Tor Gets Help to Anonymise Users of 'dark web'

121_rc_fig2_lg.jpg

Internet Assigened Number Authoority (iana): Address Distribution Hierarchy for the Internet

Information about who is using Tor can leak when computers do not know what to do with the network's data and the Tor network is being given help to keep secret what is done via the "dark web" system.

Two proposals have won approval from key Internet bodies that will limit how widely information is shared about sites hosted on Tor. Some of this information has previously been leaked, potentially giving attackers a way to track users.

The move should also make it easier for sites that are hosted on Tor to encrypt data passing to and from users.

Tor, or The Onion Router, lets people browse the web anonymously by shuttling data through several different computers and encrypting it at every step. This network has also become host to many sites that use a .onion suffix in a similar way to the way domains such as .com and .org are used on the world wide web. Many different organisations, including Facebook, whistle-blowing sites and drug marketplaces, use .onion sites because they help to protect the identity of their users. Before now, when the names of .onion sites were included in some applications many computers tried to locate them by consulting the web's public lists of where all websites are found.

The query would produce no useful location information but could be used by eavesdroppers to track down people using the anonymising Tor network.

Privacy campaigners Jacob Appelbaum and Alec Muffet have tabled two proposals designed to stop this data leakage by giving the .onion domain special status and by making developers handle the suffix properly. This would stop computers and browsers looking on the web for information about sites that only exist on Tor.

Iana, the net administration body that oversees domains, approved the Tor.onion domain proposal this week. In addition, the Internet Engineering Task Force, which works on ways to improve the net, has accepted the other proposals that should stop web applications and programs wrongly seeking information about Tor sites. Together, the two proposals will also make it easier for .onion sites to add encryption to protect users further.

"This enables the Tor.onion ecosystem to benefit from the same level of security you can get in the rest of the web," Richard Barnes, Mozilla's security head for Firefox told news site Motherboard. "It adds a layer of security on top."

BBC:   ImageCisco

 

 

« Over 90% of UK Police Requests to Access Calls & Emails Are Granted
Cybersecurity Is A Competition Issue For Business »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

TenIntelligence

TenIntelligence

TenIntelligence provides due diligence, brand protection and fraud investigation services including digital forensics.

Libraesva

Libraesva

Libraesva secures email communications for organisations, helping them eliminate email borne threats, preserve email data and provide an environment for their people to communicate safely.

Cross Identity

Cross Identity

Cross Identity (formerly Ilantus Technologies) is a complete IAM solution that is deep, comprehensive, and can be implemented even by non-IT persons.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

runZero

runZero

runZero delivers the most complete security visibility possible, providing you the ultimate foundation for successfully managing exposures and compliance.

OmniIndex

OmniIndex

OmniIndex PostgresBC is the only commercial solution allowing you to keep your most sensitive and critical data encrypted while analyzing it. Structured and unstructured.