background preloader


Facebook Twitter

What to do if meek gets blocked. Doc/meek. Meek is a pluggable transport that uses HTTP for carrying bytes and TLS for obfuscation. Traffic is relayed through a third-party server that is hard to block, for example a ​CDN. It uses a trick called "domain fronting" to talk to a Tor relay while appearing to talk to another domain. [tor-dev] A simple HTTP transport and big ideas​ Quick start ¶ Download a browser bundle for your platform: ​ Extract and run it, and then configure these settings: Configure on the first screen.

Howtos in other languages: ​English 2014-09 ​⁧فارسی⁩ 2014-08 ​中文 1 2014-10 ​中文 2 2014-10 To build from source: git clone cd meek/meek-client export GOPATH=~/go go get go build tor -f torrc FreeBSD port: ​ Overview ¶ (SVG source)​ How to change the front domain ¶ See ​What to do if meek gets blocked. Evil 32: Tor's Map of the Internet. The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users. Cheryl Graham/Getty Images For more than a decade, a powerful app called Metasploit has been the most important tool in the hacking world: An open-source Swiss Army knife of hacks that puts the latest exploits in the hands of anyone who’s interested, from random criminals to the thousands of security professionals who rely on the app to scour client networks for holes. Now Metasploit has a new and surprising fan: the FBI.

WIRED has learned that FBI agents relied on Flash code from an abandoned Metasploit side project called the “Decloaking Engine” to stage its first known effort to successfully identify a multitude of suspects hiding behind the Tor anonymity network. That attack, “Operation Torpedo,” was a 2012 sting operation targeting users of three Dark Net child porn sites. Now an attorney for one of the defendants ensnared by the code is challenging the reliability of the hackerware, arguing it may not meet Supreme Court standards for the admission of scientific evidence.

Global Web Crackdown Arrests 17, Seizes Hundreds Of Dark Net Domains. Josh Valcarcel/WIRED When “Operation Onymous” first came to light yesterday, it looked like a targeted strike against a few high value targets in the Dark Web drug trade. Now the full scope of that international law enforcement crackdown has been revealed, and it’s a scorched-earth purge of the Internet underground. On Friday, the European police agency Europol along with the FBI and the Department of Homeland Security announced that the operation has now arrested 17 people in as many countries and seized hundreds of Dark Web domains associated with well over a dozen black market websites. In addition to the takedowns of drug markets Silk Road 2, Cloud 9 and Hydra revealed Thursday, it’s also busted contraband markets like Pandora, Blue Sky, Topix, Flugsvamp, Cannabis Road, and Black Market. In all, the agency says it’s seized 414 “.onion” domains, the web addresses used by the anonymity software Tor that hides the physical location of those sites’ servers.

Just how many Dark Net sites did cops really shut down? In the aftermath of one of the most high-profile cybercrime operations of the year, American and European police have been loudly and repeatedly bragging about how many Dark Net websites they shut down. At first, they claimed over 400 seizures. Now the number is down to 50. Why the huge discrepancy, and which number is right? The 414 number made headlines across the world, forcing many observers to wonder if Tor itself was broken after such a massive police operation. However, upon further examination, no one could quite figure out where all supposedly seized hidden services were.

After all, the biggest Dark Net markets are still in operation. The biggest child pornography sites are still running. As the questions about the 414 number became louder, a new article was published by the New York Times in which a Europol official told the paper that “upward of 50 sites” were closed. Even with the new adjustment to around 50 seizures, no one can fully account for even that number of seizures. A portable router that conceals your Internet traffic. The news over the past few years has been spattered with cases of Internet anonymity being stripped away, despite (or because) of the use of privacy tools. Tor, the anonymizing “darknet” service, has especially been in the crosshairs—and even some of its most paranoid users have made a significant operational security (OPSEC) faux pas or two. Hector “Sabu” Monsegur, for example, forgot to turn Tor on just once before using IRC, and that was all it took to de-anonymize him. (It also didn’t help that he used a stolen credit card to buy car parts sent to his home address.)

If hard-core hacktivists trip up on OPSEC, how are the rest of us supposed to keep ourselves hidden from prying eyes? At Def Con, Ryan Lackey of CloudFlare and Marc Rogers of Lookout took to the stage (short their collaborator, the security researcher known as “the grugq,” who could not attend due to unspecified travel difficulties) to discuss common OPSEC fails and ways to avoid them. Counter-surveillance for everyone. Dedis@yale | A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays. Mainak Ghosh, Miles Richardson, Bryan FordYale University Rob JansenU.S. Naval Research Laboratory 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2014) Abstract The Tor network relies on volunteer relay operators for relay bandwidth, which may limit its growth and scaling potential.

We propose an incentive scheme for Tor relying on two novel concepts. We introduce TorCoin, an “altcoin” that uses the Bitcoin protocol to reward relays for contributing bandwidth. Paper: PDF This material is based upon work supported by the Defense Advanced Research Agency (DARPA) and SPAWAR Systems Center Pacific, Contract No. 90 percent of Tor keys can be broken by NSA: what does it mean? Errata Security CEO Rob Graham has published a blog-post speculating that ninety percent of the traffic on the Tor anonymized network can be broken by the NSA. That's because the majority of Tor users are still on the an old version of the software, 2.3, which uses 1024 RSA/DH keys -- and at keylengths of 1024 RSA/DH crypto can be broken in a matter of hours using custom chips fabbed at an estimated cost of $1B. It seems likely that the NSA has spent the necessary sum and sourced these chips (likely from IBM).

This isn't the same as being able to decrypt all of Tor in realtime, but it does suggest that the NSA could selectively decrypt its stored archives of Tor traffic. However, the new version of Tor, 2.4, uses elliptical curve Diffie-Hellman ciphers, which are probably beyond the NSA's reach. But the good news is that, as the ProPublica article mentioned (quoting whistleblower Edward Snowden), "Properly implemented strong crypto systems are one of the few things that you can rely on.

" NSA EgotisticalGiraffe Differ in The Guardian and Washington Post. The New Yorker | Strongbox. Our privacy promise The New Yorker's Strongbox is designed to let you communicate with our writers and editors with greater anonymity and security than afforded by conventional e-mail. When you visit or use our public Strongbox server, The New Yorker and our parent company, Condé Nast, will not record your I.P. address or information about your browser, computer, or operating system, nor will we embed third-party content or deliver cookies to your browser.

Strongbox servers are under the physical control of The New Yorker and Condé Nast in a physically and logically segregated area at a secure data center. Strongbox servers and network share no elements in common with The New Yorker or Condé Nast infrastructure. Strongbox is designed to be accessed only through a “hidden service” on the Tor anonymity network, which is set up to conceal both your online and physical location from us and to offer full end-to-end encryption for your communications with us. How SOPA's 'circumvention' ban could put a target on Tor | Privacy Inc. A little-noticed section of the Stop Online Piracy Act could make it illegal to distribute Tor and other software that can "circumvent" attempts by the U.S. government to block pirate Web sites. The controversial Hollywood-backed copyright bill allows injunctions to be filed against "any" person, nonprofit organization, or company that distributes a "product or service" that can be used to circumvent or bypass blockades erected against alleged pirate Web sites such as

"It looks like SOPA would outlaw Tor," says Markham Erickson, an attorney with Holch & Erickson LLP who runs NetCoalition. The trade association opposes SOPA and counts, eBay, Google, and Yahoo among its members. This section of SOPA is straightforward enough: a copyright holder would contact the U.S. Department of Justice to complain that a Web site is engaged in piracy.

Then the Justice Department would seek a court order from a federal judge that would compel U.S. But SOPA's author, Rep. How to Become Anonymous on the Internet Using Tor. The internet is a scary place, and if you're like me, you don't want anyone tracking you or learning your search habits. It's a blatant invasion of privacy for companies to do this, but at least we have methods of fighting back—one of which is Tor.

Tor stands for The Onion Router. It operates by donated bandwidth from its users. Tor encrypts your traffic, then forwards it through multiple nodes, like the layers of an onion, hence the name "The Onion Router". Now, be forewarned, Tor isn't fully anonymous. In this Null Byte, we're going to go briefly go over how to set up Tor, after which I will forward my traffic through it to show you that it's working. Better TBB about:config settings(?); re: browsing and loading speed, etc. Web Browser for Anonymous Communication - Peace and Conflict Monitor, Tor, Anonymity, and the Arab Spring: An Interview with Jacob Appelbaum. The recent revolution in Egypt that ended the autocratic presidency of Hosni Mubarak was a modern example of successful nonviolent resistance.

Social Media technologies provided a useful tool for the young activist to orchestrate this revolution. However the repressive Mubarak regime prosecuted many activists and censored a number of websites. This made their activities precarious, making it necessary for activists to hide their identity on the Internet. The anonymity software Tor was a tool used by some bloggers, journalists and online activists to protect their identity and to practice free speech. Jacob Appelbaum, Tor developer, independent computer security researcher, and co-founder of the the San Francisco hackerspace Noisebrige has conducted a number of Tor trainings in the Middle East. What does Tor do and who uses it? In brief, Tor is an anonymity network that allows people to use the internet in a way that avoids traffic analysis. Can an anonymous person have credibility? Anonymity Online.

The Tor Project. Tor and HTTPS. Click the "Tor" button to see what data is visible to eavesdroppers when you're using Tor. The button will turn green to indicate that Tor is on.Click the "HTTPS" button to see what data is visible to eavesdroppers when you're using HTTPS. The button will turn green to indicate that HTTPS is on.When both buttons are green, you see the data that is visible to eavesdroppers when you are using both tools.When both buttons are grey, you see the data that is visible to eavesdroppers when you don't use either tool.Potentially visible data includes: the site you are visiting (SITE.COM), your username and password (USER/PW), the data you are transmitting (DATA), your IP address (LOCATION), and whether or not you are using Tor (TOR).

Tor relays (2011-02-14) - Tor Exit Node & Bridge hosting. Tor: Documentation. First, read the overview page to get a basic idea of how Tor works, what it's for, and who uses it. Install Tor Browser and try it out. Be sure to read the list of warnings about ways you can screw up your anonymity. Look through the Tor Browser Design Document. Our FAQ covers all sorts of topics, including questions about setting up a client or relay, concerns about anonymity attacks, why we didn't build Tor in other ways, etc. There's a separate Abuse FAQ to answer common questions from or for relay operators. The Tor Legal FAQ is written by EFF lawyers, and aims to give you an overview of some of the legal issues that arise from The Tor Project in the US. Check out the Tor Stack Exchange Q&A Site, and help us make the questions and answers better.

Tor runs many mailing lists. Tor-announce is a low volume list for announcements of new releases and critical security updates. Tor is written for and supported by people like you. Download Tor. Tor Browser Version 4.5.2 - Windows 8, 7, Vista, and XP Everything you need to safely browse the Internet. Learn more » Expert Bundle Windows 8, 7, Vista, XP, 2000, 2003 Server, ME, and Windows 98SE Contains just Tor and nothing else. Version 4.5.2 - OS X Intel Everything you need to safely browse the Internet. Version 4.5.2 - Linux, BSD, and Unix Tor (standalone) Install the Tor components yourself, run a relay, create custom configurations. Source Tarball Configure with: . The current stable version of Tor is The current unstable/alpha version of Tor is

Want Tor to really work? You need to change some of your habits, as some things won't work exactly as you are used to. Use the Tor Browser Tor does not protect all of your computer's Internet traffic when you run it. Be smart and learn more. Projects Overview. The Tor community of software and services aims to make your Internet experience safer and better. Tor Browser contains everything you need to safely browse the Internet. This package requires no installation. Just extract it and run. Arm is a terminal status monitor for Tor, intended for command-line aficionados and ssh connections. This functions much like top does for system usage, providing real time information on Tor's resource utilization and state. Analytics for the Tor network, including graphs of its available bandwidth and estimated userbase.

This is a great resource for researchers interested in detailed statistics about Tor. Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. Pluggable Transports (PT) transform the Tor traffic flow between the client and the bridge. Web-based protocol to learn about currently running Tor relays and bridges.

Python library for applications and scripts that interact with Tor.