Email Encryption Service Provider ‘ProtonMail’ Now on Tor

ProtonMail-Tor-ServiceIf you look in the VooDoo Tech section, you’ll see we endorse both ProtonMail and Tor.  Both are excellent services if you value your online privacy and now they work together!  ProtonMail, launched in 2014 by a group of MIT and CERN experts, is the largest email encryption service provider in the world having more than two million users. It is the preferred emailing platform of activists and journalists who need to keep information confidential.  In its latest announcement, ProtonMail’s co-founder Dr. Andy Yen stated that they would allow the users to directly access their email accounts via Tor network so that they could counter steps taken by authoritative governments across the globe to minimize user privacy.

Dr. Yen said that it is inevitable to avoid censorship in some countries and they have been “proactively working to prevent this.” Dr. Yen further acknowledged that the reason why they have chosen Tor is that “Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step.”

This perhaps looks like a step taken after the recent actions from the governments to curb the public’s access to encrypted platforms and secure internet usage. Such as Egyptian government blocked encrypted chat application Signal and the UK government’s approval of the Investigatory Powers Bill aimed at tracking the activities of web browsers.  Friends, do yourself a favor… Use Tor and get yourself a ProtonMail account.

SOURCE – Hackread.com

Tor Project working to fix weakness that can unmask anonymous users

tor_nsaDevelopers of Tor software believe they’ve identified a weakness that was scheduled to be revealed at the Black Hat security conference next month that could be used to de-anonymize Tor users.

The Black Hat organizers recently announced that a talk entitled “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget” by researchers Alexander Volynkin and Michael McCord from Carnegie Mellon University’s Computer Emergency Response Team (CERT) was canceled at the request of the legal counsel of the university’s Software Engineering Institute because it had not been approved for public release.

“In our analysis, we’ve discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months,” the CERT researchers had written in the abstract of their presentation. “The total investment cost? Just under $3,000.”

In a message sent Monday to the Tor public mailing list, Tor project leader Roger Dingledine said that his organization did not ask Black Hat or CERT to cancel the talk. Tor’s developers had been shown some materials about the research in an informal manner, but they never received details about the actual content of the planned presentation, he said. The presentation was supposed to include “real-world de-anonymization case studies.”

Despite the lack of details, Dingledine believes that he has figured out the issue found by CERT and how to fix it. “We’ve been trying to find delicate ways to explain that we think we know what they did, but also it sure would have been smoother if they’d opted to tell us everything,” he said in a subsequent message on the mailing list.

Dingledine suggested that the issue affects Tor relays, the Tor network nodes that route user connections in a way that’s meant to hide the traffic’s origin and destination from potential network eavesdroppers.

“Based on our current plans, we’ll be putting out a fix that relays can apply that should close the particular bug they found,” he said. “The bug is a nice bug, but it isn’t the end of the world. And of course these things are never as simple as ‘close that one bug and you’re 100% safe’.”

Tor — originally called The Onion Router — started out as a project of the U.S. Naval Research Laboratory, but is now developed and maintained by a nonprofit organization called The Tor Project. The software allows users to access resources on the Internet without revealing their real IP (Internet Protocol) addresses, a feature appreciated by privacy-conscious users as well as criminals.

According to media reports last year based on documents leaked by former U.S. National Security Agency contractor Edward Snowden, both the NSA and the U.K.’s Government Communications Headquarters targeted Tor and had some success in de-anonymizing limited numbers of users.

SOURCE – ComputerWorld.com

Tor is building an anonymous instant messenger…

tor_nsaTor, the team behind the world’s leading online anonymity service, is developing a new anonymous instant messenger client, according to documents produced at the Tor 2014 Winter Developers Meeting in Reykjavík, Iceland.  The Tor Instant Messaging Bundle (TIMB) is set to work with the open-source InstantBird messenger client in experimental builds released to the public by March 31, 2014. The developers aim to build in encrypted off-the-record chatting and then bundle the client with the general Tor Launcher in the following months.

Pidgin, an older and more popular open-source chat client, was originally considered to be the foundation of the TIMB but was thrown out in favor of InstantBird. However, Tor still plans to hire independent security contractors to audit the new software and test its mettle so that “people in countries where communication for the purpose of activism is met with intimidation, violence, and prosecution will be able to avoid the scrutiny of criminal cartels, corrupt officials, and authoritarian governments.”

Over the long term, TIMB will likely become the messenger of choice for Tor users. Software such as TorChat and BitMessage already have significant userbases and smart advocates, but with the full weight of the Tor Launcher and team behind it, there’s little reason to imagine TIMB won’t succeed.  The creation of the TIMB is yet another step in what has been a years-long improvement in Tor software. A decade ago, the anonymity program was available only to tech-savvy users who knew enough to dive into their operating system’s command line.  Now, the Tor user interface has progressed to the point that almost anyone can anonymously surf the Web with just a few clicks. If TIMB follows in those footsteps, it will be another powerful anonymity tool at the fingertips of of both the tech literate and humanity at large.

The Tor Project, a $2 million per year nonprofit consisting of 30 developers spread out over 12 countries, is pushing forward on TIMB as part of an overall initiative to make Tor even easier to use for the average person. Also in the pipeline are more localized support staff as well as “point-click-publish Hidden Services,” to make it extremely easy for anyone to create a Deep Web site.  When it comes to the sort of security that Tor provides, ease of use is of paramount importance. Many users can’t or won’t take the time to learn about encryption programs like Pretty Good Privacy (PGP), leaving themselves open to surveillance.

SOURCE – The Daily Dot

Tor remains resistant to the NSA…

The U.S. National Security Agency has repeatedly tried to compromise Tor, the government-funded online anonymity tool, but has had little success, according to a new report in the U.K.’s Guardian.

The NSA has tried multiple strategies for defeating Tor, with its most successful method focused on attacking vulnerable software on users’ computers, including the Firefox browser, according to the report, published Friday. In the Firefox attack, NSA agents have been able to gain “full control” of targets’ computers, said the report, citing documents given to the Guardian by former NSA contractor Edward Snowden.  tor_nsaNSA documents provided by Snowden, which the Guardian began  publishing in June, say the agency is collecting bulk phone records in  the U.S. as well as Internet communications overseas.  But in many cases, the NSA has been frustrated in its efforts to  target Tor users, an irony because the open-source project is largely  funded by the U.S. Department of Defense, the NSA’s parent agency, and  the U.S. Department of State.

“We will never be able to de-anonymize all Tor users all the time,” according to one NSA document quoted by the Guardian. “With  manual analysis we can de-anonymize a very small fraction of Tor users.”  The NSA has had “no success de-anonymizing a user in response” to a  specific request, the document said.

Tor is “the king of high-secure, low-latency internet anonymity,” the report quotes another NSA document as saying.  Tor routes Internet traffic through a number of relays as a way  to keep communications anonymous. The State Department promotes the  software to activists in countries with strong censorship regimes,  including Iran and China.  An NSA spokeswoman referred a request for comments on the story to a previous statement from the agency:

“In carrying out its signals intelligence mission, NSA collects  only those communications that it is authorized by law to collect for  valid foreign intelligence and counterintelligence purposes, regardless  of the technical means used by those targets or the means by which they  may attempt to conceal their communications. … It should hardly be  surprising that our intelligence agencies seek ways to counteract  targets’ use of technologies to hide their communications.  “Throughout history, nations have used various methods to protect  their secrets, and today terrorists, cybercriminals, human traffickers  and others use technology to hide their activities,” the statement  continued. “Our intelligence community would not be doing its job if we  did not try to counter that.”

NSA efforts to compromise “anonymous online communication” is  justified, U.S. Director of National Intelligence James Clapper said in a  statement released late Friday.

SOURCE – Infoworld

Interesting Read – How does the NSA break SSL?

Rat Bastards…

Friends, it seem the Feds have been caught with their hands in the privacy cookie jar again.  Wired Magazine is reporting the discovery of a piece of malware that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.  big_brotherThe FBI is considered the prime suspect as the exploit sends identifying information to an IP address in Reston, Virginia; just outside Washington, D.C.  A reverse engineer dissecting the exploit says that this is probably the first time the FBI’s “computer and internet protocol address verifier,” or CIPAV has been captured in the wild but has been around since 2002.  It seems that the malware was designed specifically to attack the Tor browser.  The payload for the Tor Browser Bundle malware is hidden in a variable called “magneto” and the heart of the malicious Javascript is a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.  But the Magneto code doesn’t download anything. It looks up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the user’s real IP address, and coded as a standard HTTP web request.  Rat Bastards.  Friends, make sure your VooDoo is patched or up-to-date, the Feds are restless.

  • Ads