For responsible adults with decades of experience from which to draw their own conclusions, the idea that adults we have never met have the power to govern our online activities is a borderline insult.

Of course, governments have a responsibility to protect all, so for every person who gets upset at politicians poking around in their private business, theory suggests there should be others who stand to benefit from whatever intervention is currently under discussion. And as responsible adults, that is taken into consideration.

The looming problem is that once ‘protection measures’ are put in place for even the most well-intentioned reasons, they are usually there to stay and always vulnerable to mission creep. If the wrong government somehow gains power, outright abuse can never be ruled out. In the meantime, others may claim entitlement to protection too, through the courts if necessary.

Developed by UK ISP BT at an estimated cost of £500,000, the Cleanfeed content-blocking system was launched in 2004 with the stated aim of preventing access to child abuse material. For most people in society, that was considered a positive move but just a few years later, the very existence of Cleanfeed was seen as an opportunity.

In an effort to suppress Usenet indexer Newzbin, Hollywood studios sought and won an injunction that compelled BT to use Cleanfeed to block the site, with the studios admitting that the company was targeted because it had the tools in place to implement blocking. In June 2023 alone, over 850 new entries appeared on UK ISPs’ blocklists.

French Government Says it Wants to Protect

The French government’s drive to prevent children from accessing pornographic content online is well-documented. Few disagree that widely available and openly accessible ‘tube’ sites are unsuitable for minors, but in a world where parental responsibility is considered old-fashioned, not to mention ineffective, France believes that legislation is the only way to protect the country’s children.

In parallel the government is on the verge of passing new law that aims to protect adults from the dangers of online fraud. Given the scale of the problem and law enforcement’s lacking response globally, what could possibly be wrong with that? According to Mozilla, the people behind the Firefox browser, almost nothing – if it’s done properly, at least.

France Demands “Dystopian Technical Capability”

“In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability,” Mozilla reported this week.

“Article 6 (para II and III) of the SREN Bill [below, translated] would force browser providers to create the means to mandatorily block websites present on a government provided list.”

“While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud,” Mozilla continued.

“It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.”

Of course, major browsers currently make use of Google’s Safe Browsing system, which alerts visitors to flagged sites that there could be trouble ahead. Users can continue to those sites if they so wish, but Mozilla warns that the language in the current proposal is focused on website blocking and contains nothing to ensure privacy or prevent the blocking system being used for other purposes.

“Forcing browsers to create capabilities that enable website blocking at the browser level is a slippery slope. While it might be leveraged only for malware and phishing in France today, it will set a precedent and create the technical capability within browsers for whatever a government might want to restrict or criminalize in a given jurisdiction forever,” Mozilla warns .

“If it successfully passes into law, the precedent this would set would make it much harder for browsers to reject such requests from other governments,” the not-for-profit foundation concludes.

And not just requests from governments either. In 2023, it seems like everyone wants something blocked. Having a system already in place won’t make that any more difficult, nor will it deal with the source of the problem.

Image credit: pixabay/ geralt

From: TF , for the latest news on copyright battles, piracy and more.

Le saviez-vous ? Le navigateur Microsoft Edge et une fonctionnalité pour le moins étonnante qui pourrait mettre en péril votre précieuse vie privée.

Héééé ouais 🙂

Pour ceux qui ne sont pas au courant, voici un résumé rapide des faits : il semblerait que lorsque nous naviguons avec Microsoft Edge, l’URL des sites qu’on visite soit envoyée vers l’API de Bing (qui appartient également à Microsoft).

Eh oui… Big Brother est toujours là pour veiller sur vos données !

Ce lièvre a été soulevé par des utilisateurs de Reddit – merci les gars – ainsi que Rafael Rivera, ingénieur logiciel et développeur chez EarTrumpet . Le souci proviendrait donc d’une fonction mal implémentée dans ce bon vieux Edge… MOUAIS, COMME DE PAR HASARD !

Alors concrètement, d’où vient ce problème ???
Et bien cela fait déjà quelques mois maintenant que Microsoft teste une nouvelle option permettant aux utilisateurs du navigateur Edge de pouvoir facilement suivre leurs créatrices ou créateurs préféré(e)s sur YouTube ou sur le Web en général.

Cette fonctionnalité, nommée de manière très originale ^^ : « Suivre les créateurs » a été déployée plus largement très récemment. Le problème est que même si vous ne l’utilisez pas, vos URL sont tout de même envoyées à Bing API. Paye ta vie privée.

Mais pour autant, pas de panique ! Je vais vous donner l’astuce ultime pour remédier au problème !

Il suffit de désactivez la fonction « Suivre les créateurs ». Ça sert à rien, ça pompe vos données, donc bye bye !!

Même si du côté de Microsoft on semble prendre ce souci très au sérieux – puisqu’ils enquêtent actuellement dessus… De vrais Colombo -, je préférais quand même vous avertir.

N’hésitez pas à partager cet article autour de vous afin d’informer tous vos proches qui utilisent également Microsoft Edge et protégez au mieux votre (et leur) vie privée !

Source

Read 7 remaining paragraphs | Comments

Read 4 remaining paragraphs | Comments

What Is Tor?

The Onion Router or Tor is a network that enables a user to stay anonymous on the internet and get rid of any possible surveillance, user identification, or location tracking while using the internet. You can access the Tor network with the help of a modified Mozilla Firefox ESR web browser.

Tor allows a person to browse the web anonymously by veiling the actual identity of the user. It protects the user from any traffic analysis and network spying.

Tor is perhaps the most popular and secure option available for anonymous internet connectivity. To reduce the confusion, here we are talking about the Tor network, not the Tor web browser, which is used to access the same.

Who Created Tor?

Tor uses the principle of ‘Onion Routing,’ which was developed by Paul Syverson, Michael G. Reed, and David Goldschlag at the United States Naval Research Laboratory in 1990s. Further development was carried out under the financial roof of the Electronic Frontier Foundation (EFF).

Tor Project Inc. is a non-profit organization that currently maintains Tor and is responsible for its development. It has received funds from the US government primarily, and additional aid from the Swedish Government and different NGOs & individual sponsors.

How Does Tor Work?

Tor uses the concept of the ‘Onion Routing’ method in which the user data is first encrypted and then transferred through different relays present in the Tor network. Thus, it creates multi-layered encryption (layers like an onion) and a hard-to-follow path to keep the identity of the user safe. As a result, nobody can link your identity to any single point.

One encryption layer is decrypted at each successive Tor relay, and the remaining data is forwarded to any random relay until it reaches its destination server. For the destination server, the last Tor node/exit relay appears as the origin of the data. It is thus tough to trace the identity of the user or the server by any surveillance system acting as the middleman.

Other than providing anonymity to standalone users, Tor can also provide anonymity to websites and servers in the form of Tor Hidden Services. Also, P2P applications like BitTorrent can be configured to use the Tor network and download torrent files.

Also Read: How To Share Files Anonymously Using Tor’s Darknet And OnionShare?

Is using Tor illegal?

No. Tor browser and dark web aren’t illegal on their own. However, if you end up performing some illegal activity on the dark web using Tor, that’ll surely invite trouble. So, as always, we recommend that you use this technology to perform legal actions and enhance your privacy.

Tor And NSA Connection

The NSA whistle-blower Edward Snowden used Tor to leak information about PRISM to The Guardian and The Washington Post.

However, the story is not all good-good. Tor faces criticism for the reason that it acts as a medium for different illegal activities like data breaching, drug dealing, gambling, being home to dark web sites. Tor is also used by criminal minds to communicate over the internet while keeping their identity hidden, which makes it difficult for the security agencies to trace them.

The U.S. National Security Agency (NSA) has called Tor “the King of high secure, low latency Internet anonymity.” And it has received similar comments by BusinessWeek magazine, “perhaps the most effective means of defeating the online surveillance efforts of intelligence agencies around the world.”

Another speculation made is that Tor takes its funding from the U.S. Government, which may lead to the assumption that NSA may have compromised the identities of individual Tor users. However, Tor’s former executive director Andrew Lewman disclaimed any confederations with NSA.

Is Tor Browser Safe?

Various claims have been made about compromising Tor’s anonymity and security from time to time. The most famous one was the Bad Apple Attack, in which the researchers claimed to have identified around 10k IP addresses of active BitTorrent users who were connected via Tor.

The Heartbleed bug was behind another major compromise in April 2014, which halted the Tor network for several days.

Traffic Fingerprinting is a method used to analyze web traffic by analyzing the patterns, responses, and packets in a particular direction. This technique can be used to attack the Tor network by making the attacker’s computer act as the guard.

The main vulnerability was found at its exit points, where the level of security is very low as compared to the rest of the Tor network.

Also Read: TOR Anonymity: Things Not To Do While Using TOR

What is Tor “Browser”?

Tor Project Inc. has released Tor Browser , which is a modification of an Extended Support Release (ESR) version of the Mozilla Firefox browser. The browser is portable so that it can be used from external media and also reduces the hassel of installation.

Tor Browser removes the browsing history and cookies after every use, thus reducing the risk of any cookie tracking. We can set-up SOCKS (Socket Secure) based applications to use the Tor network by configuring them with a loop-back address.

It’s also known as the dark web browser since it lets users browse the so-called dark web sites that accessible on the regular web.

The Tor browser is available for various desktop operating systems, including Windows, Linux, and macOS. You can visit this link to download Tor Browser latest version for Windows, Linux, and macOS.

Tor 10.0.6

How to download and use Tor browser?

How to install Tor Browser on Windows 10/7/8?

1. Run the Tor Browser setup.
2. Choose your desired language.
3. On the next window, choose the destination folder. Using Tor would be easy if you choose the Desktop as the destination.
4. Click Install.

The Tor setup will create a folder named Tor Browser on your Desktop. Open the folder, and run the shortcut file to use the Tor Browser.

For Linux, you’ll have to extract the downloaded file, either using the command line or a file extractor application.

Tor Browser for Android

Tor Browser – official Tor app for Android

Orbot – a free proxy app with Tor for Android devices.

Orfox – a mobile version of Tor Browser for Android devices. (Discontinued)

The Guardian Project, a global developer community founded by Nathan Freitas, is to be credited for the development of Orfox.

Tor Browser for iOS

A Tor browser app for iOS created by Tor Project core contributor Mike Tigas.

Tor Alternatives

I2P and Freenet are other anonymity networks which can act as Tor alternatives. Also, Tails and Subgraph OS are Linux-based distributions with built-in Tor support. In the past, Hornet was also an anonymity network that provided higher network speeds compared to Tor.

To know more about these alternatives, please visit this link .

Should I Use Tor?

Tor has proved to be an excellent medium for safe, secure, and anonymous web presence available to a user at no cost. The developers of Tor didn’t intend it to become a hotbed of illegal activities, but evil-minded people have leveraged Tor for their benefits such as selling unlawful stuff on the dark websites. The Tor project has led to an optimistic approach towards censorship and surveillance-free internet.

You can use Tor if you want to conceal your identity on the web or access some websites that blocked in your region. But refrain yourself from doing anything that’s above the law because nothing is fool-proof, and they can still catch you. Also, accessing your social media accounts over Tor can expose your identity.

The post Tor Explained: What is Tor? How Does It Work? Is It Illegal? appeared first on Fossbytes .

Hiding digital footprints and protecting your information from hackers has become a challenge these days, and now there is a new trick up their sleeve that could be used to track you across the internet. Software designer Jonas Strehle has discovered that browser favicons could be the new means to track users online and collect information, including credit card number, name, address, and phone number.

What makes this dangerous is that it can bypass commonly deployed security measures on the internet, such as VPNs, incognito tabs, deleting browser/website cache, etc. Here’s what we know about this new security flaw that could be exploited by hackers to gather information about you.

What are favicons?

Pronounced as fave-icons, these are small icons that represent the branding of a website. For example, Wikipedia has “W” as its favicon, Youtube has its logo as its favicon, and we have our logo as Fossbytes’ favicon. The main purpose of a favicon is to serve as a visual marker and help users navigate to the desired tab when multiple tabs are open.

How can hackers use favicons to track you on internet?

According to Strehle, the method to spy on users online is called a Supercookie. A Supercookie is a cookie type that could be inserted into an HTTP header in most popular browsers to gather information about user’s online movement.

To make it easy for browsers to access the favicons, they are stored in a separate local database on the system, called the favicon cache (F-Cache). This F-cache also stores other information about users, including the websites visited by the user (subdomain, domain, route, URL parameter), the favicon ID, and the time to live (TTL).

When a user visits a URL, the browser checks the F-cache to get the favicon. In case the favicon is not available there, the browser makes a GET request to load the site’s favicon. This request allows the webserver to gather additional information about the user and assign a unique identification number.

“ So when the browser requests a web page, if the favicon is not in the local F-cache, another request for the favicon is made. If the icon already exists in the F-Cache, no further request is sent. By combining the state of delivered and not delivered favicons for specific URL paths for a browser, a unique pattern (identification number) can be assigned to the client ,” writes Strehle on Github .

Strehle says that all top browsers including Chrome, Firefox, Safari, and Edge are vulnerable to the Supercookie attack. In fact, mobile browsers could be also be targeted under this threat model.

He has written in detail about how this attack works on his own website. It is important to know that this is a proof-of-concept and not a vulnerability spotted in the wild by Strehle. He started learning more about it after reading a research paper titled  “Tales of F A V I C O N S and Caches: Persistent Tracking in Modern Browsers”.(Unfortunately, the link to the research paper wasn’t working at the time of writing)

How to protect yourself from favicon supercookie attack?

Sadly, there is no method available to avoid this attack right now. Strehle mentions that the only possible way to evade this attack is to deploy changes to browsers’ favicon caching behavior, and only browser vendors can do this. He has shared the details of the threat model with the popular browser vendors.

The post Your Browser’s Favicons Could Be Used To Track You Online: Here’s How appeared first on Fossbytes .