Facebook Is Adding Tor Support To The Android App


Android Police: Facebook Is Adding Tor Support To The Android App.

Engadget: Facebook on Android gives you privacy through Tor.

The Guardian: Facebook adds Android app support for anonymity service Tor.

So from what I understand all this will allow is FaceBook to be accessed via an onion domain.

Is this a good / bad thing?

Pro

Given the FB user base size, this may encourage more individuals to use tor, thus increasing the anonymity of the average tor user.

Cons

Tor offers anonymity, if I was to try and hack, brute force, guess login credentials to a FaceBook account, I’d be doing it via a tor connection.

The Edward Snowden guide to practical privacy

Thanks to The Register; here’s The Edward Snowden guide to practical privacy

Edward Snowdon

If you’re just an average user concerned about your privacy

  • Use Tor when browsing. You don’t have to use Tor all the time (it does slow things down considerably and some sites will also block Tor traffic). But if you are looking at or for something that you feel is sensitive, then either set up your browser to work with Tor or use the Tor browser.
  • Use an ad-blocker. Says Snowden: “As long as service providers are serving ads with active content that require the use of Javascript to display, that have some kind of active content like Flash embedded in it, anything that can be a vector for attack in your web browser – you should be actively trying to block these.”
  • Use a password manager. It doesn’t matter how many surveys and reports come out that tell people to use different passwords and complex passwords, a huge percentage of us maintain borderline idiotic approaches. The simple answer is: get a password manager. It will protect you.
  • Use two-factor authentication. Many services such as Gmail, Twitter, Dropbox, Hotmail, and Facebook offer this now for no charge. So even if your password does get exposed, you still have a backup such as a text message to your phone to secure your information.
  • Use apps that protect your information. Snowden suggests the smartphone app Signal, which encrypts both your phone calls and texts. It’s free and easy to use. Although of course, following a high-profile argument with the FBI, it would appear that Apple’s messaging service is also pretty secure (although Snowden would probably have doubts).
  • Use the HTTPS Everywhere browser plug-in. This comes from the Electronic Frontier Foundation (EFF) and will try to force all browser communication to be encrypted.
  • Encrypt your hard drive. This is comparatively easy these days but you have to be careful to do two things: one, have a longish phrase to make it worthwhile; and two, make damn sure you remember that phrase. There will be a slowdown in performance but nothing too bad if you have a modern machine.
  • Be smart with your security questions. Stop using your mother’s maiden name for everything. Likewise your first school. The key is to mix things up as much as possible so if someone does get into one of your accounts, they can’t use the same information to get in everywhere else.

After reading this I installed Whisper Systems Signal on my Android devices, and encouraged my friends and family to do the same.

Signal allows you to send encrypted texts and phone calls, all free of charge, combining the original apps TextSecure and RedPhone.

At Open Whisper Systems, we want everyone to have access to advanced secure communication tools that are as easy and reliable to use as making a normal phone call or sending a normal text message.

Over the past year, we’ve been working to bring the privacy software we’ve developed for Android to the iPhone, and today we’re releasing Signal – free, worldwide, encrypted voice calls for iPhone, and fully compatible with RedPhone for Android.

This free app is a no brainer for anyone who values their privacy, available on Android and iOS.

Raspberry Pi a Tor Proxy

Raspberry Pi Tor Proxy
It’s quite easy to make a Raspberry Pi a Tor Proxy, just order the parts from AdaFruit, and work through their easy to follow guide.

Or if you’re Gen Y, there’s a YouTube video 🙂

But this isn’t why I’ve acquired a Raspberry Pi!
I access Tor via a Arch Linux VirtualBox machine, booting a live version of Tails on my PC, and Orbot on my Android devices.

What I am actually looking to do is create a Tor Hidden Service; from wikipedia:

Tor can also provide anonymity to websites and other servers. Servers configured to receive inbound connections only through Tor are called hidden services. Rather than revealing a server’s IP address (and thus its network location), a hidden service is accessed through its onion address. The Tor network understands these addresses and can route data to and from hidden services, even to those hosted behind firewalls or network address translators (NAT), while preserving the anonymity of both parties. Tor is necessary to access hidden services.

Hidden services have been deployed on the Tor network since 2004. Other than the database that stores the hidden-service descriptors, Tor is decentralized by design; there is no direct readable list of all hidden services, although a number of hidden services catalogue publicly known onion addresses.

Rather than pay a web host (although I love my current provider, the support team are fantastic!) I will host my own data on the darknet.
To keep the costs to a minimum, I wanted a low powered device, as it will be running continuously. I’ve old PC’s and laptops but they still gobble up power, voilà Raspberry Pi.

Tor Project have instructions on how to create an hidden service, and as the device I’ve ordered comes with a trimmed version of Debian, Raspbian, Wheezy, the Linux path should be easy enough to follow… famous last words 🙂

Now eager for the kit to arrive, so I can start to play!

Reset the net epic success

Fantastic; after a year of information leaked regarding the NSA, and other security organisation, mass surveillance of communication, the tide of change has begun!

As the Fight for the Future guys state: it’s up to us to protect our privacy and data!

If you care introduce SSL on your sites, but more, encrypt your communication.

  • Chat secure – is a free and open source encrypted chat client for iPhone and Android that supports OTR encryption over XMPP.
  • Text secure – open source encrypted messaging application for Android
  • RedPhone – provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
  • Tor – Protect your privacy. Defend yourself against network surveillance and traffic analysis.
  • VPN – Offers secure online browsing, while masking identity and location
  • PGP – Pretty Good Privacy, encrypt your emails, seriously do it!

anonymous meta free email

anonymous meta free email
While on my search for anonymous and meta free email, I cam across this article at The Daily Dot.

It seems like Tor Mail could have been what I was looking for, even though it was based in the dark web. It’s now been closed down, apparently due to bad people carrying out sick nefarious activities that I wouldn’t want to be associated with… or the Feds made up lies to capture it, who knows?

Anyway, Tor mail is no more, but below are a few options that I look to test out, and it seems that looking for a solution on the clear web was quite naive.


With Tor Mail gone, how will the Dark Web communicate?

  • BitMessage is a decentralized, encrypted and peer-to-peer messenger. This program has seen a surge in popularity since the Snowden leaks.
  • TorChat is an easy-to-use anonymous messenger designed to fit nicely into the Tor environment. It has been widely used across the Dark Net spectrum since before Tor Mail’s fall.
  • PrivNote is a Clear Net messenger service that deletes notes once they’re read. Silk Road vendor RxKing prefers this service, but others refuse to use it, citing multiple security concerns.
  • SMS4TOR is a Tor-friendly version of PrivNote that has gained considerable traction thanks to its base a Tor hidden service.
  • I2P-Bote uses the I2P anonymizing software to provide a decentralized, encrypted, verified email service. The service is only in alpha and, due to its reliance on I2P, will probably not be widely adopted.
  • Privatdemail is an email service with a focus on privacy (as opposed to anonymity). Here’s a fun fact: You apparently can’t email Israel because the servers are located in an Arab country that forbids it. That policy will not inspire confidence, but even so, Privatdemail is already in use.
  • RiseUp is an email service built for “liberatory social change.” Users must apply and be approved for accounts, proving that they are activists fighting for positive change, which is whatever RiseUp’s founders deem it to be. In exchange, RiseUp keeps minimal logs, encrypts your data and defends your communications unlike many corporate email services.
  • Nym is a remailer that allows you to send encrypted emails without them being traced back to you, the sender.
  • Mixmail is a remailer similar to Nym but is much easier to use. It strips out identifying factors like an IP address, making a quick, anonymous email an easy proposition.
  • Jabber is a popular open-source, decentralized messaging system. It’s widely used by journalists already, particularly in the Middle East.
  • Tox.im is a currently-in-development tool that promises to allow encrypted and decentralized video and text chat reminiscent of Skype—only without Microsoft allowing the American government to listen in as they do.

Build a VPN-Tor proxy on Amazon cloud servers with Lahana

OK I’m intrigued, here’s the idea User>>Lahana VPN>>Tor>>Website, thanks to Hacker 10

Lahana is a set of scripts that can quickly create a VPN on Amazon EC2 cloud servers using Linux instances and tunnel everything through the Tor proxy network.

And here’s a Lahana link.

Off to play, will put together a guide if I can get this to work

Links

r/netsec

 

 

surfing the web like the invisible man

Quote

or “VirtualBox + Tor + Backtrack” aka “How to become (almost?) invisible” from rootd@mmit

I plan to use the tor_vm.iso method for stealth, and leave my Debian VB as another playground… tor there if I ever need it.

I remember trying this a while ago, and also remember why I don’t use it… I can’t get it to work 🙂
It hangs while trying to bootstrap at 5%… although now at 20% but it shouldn’t take this long surley?

I’ll come back to this another time… think I thought the same 6 months ago 😉

But I’m not going to give up easily!

Maybe this option is actually functions?
How To Set Up A TOR Middlebox Routing All VirtualBox Virtual Machine Traffic Over The TOR Network