Jump to content
Donations Read more... ×

Search the Community

Showing results for tags 'privacy'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 552 results

  1. US justices say law enforcement needs a warrant to follow your digital footprint. The US Supreme Court has ruled in favor of digital privacy. In a 5-4 decision on Friday the justices decided that police need warrants to gather phone location data as evidence for trials. The Supreme Court reversed and remanded the Sixth Circuit court's decision. Carpenter v. United States is the first case about phone location data that the Supreme Court has ruled on. That makes it a landmark decision regarding how law enforcement agencies can use technology as they build cases. The court heard arguments in the case on Nov. 29. The dispute dates back to a 2011 robbery in Detroit, after which police gathered months of phone location data from Timothy Carpenter's phone provider. They pulled together 12,898 different locations from Carpenter, over 127 days. The legal and privacy concern was that police gathered the four months' worth of Carpenter's digital footprints without a warrant. A Sixth Circuit Court of Appeals judge ruled that cellphone location data is not protected by the Fourth Amendment, which forbids unreasonable search and seizure, and therefore didn't require a warrant. In the Supreme Court's ruling, Chief Justice John Roberts wrote that the government's searches of Carpenter's phone records were considered a Fourth Amendment search. "The Government's position fails to contend with the seismic shifts in digital technology that made possible the tracking of not only Carpenter's location but also everyone else's, not for a short period but for years and years," he wrote. Roberts pointed out that allowing government access to historical GPS data infringes on Carpenter's Fourth Amendment protections and expectation of privacy, by providing law enforcement with an "all-encompassing record" of his whereabouts. He added that historical GPS data presents an "even greater privacy risk" than real-time GPS monitoring. Carpenter's attorneys, including lawyers from the American Civil Liberties Union, argued before the Supreme Court that cellphone location data constitutes sensitive digital records and should be protected under the Fourth Amendment. Phone location data is a hot button issue for privacy advocates. In May, Sen. Ron Wyden asked phone service providers why they were giving away location data to Securus Technologies, a service that monitors calls to prison inmates, which police could use to track anybody's phone in the US, without a warrant. The Federal Communications Commission opened an investigation into LocationSmart in May this year, a company that boasted that it could find any phone in the US without needing special permission. The argument has been that phone companies can provide customers' data to law enforcement because they own those records, not the person. During the trial, US Deputy Solicitor General Michael Dreeben told the Supreme Court that people agree to hand over their information to providers for their service. "It is asking a business to provide information about the business' own transactions with a customer," Dreeben said in November. Before the trial took place, major tech companies, including Apple, Facebook and Google, filed a friend-of-the-court brief with the Supreme Court, urging the justices to make it harder for law enforcement officials to obtain individuals' data without a warrant. While the decision sets a ruling for historical GPS data, the Supreme Court said it does not apply to security cameras, business records or real-time location tracking. < Here >
  2. It’s been fun Google, but it’s time to say goodbye. Have you noticed? Google’s entire business model is based on you surrendering to their corporate surveillance. That’s it. All they do is repackage mass corporate surveillance into convenient, free, trendy applications that suck up all your data. Your private data helps Google dominate the online advertising market. You are the product. The other key issue to consider here is that Google is tracking and recording your activity in order to build a user profile, which can be used for various purposes. Google has many ways to track your activity, even if you are not logged into a Google account: Tracking through Google Adsense (all those annoying banner ads you see on most websites also function as tracking) Tracking through YouTube and other Google-owned platforms and products Tracking through websites that use Google Analytics (most websites use Google analytics – but not Restore Privacy) All the data that Google collects about you is usually monetized through targeted advertising (Google is now the largest advertising company in the world). Your data may also be provided to government authorities (Google has been cooperating with governments for mass surveillance since 2009). In other words, Google is working to track your every move online, even if you are working hard to avoid it. The solution to this problem basically entails: Deleting your Google accounts and data Avoiding Google products and using alternatives (this guide) Using good privacy tools, such as a private browser and a good VPN service, which will help protect your data from third parties [...] If interested, please read the complete guide to alternatives < here >.
  3. mona

    Best VPN 2018

    Best VPN 2018 February 24, 2018 by Sven Taylor With all the alarming developments in mass surveillance, ISP spying, online censorship, and content restrictions, you are probably looking for the best VPN to stay safe online. But be careful! To find the best VPN, you’ll need to watch out for VPN scams, VPNs that lie about logs (PureVPN), VPNs that leak IP addresses (VPN Unlimited), and even malicious VPNs with hidden tracking libraries (Betternet). So tread carefully my friends. The rankings of the best VPN services below are based on extensive test results to check for IP address leaks, DNS leaks, connection issues, app performance, reliability, speed, and whether the features work correctly. Additionally, I also considered company policies, jurisdiction, logging practices, and the trustworthiness of the provider. Best VPNs 2018 Now we will take a deep dive into the top five best VPN services for 2018, discussing the pros, cons, features, and testing results for every provider. ExpressVPN ExpressVPN is a trusted and highly-recommended service that remains one of the best all-around VPNs on the market. It is based in the British Virgin Islands and offers a great lineup of applications for all devices. Extensive testing for the ExpressVPN review found the apps to be very secure, with exceptional performance throughout the server network. ExpressVPN is also a service that continues to get better. In the past six months they have made significant improvements to their apps to protect users against rare leak scenarios. These efforts culminated in the public release of their leak testing tools, which can be used to test any VPN for flaws/failures (open source and available on GitHub). ExpressVPN’s logging policies (only anonymized stats) were recently put to the test when authorities in Turkey seized one of their servers to obtain user data. But no customer data was affected as authorities were not able to obtain any logs (further explained here). This event showed that ExpressVPN remains true to its core mission of protecting customer privacy and data. ExpressVPN is also one of the best VPN providers you will find for streaming. Whether you are using a VPN with Kodi or streaming Netflix with a VPN, ExpressVPN offers applications to support all devices as well as a high-bandwidth network with great performance. Their support is also superb, with 24/7 live chat assistance and a 30 day money-back guarantee. Exclusive discount – ExpressVPN is currently offering an exclusive 49% discount on select plans, which reduces the monthly rate down to $6.67 (the non-discount price is $8.32 per month). ExpressVPN Windows client. + Pros User-friendly and reliable apps Exceptional speeds throughout the server network 30 day money-back guarantee Split tunneling feature (for Mac OS, Windows, and routers) Great for Netflix and other streaming services Strong encryption and leak protection settings 24/7 live chat support – Cons Apps collect anonymized connection stats, but users can opt out (IP addresses not logged) Perfect Privacy After testing out many different VPN services, Perfect Privacy holds the top spot as the best VPN for advanced online anonymity. You may have never heard of Perfect Privacy because they largely ignore marketing and instead focus on providing a high quality, privacy-focused service with very advanced features. Nonetheless, this is a well-respected VPN provider that has earned high praise from the tech community for exposing massive vulnerabilities with other VPNs. Their network is composed entirely of dedicated servers that provide you with fast speeds, great reliability, and plenty of bandwidth at all times (you can see real-time server bandwidth here). They have also passed real-world tests when two of their servers were seized by Dutch authorities last year. However, no customer data was affected due to no logs and all servers operating in RAM disk mode with nothing being saved on the server. For features they offer multi-hop VPN chains, advanced firewall configuration options (DNS and IP leak protection), port forwarding, NeuroRouting, Socks5 and Squid proxies, obfuscation features to defeat VPN blocking (Stealth VPN), and a customizable TrackStop feature to block tracking, malware, advertising and social media domains. They also give you an unlimited number of device connections and offer full IPv6 support (giving you both an IPv4 and IPv6 address). While Perfect Privacy offers very advanced features that you won’t find anywhere else, it also comes with a Swiss price tag at €8.95 per month. Additionally, these advanced features may be overkill for some users, especially if you are new to VPNs. Nonetheless, for those seeking the highest levels of online anonymity, security, and overall performance, Perfect Privacy is a solid choice. The Perfect Privacy Windows client, using a four-hop VPN cascade. + Pros Unlimited number of device connections Multi-hop VPN chains, up to 4 servers (self-configurable) NeuroRouting (dynamic, server-side multi-hop that can be used with all devices) Absolutely no logs without any restrictions Dedicated servers operating only in RAM disk mode Full IPv6 support (provides both IPv4 and IPv6 addresses) Customizable firewall/port-forwarding options TrackStop advertisement, tracking, and malware blocker – Cons Higher price Full VPN Manager client not available for Mac OS (but BETA client available, along with other installation options) VPN.ac VPN.ac is Romania-based VPN service with excellent overall quality for a very reasonable price. It was created by a team of network security professionals with a focus on security, strong encryption, and high-quality applications. Their VPN network is composed entirely of dedicated servers with secure, self-hosted DNS. VPN.ac’s server network provides you with great speeds and reliability (see the review for details). Performance is maximized with reliable applications and excellent bandwidth on their network at all times. (You can see their real-time bandwidth stats by selecting VPN Nodes Status at the top of the website.) For a lower-priced VPN service, VPN.ac offers an impressive lineup of features: maximum encryption strength, obfuscation features, double-hop VPN server configurations, and a secure proxy browser extension. All support inquiries are handled internally by the network security professionals who built the infrastructure. The one drawback I found is that VPN.ac maintains connection logs – but all data is erased daily. , which they clearly explain on their website. When you consider everything in relation to the price, this is one of the best values you’ll find for a premium VPN service. The VPN.ac Windows client, using a double-hop configuration. + Pros High-security VPN server network (dedicated servers, with self-hosted encrypted DNS) Excellent speeds with lots of available bandwidth Multi-hop (double VPN) server configurations Obfuscation features – Cons Advanced encryption (7 available protocols) Low price for a very advanced VPN (good value) Connection logs (no activity, erased daily) NordVPN NordVPN is a popular no logs VPN service based in Panama. Just like with ExpressVPN, NordVPN is a service that has made significant improvements over the past year. It performed well in testing for the latest update to the NordVPN review. The NordVPN apps have undergone some great updates to further protect users against the possibility of data leaks, while also adding a newly-improved kill switch to block all non-VPN traffic. As another improvement, NordVPN has rolled out a CyberSec feature that blocks advertisements, tracking, and malicious domains. And finally, NordVPN continues to work with Netflix and other streaming services. NordVPN is a great choice for privacy-focused users. Aside from the Panama jurisdiction and no-logs policies, NordVPN also provides advanced online anonymity features. These include double-hop server configurations, Tor-over-VPN servers, and also a lineup of obfuscated servers to conceal VPN traffic. NordVPN’s customer service is also top-notch. They provide 24/7 live chat support directly through their website, and all plans come with a 30 day money-back guarantee. NordVPN discount – NordVPN is currently offering a massive 77% discount on select plans, which drops the monthly rate down to only $2.75. (This is significantly cheaper than their standard rate with the annual plan at $5.75 per month.) The NordVPN Windows client. + Pros User-friendly apps 30 day money-back guarantee Multi-hop (double VPN) server configurations 24/7 live chat support No logs Competitive price Ad blocking feature – Cons Variable speeds with some servers VPNArea VPNArea is not the biggest name in the VPN industry, but this Bulgaria-based provider did well in testing for the review. They take customer privacy very seriously, with a strict no logs policy, good privacy features, and Switzerland hosting for business operations. Being based in Bulgaria, they do not fall under data-retention or copyright violation laws, which further protects their users. Aside from being a privacy-focused service, VPNArea also offers numerous servers that are optimized for streaming and torrenting. It continues to work well with Netflix, BBC iPlayer, Amazon Prime, Hulu and others. Torrenting and P2P downloads are allowed without any restrictions. They continue to improve their service with new features, including obfuscation (Stunnel) and ad-blocking through their self-hosted DNS servers. VPNArea is also one of the few VPNs that offer dedicated IP addresses. VPNArea Windows client. + Pros Competitive price No logs Great for streaming and torrenting Ad-blocking DNS servers 6 simultaneous connections (which can be shared with others) Dedicated IP addresses available – Cons Apps are somewhat busy DNS leak protection must be manually configured # # # Considerations for finding the best VPN As we already discussed, choosing the best VPN all boils down to determining which factors you consider the most important. In other words, it’s a very subjective process. Here are seven important factors to consider: Test results – How well does the VPN perform in testing? This includes both performance testing (speed and reliability) and leak testing (IP leaks and DNS leaks). Privacy jurisdiction – Where the VPN is legally based affects customer privacy. Many people avoid VPNs based in the US and other surveillance countries for this reason. For more of a discussion on this topic, see the guide on Five Eyes / 14 Eyes and VPNs. Server network – Three considerations when examining VPN servers are quality, locations, and bandwidth. Some VPNs prioritize server quality, while others prioritize locations. Also, see if you can find a real-time server status page to get an idea of available bandwidth, which will indicate performance. Privacy features – One good privacy feature for more online anonymity is a multi-hop VPN configuration. This will encrypt your traffic across two or more servers, offering more protection against surveillance and targeted monitoring. Operating system – Be sure to check out if the VPN you are considering supports the operating system you will be using. Obfuscation – Obfuscation is a key feature if you are using a VPN in China or anywhere that VPNs may be blocked. Obfuscation is also key for school and work networks that may restrict VPN use. Company policies – It’s always good to read through the company policies to see if it’s a good fit. Privacy policies, refund policies, and torrenting policies are all good to consider before signing up. There are many other factors you may want to consider when selecting the best VPN – but this is a good starting point. Best VPN speed and performance Many people are wondering how to achieve the best VPN speed. Others are wondering which VPNs are fastest. If you are using a good VPN service, you really shouldn’t notice a huge reduction in speed. Of course, the extra work that goes into encrypting/decrypting your traffic across VPN servers will affect speed, but usually it’s not noticeable. To optimize your VPN speed and achieve better performance, here are some factors to consider: Internet service provider interference – Some ISPs interfere with or throttle VPN connections. This seems to be a growing problem. Solution: use a VPN with obfuscation features, which will conceal the VPN traffic as HTTPS. (Perfect Privacy with Stealth VPN, VPN.ac with the XOR protocol, and VyprVPN with the Chameleon protocol are all good options.) High latency – You can generally expect slower speeds when you connect to servers further from your location. Using multi-hop VPN configurations will also increase latency and slow things down. Solution: Use servers closer to your location. If you utilize a multi-hop VPN chain, select nearby servers to minimize latency. Server congestion – Many of the larger VPN services oversell their servers, resulting in congestion, minimal bandwidth, dropped connections, and slow speeds. All of the recommendations on this page performed well in testing and offer adequate bandwidth for good speed. For example, see the Perfect Privacy server page and the VPN.ac server page (VPN Nodes Status at the top). Antivirus or firewall software – Antivirus and third-party firewall software often interfere with and slows down VPNs. Some software will implement their firewall on top of the default (operating system) firewall, which slows everything down. Solution: Disable the third-party firewall, or add an exception/rule for the VPN software. WiFi interference – WiFi interference or problems are unrelated to the VPN, but it can make a difference in overall speed. Solution: It may not be convenient, but using a wired connection will improve speed and security. Processing power – Many devices don’t do well with the extra processing power that is needed for VPN encryption/decryption. This is especially the case with older computers, routers, and mobile devices. Solution: Switch devices or upgrade to a faster processor (higher CPU). Network setup – Some networks do not work well with certain VPN protocols. Solution: The best solution is to experiment with different VPN protocols and/or ports (OpenVPN UDP / TCP / ECC / XOR, IPSec, etc.). Some VPN providers also allow you to modify MTU size, which may improve speed. To achieve the best VPN speed possible, it’s a good idea to experiment with the different variables. Assuming the servers are not overloaded with users, the two main ways to optimize performance are choosing a nearby server with low latency and selecting the right protocol. As mentioned above, the best protocol may vary depending on your unique situation. Best VPN services for streaming Many people who enjoy streaming are turning to VPNs to unlock content that is blocked or restricted and also gain a higher level of privacy. As mentioned above, the best all-around VPN for streaming is ExpressVPN because it always works with Netflix and other streaming services, it offers a huge lineup of apps, and the customer support is great. Another solid choice for streaming is VPNArea. Using a VPN with Netflix will allow you to access all the content you want wherever you are located in the world. Below I am accessing US Netflix from my location in Europe, using an ExpressVPN server in Washington, D.C. VPNs to avoid in 2018 There are a lot of different VPNs on the market – so it’s a good idea to consider your choices carefully. The problem, however, is that the internet is full of disinformation concerning VPNs. Large sites are often paid lots of money to promote inferior services. But this is no secret. With that being said, here are some important details that many of the larger websites are hiding from their readers: PureVPN – PureVPN is recommended by some big websites, but there are many red flags. When testing everything for the PureVPN review, I found IPv4 leaks, IPv6 leaks, DNS leaks, broken features (kill switch) and a host of other speed and connection problems. Also concerning, I learned that PureVPN was caught logging user data and handing this information over to US authorities – all despite having a “zero log policy” and promising to protect user privacy. Betternet – Betternet is a Canada-based provider that is known for offering a free VPN service. Unfortunately, when I tested everything for the Betternet review I found the service to leak IP addresses (both IPv4 and IPv6) as well as and DNS requests. An academic research paper also listed Betternet as #4 on the Top 10 most malware-infected Android VPN apps, while also embedding tracking libraries in their apps. Scary stuff, considering that VPNs are supposed to provide privacy and security (but that’s why you don’t use a free VPN). Betternet’s Android VPN app tested positive for malware by 13 different antivirus tools (AV-rank 13) !!! Hotspot Shield – Hotspot Shield is another troublesome VPN service with a well-documented history or problems. Hotspot Shield VPN was directly identified in a research paper for “actively injecting JavaScript codes using iframes for advertising and tracking purposes” with their Android VPN app. The same study also found a large presence of tracking libraries in the VPN app’s source code. Hotspot Shield was also in the news for a critical flaw in their VPN app which reveals the user’s identity and location. Hidemyass – HideMyAss is a UK-based VPN provider with a troubling history. Despite promising to protect user privacy, HideMyAss was found to be turning over customer data to law enforcement agencies around the world. VPN Unlimited – Extensive testing of the VPN Unlimited apps identified numerous leaks. This screenshot illustrates IPv6 leaks, WebRTC leaks, and DNS leaks with the VPN Unlimited Windows client. Leaks with VPN Unlimited Of course, there are many examples of problematic VPNs. But you can test your VPN to also check for issues that may affect your privacy and security. If you’re serious about privacy and online freedom… Start using a VPN whenever you go online. In just the last few years we’ve seen a number of unprecedented developments in corporate and government mass surveillance: Internet service providers in the United States can now legally record online browsing history and sell this data to third parties and advertisers. Mass surveillance also continues unabated… Residents of the United Kingdom are having their online browsing history, calls, and text messages recorded for up to two years (Investigatory Powers Act). This private information is freely available to various government agencies and their global surveillance partners. Australia has also recently implemented mandatory data retention laws, which require the collection of text messages, calls, and internet connection data. Free speech and free thought are increasingly under attack all around the world. While this has traditionally been a problem in China and other Middle Eastern countries, it is increasingly common throughout the Western world. Here are a few examples fo what we see unfolding: YouTube videos that are blocked or censored. Social media accounts, tweets, posts, and/or entire platforms that are blocked. Websites of all different varieties (torrenting, Wikipedia, news, etc.) blocked. What you are seeing is the continual erosion of privacy and online freedom. And it’s happening throughout the world. The point here is not to sound alarmist, but instead to illustrate these trends and how they affect you. The good news is that there are very effective solutions for these problems. You can protect yourself right now with a good VPN and other privacy tools. Stay safe! Recap – Best VPNs for Privacy, Security, and Speed SOURCE
  4. Betternet Free VPN is a free multi-platform app that allows users to connect anonymously to the internet. A VPN or virtual private network sends your internet connection through a separate server meaning that any website you visit will not be able to track your location. This can be used for a number of reasons from accessing region-locked content to simply wanting to avoid being tracked. While many VPN services have an annual charge Betternet Free VPN does not. Homepage: https://www.betternet.co/ Download: https://control.kochava.com/v1/cpi/click?traffic_source=organic&campaign_id=kobetternet-windows-0xvqb82z5431ed7d40d2f&network_id=6184&site_id=1&device_id=device_id ============================== Cracker/Team: Jasi2169 / TEAM URET Medicine: Crack File Size: 0.99 MB Site: https://www.upload.ee Sharecode[?]: /files/8473047/Betternet.VPN.For.Windows.v4.1.0_Crack-URET.rar.html ==============================
  5. Is there a recent summary/review of available "methods" for new Windows 10 installations; comparing the pros and cons of each method. I am currently using windows 7, and want to install a stable Windows 10 version, without extra "features", controlling the updates (if any), no telemetry (https://github.com/Nummer/Destroy-Windows-10-Spying) or other privacy breaches; Basically working as Windows 7 with updates turned off.. I thought that Windows 10 Enterprise 2016 LTSB and turning of telemetry might be the simplest way to do this? I found this Guide, but it seems that the original post has been deleted (only the comments are left): https://www.reddit.com/r/Piracy/comments/6dvkbt/full_guide_installing_activating_windows_10_ltsb/
  6. Two Danish ISPs have won their long-running battle to prevent the identities of alleged pirates being handed over to copyright trolls. With the trolls' activities being described as "mafia-like", ISPs Telenor and Telia argued that IP address logs should only be used in serious criminal cases. In a ruling handed down Monday, one of Denmark's highest courts agreed, stopping the copyright trolls in their tracks. With waves of piracy settlement letters being sent out across the world, the last line of defense for many accused Internet users has been their ISPs. In a number of regions, notably the United States, Europe, and the UK, most ISPs have given up the fight, handing subscriber details over to copyright trolls with a minimum of resistance. However, there are companies out there prepared to stand up for their customers’ rights, if eventually. Over in Denmark, Telenor grew tired of tens of thousands of requests for subscriber details filed by a local law firm on behalf of international copyright troll groups. It previously complied with demands to hand over the details of individuals behind 22,000 IP addresses, around 11% of the 200,000 total handled by ISPs in Denmark. But with no end in sight, the ISP dug in its heels. “We think there is a fundamental legal problem because the courts do not really decide what is most important: the legal security of the public or the law firms’ commercial interests,” Telenor’s Legal Director Mette Eistrøm Krüger said last year. Assisted by rival ISP Telia, Telenor subsequently began preparing a case to protect the interests of their customers, refusing in the meantime to comply with disclosure requests in copyright cases. But last October, the District Court ruled against the telecoms companies, ordering them to provide identities to the copyright trolls. Undeterred, the companies took their case to the Østre Landsret, one of Denmark’s two High Courts. Yesterday their determination paid off with a resounding victory for the ISPs and security for the individuals behind approximately 4,000 IP addresses targeted by Copyright Collection Ltd via law firm Njord Law. “In its order based on telecommunications legislation, the Court has weighed subscribers’ rights to confidentiality of information regarding their use of the Internet against the interests of rightsholders to obtain information for the purpose of prosecuting claims against the subscribers,” the Court said in a statement. Noting that the case raised important questions of European Union law and the European Convention on Human Rights, the High Court said that after due consideration it would overrule the decision of the District Court. The rights of the copyright holders do not trump the individuals right to privacy, it said. “The telecommunications companies are therefore not required to disclose the names and addresses of their subscribers,” the Court ruled. Telenor welcomed the decision, noting that it had received countless requests from law firms to disclose the identities of thousands of subscribers but had declined to hand them over, a decision that has now been endorsed by the High Court. “This is an important victory for our right to protect our customers’ data,” said Telenor Denmark’s Legal Director, Mette Eistrøm Krüger. “At Telenor we protect our customers’ data and trust – therefore it has been our conviction that we cannot be forced into almost automatically submitting personal data on our customers simply to support some private actors who are driven by commercial interests.” Noting that it’s been putting up a fight since 2016 against handing over customers’ data for purposes other than investigating serious crime, Telenor said that the clarity provided by the decision is most welcome. “We and other Danish telecom companies are required to log customer data for the police to fight serious crime and terrorism – but the legislation has just been insufficient in relation to the use of logged data,” Krüger said. “Therefore I am pleased that with this judgment the High Court has stated that customers’ legal certainty is most important in these cases.” The decision was also welcomed by Telia Denmark, with Legal Director Lasse Andersen describing the company as being “really really happy” with “a big win.” “It is a victory for our customers and for all telecom companies’ customers,” Andersen said. “They can now feel confident that the data that we collect about them cannot be disclosed for purposes other than the terms under which they are collected as determined by the jurisdiction. “Therefore, anyone and everybody cannot claim our data. We are pleased that throughout the process we have determined that we will not hand over our data to anyone other than the police with a court order,” Andersen added. But as the ISPs celebrate, the opposite is true for Njord Law and its copyright troll partners. “It is a sad message to the Danish film and television industry that the possibilities for self-investigating illegal file sharing are complicated and that the work must be left to the police’s scarce resources,” said Jeppe Brogaard Clausen of Njord Law. While the ISPs finally stood up for users in these cases, Telenor in particular wishes to emphasize that supporting the activities of pirates is not its aim. The company says it does not support illegal file-sharing “in any way” and is actively working with anti-piracy outfit Rights Alliance to prevent unauthorized downloading of movies and other content. The full decision of the Østre Landsret can be found here (Danish, pdf) Source
  7. With flak still flying in the battle over the privacy of data shared on social networks, consumer advocates are raising a red flag about the data that is being collected and shared using another type of consumer platform: automobiles. Manufacturers such as BMW, General Motors (GM), Nissan, Tesla and Toyota are selling vehicles with data connections that allow them to gather detailed portraits of both car and driver, according to a report posted online by consumer watchdog organization Consumer Reports. Since these technologies are in the early stages of rollout, the automobile industry still has time to get a handle on how it will protect consumer privacy in light of the collection of this data—and it should do this as soon as possible, the advocacy group believes. Social-media data sharing is already “out of hand”—hence the ongoing debate over and scrutiny of data-privacy policies of Facebook and others, said Jeff Plungis, Consumer Reports lead automotive investigative reporter and author of the report. However, the collection of car and driver data has been “a slow evolution of different types of technologies that seem to be suddenly arriving at a critical mass,” he told Security Ledger. “There’s an opportunity for the auto industry to get the privacy concerns right,” he said. “That’s why it’s worth paying attention right now [to this issue] with cars. This part of their business is just now getting under way.” New technology, new rules For several decades, cars have had a variety of onboard sensors and rudimentary computer controls to help coordinate systems such as antilock brakes, fuel injection, airbags and emissions, according to Consumer Reports. Using the onboard diagnostic port (OBD-II), data from these systems could be accessed during diagnostic sessions at a mechanic’s or a dealership, or after a crash through event data recorders (EDRs). Concerned about consumer privacy, in 2015 Congress passed a the Driver Privacy Act, making it clear that data from these systems belongs to a car’s owner and can’t be used against a driver in court in case of an accident or other type of incident. In other words, “you can prevent your car from testifying against you,” Plungis said. However, thanks to the Internet of things (IoT), new cars are beginning to share data with auto makers over the air thanks to a telematics modem that transmits data like a SIM card transmits data from a mobile device. “This is a chip that’s pre-installed in your car and it’s sending a stream of data back to the car company,” Plungis explained. Data the chip transmits include the status of certain systems in the car and how parts of the car are operating—which could include things like when a driver brakes or how he or she steers the car, potentially in emergency situations or even accidents, he said. Other emerging data-collection features in vehicles include sophisticated ways to monitor drivers using cameras, Plungis said. GM’s Super Cruise feature—available on models like the Cadillac CT6–is an example of this, he said. “It’s a cruise-control function that not only takes over the acceleration but also the breaking and also the steering while it’s engaged,” Plungis explained. “Because none of these systems is fully self-driving yet, the human driver in every case on the road today has to serve as the back-up, and has to be paying attention in case something happens.” To make sure that happens, Super Cruise has a camera on the steering column that monitors the driver’s attention through eye and other body movements. “If you’re looking at your phone or you turn your head, it will issue warnings, and if you don’t respond, it will pull over and stop on the side of the road,” Plungis said of the feature. But what if the camera actually records video and GM has access to that video, Plungis wonders. He said that Consumer Reports spoke with the automaker and officials said they are not recording video images through this feature. Still, “If there is video or audio or other kind of highly sensitive information such as precise geo-location [being recorded], all of that data needs special attention and special controls,” he said. While auto makers want to use this data to help them refine the design of their cars, it also has the potential to be used against the driver in case of an accident or misused in another way, he said. And at this time, it’s not clear whether the Driver Privacy Act giving ownership of car data to consumers applies to data that’s transmitted over the air to auto companies, Plungis said. “It seems like there may be a loophole that’s emerged to override this important consumer protection,” he said. Consumer protection a top priority To help close that loophole, Consumer Reports has some basic guiding principles for automobile manufacturers to keep data collected in their cars in the hands of the owners of those vehicles so it can’t be shared or used without their consent. First, the group believes that the data collected should be as narrowly defined and closely targeted as possible, Plungis said. Automakers also must clearly articulate in ways that consumers understand and acknowledge how their data is being collected and potentially shared, he said. “So there is a fear that automakers do already disclose what are their policies, but they may not disclose it at a time or place where the consumer actually understands what’s going on,” Plungis said. Instead, automakers must present to the consumer exactly what data they are collecting and how it’s being collected “in a way that’s easy to understand and the consumer actually knows where the data is going and how it’s going to be used,” he said. Automakers also must notify customers in specific instances when they plan to share data with other stakeholders—for example, insurance companies—and not just blanket these deals in a broader disclosure clause that consumers may not read or understand. “They need to let people know that something material has changed,” Plungis said. Auto makers should also give consumers a choice when it comes to data sharing, allowing them to opt in or out of this type of activity, he said. “We definitely believe that when it comes to automotive data the car that you own is generating, you are the owner of that data, and the car companies are borrowing it with your permission.” < Here >
  8. Coalitions representing more than 670 companies and 240,000 members from the entertainment sector has written to Congress urging a strong response to the Facebook privacy fiasco. The groups, which include all the major Hollywood studios and key players from the music industry, are calling for Silicon Valley as a whole to be held accountable for whatever appears on their platforms. It has been a tumultuous few weeks for Facebook, and some would say quite rightly so. The company is a notorious harvester of personal information but last month’s Cambridge Analytica scandal really brought things to a head. With Facebook co-founder and Chief Executive Officer Mark Zuckerberg in the midst of a PR nightmare, last Tuesday the entrepreneur appeared before the Senate. A day later he faced a grilling from lawmakers, answering questions concerning the social networking giant’s problems with user privacy and how it responds to breaches. What practical measures Zuckerberg and his team will take to calm the storm are yet to unfold but the opportunity to broaden the attack on both Facebook and others in the user-generated content field is now being seized upon. Yes, privacy is the number one controversy at the moment but Facebook and others of its ilk need to step up and take responsibility for everything posted on their platforms. That’s the argument presented by the American Federation of Musicians, the Content Creators Coalition, CreativeFuture, and the Independent Film & Television Alliance, who together represent more than 650 entertainment industry companies and 240,000 members. CreativeFuture alone represents more than 500 companies, including all the big Hollywood studios and major players in the music industry. In letters sent to the Senate Committee on the Judiciary; the Senate Committee on Commerce, Science, and Transportation; and the House Energy and Commerce Committee, the coalitions urge Congress to not only ensure that Facebook gets its house in order, but that Google, Twitter, and similar platforms do so too. The letters begin with calls to protect user data and tackle the menace of fake news but given the nature of the coalitions and their entertainment industry members, it’s no surprise to see where this is heading. “In last week’s hearing, Mr. Zuckerberg stressed several times that Facebook must ‘take a broader view of our responsibility,’ acknowledging that it is ‘responsible for the content’ that appears on its service and must ‘take a more active view in policing the ecosystem’ it created,” the letter reads. “While most content on Facebook is not produced by Facebook, they are the publisher and distributor of immense amounts of content to billions around the world. It is worth noting that a lot of that content is posted without the consent of the people who created it, including those in the creative industries we represent.” The letter recalls Zuckerberg as characterizing Facebook’s failure to take a broader view of its responsibilities as a “big mistake” while noting he’s also promised change. However, the entertainment groups contend that the way the company has conducted itself – and the manner in which many Silicon Valley companies conduct themselves – is supported and encouraged by safe harbors and legal immunities that absolve internet platforms of accountability. “We agree that change needs to happen – but we must ask ourselves whether we can expect to see real change as long as these companies are allowed to continue to operate in a policy framework that prioritizes the growth of the internet over accountability and protects those that fail to act responsibly. We believe this question must be at the center of any action Congress takes in response to the recent failures,” the groups write. But while the Facebook fiasco has provided the opportunity for criticism, CreativeFuture and its colleagues see the problem from a much broader perspective. They suck in companies like Google, which is also criticized for shirking its responsibilities, largely because the law doesn’t compel it to act any differently. “Google, another major global platform that has long resisted meaningful accountability, also needs to step forward and endorse the broader view of responsibility expressed by Mr. Zuckerberg – as do many others,” they continue. “The real problem is not Facebook, or Mark Zuckerberg, regardless of how sincerely he seeks to own the ‘mistakes’ that led to the hearing last week. The problem is endemic in a system that applies a different set of rules to the internet and fails to impose ordinary norms of accountability on businesses that are built around monetizing other people’s personal information and content.” Noting that Congress has encouraged technology companies to prosper by using a “light hand” for the past several decades, the groups say their level of success now calls for a fresh approach and a heavier touch. “Facebook and Google are grown-ups – and it is time they behaved that way. If they will not act, then it is up to you and your colleagues in the House to take action and not let these platforms’ abuses continue to pile up,” they conclude. But with all that said, there is an interesting conflict that develops when presenting the solution to piracy in the context of a user privacy fiasco. In the EU, many of the companies involved in the coalitions above are calling for pre-emptive filters to prevent allegedly infringing content being uploaded to Facebook and YouTube. That means that all user uploads to such platforms will have to be opened and scanned to see what they contain before they’re allowed online. So, user privacy or pro-active anti-piracy filters? It might not be easy or even legal to achieve both. https://torrentfreak.com/facebook-privacy-fiasco-sees-congress-urged-on-anti-piracy-action-180420/
  9. The by default highly questionable set options concerning privacy and data protection in Windows 10 brought me to the idea for the development of this little program. Microsoft generously enables everybody to change the concerning settings, but hides them in countless menus, where a normal user does not want to search for! The program should therefore be a help, to display the available settings relatively clearly and to set the desired options if necessary. The primary focus is on settings for Windows 10 and its apps (for example the new browser "Edge"). The program will be expanded gradually, if possible and available, with the corresponding Windows 8.1 features in the future. W10Privacy is certainly no programming masterpiece, but meets my envisaged purpose. The software is still in an early development phase: suggestions and requests will be gladly accepted and considered, if necessary, in the further development! Manual/Instructions + Screenshots - EN Manual/Instructions + Screenshots - DE Changes in 3.1.0.0 (17.04.2018) - Add additional privacy settings, as well as a setting for the search function and Cortana - Supplement to the options "retrieve search suggestions and web results disable through Bing" and "disable Windows smart screen" for more Registry Keys. These setting have been set, these will be displayed, now with the new W10Privacy Version first as inactive. The settings are enable again. Removal of one of the two options regarding the refusal to grant the App access to the diagnostic functions ("_app_zugriff_diagnose"). Due to a typing error, the second setting was listed as a separate setting. Many thanks to Joachim for the hint! Homepage Download page Download SHA256-Hash: d892fa2ec007ad20c85c33edea60bf9e26aa8bf5416a98afaa6bd3389726f943 @Geez Portable Online - Mirror: First screen enter: 1523363058 Site: https://www.mirrorcreator.com Sharecode[?]: /files/1AG4NUKR/W10Privacy_Portable_x.x_Rev1_Multilingual_Online.exe_links
  10. In our series on privacy and security, we delve into true VPNs, secure and anonymizing web proxies, browser VPNs, and explain what to look for in a VPN service. Normally, a connection between your browser and a website passes from your browser to your computer, from your computer to your WiFi or home network (if you have one), from your home network to your Internet Service Provider (ISP), from your ISP to your country’s national Internet operators, from your country’s national Internet operators to the website’s country’s national Internet operators, from the website’s country’s national Internet operators to the website’s hosting provider, from the website’s hosting provider to the website. That is a lot of steps! In fact, the traffic can even pass through other countries on the way, depending on where in the world you and the website are located. No pretense of privacy on insecure connections With an insecure connection, anyone who controls or shares any part of that connection, can see the data that was sent over the connection – whether it’s someone else on your computer, network, your ISP, the operators of the various sections of the Internet along the way, your government and the governments of any countries along the way, the hosting provider, or anyone else who owns a website on the same host. It’s all visible. Data sent over secure connections When a website offers a secure connection (HTTPS URLs with valid certificates and high-grade encryption), and you make use of it, the data sent over the connection can only be seen by your browser and the website. Wait, is it that simple? Not really. In order to make the connection, the browser has to look up the website’s IP address using a DNS service, usually provided by your ISP. It then uses that IP address to make the connection. This means that anyone monitoring the connection will see the website’s domain being sent out in a DNS request, and can, therefore, work out what website you are connecting to, even if they cannot see what is being sent. Even if you are able to use a secure DNS service, when the browser connects to the website anyone monitoring the connection can see which IP address is being connected to, and can use a reverse DNS lookup to work out what website you are visiting. Enter VPNs When people use a VPN for browsing, it is normally because they want to do one of two very different things: Hide their network communication from other users of their local network, their ISP, or an oppressive authority. Hide their IP address from the website, for privacy reasons, or just to access a website which blocks access to connections from certain countries. In their purest form, VPNs offer a way to securely connect your computer to another network, such as your employer’s work network. When your computer tries to send data over the network, a VPN service on your computer encrypts the data, sends it over via the Internet to the destination VPN server, which sits on the network you want to connect to. It decrypts the network traffic and sends it over the destination network as if your computer had done it itself. The responses from the network are sent back to your computer in the same way. Anyone monitoring any other part of the connection along the way cannot see what was sent, or which computer on the destination network your computer was connecting to. Sounds good but is this what most VPN services actually do? The answer is “no.” This is where proxies come in. Proxy services explained A proxy is a service that makes requests to websites on behalf of your computer. The browser is set up to connect via the proxy. When the browser starts to load a website, it connects to the proxy in the same basic way that it would connect to a website, and makes its request. The proxy then makes the request to the website on behalf of the browser, and when the website responds, it sends the response back to the browser. This may appear to offer the privacy benefit of not allowing the website to see your IP address (appealing to the second group of users), but a regular proxy will, in fact, send your IP address to the website using the X-Forwarded-For header. After all, the proxy owners would not want to be blamed if you were to try to attack the website – this way, the website owners will know it was actually an attack coming from your IP address. Of course, you could also try to add a fake X-Forwarded-For header to your requests to try to pin the blame on someone else, but websites can use a list of known and trusted proxy addresses to determine if your X-Forwarded-For header is likely to be fake. Most proxies, known as HTTPS proxies, can also pass secure connections directly to the website unmodified since they cannot decrypt them without the website’s certificates. This allows HTTPS websites to be used through a proxy. A proxy may also try to decrypt the connection, but to do so, it must present a fake certificate – its own root certificate – to the browser, which the browser will recognize as untrusted, and show an error message in order to protect you from the interception. This is sometimes used for debugging websites, and when doing so, the person who is testing will need to accept the proxy’s certificate. It is also sometimes done by antivirus products so that they can scan the connection. Secure web proxies Secure web proxies allow the connection to be made to the proxy securely, even if the website being connected to is using an HTTP (or insecure HTTPS) connection. This has the privacy benefit of preventing other users of your local network from seeing the network data (appealing to the first group of users). They can see that you are connecting to a secure web proxy (though the connection really just looks like a secure website connection), but they cannot see what data is being sent over that connection. Of course, the website can still see the X-Forwarded-For header, so it will still know your IP address (undesirable for the second group of users). To be trustworthy, a secure web proxy also uses certificates to prove its identity, so you can know that you are connecting to the right secure web proxy – otherwise, someone could intercept your proxy connection, and present a fake secure web proxy, so that they could monitor your connection to it. Anonymising proxies An anonymizing proxy is basically just a proxy or secure web proxy that does not send the X-Forwarded-For header when connecting to websites. This means that the website cannot see your IP address, making you anonymous to the website (appealing to the second group of users). Some services also offer the option of intercepting the page to remove JavaScript and other unwanted content, but this means that you also must supply the proxy owner with any logins, and the proxy owner is able to see what you are doing, even on secure websites. It just swaps one privacy risk for another privacy risk. It would appear that an anonymizing secure web proxy would solve both cases at once, but it is not that simple, and there are many other things to consider, e.g. how your network and computer are set up. Your computer may also send out DNS requests when you connect to a website, CRL and OCSP requests when using website certificates (if CRLSet is not available), and the browser may also send out other requests, such as malware protection blacklist requests, or thumbnail requests. This is where a VPN can be better (but it is important to note that most are not). It also means that if a user uses the proxy to launch an attack, the proxy service will get the blame. To avoid this, the proxy owners may throttle connections, or require logins, and keep logs of connections, so that the correct person can be held accountable. This defeats the purpose for anyone trying to use the proxy for privacy. What to look out for in a VPN service In most cases, VPN services are nothing more than an anonymizing secure web proxy labeled as “VPN”. They often claim that they “secure website connections” or “encrypt your website connections”. Neither of these are true but many companies resort to phrases like these to keep up with the competition. A VPN service of this kind cannot possibly secure a connection to a website, because it only controls part of that connection. In other words, the VPN is not being used as a pure VPN, it is being used as a proxy. While the connection passes securely between your browser and the VPN server, it then has to leave the VPN server’s network and return to the Internet in order to connect to the website. The website connection is just as insecure (or secure if it uses HTTPS) as it’s always been. The connection could still be intercepted during the second half of its journey. All the VPN can do in this case, is to add a little privacy over part of the connection. In addition, secure (HTTPS) connections are about a lot more than just encryption. They also provide assurances that the connection goes to a website that owns a trusted certificate which proves that nobody has intercepted the connection and presented a fake copy of the website. A VPN cannot alter that, and it cannot turn an insecure connection into a secure connection. Without the certificate handling, even a completely encrypted connection is not secure. Enhancing privacy When talking about VPNs, we desperately need to move away from using “secure” and start talking about enhancing privacy, because that is what a secure web proxy or VPN-as-a-proxy actually does. In theory, a VPN-as-a-proxy would not need to be anonymizing, but in practice they almost all are. The biggest difference between a secure web proxy and a VPN-as-a-proxy is that the VPN – when using a proper VPN service on the computer – can capture all relevant traffic, not just the traffic initiated by the browser. A VPN can also capture the DNS, OCSP, CRL, and any other stray traffic generated by the browser which may not relate to the website connection itself (such as malware protection checks). In some cases, the browser may be able to reduce the amount of these when using a secure web proxy, such as making its own DNS requests, but there are still cases which cannot be reliably captured on all systems. Therefore a VPN-as-a-proxy is better than a secure web proxy which is pretending to be a VPN. Browser VPNs If a browser application offers a feature, or an extension, that claims to be a VPN that works just for that single application, it is a good sign that it is not actually a VPN but an anonymizing secure web proxy. This doesn’t make it bad, it just means that it’s likely to have limitations that prevent it from capturing all traffic related to the connection. It may not capture DNS traffic (but in some cases, it can, depending on the implementation). It may not capture certificate revocation checks made by the system. This means that although it may hide the majority of the traffic, it might still allow little bits of information to get past the proxy, and someone who is monitoring the network traffic from your computer might still be able to work out what websites you are visiting – an important privacy consideration if you belong to the first group of users. A VPN-as-a-proxy is much better in this case as it captures all traffic from the computer. This does mean that you would not have the same choice; either all traffic from all applications goes through the VPN, or nothing does. You cannot just have the traffic from a single application go through the VPN. However, both an anonymizing VPN-as-a-proxy and an anonymizing secure web proxy can be quite effective at hiding your IP address from the website, so the second group of users can be well covered. Other tips Disable any plug-ins which might reveal your IP address via other means. In Vivaldi, disable broadcasting of your local IP address with WebRTC (Settings – Privacy – WebRTC IP Handling – Broadcast IP for Best WebRTC Performance). Use a clean profile or private browsing mode, to remove any existing cookies or cached files that can be used for identification. Stay tuned for more tips in our series on privacy and security. < Here >
  11. Avast Secure Browser 64.0.388.186 Avast Secure Browser is an updated version of the Avast SafeZone browser. It's a 32-bit Chrome knife: Browser includes a Security and Privacy Center where you can select a set of inbuild tools and features to protect your online activities: - stealth mode - anti-fingerprinting - anti-phishing - anti-tracking - https encryption - password manager - extension guard - privacy cleaner - flash blocker Other functions: - Video Downloader allows you to save any video and audio files in one click Optional: - Avast Free Antivirus - Banking mode (Avast Free Antivirus is required) - SecureLine VPN (requires the installation of Avast SecureLine VPN) Homepage: https://www.avast.com/en-gb/secure-browser Download installer for Win 7, 8, 10, 2.5 MB: https://cdn-download.avastbrowser.com/avast/avast_secure_browser_setup.exe
  12. The by default highly questionable set options concerning privacy and data protection in Windows 10 brought me to the idea for the development of this little program. Microsoft generously enables everybody to change the concerning settings, but hides them in countless menus, where a normal user does not want to search for! The program should therefore be a help, to display the available settings relatively clearly and to set the desired options if necessary. The primary focus is on settings for Windows 10 and its apps (for example the new browser "Edge"). The program will be expanded gradually, if possible and available, with the corresponding Windows 8.1 features in the future. W10Privacy is certainly no programming masterpiece, but meets my envisaged purpose. The software is still in an early development phase: suggestions and requests will be gladly accepted and considered, if necessary, in the further development! Manual/Instructions + Screenshots - EN Manual/Instructions + Screenshots - DE Changes in 3.0.0.0 (10.04.2018) - Add additional options for Windows 10, 1803, and the adjustment of existing settings, so that these are to be formally published Version compatible. - Add additional options, which versions are in some cases also for older Windows valid. - All App-related settings are now found in the newly created "Apps". - small improvements Homepage Download page Download SHA256-Hash: 4a531da2f9b0c97fc0aad4bdef2106b51889a8407e2478915467b5b1c7e6060a @Geez Portable Online - Mirror: First screen enter: 1523363058 Site: https://www.mirrorcreator.com Sharecode[?]: /files/1AG4NUKR/W10Privacy_Portable_x.x_Rev1_Multilingual_Online.exe_links
  13. A few tools to help you surf the web privately In the aftermath of Facebook’s Cambridge Analytica scandal, now might be a good time to take care of the data that is being harvested thru your browser when you surf the web. Below is a non-exhaustive list of the tools I use when surfing the web that help make my online experience more secure. Let me know if you use any others you think are important — I’m happy to add them. Browser — watching over your shoulder If you are not entirely comfortable with the Google Privacy White Paper, there are plenty of options: Firefox Quantum, Brave and Chromium, and Firefox Focus (for mobile). If you are worried about losing speed, WIRED says Firefox Quantum is faster than Chrome: You have no reason not to switch — unless you don’t care about your private life. By the way, you can check to see what Google knows about you in “My Activity.” Search Engine — it is like your BBF: you tell them everything. Q: Would you show your mom everything you type in your search engine? A: I would not. Remember: companies leak data — and we give a lot of data to companies. Below is an example of what you give to Google when you use their search engine: Source: Google And if you you sign up for an account — and remain logged in — they collect the following: Source: Google Even Apple collects data through Safari to gather user’s habits. Again, why should you care about the data collected through your browser? Information profiles build up — and sometimes data leaks. The bad news is that those leaks are becoming ubiquitous. Check out the graphic below, and keep scrolling down — I’ll see you at the bottom: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ I think you can safely assume that your personal data will be leaked at some point in your life. Google has leaked data in the past. Imagine for a sec, if you can, the whole data set that Google has (owns?) about you. Actually, back in the day, AOL leaked the data of 650,000 users. An AOL user who discussed the leak with a reporter at the time said: So, which search engine can you use instead? DuckDuckGo has done a fantastic job over the last few years. I have also tried Ixquick and Qwant in the past. https://duckduckgo.com/traffic A few more tips to protect your search privacy: 1. Don’t put personally identifying information in your search terms 2. Don’t use your ISP’s search engine 3. Don’t login to your search engine or related tools 4. Block “cookies” from your search engine 5. Vary your IP address (intermediate) 6. Use web proxies and anonymizing software like Tor (advanced) What about the rest of your browser? Browser extensions A tremendous part of your online life goes thru your browser. You should set it up right. HTTPS everywhere I use HTTPS everywhere to encrypt all my traffic. For you to understand why you should encrypt your traffic, take a look at Eric Butler’s Firesheep — from a WIRED article in 2010: That is why you should encrypt your traffic. Now, on to the next one. Privacy Badger by Electronic Frontier Foundation What is it? Fair enough, and you might already be using an ad blocker, right? Like Disconnect, Adblock Plus, or Ghostery? And you might be wondering: why use Privacy Badger instead if it does not block all ads? From the Electronic Frontier Foundation team who built Privacy Badger: A note: Electronic Frontier Foundation’s founder John Perry Barlow passed away last month. If you still haven’t read his beautiful and visionary memorandum on the web: here it is. Back to extensions — last but not least: DuckDuckGo’s browser extension— Black Mirror for websites It does a few things and has some overlap with the above extensions. But above all, its Privacy Grade shows how a website can be trusted — it is like Black Mirror for websites. Here is Medium’s grade, for instance: Not too bad — but I think you can do better, Medium Staff. Drum roll — and just because we are in the midst of Facebook’s Cambridge Analytica scandal: Boom. Worst grade. Well done Facebook. I guess you can #DeleteFacebook. (Interestingly, you’ll note that no tracker tracks you while you are on Facebook’s website.) I hope this post was useful and will allow you to practice more secure web browsing! Thanks for reading. Source
  14. Some cybersecurity experts and regular users were surprised to learn about a Chrome tool that scans Windows computers for malware. But there’s no reason to freak out about it. The browser you likely use to read this article scans practically all files on your Windows computer. And you probably had no idea until you read this. Don’t worry, you’re not the only one. Last year, Google announced some upgrades to Chrome, by far the world’s most used browser—and the one security pros often recommend. The company promised to make internet surfing on Windows computers even “cleaner” and “safer ” adding what The Verge called “basic antivirus features.” What Google did was improve something called Chrome Cleanup Tool for Windows users, using software from cybersecurity and antivirus company ESET. Tensions around the issue of digital privacy are understandably high following Facebook's Cambridge Analytica scandal, but as far as we can tell there is no reason to worry here, and what Google is doing is above board. In practice, Chome on Windows looks through your computer in search of malware that targets the Chrome browser itself using ESET’s antivirus engine. If it finds some suspected malware, it sends metadata of the file where the malware is stored, and some system information, to Google. Then, it asks you to for permission to remove the suspected malicious file. (You can opt-out of sending information to Google by deselecting the “Report details to Google” checkbox.) Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer. “In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation—even just to preemptively ease speculation,” Shortridge told me in an online chat. “Their intentions are clearly security-minded, but the lack of explicit consent and transparency seems to violate their own criteria of ‘user-friendly software’ that informs the policy for Chrome Cleanup [Tool].” Her tweet got a lot of attention and caused other people in the infosec community—as well as average users such as me—to scratch their heads. “Nobody likes surprises,” Haroon Meer, the founder at security consulting firm Thinkst, told me in an online chat. “When people fear a big brother, and tech behemoths going too far...a browser touching files it has no business to touch is going to set off alarm bells.” Now, to be clear, this doesn’t mean Google can, for example, see photos you store on your windows machine. According to Google, the goal of Chrome Cleanup Tool is to make sure malware doesn’t mess up with Chrome on your computer by installing dangerous extensions, or putting ads where they’re not supposed to be. As the head of Google Chrome security Justin Schuh explained on Twitter, the tool’s “sole purpose is to detect and remove unwanted software manipulating Chrome.” Moreover, he added, the tool only runs weekly, it only has normal user privileges (meaning it can’t go too deep into the system), is “sandboxed” (meaning its code is isolated from other programs), and users have to explicitly click on that box screenshotted above to remove the files and “cleanup.” In other words, Chrome Cleanup Tool is less invasive than a regular “cloud” antivirus that scans your whole computer (including its more sensitive parts such as the kernel) and uploads some data to the antivirus company’s servers. But as Johns Hopkins professor Matthew Green put it, most people “are just a little creeped out that Chrome started poking through their underwear drawer without asking.” That’s the problem here: most users of an internet browser probably don’t expect it to scan and remove files on their computers. When reached out for comment, a Google spokesperson redirected me to the blog post from last year and Schuh’s tweets. A section in Chrome’s Privacy Whitepaper explains that “Chrome periodically scans your device to detect potentially unwanted software.” That exact language has been there since at least January of 2017, according to archived versions of the whitepaper. And similar language (“Chrome scans your computer periodically for the sole purpose of detecting potentially unwanted software”) has been there for even longer. Martijn Grooten, the editor of Virus Bulletin and organizer of one of the premiere antivirus conferences in the world, told me in a Twitter chat that the behavior of the Chrome Cleanup Tool was “sensible.” “For almost all users, this seems really harmless, and for those who are extremely concerned about Google seeing some metadata, maybe they shouldn't be running Google's browser in the first place,” he said. This story has been updated to include a quote from Kelly Shortridge. Source
  15. Facebook has been collecting call records and SMS data from Android devices for years. Several Twitter users have reported finding months or years of call history data in their downloadable Facebook data file. A number of Facebook users have been spooked by the recent Cambridge Analytica privacy scandal, prompting them to download all the data that Facebook stores on their account. The results have been alarming for some. “Oh wow my deleted Facebook Zip file contains info on every single phone cellphone call and text I made for about a year,” says ‏Twitter user Mat Johnson. Another, Dylan McKay, says “somehow it has my entire call history with my partner’s mum.” Others have found a similar pattern where it appears close contacts, like family members, are the only ones tracked in Facebook’s call records. Ars Technica reports that Facebook has been requesting access to contacts, SMS data, and call history on Android devices to improve its friend recommendation algorithm and distinguish between business contacts and your true personal friendships. Facebook appears to be gathering this data through its Messenger application, which often prompts Android users to take over as the default SMS client. Facebook has, at least recently, been offering an opt-in prompt that prods users with a big blue button to “continuously upload” contact data, including call and text history. It’s not clear when this prompt started appearing in relation to the historical data gathering, and whether it has simply been opt-in the whole time. Either way, it’s clearly alarmed some who have found call history data stored on Facebook’s servers. FACEBOOK HASN’T BEEN ABLE TO COLLECT THIS DATA ON IPHONES THANKS TO APPLE’S PRIVACY CONTROLS While the recent prompts make it clear, Ars Technica points out the troubling aspect that Facebook has been doing this for years, during a time when Android permissions were a lot less strict. Google changed Android permissions to make them more clear and granular, but developers could bypass this and continue accessing call and SMS data until Google deprecated the old Android API in October. It’s not yet clear if these prompts have been in place in the past. Facebook has responded to the findings, but the company appears to suggest it’s normal for apps to access your phone call history when you upload contacts to social apps. “The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with,” says a Facebook spokesperson, in response to a query from Ars Technica. “So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.” The same call record and SMS data collection has not yet been discovered on iOS devices. While Apple does allow some specialist apps to access this data in limited ways like blocking spam calls or texts, these apps have to be specifically enabled through a process that’s similar to enabling third-party keyboards. The majority of iOS apps cannot access call history or SMS messages, and Facebook’s iOS app is not able to capture this data on an iPhone. Facebook may need to answer some additional questions on this data collection, especially around when it started and whether Android users truly understood what data they were allowing Facebook to collect when they agreed to enable phone and SMS access in an Android permissions dialogue box or Facebook’s own prompt. The data collection revelations come in the same week Facebook has been dealing with the fall out from Cambridge Analytica obtaining personal information from up to 50 million Facebook users. Facebook has altered its privacy controls in recent years to prevent such an event occurring again, but the company is facing a backlash of criticism over the inadequate privacy controls that allowed this to happen. CEO Mark Zuckerberg has also been summoned to explain how data was taken without users’ consent to a UK Parliamentary committee. Source
  16. Pirate Tor Browser Pirate Tor Browser is a bundle package of the Updated Tor client Vidalia, Updated FireFox Portable browser (with Updated foxyproxy addon) and some custom configs , all has been revamped and Updated , Self extracting archive For those wanting to reach torrent webpages they cant reach on a normal browser try the updated pirate browser.. portable.. you might have seen the first version that the pirate bay shared http://piratebrowser.com/ now its been updated and revamped.. better updated links added , updated and added some good extensions to hide yourself online , Pirate Tor Browser version 08 build 7.0.8 Better Pirate Browser version 07 build 56.0.2 - New Pirate.Tor.Browser.0.8.(7.0.8) Better Pirate Browser 0.7 (56.0.2) 27/10/2017 - New HOMEPAGE https://lilfellauk.wordpress.com/pirate-tor-browser/ Download - Pirate.Tor.Browser.0.8.(7.0.8): Site: https://mega.nz Sharecode[?]: /#!Z25lAD4T!2OPkWG4lTEqq7kgEyTNs33LmYXR573b-e4sbfeUHk_8 Download - Better Pirate Browser version 07 build 56.0.2: - New Site: https://mega.nz Sharecode[?]: /#!13ATGQ6L!YgDypu2bvimH6qXZFHdMiXdlePPm1KeFceUfUh8xfd4
  17. part 1 (YET ANOTHER) WARNING .... Your online activities are now being tracked and recorded by various government and corporate entities around the world. This information can be used against you at any time and there is no real way to “opt out”. In the past decade, we have seen the systematic advancement of the surveillance apparatus throughout the world. The United States, United Kingdom, Australia, and Canada have all passed laws allowing, and in some cases forcing, telecom companies to bulk-collect your data: United States – In March 2017 the US Congress passed legislation that allows internet service providers to collect, store, and sell your private browsing history, app usage data, location information and more – without your consent. This essentially allows Comcast, Verizon, AT&T and other providers to monetize and sell their customers to the highest bidders (usually for targeted advertising). United Kingdom – In November 2016 the UK Parliament passed the infamous Snoopers Charter (Investigatory Powers Act) which forces internet providers and phone companies to bulk-collect customer data. This includes private browsing history, social media posts, phone calls, text messages, and more. This information is stored for 12 months in a giant database that is accessible to 48 different government agencies. The erosion of free speech is also rapidly underway as various laws allow UK authorities to lock up anyone they deem to be “offensive” (1984 is already here). Australia – In April 2017 the Australian government passed a massive data retention law that forces telecoms to collect and store text messages, phone calls, location information, and internet connection data for a full two years, with the data being accessible to authorities without a warrant. Canada, Europe, and other parts of the world have similar laws and policies already in place. What you are witnessing is the rapid expansion of the global surveillance state, whereby corporate and government entities work together to monitor and record everything you do. What the hell is going on here? Perhaps you are wondering why all this is happening. There is a simple answer to that question. Control Just like we have seen throughout history, government surveillance is simply a tool used for control. This could be for maintaining control of power, controlling a population, or controlling the flow of information in a society. You will notice that the violation of your right to privacy will always be justified by various excuses – from “terrorism” to tax evasion – but never forget, it’s really about control. Along the same lines, corporate surveillance is also about control. Collecting your data helps private entities control your buying decisions, habits, and desires. The tools for doing this are all around you: apps on your devices, social networks, tracking ads, and many free products which simply bulk-collect your data (when something is free, you are the product). This is why the biggest collectors of private data – Google and Facebook – are also the two businesses that completely dominate the online advertising industry. So to sum this up, advertising today is all about the buying and selling of individuals. But it gets even worse… Now we have the full-scale cooperation between government and corporate entities to monitor your every move. In other words, governments are now enlisting private corporations to carry out bulk data collection on entire populations. Your internet service provider is your adversary working on behalf of the surveillance state. This basic trend is happening in much of the world, but it has been well documented in the United States with the PRISM Program. So why should you care? Everything that’s being collected could be used against you today, or at any time in the future, in ways you may not be able to imagine. In many parts of the world, particularly in the UK, thought crime laws are already in place. If you do something that is deemed to be “offensive”, you could end up rotting away in a jail cell for years. Again, we have seen this tactic used throughout history for locking up dissidents – and it is alive and well in the Western world today. From a commercial standpoint, corporate surveillance is already being used to steal your data and hit you with targeted ads, thereby monetizing your private life. Reality check Many talking heads in the media will attempt to confuse you by pretending this is a problem with a certain politician or perhaps a political party. But that’s a bunch of garbage to distract you from the bigger truth. For decades, politicians from all sides (left and right) have worked hard to advance the surveillance agenda around the world. Again, it’s all about control, regardless of which puppet is in office. So contrary to what various groups are saying, you are not going to solve this problem by writing a letter to another politician or signing some online petition. Forget about it. Instead, you can take concrete steps right now to secure your data and protect your privacy. Restore Privacy is all about giving you the tools and information to do that. If you feel overwhelmed by all this, just relax. The privacy tools you need are easy to use no matter what level of experience you have. Arguably the most important privacy tool is a good VPN (virtual private network). A VPN will encrypt and anonymize your online activity by creating a secured tunnel between your computer and a VPN server. This makes your data and online activities unreadable to government surveillance, your internet provider, hackers, and other third-party snoopers. A VPN will also allow you to spoof your location, hide your real IP address, and allow you to access blocked content from anywhere in the world. Check out the best VPN guide to get started. Stay safe! SOURCE
  18. Lumen Privacy Monitor is a free application for Google Android that monitors connections that applications make on a device it runs on to uncover communication with tracking servers and data collecting. Created as an academic research project, Lumen Privacy Monitor provided the researchers with a large set of data to analyze. The results were published in the paper "Apps, Trackers, Privacy, and Regulators A Global Study of the Mobile Tracking Ecosystem" (access PDF here). One of the key findings was that the research team managed to identify 233 new trackers that were not listed on popular advertising and tracking blocklists. Lumen Privacy Monitor Android users need to have a strong stomach during installation and on first run: the app requires lots of permissions, needs to install a root certificate, will monitor encrypted and normal traffic by default, and send anonymized data to the researchers. The application requires access to personal data on the device to determine leaks. The researchers note that personal data is never submitted. Still, the application is not open source and it is clear that the privileges that it requests are cause for concern. If you give permissions to the app, install the root certificate and flip the monitoring switch to on, you will get detailed reports about application activity and leaks. Lumen Privacy Monitors monitors apps while it runs. The main interface displays the three tabs leaks, apps and traffic. Leaks display personal or device information that apps may leak. A severity rating is Apps lists all applications that the monitoring app picked up with options to display a detailed report about individual apps. Traffic offers an overview of the analyzed traffic. It includes information about HTTPS and other connections, bandwidth, and the overhead that ads and analytics scripts and connections cause. Apps The Apps group is probably the most interesting as it reveals important information to you. A tap on a monitored application displays interesting information such as the list of domains the application tried to establish connections to, the number of trackers and the overhead caused by them, leaks and traffic overviews, and the list of requested permissions. The list of connections is certainly useful as you can determine whether these connections appear to be valid or not. While you may need to research domains before you understand why the application may want to connect to it, you'd quickly find out if an app connects to tracking servers or makes other unwanted connections. The list of permissions includes risk assessments for each permission which you may use to determine whether to keep an application installed or remove it. Closing Words What I like particularly about Lumen Privacy Monitor is that it reveals the overhead that ads and tracker connections cause, the connections an app makes, and the data leaks of applications. It would be better if the researchers would consider releasing the application as open source to address concerns about the application's wide-reaching permission requests and installation of a root certificate. What you do with the information is entirely up to you. You could consider removing applications or install apps that block connections to trackers to prevent data leaks. Ghacks.net
  19. WikiLeaks Chat Reportedly Reveals GOP Bias Leaked conversations from a private WikiLeaks chat group reportedly reveal founder Julian Assange as favoring a Republican Party candidate in the last US presidential election. Rumors have been swirling for some time that the whistleblowing site in some way colluded with Russia over the leaking of hacked Democratic Party emails during the race for the White House. Special counsel Robert Mueller is also investigating possible collusion between the Trump campaign and Russian intelligence, which is said by the CIA, NSA and others to have leaked the damaging emails under the “Guccifer 2.0” moniker. Hillary Clinton has described the efforts of “Russian WikiLeaks” as contributing to her election loss. The leaked transcripts from the direct message group chat would seem to support her suspicions. “We believe it would be much better for GOP to win,” Assange is reported to have written. “[Clinton]’s a bright, well connected, sadistic sociopath.” The private group chat with several WikiLeaks supporters was leaked to The Intercept by the person who originally set it up in 2015; someone who goes by the pseudonym 'Hazelpress'. That person is said to have decided to go public after reports were published claiming that Donald Trump Jr had secretly contacted the site ahead of the election, during which correspondence he was advised to tell his father to reject the results as rigged if he lost and to ask if he could get Assange an Australian ambassadorship. WikiLeaks claims to be a neutral transparency organization. The leaked transcripts also reveal an underlying current of misogyny and anti-Semitism. There's no direct evidence that Assange penned the WikiLeaks entries in the chat log, although as founder he’s widely believed to be in control of the site’s Twitter feed. He’s currently holed up in the Ecuadorian embassy in London, where he’s been hiding from the police since 2012. SOURCE
  20. Crypto-Experts Slam FBI's Backdoor Encryption Demands A group of world-renowned cryptography experts have backed a senator’s demands that the FBI explain the technical basis for its repeated claims that encryption backdoors can be engineered without impacting user security. Senator Ron Wyden, who sits on the powerful Senate Select Committee on Intelligence, released the letter following a heated committee debate with FBI director Christopher Wray. The letter is signed by Bruce Schneier, Paul Kocher, Steven Bellovin, and Martin Hellman — who won the 2015 Turing Award for inventing public key cryptography. “We understand and sympathize with the frustration that law enforcement has to deal with when evidence may exist but cannot be accessed due to security mechanisms. At the same time, our extensive experience with encryption and computer security makes us cognizant how much the details matter: a seemingly minor change in an algorithm or protocol can completely undermine the security aspects of the system,” they write. “Instead of vague proposals that sound reasonable yet lack details, the FBI needs to present the cryptographic research community with a detailed description of the technology that it would like implemented. That would allow the technology to be analyzed in an open and transparent manner so that its advantages and disadvantages can be weighed.” Wyden sent a letter to Wray demanding the same on January 25, shortly after the FBI boss made his first speech. in which he repeated previous requests for tech experts to achieve what they say is impossible. He claimed that the FBI has nearly 7800 devices it can’t access because of encryption, describing the situation as an “urgent public safety issue.” Wray and the DoJ are not alone in their calls; British home secretary Amber Rudd has been widely ridiculed in the past for calling for the same, whilst admitting that she doesn’t understand the technology. She was in the news again this week, after it emerged that there has been significant progress in another anti-terror initiative, involving the automated identification and removal of extremist content via an algorithm developed by London-based ASI Data Science. SOURCE
  21. FedEx S3 Bucket Exposes Private Details on Thousands Worldwide Personal information for thousands of FedEx customers worldwide has been exposed after a legacy Amazon Web Services (AWS) cloud storage server was left open to public access without a password. Kromtech Security Center researchers stumbled upon the AWS S3 bucket, finding that it contained more than 119,000 scanned documents, including passports, drivers’ licenses and Applications for Delivery of Mail Through Agent forms, which contain names, home addresses, phone numbers and ZIP codes. The victims include citizens of countries around the globe, including Australia, Canada, China, EU countries, Japan, Kuwait, Malaysia, Mexico, Saudi Arabia and others. The server turned out to be an inherited one, with information from Bongo International – a company that FedEx bought in 2014. Bob Diachenko, head of communications at Kromtech, noted that the shipping giant relaunched Bongo in 2016 as FedEx Cross Border International, to enable international shipping delivery and logistics. That service was closed down last April, but the bucket remained exposed. "Technically, anybody who used Bongo International services back in 2009–2012 is at risk of having his/her documents scanned and available online for so many years,” Diachenko said. “Seems like [the] bucket has been available for public access for many years in a row. Applications are dated within [the] 2009–2012 range, and it is unknown whether FedEx was aware of that ‘heritage’ when it bought Bongo International back in 2014." FedEx has now removed the server from public access and issued a statement saying that there’s no evidence that the data fell into nefarious hands. “After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx told ZDnet. “The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.” Tim Prendergast, CEO of Evident.io, noted that nonetheless, it’s a fact that hackers are actively searching for these kinds of misconfigurations. “Hackers are going after S3 buckets and other repositories because that's where the data is but also because they're easy to find,” he said via email. “There's a whole hacker cottage industry around finding and exploiting S3 buckets, and it's growing because as cloud environments grow, so do the number of unsecured assets that are discoverable.” The incident shows once again that many companies aren’t following best practices when it comes to securing their cloud infrastructure, and many seem confused about whose responsibility it is to provide that security. “The incident, echoing others we’ve seen time and time again…raises the larger issue that many organizations have not yet fully grasped the idea that most public cloud providers are not managing their data – but are just providing a platform or infrastructure, so the management protection of data is left up to the companies themselves,” Obsidian Security CTO Ben Johnson said via email. “It’s critical that enterprises understand the risks of the cloud – that availability and uptime also mean that their data can be easily accessed unless they have the right controls in place.” Brian NeSmith, CEO and co-founder at Arctic Wolf Networks, added: “We need to get our heads out of the clouds, because cloud services are only as secure as you make them. Companies need to start applying the same rigor and discipline to their cloud infrastructure as they do to their on-premises network.” The incident also showcases the need to implement good security practices after a merger or acquisition. “During any M&A transaction it is important that the company who is selling their assets notify their customers that the business is going to be sold and their private data will be transferred to new ownership,” Kromtech’s Diachenko said. “The purchasing company should give customers the option to opt out of their data being transferred and provide a data protection notice. This case highlights just how important it is to audit the digital assets when a company acquires another and to ensure that customer data is secured and properly stored before, during and after the sale. During the integration or migration phase is usually the best time to identify any security and data privacy risks.” SOURCE
  22. Energy-efficient encryption for the internet of things MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster. Credit: Massachusetts Institute of Technology Most sensitive web transactions are protected by public-key cryptography, a type of encryption that lets computers share information securely without first agreeing on a secret encryption key. Public-key encryption protocols are complicated, and in computer networks, they're executed by software. But that won't work in the internet of things, an envisioned network that would connect many different sensors—embedded in vehicles, appliances, civil structures, manufacturing equipment, and even livestock tags—to online servers. Embedded sensors that need to maximize battery life can't afford the energy and memory space that software execution of encryption protocols would require. MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster. The researchers describe the chip in a paper they're presenting this week at the International Solid-State Circuits Conference. Like most modern public-key encryption systems, the researchers' chip uses a technique called elliptic-curve encryption. As its name suggests, elliptic-curve encryption relies on a type of mathematical function called an elliptic curve. In the past, researchers—including the same MIT group that developed the new chip—have built chips hardwired to handle specific elliptic curves or families of curves. What sets the new chip apart is that it is designed to handle any elliptic curve. "Cryptographers are coming up with curves with different properties, and they use different primes," says Utsav Banerjee, an MIT graduate student in electrical engineering and computer science and first author on the paper. "There is a lot of debate regarding which curve is secure and which curve to use, and there are multiple governments with different standards coming up that talk about different curves. With this chip, we can support all of them, and hopefully, when new curves come along in the future, we can support them as well." Joining Banerjee on the paper are his thesis advisor, Anantha Chandrakasan, dean of MIT's School of Engineering and the Vannevar Bush Professor of Electrical Engineering and Computer Science; Arvind, the Johnson Professor in Computer Science Engineering; and Andrew Wright and Chiraag Juvekar, both graduate students in electrical engineering and computer science. Modular reasoning To create their general-purpose elliptic-curve chip, the researchers decomposed the cryptographic computation into its constituent parts. Elliptic-curve cryptography relies on modular arithmetic, meaning that the values of the numbers that figure into the computation are assigned a limit. If the result of some calculation exceeds that limit, it's divided by the limit, and only the remainder is preserved. The secrecy of the limit helps ensure cryptographic security. One of the computations to which the MIT chip devotes a special-purpose circuit is thus modular multiplication. But because elliptic-curve cryptography deals with large numbers, the chip's modular multiplier is massive. Typically, a modular multiplier might be able to handle numbers with 16 or maybe 32 binary digits, or bits. For larger computations, the results of discrete 16- or 32-bit multiplications would be integrated by additional logic circuits. The MIT chip's modular multiplier can handle 256-bit numbers, however. Eliminating the extra circuitry for integrating smaller computations both reduces the chip's energy consumption and increases its speed. Another key operation in elliptic-curve cryptography is called inversion. Inversion is the calculation of a number that, when multiplied by a given number, will yield a modular product of 1. In previous chips dedicated to elliptic-curve cryptography, inversions were performed by the same circuits that did the modular multiplications, saving chip space. But the MIT researchers instead equipped their chip with a special-purpose inverter circuit. This increases the chip's surface area by 10 percent, but it cuts the power consumption in half. The most common encryption protocol to use elliptic-curve cryptography is called the datagram transport layer security protocol, which governs not only the elliptic-curve computations themselves but also the formatting, transmission, and handling of the encrypted data. In fact, the entire protocol is hardwired into the MIT researchers' chip, which dramatically reduces the amount of memory required for its execution. The chip also features a general-purpose processor that can be used in conjunction with the dedicated circuitry to execute other elliptic-curve-based security protocols. But it can be powered down when not in use, so it doesn't compromise the chip's energy efficiency. "They move a certain amount of functionality that used to be in software into hardware," says Xiaolin Lu, director of the internet of things (IOT) lab at Texas Instruments. "That has advantages that include power and cost. But from an industrial IOT perspective, it's also a more user-friendly implementation. For whoever writes the software, it's much simpler." SOURCE
  23. Dear friends, Nowadays our privacy is very important. I am interested to know which VPN service do you use and which is the best according to your opinion. Not to all vpn services are enough secure. Recently, has been discovered that HotSpot Shield in some cases could show your real ip. Have a look here : 1.Android 2. Windows Thanks for your time spent with this poll ! :)
  24. The company could easily give users the ability to control what information is sent to it, but that’s not what it has in mind. Thinkstock In late January, Microsoft embarked on a PR blitz to reassure Windows users that the company has their privacy in mind. To prove what it called its continuing devotion to privacy, it announced a new tool for Windows, the Windows Diagnostic Data Viewer, that will be available in the operating system’s next semiannual update. The tool, Microsoft said in a blog post by Windows Device Group privacy officer Marisa Rogers, is part of Microsoft’s commitment to be “fully transparent on the diagnostic data collected from your Windows devices, how it is used, and to provide you with increased control over that data.” A beta of the tool was made available for anyone who signs up to be a Windows Insider and downloads the preview version of the next Windows update. Microsoft got plenty of kudos for the new tool. For the company, that was mission accomplished. But it was anything but that for users. The Diagnostic Data Viewer is a tool that only a programmer could love — or understand. Mere mortals, and even plenty of programmers, will be baffled by it, and they won’t gain the slightest understanding of what data Microsoft gathers about them. First, a bit of background. Microsoft gathers diagnostic data about the way people use Windows and then uses that information to improve the way Windows works. Nothing nefarious there; it’s a good way for the company to make Windows better for everyone. The issue for privacy advocates and many individual users is control and transparency. Those advocates want people to know exactly what data is being gathered and sent to Microsoft, and they want users to be able to control that. Microsoft claims that’s what the Diagnostic Data Viewer tool does. But that’s not quite true, for several reasons. The first, as already noted, is that the tool is exceedingly difficult to understand. You can’t, for example, ask it to show you detailed, easy-to-understand information about the data being sent to Microsoft about your hardware and the way you use it — model and make of devices attached to your PC, your app and Windows feature usage, samples of inking and typing output, the health of your operating system and more. Instead, you scroll or search through incomprehensible headings such as “Census.Flighting,” and “DxgKrnlTelemetryGPUAdapterInventoryV2,” with no explanation of what those headings mean. And then when you view the data in any heading, you see an even more incomprehensible, lengthy listing, such as this tiny excerpt from “Census.Hardware”: “cV: “zNWezO9CsEmjb5B,0”, “cV: :y7iOzuVXL)mj+F9j,0”, Each listing has lines and lines like that, all in a code to which users have no key. Will such listings help you know what information Microsoft is gathering about your PC and Windows use? Unless you’re privy to what those codes mean and can decipher the format they’re in, the answer is no. That’s just the beginning, though. Because even if you could understand the information Microsoft gathers about you for diagnostic purposes, there’s not much you can do to stop the company from gathering it. Like it or not, it grabs the information, and you can’t stop it. OK, there is one small loophole. Currently, if you want to control what diagnostic information Microsoft gets about your use of Windows 10, you go to Settings > Privacy > Feedback & Diagnostics. At the top of the screen, under the Diagnostic Data setting, you have two choices: Basic or Full. When you choose Basic, only “data necessary to keep Windows up to date and secure,” is sent, in Microsoft’s description. If you choose Full, much more information is sent, including “additional diagnostic data (including browser, app and feature usage, and inking and typing data).” But there’s no way to exclude even the Basic data from being sent. That one small loophole? If you use the Enterprise Edition of Windows 10, you can stop all data from being sent. But all other Windows 10 users are out of luck. Microsoft should change this. It should release a simple-to-use tool that shows in granular detail and in plain English exactly what diagnostic information is being sent to Microsoft. People should then be allowed to opt in or out for every type of diagnostic information that is sent. And everyone should be able to do that, not just those who have a specific version of Windows 10. Microsoft already has a very useful model for doing this. Its web-based Privacy dashboard lets you view and clear your search history, browsing history, location history and information gathered by Cortana. The dashboard is simple, clearly designed and takes only a few minutes to use. There’s no reason the company can’t give you the same kind of control over the information that Windows gathers about you. If Microsoft truly wanted to be seen as a company that cares about your privacy, that’s exactly what it would do. Here’s hoping that when the final version of the Windows Diagnostic Data Viewer is released, it will do just that. Source: Don’t believe Microsoft’s latest privacy hype (Computerworld - Preston Gralla)
  25. Beginning with the April 2018 feature update, Microsoft will release a tool that allows Windows 10 users to inspect diagnostic data collected and sent to Microsoft's telemetry servers. Windows Insider Program members can test the app starting today. Earlier this week I noted a pair of mysterious (and inactive) links in the Privacy settings of recent preview releases of Windows 10, apparently offering the ability to view and delete telemetry data. Today, Microsoft officially confirmed that the next public release of Windows 10 will include a Windows Diagnostic Data Viewer utility. The app will allow anyone with an administrator account to inspect the telemetry data being collected from a device and sent to Microsoft through the Connected User Experience and Telemetry component, also known as the Universal Telemetry Client. Microsoft's enterprise customers have had this capability for some time, using a bare-bones tool available to IT professionals. The new viewer is considerably more polished and intended for use by nontechnical Windows 10 users. Members of the Windows Insider Program will have access to the Windows Diagnostic Data Viewer app in a new build scheduled to be delivered later today. Although the app will be delivered through the Microsoft Store, users won't be required to sign in with a Microsoft account to download and install it. In a blog post published today, Marisa Rogers, Privacy Officer in Microsoft's Windows and Devices Group, positioned the new tool as a way to be "fully transparent" about what data is collected from a device. I haven't been able to use the tool yet, but a pair of screenshots Microsoft released confirm that most of this data is intended to give Microsoft details about the type of hardware and apps in use by the 600 million-plus Windows 10 devices. Article
×