Page 3«..2345..1020..»

Category Archives: Tor Browser

Tor Browser now bypasses internet censorship automatically – BleepingComputer

Posted: July 17, 2022 at 9:10 am

The Tor Project team has announced the release of Tor Browser 11.5, a major release that brings new features to help users fight censorship easier.

The Tor Browser has been created specifically for accessing sites throughThe Onion Router (Tor) network to offer users anonymity and privacy when accessing information on the internet.

It achieves this by routing traffic through nodes on the network and encrypting it at every step. The connection reaches the destination through an exit node that is used to relay the information back to the user.

The updates in Tor Browser 11.5 focus on circumventing censorship, a process that started a year ago in version 10.5 with improving the Tor connection experience.

In the new version, users no longer have to manually try out bridge configurations to unblock Tor.

Tor Browser version 11.5 comes with a newfeature called Connection Assist, which assigns automatically the bridge configuration known to work best for the users location.

Connection Assist works by looking up and downloading an up-to-date list of country-specific options to try using your location (with your consent), explains the release announcement.

It manages to do so without needing to connect to the Tor Network first by utilizing moat the same domain-fronting tool that Tor Browser uses to request a bridge from torproject.org.

Since Connection Assist is still in an early stage of development (v1.0), the Tor team welcomes user feedback and reports, which would help them iron out any kinks and improve on the system.

Another important new feature in version 11.5 is making HTTPS-Only Mode the default browsing mode, so that the connection is through a secure tunnel.

This ensures that all data exchange between the user and the server hosting the website will be encrypted, to defend against man-in-the-middle (MitM) attacks and to protect users from SSL stripping on malicious exit relays.

The Tor team assures users that SecureDrop will continue to work as intended despite the deprecation and replacement of the HTTPS-Everywhere extension that served as an onion name interpreter.

The only exception to replacing HTTPS-Everywhere with the new HTTPS-Only Mode is Android, which has generally fallen behind.

Tors development team admitted this and promised to do more about Android, releasing updates more frequently, fixing the many bugs that have accumulated, and catching up with theFenix(Firefox for Android) releases.

The third significant improvement in Tor Browser 11.5 is a heavily revamped Network Settings menu, now called Connection Settings, which should make it easier to find and understand specific settings.

Most notably, bridge configuration and connection options have been redesigned to enable quick and easy review and management.

Using emojis on the saved Bridges, the new interface offers visualization for the configuration for the first time, making it easy to identify the right bridge and select it when needed.

You can download the latest Tor Browser from the official download portal as an installable package or a portable binary for your OS architecture.

Originally posted here:
Tor Browser now bypasses internet censorship automatically - BleepingComputer

Posted in Tor Browser | Comments Off on Tor Browser now bypasses internet censorship automatically – BleepingComputer

The dangers of the dark web: being safe online – Open Access Government

Posted: July 13, 2022 at 9:01 am

Lead security awareness advocate at KnowBe4, Javvad Malik explores security awareness and security issues primarily with a focus on the human element.

A) If youre using the web regularly then Id say make sure your website is up to date and that your device is up to date and fully patched thats number one. Id say using something like a password manager is really good practice because that will help you choose a unique and strong password for every single website that you need an account for.

What we find is that a lot of people use the same password across many different websites. So if I somehow guess one of your passwords or break into it on one website, then the first thing Im going to do is use that password against every other website I can think of. And if youre reusing the same password, I can get into lots of your other accounts, including maybe your corporate accounts. So using a password manager to have unique passwords is good.

And the other thing is just turning off any services you dont need. So sometimes you get a new computer or a phone and you have these apps on it that you maybe dont need or dont use or thered be extensions on your browser. So just turn them off, disable them or uninstall them. If you dont need it, then dont have it there because all of these unnecessary apps could potentially be an avenue through which someone could gain access to your system.

A) I think its kind of like an aspirational tagline in that regard. What we can do, we can just reduce the risk. And thats what its all about. Its like you can have all the safety features in the world on anything. Its like saying, will an aeroplane never have a crash? No, you cant actually say that, but with all the controls and safety measures we have in place, youre really confident that when you get on a plane, its going to get you to your destination. You think youve got to be unlucky to have a crash.

Were trying to get to a point where we can reduce the risk to a point where browsing the Internet in a normal manner and logging onto websites, becomes relatively safe. We also want to reduce the likelihood of you being hacked or someone stealing your information or getting into your browsing. We want it to become the exception and not the norm.

Cybersecurity isnt just relevant to organisations and digital firms

I think ultimately the human element plays into everything that we do. Whatever happens, even if its a computer-based attack, theres someone that coded that or implemented that or architected it. So its something that will be ongoing, but I think its something that we need to focus on beyond just even corporations, its something that impacts everyone in our daily lives. All of our lives are digitised nowadays. Its like everything resides on an electronic device somewhere. We access stuff through an app. So being more aware of what you should post, who you should share stuff with, and whats relevant or not, I think that it becomes more of a societal issue. Cybersecurity isnt just relevant to organisations and digital firms.

A) Identity theft is a really hard thing to protect from because it depends on where the criminals get the information from. Say, if theyre able to hack into a government website, say they get into the DVLA, then theres nothing as individuals we can do, because we have to provide them with our information stored by them, and we trust them. And if they get breached, then that information is there. That can be used for identity theft.

But I think more on an individual level, we should just be really mindful about the amount of information we share with who and for what purposes. So a lot of websites will sometimes ask for information, and if you look at it, its not really relevant to that. So I dont give up information unless you absolutely need to. Dont be scanning or taking photographs, like your ID, or your passport, uploading that to websites just to get on a new social media platform or something like that. Look at their privacy policy sometimes, especially in Europe, were covered on GDPR, and you can see whether theyre committed to it.

And if you feel like an organisation has used your information for other reasons than why you gave them the information, say you signed up for one service, and suddenly you start getting spam from another. You can report them online, like to the ICO, the information commissioners office, and other such organisations, and they can investigate that, and where relevant, they can penalise those organisations. The final part is: that you can set up things like credit monitoring services or identity monitoring services just to see if someones taking out a loan in your name or someones taking a credit card in your name or doing something similar. So whatever you do, you can get tracked, and you can get alerted whenever any such activity happens. So these are all things you can do to try and minimise the risk of identity theft.

A) There are a couple of different types of data that are commonly traded. I suppose certain datas quite easy to get hold of. So credit card information, payment information thats really quite frequently skimmed and stolen, because you can take payment data if you can compromise, say, like a point of sale terminal or something, you can skim a lot of that information quite quickly. Thats traded normally very quickly because those cards get blocked very quickly. As soon as you see a few dodgy transactions, you can block your card. And so theyll trade, but theres a very small window and normally they go for quite cheap.

We see lots of people losing massive amounts of entire life savings

More personal information starts to go for a lot more and thats where the bigger trades happen. So if its personal information, name, address, phone number, thats one level. But then if you can add in things like national insurance numbers, social security numbers, or medical records and things like that, the value goes up and they start being packaged into individual identities as a service. And then those can be used for either multiple things like creating new passports or buying properties or taking out loans or just using them to set up fake identities further on down the line as well.

So those things become more useful because they are really hard to change. If your name and address get leaked, its really hard to change them. Whereas a credit card, thats got breached, lets just reject that and order a new one.

A) It is very common. Its not common as everyone will know someone that suffered from it, but people will often be within two degrees away from someone that suffered from either wholesale identity theft or some form of fraud or online sort of scam. So it does happen quite frequently. A lot of times it will be like a small transactional thing. We see a lot of pensioners being targeted. A criminal will ring up with only a few bits of information about that person, their name, and their address, but thats sometimes all they need to establish credibility. The scammer will lie that they are from the individuals bank and say something along the lines of We need to move your pension pot, go online and can you do this? And so we see lots of people losing massive amounts of entire life savings in some cases to some of these scams.

A) Theres no way to guarantee it isnt. But there are some monitoring services available and even some of these credit monitoring or personal identity monitoring services, they have tie-ins to some of these companies. And there are dedicated threat intel companies who will spend a lot of time on the dark web, where they have analysts who set up their fake profiles to gain access to these forums on the dark web.

Oftentimes, especially in these criminal forums, you need someone to vouch for you to say that this person is not an undercover police officer

So to access the dark web, its not as straightforward as the normal web. Oftentimes, especially in these criminal forums, you need someone to vouch for you to say that this person is not an undercover police officer. They will vouch for you. Youll have to spend some time gaining their trust and observing and then theyll give you access to that forum on the dark web and then you can start scouring some of the information thats there and not there. So there are many organisations that do that, but it is quite an intensive process and you might not catch all the information thats available there. You probably get broad strokes.So you can get a rough idea, but you cant say for certain that device details are in there or not.

A) Yeah, it can be quite dangerous, especially if youre not careful as an analyst. Some of those people can track you back to who you are and thats one thing you dont want to happen. So thats why its not advised that average people try this. So within these organisations, they normally have a safe network set up and they have their safe machines and they dont log in with their real names or anything like that. So it gives them that additional level of protection. Its also an expensive and labour-intensive process. It takes time.

A) So its really like what you can do with it and the longevity of the information. So if you have someones date of birth and national insurance number, thats not going to change forever. So that will go for more than just credit card information which will be changed in two weeks. Sometimes it also depends on the volume of data. So if theres a big dump from a large organisation thats been hacked, and theyve got two million records, then an individual record might not cost much, but the bidding on that volume of information can go up. Its very similar to eBay some items theyll list on there, and bidding will begin because so many criminals want that particular piece of information. Its not always clear what drives that demand, but certain things are needed at that time, because we saw when code first hit, and lots of governments were offering these COVID relief packages. So at that time, there was a lot of demand in the underground forums for these packages.

A) The dark web was set up with good intentions. The Tor Project believed that too many governments were spying on and oppressing people across the world. So it was a way of allowing people to freely express their views or share information. Theres that level of anonymity and privacy afforded, youll see criminals set up shop there as well. So while Tor is used to access the dark web, it isnt the entire dark web. The dark web itself is very much like the normal web from an operational perspective. The data is held on servers around the world. So its just because its not directly accessible from the main internet, as we browse it, you have to go through the Tor browser. It gives you that anonymity. So its not been completely taken over. But I think nowadays, whenever anyone thinks of the dark web or using the onion ring, then they think of something dodgy.

Editor's Recommended Articles

Read the original:
The dangers of the dark web: being safe online - Open Access Government

Posted in Tor Browser | Comments Off on The dangers of the dark web: being safe online – Open Access Government

Tor vs VPN: Which One Should You Use? – Dignited

Posted: June 30, 2022 at 8:54 pm

Tor and VPN use cases are similar in many ways, but they can also be very different. With the rise of cybercrime and government surveillance, individuals have come to realize the importance of online privacy. Tor and VPN offer two solutions for this problem.

In this article, we will explain in detail what each service does and why you would use it for certain tasks. Lets get started, shall we?

Advertisement - Continue reading below

VPN is a service for encrypting your IP address and allowing you to use the Internet on a secure virtual private network which allows you to access any website of your choosing, even if that site is blocked by your countrys government among other things. It helps to bridge two remote sites together or allows individuals to securely connect to a different network.

The whole point is to tunnel your connectivity from a network of lower trust to a network of higher trust. A corporate VPN for an instance is like entering a wormhole from point A to point B bypassing everything in between.

Here are some of the use cases of a VPN, take note it doesnt involve anything to do with selling online security and privacy. If a VPN provider is marketing to you that their VPN pro version will help stop hackers from hacking your computer or phone, know that such claims are misleading and inaccurate.

READ ALSO: Top 10 Free and Paid VPNs for Amazon Fire TV

Tor aka the onion router takes its name from how it transmits its data. It takes your data including identifiable information like your IP address and wraps it in multilayered encryption and sends it through a network of randomly selected relay servers i.e. the nodes each of which is known as a small portion of the journey and not the entire transfer. This approach provides a lot of anonymity and is the best option for those who are truly paranoid about someone following their internet traffic.

TOR Network, as defined by the official website is a group of volunteer-operated servers that improve the privacy and security of ones data. A series of virtual tunnels are created between all nodes (also known as relays) of the TOR network, and for each data transmission, a random path of tunnels (known as the relay path) is chosen. The encryption and decryption mechanism is used in anonion routingfashion to limit the knowledge of each node about the data that passes through it. Each node will only know the relay path in which it is involved, but not the whole path from the source to the destination.

Advertisement - Continue reading below

But Tor does have weaknesses, first off its very slow and all the exit nodes are listed which means some websites can block access when using the service.

You can use a Tor Browser Bundle, or install the Tor browser on your local computer or Andriod phone from the Google Play Store.

Tor or VPN, well the truth its not an apple-to-apple comparison, and since you care about privacy and security. You will have to gauge your level of the threat model. Is it cyber crimes, big tech, spammers, troll armies or your government? Understanding your level of threat helps tailor your level of paranoia accordingly so its not over or underweight.

Is your reason for using this kind of privacy technology to keep you from getting in trouble? If the answer is yes, then TOR is probably your best option but if the answer is no, then a VPN might be recommended. When I talk of trouble I am not referring to illegal activities, I am referring to situations like China or Russia due to political backlash, journalists looking to protect their sources, and whistleblowers looking to protect themselves.

As an average internet user, you need to be honest with yourselves here, true anonymity and privacy are impossible unless you abandoned the internet whole together. So everything is best measured not in binary but rather in degree of strengths.

I am not writing this article to not declare a winner between Tor or VPN or to tell you, you need to use one over the other. What I hope you get is how they work and what they are best used for?

Let us know your opinions in the comment section if you have used both services and why you choose one over the other?

Related

Read this article:
Tor vs VPN: Which One Should You Use? - Dignited

Posted in Tor Browser | Comments Off on Tor vs VPN: Which One Should You Use? – Dignited

Rewards for Justice Offers Up to $10 Million for Information on Foreign Interference in US Elections – HS Today – HSToday

Posted: at 8:54 pm

TheU.S. Department of States Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a rewardof up to $10 million for information on foreign interference in U.S. elections.

The reward offer seeks information leading to the identification or location of any foreign person, including a foreign entity, who knowingly engaged or is engaging in foreign election interference, as well as information leading to the prevention, frustration, or favorable resolution of an act of foreign election interference.

Foreign election interference includes certain conduct by a foreign person that violates federal criminal, voting rights, or campaign finance law, or that is performed by any person acting as an agent of or on behalf of, or in coordination with, a foreign government or criminal enterprise. This conduct includes covert, fraudulent, deceptive, or unlawful acts or attempted acts, or knowing use of information acquired by theft, undertaken with the specific intent to influence voters, undermine public confidence in election processes or institutions, or influence, undermine confidence in, or alter the result or reported result of a general or primary federal, states, or local election or caucus. Such conduct could include vote tampering and database intrusions; certain influence, disinformation, and bot farm campaigns; or malicious cyber activities.

This reward offer reflects additional authorities to provide rewards for information on foreign interference in domestic elections provided by the William M. Mac Thornberry National Defense Authorization Act for Fiscal Year 2021.

More information aboutthis reward offeris located on the Rewards for Justice website atwww.rewardsforjustice.net.We encourage anyone with information onforeign interference in U.S. elections to contact the Rewards for Justice office via its Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).

The Rewards for JusticeProgramisan effective law enforcement tool and isadministered by the U.S. Department of States Diplomatic SecurityService.Since its inception in 1984, the program has paid in excess of $250million to more than125people across the globe who provided information thathelped prevent terrorism, bring terrorist leaders to justice, and resolve threats to U.S. national security.Follow us on Twitter athttps://twitter.com/RFJ_USA.

Read more at the State Department

Original post:
Rewards for Justice Offers Up to $10 Million for Information on Foreign Interference in US Elections - HS Today - HSToday

Posted in Tor Browser | Comments Off on Rewards for Justice Offers Up to $10 Million for Information on Foreign Interference in US Elections – HS Today – HSToday

Kremlin tightens control over Russians’ online lives threatening domestic freedoms and the global internet – Jacksonville Journal-Courier

Posted: at 8:54 pm

(The Conversation is an independent and nonprofit source of news, analysis and commentary from academic experts.)

(THE CONVERSATION) Since the start of Russias war on Ukraine in late February 2022, Russian internet users have experienced what has been dubbed the descent of a digital iron curtain.

Russian authorities blocked access to all major opposition news sites, as well as Facebook, Instagram and Twitter. Under the new draconian laws purporting to combat fake news about the Russian-Ukrainian war, internet users have faced administrative and criminal charges for allegedly spreading online disinformation about Russias actions in Ukraine. Most Western technology companies, from Airbnb to Apple, have stopped or limited their Russian operations as part of the broader corporate exodus from the country.

Many Russians downloaded virtual private network software to try to access blocked sites and services in the first weeks of the war. By late April, 23% of Russian internet users reported using VPNs with varying regularity. The state media watchdog, Roskomnadzor, has been blocking VPNs to prevent people from bypassing government censorship and stepped up its efforts in June 2022.

Although the speed and scale of the wartime internet crackdown are unprecedented, its legal, technical and rhetorical foundations were put in place during the preceding decade under the banner of digital sovereignty.

Digital sovereignty for nations is the exercise of state power within national borders over digital processes like the flow of online data and content, surveillance and privacy, and the production of digital technologies. Under authoritarian regimes like todays Russia, digital sovereignty often serves as a veil for stymieing domestic dissent.

Digital sovereignty pioneer

Russia has advocated upholding state sovereignty over information and telecommunications since the early 1990s. In the aftermath of the Cold War, a weakened Russia could no longer compete with the U.S. economically, technologically or militarily. Instead, Russian leaders sought to curtail the emergent U.S. global dominance and hold on to Russias great power status.

They did so by promoting the preeminence of state sovereignty as a foundational principle of international order. In the 2000s, seeking to project its great power resurgence, Moscow joined forces with Beijing to spearhead the global movement for internet sovereignty.

Despite its decades-long advocacy of digital sovereignty on the world stage, the Kremlin didnt begin enforcing state power over its domestic cyberspace until the early 2010s. From late 2011 to mid-2012, Russia saw the largest series of anti-government rallies in its post-Soviet history to protest Vladimir Putins third presidential run and fraudulent parliamentary elections. As in the anti-authoritarian uprisings in the Middle East known as the Arab Spring, the internet served as a critical instrument in organizing and coordinating the Russian protests.

Following Putins return to the presidency in March 2012, the Kremlin turned its attention to controlling Russian cyberspace. The so-called Blacklist Law established a framework for blocking websites under the guise of fighting child pornography, suicide, extremism and other widely acknowledged societal ills.

However, the law has been regularly used to ban sites of opposition activists and media. The law widely known as the Bloggers Law then subjected all websites and social media accounts with over 3,000 daily users to traditional media regulations by requiring them to register with the state.

The next pivotal moment in Moscows embrace of authoritarian digital sovereignty came after Russias invasion of eastern Ukraine in the Spring of 2014. Over the following five years, as Russias relations with the West worsened, the Russian government undertook a barrage of initiatives meant to tighten its control over the countrys increasingly networked public.

The data localization law, for example, required foreign technology companies to keep Russian citizens data on servers located within the country and thus easily accessible to the authorities. Under the pretext of fighting terrorism, another law required telecom and internet companies to retain users communications for six months and their metadata for three years and hand them over to authorities upon request without a court order.

The Kremlin has used these and other legal innovations to open criminal cases against thousands of internet users and jail hundreds for liking and sharing social media content critical of the government.

The Sovereign Internet Law

In April 2019, Russian authorities took their aspirations for digital sovereignty to another level with the so-called Sovereign Internet Law. The law opened the door for abuse of individual users and isolation of the internet community as a whole.

The law requires all internet service providers to install state-mandated devices for counteracting threats to stability, security, and the functional integrity of the internet within Russian borders. The Russian government has interpreted threats broadly, including social media content.

For example, the authorities have repeatedly used this law to throttle the performance of Twitter on mobile devices when Twitter has failed to comply with government requests to remove illegal content.

Further, the law establishes protocols for rerouting all internet traffic through Russian territory and for a single command center to manage that traffic. Ironically, the Moscow-based center that now controls traffic and fights foreign circumvention tools, such as the Tor browser, requires Chinese and U.S. hardware and software to function in the absence of their Russian equivalents.

Lastly, the law promises to establish a Russian national Domain Name System. DNS is the global internets core database that translates between web names such as theconversation.com and their internet addresses, in this case 151.101.2.133. DNS is operated by a California-based nonprofit, the Internet Corporation for Assigned Names and Numbers.

At the time of the laws passing, Putin justified the national DNS by arguing that it would allow the Russian internet segment to function even if ICANN disconnected Russia from the global internet in an act of hostility. In practice, when, days into Russias invasion in February 2022, Ukrainian authorities asked ICANN to disconnect Russia from the DNS, ICANN declined the request. ICANN officials said they wanted to avoid setting the precedent of disconnecting entire countries for political reasons.

Splitting the global internet

The Russian-Ukrainian war has undermined the integrity of the global internet, both by Russias actions and the actions of technology companies in the West. In an unprecedented move, social media platforms have blocked access to Russian state media.

The internet is a global network of networks. Interoperability among these networks is the internets foundational principle. The ideal of a single internet, of course, has always run up against the reality of the worlds cultural and linguistic diversity: Unsurprisingly, most users dont clamor for content from faraway lands in unintelligible languages. Yet, politically motivated restrictions threaten to fragment the internet into increasingly disjointed networks.

Though it may not be fought over on the battlefield, global interconnectivity has become one of the values at stake in the Russian-Ukrainian war. And as Russia has solidified its control over sections of eastern Ukraine, it has moved the digital Iron Curtain to those frontiers.

This article is republished from The Conversation under a Creative Commons license. Read the original article here: https://theconversation.com/kremlin-tightens-control-over-russians-online-lives-threatening-domestic-freedoms-and-the-global-internet-182020.

Read the original:
Kremlin tightens control over Russians' online lives threatening domestic freedoms and the global internet - Jacksonville Journal-Courier

Posted in Tor Browser | Comments Off on Kremlin tightens control over Russians’ online lives threatening domestic freedoms and the global internet – Jacksonville Journal-Courier

Defence in Amanda Todd ‘sextortion’ trial zeroes in on missing data – The Tri-City News

Posted: at 8:54 pm

Lawyer for Dutch man charged with extortion and child porn offences raises questions about gap in digital investigator's report to Crown prosecutors

A now-retired Toronto Police Service officer and a Crown witness who gave expert descriptions about online investigationswrapped up his testimony today (June 30) after three days on the stand atthe trial involving Port Coquitlam student Amanda Todd.

Warren Bulmer was flown in from Brisbane, where he now works for the Australian Federal Police.

In cross-examination on Thursday, defence counsel Joe Saulnier drilled down on data missing in Bulmers report to the Crown, as well as similarities between Facebook accounts associated with case specifically Tyler Boo and Marc Camerons.

Asked why large chunks of session data were absent from those accounts, Bulmer said he had no explanation.

However, he testified, for accounts that showed repeated terminations or log outs, the social media giant may have had security concerns and was doing its checks and balances, Bulmertold Justice Martha Devlin and the jury at BC Supreme Court in New Westminster.

For an online account named Thomas Cocopops, it also had seven months' worth of missing data, the court heard, and its device and browser didnt register when Bulmer did his analysis.

Still, Bulmer said, the user access device (UAD) coding can be changed.

Bulmer was also questioned about copies and deletions of machine cookies small files used by websites to gain information about users through their devices as well as recovered files from a devices unallocated space.

And he explained to the jury about virtual private networks (VPN), proxy servers and the Tor browser, which is also known as the dark web.

In her opening statement, prosecutor Louise Kenworthy said Crown Counsel will prove Aydin Coban of The Netherlandswas behind 22 fakeaccounts in a persistent campaign of online sextortion against Todd.

Coban has pleaded not guilty to

None of the allegations is proven in court.

The trial continues.

Follow this link:
Defence in Amanda Todd 'sextortion' trial zeroes in on missing data - The Tri-City News

Posted in Tor Browser | Comments Off on Defence in Amanda Todd ‘sextortion’ trial zeroes in on missing data – The Tri-City News

Now that ‘Roe’ has been overturned, it’s up to the tech industry to protect our data – Fast Company

Posted: at 8:54 pm

Roe v. Wade is no more, but this is not 1972, the year before it was passed. In some ways, its even worse.

When the Supreme Court ruled last week that banning abortion is not unconstitutional, abortion immediately became illegal in several states with trigger laws primed to take effect with just such a ruling. Its about to become illegal in several more states in which previously passed laws restricting abortion had been blocked by federal courts.

Millions of people are about to lose access to safe, legal abortions, and those who provide abortion access or support will face consequences ranging from civil suits to arrest in some states. These are grim times for abortion access.

And the forecast is even more grim because we now live in an era of unprecedented digital surveillance. Ive spent most of my career helping to protect activists and journalists in authoritarian countries, where it is often wise to think several steps ahead about your digital privacy and security practices. Now, we must bring this mindset back within our own borders for both people providing abortion support and people seeking abortions.

The first step is operational security. Abortion providers, the staff and volunteers of abortion support networks, and those seeking abortions must immediately take steps to thoroughly compartmentalize their work and health from the rest of their digital lives. That means using aliases, using separate phones and emails, downloading a privacy-protecting browser, and being very cautious about installing applications on personal phones.

For people who are pregnant, it is important to start with an understanding of the existing threats. People who have already been prosecuted for their pregnancy outcomes were surveilled and turned in by people they trusted, including doctors. The corroborating evidence included Google search histories, texts, and emails. It is time to consider downloading Tor Browser to use for searches relating to pregnancy or abortion, using end-to-end-encrypted-messaging services with disappearing messages turned on for communications, and being very selective about who can be trusted with information about their pregnancy.

Also, it is important to look to the future and reconsider the treasure troves of data we create about ourselves every daybecause these now could be weaponized to use against us. People who may become pregnant should rethink their use of unencrypted period-tracking apps, which collect data that could be subpoenaed if they are suspected of aborting a pregnancy. They should use only an encrypted period-tracking app, such as Euki, which stores all of their user information locally on the device; but beware that if that phone is seized by the courts, the stored data may still be accessible to them. Also, people who become pregnant should carefully review privacy settings on all services they continue to use, and turn off location services on apps that dont absolutely need them.

But right now, the biggest responsibility lies with the tech industry. Governments and private actors know that intermediaries and apps often collect heaps of data about their users. If you build it, they will comeso dont build it, dont keep it, dismantle what you can, and keep the data secure.

Companies should think about ways in which to allow anonymous access to their services. They should stop behavioral tracking, or at least make sure users affirmatively opt in first. They should strengthen data deletion policies so that data is deleted regularly. They should avoid logging IP addresses, or if they must for anti-abuse or statistics, do so in separate files that they can aggregate and delete frequently. They should reject user-hostile measures like browser fingerprinting. Data should be encrypted in transit, and end-to-end-message encryption should be enabled by default. And companies should be prepared to stand up for their users when someone comes demanding dataor, at the very least, ensure that users get notification when their data is being sought.

Theres no time to lose. If Ive learned anything from a decade and a half working with vulnerable populations in authoritarian countries, its that when things start to go wrong, they will get worse very quickly. If tech companies dont want to have their data turned into a dragnet against people seeking abortions and people providing abortion support, they need to take these concrete steps right now.

It is not an option to leave frightened people to figure out their own digital security in a world where its hard to understand what data theyre creating and who has access to it.Tech companies are in a unique position to understand those data flows and to change the defaults in order to protect the privacy rights of this newly vulnerable class of users.

The Supreme Court rolled back rights by half a century on Friday, but now is not the time to shrug and say its too late and nothing can be done. Now is the time to ask hard questions at work. You hold the worlds data in your hands, and you are about to be asked to use it to be repressions little helper. Dont do it.

While others work to restore rights that were so callously stripped away, good data practices can help tech companies avoid being on the wrong side of history.

Eva Galperin is the the director of cybersecurity at the Electronic Frontier Foundation.

Read more:
Now that 'Roe' has been overturned, it's up to the tech industry to protect our data - Fast Company

Posted in Tor Browser | Comments Off on Now that ‘Roe’ has been overturned, it’s up to the tech industry to protect our data – Fast Company

QAnon Is Celebrating the Return of Its Leader After 18 Months of Silence – VICE

Posted: at 8:54 pm

A man holds a placard with 'Trump loves QAnon' written while he protests against the compulsory vaccination campaign on January 9, 2022 in Brussels, Belgium. (Thierry Monasse/Getty Images)

Unraveling viral disinformation and explaining where it came from, the harm it's causing, and what we should do about it.

On Friday night, Q, the anonymous leader of the QAnon conspiracy movement, returned after more than 18 months of silence.

Shall we play the game again? the Q account wrote in their typically cryptic style on the fringe message board 8kun (formerly known as 8chan).

The unexpected return, on the same day Roe v. Wade was overturned, sent the millions of people who still adhere to the QAnon belief systemwhich claims theres a cabal of elites working to control the worldinto spasms of excitement and predictions that Qs return meant all of their wild predictions were about to come true finally.

But experts tracking the QAnon phenomenon quickly discovered that the posting of the new Q drops was, at the very least, facilitated directly by the people running 8kun, and possibly written by them.

Experts like Fred Brennan, who was the founder of 8chan before it was taken over by current owner Jim Watkins and his son Ron, discovered that the site administrators had altered the way users on the site, like Q, identified themselves, just hours before the first new Q drop appeared on Friday.

The change in the system should have meant that the secure tripcode that Q uses to verify their identity would have broken. However, when Q posted, the tripcode was the same, suggesting that someone involved in running the site had manipulated it to appear as if this was the real Q.

Jim, Ron, or someone with access to the 8kun server posted the latest Q drops, Brennan told VICE News.

His assessment was backed up by several other experts who closely track the origins and spread of QAnon.

At a bare minimum, its clear that either Q is closely coordinating with 8kun admins or the post was actually written by an 8kun admin, the anonymous founder of the Q Origins Project, which seeks to document how the movement came about, told VICE News.

Another indication that the administrators helped facilitate Qs return comes is that the new Q drops were posted using the privacy-focused browser Tor. The ability to post using the Tor browser had been disabled on 8kun since September 2021 but was enabled again just before the new Q posts appeared.

Even members of the 8kun community have been calling out the elder Watkins for his apparent role in this incident.

Either Jim Watkins is no longer in control of his admin account, or Jim Watkins did this himself, a user wrote in a message on the qresearch board where Q posts, outlining the same arguments made by Brennan.

Watkins, who has already given evidence to the January 6 committee about 8kuns role in the lead-up to the Capitol riot, has denied his involvement in posting the new messages. In a video posted to his Telegram channel, he claimedabsurdlythat he couldnt have posted the message because he was on stage speaking at a conspiracy theory conference at the time. Of course, someone else could have posted it for him, or he could have scheduled the post.

In the same video, he referred to Q and said: Welcome back, we need you.

His son Ron, who claimed to resign as administrator 8kun on Election Day 2020 and is currently running for Congress in Arizona, did not respond to a request for comment about his role in posting the new Q messages. The January 6 committee is also seeking to speak to him, but so far Ron has said he will not cooperate.

A 2021 HBO documentary suggested that Ron Watkins was the author of many of the almost 5,000 Q drops while he was working at 8kun, while a separate forensic analysis of the drops also found empirical similarities between his writing style and Qs.

But ultimately, to QAnon followers who have spent years suspending disbelief, the details of how the Q drops were posted matter very little.

It doesnt really matter whos behind the keyboard. What matters is whether Qs followers accept the new content as genuine, and what they go on to do with it. Theyre falling all over themselves to accept it as real, the Q Origins researcher said.

And across the platforms to which QAnon has retreated to after being mostly banned from mainstream platforms like Facebook, Twitter, and YouTube, followers celebrated the return as a sign that they were right all along.

Many of the followers reiterated their support after Q wrote remember your oath in their second new drop on Friday night. The oath, known as the digital soldier oath, is the same one taken by all federal employees, but with the QAnon phrase Where we go one we go all appended to the end.

It was popularized by disgraced former national security adviser Michael Flynn, who posted a video of him and his family taking the oath on July 4, 2020.

For the families of those who have fallen under QAnons spell, the return of Q is a devastating blow, especially to those who felt theyd made progress in trying to get their family members back.

One of the most damaging aspects of QAnon in the period since Q last posted is the emergence of an offshoot group that believes JFK is about to be resurrected. A group of believers has spent the last eight months following a leader known as Negative 48, cutting all ties with their families, and spending huge sums of money on travel to and from Dallas, where their leader has told them the assassinated president and his dead son JFK Jr. will reappear.

A group of concerned family members has been working together to convince their loved ones to leave the group and return home. Some had recently promised to come home by the end of the month, but after this weekends Q drops, they doubled down on their belief in the conspiracy theory.

It has screwed with families again who were told by their loved ones they may be home at the end of June, Karma, an open-source researcher who is helping those families, told VICE News. We had worked hard to get to this point, for a Q drop to happen and now they want to stay.

Want the best of VICE News straight to your inbox?Sign up here.

Go here to read the rest:
QAnon Is Celebrating the Return of Its Leader After 18 Months of Silence - VICE

Posted in Tor Browser | Comments Off on QAnon Is Celebrating the Return of Its Leader After 18 Months of Silence – VICE

3 ways to find out if your passwords are being sold on the Dark Web – Komando

Posted: June 22, 2022 at 11:43 am

Hackers can make a ton of money by selling your private information on illegal forums. Its possible that your passwords are being sold on the Dark Web right now. Thats why you should run a cybersecurity check now and then.

Sadly, no amount of prevention can save you from a security breach. Hackers could breach a company you have an account with, exposing millions of private records. Tap or click here for a survival guide to follow after hackers compromise your data.

First, though, youll want to confirm whether or not youre in danger. Thats where this helpful guide comes in. Follow this three-step strategy to make sure youre safe.

Luckily, there are a lot of free resources in your toolkit. These can help if youre Googling, Find out if my password has been compromised or How to find out if my password was stolen.

Hunting down stolen information can be difficult. You need to take a few extra steps to access the Dark Web. For example, you might need a Tor browser, which reroutes your internet traffic for maximum privacy.

The Dark Web is full of non-indexed websites. In other words, standard search engines cant find them, so they wont appear in common search results. Most of us spend our time on the surface web, which refers to websites you can discover through standard search engines.

Luckily, some of the tricks in this article will help you. Lets start with a helpful resource that can store your passwords and keep you safe.

You probably know that password managers are a database for your important accounts. Kim says you should create strong, original, hard-to-guess passwords for all your accounts. Tap or click here for a few ways to craft an impenetrable password.

Theres just one complication. When you create a new password for every account, it can be hard to remember them all. Password managers are a handy place to store unique account credentials. With this one-stop-shop, you have all your passwords in one place.

But these programs are more than simple storage spaces. Some password managers can even monitor the Dark Web. They can alert you to take action and protect your organization.

In addition to password managers, you can check out tools that search the Dark Web for you. This way, you dont have to download a Tor Browser and do your own digging. You can also check out this list of 10 free Dark Web scanners that still work in 2022.

If you think hackers stole your password, check out CyberNews checker. Its the largest data leak checker available. You need an email address to use it.

Tap or click here to see how this tool can help you. Or you can stay here for some quick tips. Enter it into this search tool and it will see if any recent breaches revealed your email address:

Security breaches can expose different data points. Hackers can collect the data points from separate breaches and connect them. Thus, they build a profile of you.

Thats why systems like CyberNews checkerare so helpful. Here, you can see which breaches exposed your data. And since this is the most extensive data leak checker you can use, its a great place to start.

Heres another great way to see if your passwords are being sold. This security breach tracker has been around for a while.

Enter your email address into this online database. Then, it reveals which data breaches involve your data.

HaveIBeenPwned covers over 11 billion stolen records. Protect yourself by checking to see if your data was pwned. Sites like this help you arm yourself with knowledge.

Once you know a data breach hurt you, you can start mitigating the damage. But you cant do that if you dont know youre in danger. Tap or click here to see if your information has been exposed.

You cant stop hackers from breaching your bank. So if a security breach hits your financial institution, you should change your passwords. But hackers can get your secrets from more than just data breaches.

Cybercriminals will often hit you with complex phishing scams. Theyll say something like, Click this link for a discount. Its easy to click on a misleading link only to download malware onto your device.

A single misclick can compromise your passwords. Thats why you need a strong antivirus program at your side. We recommend our sponsor, TotalAV.

X

Would you like the latest tech news delivered to you each morning?

Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. Thats over 85% off the regular price!

Continue reading here:
3 ways to find out if your passwords are being sold on the Dark Web - Komando

Posted in Tor Browser | Comments Off on 3 ways to find out if your passwords are being sold on the Dark Web – Komando

EXPLAINER: EFCC ‘Linked Naira Marley to the Dark Web’. Here’s What You Need to Know About the Internet’s Most Hidden Part – FIJ NG

Posted: June 11, 2022 at 12:50 am

The cybercrime department of the Economic and Financial Crimes Commission (EFCC) has provided a forensic report linking Naira Marley, a popular Nigerian artiste whose real name is Azeez Fashola, to credit card fraud perpetrated on the dark web.

EFCCs cybercrime department discovered Naira Marleys request for credit card details on his iPhone and mapped his activities back to websites on the dark web.

The types of sites most commonly associated with the dark web are marketplaces where illicit goods such as narcotics, firearms, and stolen credit card numbers are bought and sold. The darkest corners are used to hire hitmen, engage in human trafficking, and exchange child pornography, EFCCs Whyte Dein testified on Thursday.

The dark web or dark net is very enormous, yet secretive. What exactly is it?

READ MORE: Fresh Forensic Reports Link Naira Marley to Credit Card Fraud

BEYOND THE SURFACE

A 2015 report from Seeker estimated that Google has only indexed 004% of all internet pages. This means that most of the content on the world wide web are not accessible on standard search engines like Google, Yahoo, or Microsoft Bing.

The easily accessible part of the internet is known as the clear web, the surface of the internet. Beyond the surface lies the deep web accounting for over 90 percent of the internet.

Dark web and deep web are sometimes used interchangeably, but the dark web is just a part of the deep web. To access this subset of the deep web, an internet user must use certain tools, including the Tor Browser.

TOR BROWSER

The EFCC cybercrimes department found a special browser on Naira Marleys phone.

Whyte Dein, team lead of the cybercrimes department, said Naira Marley used malicious tools to disguise the identity and location of the user of the laptop when connected to the internet along with the presence of the browser which acted as a single gateway to the dark net.

The browser serving as a single gateway to the dark web is the Tor Browser. It is a web browser designed to keep the web traffic of its user secret on the Tor network. Tor Browser protects the identity of its user online.

The Tor network is slow but secure. It is the only network Internet Service Providers (ISPs) or governments cannot track. This makes it the ideal network through which web pages on the dark web can be accessed.

READ ALSO: Hackers Take Over OPay Twitter Account, Direct NFT Owners to Fake Website

CONTENT

Not all of the content on the dark web is illegal or criminal. But most of it is. Although the dark web contains links to rare full-text editions of books, encrypted email services, whistleblower websites, and classic movie collections, there is an infinite supply of illicit commodities up for sale.

Naira Marley is implicated in credit card fraud. Traders sell cloned credit card numbers and pins for as low as $25. Hackers also sell online banking logins with a minimum of $2,000 balance for $120. Other illicit content available on the dark web for a price include assault rifles, hard drugs, hacked Netflix accounts, hacked usernames and passwords, stolen cryptocurrency wallet keys, and counterfeit money.

The FBI arrested Ross William Ulbricht and seized his laptop on October 1, 2013. Ulbricht was the facilitator of a dark web page known as the Silk Road, an underground drug market. A judge sentenced Ulbricht to life in prison for drug trafficking, computer hacking, and money laundering in 2015.

The Silk Road generated approximately $1.2 billion in sales and $80 million in commissions for Ulbricht. On November 3, 2020, US law enforcement seized over $1 billion worth of digital currency from the Silk Road.

A more lucrative and illicit trade on the dark web involves ransomware. Sebastien Vachon-Desjardins, a resident of Quebec, Canada, was extradited to the United States in March for his involvement in a $27 million theft. From April through December 2020, Vachon-Desjardins compromised a protected computer and transmitted a ransom after spreading a sophisticated form of ransomware known as NetWalker.

Roger Handberg, US Attorney representing the Middle District of Florida, said that ransomware is a multi-billion-dollar criminal enterprise that transcends physical and political boundaries. International collaboration is essential to identify the perpetrators of these sophisticated schemes.

READ ALSO: How Hacker Used Brother Lanre Makindes Facebook Account to Execute N90,000 Fraud

LEGALITY

Is the dark web illegal? The short answer is no. No law in Nigeria and many other countries, including the United States, criminalises the use of the dark web.

Citizens of countries with totalitarian laws such as China often use the Tor Browser to escape the watchful eyes of their government. Such would deem surfing on a Tor network unlawful.

The primary purpose of the dark web is anonymity. Credit card fraudsters and black market traders simply take advantage of the dark webs secrecy.

Although the dark web is not illegal in itself, it is the perfect enclave for hackers and internet fraudsters.

See original here:
EXPLAINER: EFCC 'Linked Naira Marley to the Dark Web'. Here's What You Need to Know About the Internet's Most Hidden Part - FIJ NG

Posted in Tor Browser | Comments Off on EXPLAINER: EFCC ‘Linked Naira Marley to the Dark Web’. Here’s What You Need to Know About the Internet’s Most Hidden Part – FIJ NG

Page 3«..2345..1020..»