allegations that the exchange allowed US citizens to trade in cryptocurrency derivatives, without properly registering with the CFTC. It is important to note that this is merely an inquiry at this point, and that Binance has not been formally accused of any wrongdoing and may not face an enforcement action. However, where there is smoke, there may be fire.

This inquiry appears to have some parallels with the CFTCs investigation of BitMEX, though it does not yet appear to rise to the same level. For example, Binance has taken steps to wall off US citizens from its derivatives trading platform. When the exchange first launched, Binance pooled all of its customers onto a single exchange headquartered outside of the US. Roughly two years ago, the exchange took measures to segregate US customers and force them to a US-based platform, headquartered in San Francisco, which restricted certain coin offerings and financial instruments, such as derivatives and options trading.

To enforce this, the first line of defense in their compliance is to restrict access based on a users IP address. If a user attempts to log into the main Binance.com exchange with an IP address from a US location, the site prevents access and directs users to create an account on the Binance.us platform instead. However, as many compliance professionals are dealing with now across the internet, simply restricting IP addresses is not enough. There are a variety of tools, such as VPNs or the TOR browser, that can very easily circumvent these controls. This inquiry, depending on the outcome, could begin to provide guidance on this compliance challenge associated with operating a virtual-based exchange.

Further, Binance does indeed maintain a KYC program, in stark contrast to BitMEX. Users to either exchange, whether the US-based platform or the foreign one, must undergo a KYC review before they are able to withdraw a certain level of funds. At this point, unverified users who have not undergone a KYC review are restricted to withdrawing no more than two Bitcoin per day. As I write this post, the price of a single Bitcoin is hovering just over $57,000. That means, restricting accounts to withdrawals of two Bitcoin per day allows unverified users to transfer over $110,000 per day off the exchange. These restrictions were very likely created at a time when Bitcoins price was much lower. At this point, a $110,000 daily withdrawal limit may not be quite as strong a barrier as it needs to be.

Many exchanges take a similar approach, that they can provide limited services prior to conducting a KYC review, though do so at their own risk. US-based exchanges, in particular, can be extremely susceptible to money laundering and sanctions risks with such a high threshold. The CFTC will now review Binances overall KYC program to determine whether the program is effective and that the platform is doing all it can to ensure US citizens are not trading on the unlicensed platform.

Binance has always held a mixed reputation in the industry, especially with regards to its compliance efforts. Further, an article from Forbes late last year cited a leaked document and an internal whistleblower to suggest that Binance may have been taking measures to aid US customers in circumventing its own internal controls, to help funnel these customers and their associated revenues to the main Binance exchange. This information may form the basis of the CFTCs inquiry and could certainly be damning for Binance.

While the Securities and Exchange Commission (SEC) receives a lot of attention in the crypto industry, and has pursued several high-profile enforcement actions, in reality it is the CFTC that oversees much of the space. Many cryptocurrencies, if not most, are considered commodities for regulatory purposes within the US, which falls under the ambit of the CFTC. The CFTC has consistently stated that Bitcoin and Ether specifically, the two largest and most popular cryptocurrencies by far, are indeed considered commodities and regulated as such.

A derivative is a type of financial product that has a value based on an underlying asset. At a high level, entities can use these products as a risk hedge or to speculate on future price changes of that underlying asset. These types of financial instruments are not problematic per se, and the CFTC has actually expressed a willingness to foster development in the virtual assets industry, though with an eye towards mitigating risks. However, derivatives are highly regulated by the CFTC and require registration with the Commission and implementation of compliance safeguards. Binance itself has processed nearly $59 billion in derivatives, nearly double the amount of its nearest competitor. The CFTC has yet to make any public statements regarding the inquiry into Binance.

Follow this link:
CFTC Opens Inquiry into Binance, One of the Worlds Largest Cryptocurrency Exchanges - JD Supra

@IronHeart

>You do realize though that others can take the open source code of Chromium and create their own fork of it, right?

As of now yes, but listen carefully. Brave is an irrelevant common peasant in googles kingdom of control, chromium forks like Brave and vivaldi are not a threat to googles browser share and influence as of now. If however Brave/Vivaldi does get more popular and grabs more market share, then expect google to

(A) Pull the plug on chromium open source project and not maintain it any more to destroy the competition.

(B) Use a different engine and make it propietrary to destroy the competition.

Brave is putting itself into a bad predicament by applying a band aid to a broken product and putting all its eggs into the one basket. If they were serious about a real threat to google browser share, then Brave should have made their own engine.

They are not smart enough to make their own engine like mozilla did. Brave could have used gecko but it would seem brave is hanging on to mommy google because it knows chromium has the biggest market share and it will be fast and flashy and has more web compatibility than gecko. Brave only care about the potential for bitcoin profits, not preservation of gecko a real alternative to the increasing google/chromium browser monopoly.

Little does brave know that if it gets more popular, it will be on googles radar.

Google have already limited chromium forks from using certain API features from chrome, that it is a sign of things to come. They dont like the competition.

> Braves Tor windows are a gimmick, there is a reason why Tor Browser exists.

The whole brave browser is a gimmick unless you are a noob looking to escape the privacy invading google chrome/edge/opera/unhardened FF.

To people who actually know how to configure gecko and harden it, brave is a poor substitute not to mention its objectionable ad integration practices, people dont care if its opt in or not, its the principle of having it there is whats bothersome, because it could easily be open to abuse, privacy wise.

> This has nothing to do with Chromium, it was a bug introduced by Brave Software. If it really were a deep problem of Chromium, how did they fix it?

The privacy bug resided in the internal ad blocker component of Brave, thats V3 manifest for you, things break by trying to apply a band aid to chromium.

> I am prefering it over other options because there hasnt been an intentional breach of privacy with this browser yet

The failed tor windows was a breach of privacy, saying its a gimmick is no excuse, many users would have trusted in it not knowing it had a bug. It should not have happened. Its a stain on braves record, to deny it is futile.

> Yeah, but Mozilla is not Google-free

Well, having to constantly accept google chromium scraps like a peasant and having to apply a band aid to chromium is not exactly google free either. 🙁

Read the original post:
Mozilla is trying to figure out if the Firefox Compact mode removal is a good idea - Ghacks Technology News

Todays malware is a lot like a car. Both cars and malware are made up of many components that enable them to run. Cars have different parts such as engines, tires, and steering wheels; malware has loaders, payloads, and command modules.

Recently, researchers at Avast Threat Labs spent time looking at a specific part that malware authors use to make their cars. Its called a crypter, which is a tool used to hide malicious parts of code using encryption in an effort to appear as harmless and more difficult to read. Malware authors use this technique to hide their malicious code from researchers, antivirus and security software.

From a malware authors point of view, a crypter is an important tool to counter protections against malware. From a researcher point of view, though, being able to identify a crypter helps to better and more quickly identify new malware when that malware has this component in it.

The digital security and privacy products companys researchers looked into a specific crypter that its calling OnionCrypter. It chose the name because this particular crypter uses multiple techniques to make it harder for researchers, antivirus, and security software to read the information that it protects.

Put simply, the information is hidden within the layers of the onion of its encryption. OnionCrypter is unusual because of the way it uses multiple layers to hide its information. Its important to note that the name reflects the many layers this crypter uses, and its in no way related to the Tor browser or network.

Avast has found that OnionCrypter has been used by more than 30 different malware families since 2016. This includes some of the best known-most prevalent families such as Ursnif, Lokibot, Zeus, AgentTesla, and Smokeloader among others. In the last three years, the company has protected almost 400,000 users around the world from malware protected by this crypter. Its widespread use and length of time in use make it a key malware infrastructure component.

One of the goals of malware authors is to keep their creation undetected by antivirus software. One possible solution for this is a crypter which encrypts a program so it looks like meaningless data. It creates an envelope for this encrypted program also called a stub. This stub looks like an innocent program, it may also perform some tasks which are not harmful at all but its primary task is to decrypt a payload and run it.

Error: Please check your email address.

Tags malware

Original post:
Avast researchers reveal the OnionCrypter - PC World Australia - PC World

Today, Indian Mujahideen terrorist Tehseen Akhtar lodged in Tihar jail will be questioned by a team of officers from the Delhi polices special cell in connection to the Ambani bomb threat case.

Akhtar, former chief of the banned radical Islamist organisation, was questioned for over seven hours on Saturday (13 March). Reportedly, he was evasive and gave misleading answers.

Akhtar was convicted in the 2013 Hyderabad blasts case and has also been named in the 2011 Mumbai blasts, and 2010 Varanasi blasts, among other cases.

On 11 March, Delhi police had recovered the SIM card and cell phone used to threaten Ambani from Akhtars barracks in Tihar jail.

The SIM and cell phone were used to create the Jaish-ul-Hind Telegram account which claimed the responsibility for the explosive-laden SUV and demanded cryptocurrency.

The user of the mobile phone was using an app to generate virtual numbers and then using those to make a Telegram account. He was also using a TOR browser to mask his IP address on the internet.

Meanwhile, after the dramatic arrest of Mumbai police encounter specialist Sachin Vaze, NIA is probing if Vaze was present at the spot near Ambanis house where the explosive-laden Scorpio was abandoned on the night of the incident.

NIA also suspects that the man in the PPE kit near the car as seen in the CCTV footage might be Vaze, and is verifying his alibis.

Also read: The Sachin Vaze Story: A Timeline Of Ambani Bomb Threat Case That Can Shake Up Maharashtras Politics

See the original post here:
Ambani Bomb Threat: Terrorist Tehseen Akhtar To Be Questioned In Tihar Today; NIA Probing Sachin Vazes Alibi - Swarajya

Jessica Haworth19 February 2021 at 14:27 UTC Updated: 19 February 2021 at 21:33 UTC

Developers are issuing hotfix

UPDATED Brave, the privacy-focused web browser, is exposing users activity on Tors hidden servers aka the dark web to their internet service providers, it has been confirmed.

Brave is shipped with a built-in feature that integrates the Tor anonymity network into the browser, providing both security and privacy features that can help obscure a users activity on the web.

Tor is also used to access .onion websites, which are hosted on the dark net.

Earlier today (February 19), a blog post from Rambler claimed that Brave was leaking DNS requests made in the Brave browser to a users ISP.

Read more of the latest privacy news

DNS requests are unencrypted, meaning that any requests to access .onion sites using the Tor feature in Brave can be tracked a direct contradiction to its purpose in the first place.

The blog post reads: Your ISP or DNS provider will know that a request made to a specific Tor site was made by your IP. With Brave, your ISP would know that you accessed somesketchyonionsite.onion.

Following the disclosure, well-known security researchers including PortSwigger Web Securitys James Kettle independently verified the issue using the Wireshark packet analysis tool.

I just confirmed that yes, Brave browsers Tor mode appear to leak all the .onion addresses you visit to your DNS provider, Kettle tweeted, providing a screenshot for evidence.

Security researcher James Kettle independently verified the Brave browser privacy issue

Considering that the Tor Browser was specifically built to hide a users internet browsing from their ISP, the news has provoked a vociferous response online.

Privacy my ass, wrote Twitter user @s_y_m_f_m, while other called the findings appalling.

The issue has been present in the stable release since November 2020, and was reported in mid January, a Brave developer told The Daily Swig.

INSIGHT Tor security: Everything you need to know about the anonymity network

Since the time of publication, a Brave developer has confirmed that the browser will be releasing a hotfix for the issue.

The issue is already fixed in nightly, the development build of the browser. The developer, @bcrypt on Twitter, wrote: Since its now public were uplifting the fix to a stable hotfix.

Root cause is regression from cname-based adblocking which used a separate DNS query.

The Daily Swig has reached out to Brave for comment, and will update this article accordingly.

This article has been updated to include the information that a hotfix is being issued. An earlier version stated that the issue has been present since 2019, this has been corrected to 2020.

YOU MAY ALSO LIKE BIND implements DNS-over-HTTPS to offer enhanced privacy

Link:
Brave browsers Tor feature found to leak .onion queries to ISPs - The Daily Swig

You are being watched.

Everything you do online is being captured, stored and analysed in order to determine your personality, preferences, and predict your behaviour.

In this special 3-part Information Age series, we look at the ways your online activity is being tracked and some of the steps you can take to control your personal data.

In the first part of this series, we looked at how your browser choice and configuration can stop advertisers from recording your internet activity by blocking third-party cookies and other site trackers.

With your browser no longer sending data elsewhere, there is another source of potential data leakage: your internet service provider (ISP).

It is established practice in the US for certain ISPs to package its customers browsing data to sell for targeted advertising.

And in 2018 Crikey reported the practice had made it to Australia (hidden behind 'privacy policies') citing a concerned advertising executive who was offered insights derived from Optus customer data.

An Optus spokesperson told Information Age the telco does not sell customers internet usage history to advertisers nor does it share information that directly identifies customers with any third-party for commercial purposes.

But Optuss privacy policy currently says it may analyse anonymous viewing and/or browsing data which could be de-identified and shared with its business partners.

Telstra also says it uses business intelligence techniques to get high level insights about aspects of its network usage including demographic trends and other types of behavioural data which may be shared with its own business and commercial partners.

Of course, advertisers arent the only ones seeking direct access to your internet activity from ISPs.

Metadata retention

Under the Telecommunications (Interception and Access) Act 1979, your ISP is required to store certain information about your internet use for at least two years.

There are six categories of data your ISP has to keep, including: subscriber information; the source and destination (IP addresses) of communications; the date, time, type, and duration; and the location of equipment used during the communication.

For law enforcement this data has obvious use-cases, such as when tracking down people who share child exploitation material, theoretically allowing police to cross-reference instances of illicit behaviour and match them with real-world perpetrators.

ISPs are technically not required to store web browsing histories or the contents of communication under the act in order to allay fears of mass government surveillance but the differentiation between what is information about an internet communication and what are its content is not so clear-cut.

Last year, the Parliamentary Joint Committee on Intelligence and Security completed its review of the mandatory data retention regime, recommending the legislation should be updated to better define what is content or substance of a communication.

This followed revelations that law enforcement agencies were effectively given access to web browsing history, despite that being outside the scope of collection.

In one public committee hearing, Commonwealth Ombudsman Michael Manthorpe whose office provides oversight to the accessing of metadata under this scheme described issues with the scheme.

"The piece of ambiguity we have observed through our inspections is that sometimes the metadata, in the way it's captured particularly URL data and sometimes IP addresses does, in its granularity, start to communicate something about the content of what is being looked at."

Since an ISP is your gateway to the internet, how can you avoid them using your internet history for advertising or passing it onto the government?

A VPN might work

You will no doubt have seen or heard ads for virtual private network (VPN) companies trying to sell their services by creating perceived need for one of their main purposes:

-Unlocking geoblocked content (such as internationally available streaming services)

-Securing your data

-Anonymising your internet use

As far as online anonymity goes, VPNs hide activity data from your ISP by encrypting your service requests and tunnelling them into its private network.

This means your ISP will only see that you are connected to a VPN and the size of data moving back-and-forth but it wont see what websites or services you are accessing within that network.

And because government website blocking is done at the ISP level, VPNs may also act as a way of circumventing restrictions on unlawful piracy or online gambling websites.

VPN companies tend to be headquartered in countries with minimal government oversight in order to avoid regulatory hurdles like mandatory data retention regimes.

Unfortunately, this means taking these companies claims about privacy and security on face value, which brings its own set of problems.

Just last year, security researchers at Comparitech discovered an exposed database from UFO VPN.

Despite the company claiming it did not track or log its customers internet activity, the database revealed UFO VPN was storing account passwords in plain text and keeping records of users IP addresses along with the VPN servers they were connected to.

Typically you also want to avoid any free VPN services as they are likely just designed to harvest and sell web data.

For example Onavo Protect a now-defunct privacy-focused VPN app owned by Facebook told users it would protect and encrypt their user data but instead shuffled that information straight to Facebook for analysis.

Trustworthiness

VPN brands are working hard to establish consumer trust in the growing market in order to stay ahead of opportunistic companies.

NordVPN started contracting independent auditors Pricewaterhouse Coopers (PwC) to double-check its no-log claims a process fellow VPN heavyweight Express VPN copied by having PwC conduct an audit of its systems, too.

ProtonVPN from the same company that operates end-to-end encrypted email service Proton Mail tries to differentiate itself by being open source and allowing security researchers to check under the hood for nefarious features.

And non-profit Mozilla also has its own product, Mozilla VPN but its not yet available in Australia.

Theres no shortage of lists naming the best top or most secure VPNs around the internet, many of which feature NordVPN and ExpressVPN up the top.

But before signing up to the next VPN service being sold to you on a podcast or YouTube video, beware that not all VPNs are created equal.

A decent VPN service will cost you around $10 a month and can be a bit cheaper if you pay annually.

The onion router

If you are interested in anonymous web browsing and dont want to shop around for a VPN, you could always try using the free anonymity network Tor.

Like a VPN, Tor hides the details of your internet activity from your ISP but it will still likely know you are connecting to Tor.

Tor uses onion routing which sees your server requests covered in many layers (hence onion) of encryption.

It is then passed through a relay of networked volunteer computers, each of which peels off a layer of the encrypted request until the last layer of encryption is removed and your request gets fulfilled.

It is then wrapped back up in multiple encryption layers and passed down the relay to your machine.

All these relays will naturally slow down your internet connection.

Tor keeps you anonymous by design because no single point in the relay sees both the sender and receiver which is in stark contrast to ISPs and VPNs, each of which needs to see both sender and receiver in order to deliver the message.

Because of its in-built anonymity features, Tor has long been used for illicit online activity and is host to hidden onion services which can only be reached through Tor and make up part of the infamous dark web.

The underlying Tor software is maintained by the non-profit Tor Project which is funded largely through US government grants, and the most common way to access Tor is by using the Tor Browser.

Do keep in mind, though, that when it comes to remaining anonymous online, how you access the internet is just as important as what you access on the internet.

In Part III: Social media and other sandboxes.

Excerpt from:
Metadata, VPNs, and Tor - ACS