Tor Gets Help to Anonymise Users of 'dark web'

121_rc_fig2_lg.jpg

Internet Assigened Number Authoority (iana): Address Distribution Hierarchy for the Internet

Information about who is using Tor can leak when computers do not know what to do with the network's data and the Tor network is being given help to keep secret what is done via the "dark web" system.

Two proposals have won approval from key Internet bodies that will limit how widely information is shared about sites hosted on Tor. Some of this information has previously been leaked, potentially giving attackers a way to track users.

The move should also make it easier for sites that are hosted on Tor to encrypt data passing to and from users.

Tor, or The Onion Router, lets people browse the web anonymously by shuttling data through several different computers and encrypting it at every step. This network has also become host to many sites that use a .onion suffix in a similar way to the way domains such as .com and .org are used on the world wide web. Many different organisations, including Facebook, whistle-blowing sites and drug marketplaces, use .onion sites because they help to protect the identity of their users. Before now, when the names of .onion sites were included in some applications many computers tried to locate them by consulting the web's public lists of where all websites are found.

The query would produce no useful location information but could be used by eavesdroppers to track down people using the anonymising Tor network.

Privacy campaigners Jacob Appelbaum and Alec Muffet have tabled two proposals designed to stop this data leakage by giving the .onion domain special status and by making developers handle the suffix properly. This would stop computers and browsers looking on the web for information about sites that only exist on Tor.

Iana, the net administration body that oversees domains, approved the Tor.onion domain proposal this week. In addition, the Internet Engineering Task Force, which works on ways to improve the net, has accepted the other proposals that should stop web applications and programs wrongly seeking information about Tor sites. Together, the two proposals will also make it easier for .onion sites to add encryption to protect users further.

"This enables the Tor.onion ecosystem to benefit from the same level of security you can get in the rest of the web," Richard Barnes, Mozilla's security head for Firefox told news site Motherboard. "It adds a layer of security on top."

BBC:   ImageCisco

 

 

« Over 90% of UK Police Requests to Access Calls & Emails Are Granted
Cybersecurity Is A Competition Issue For Business »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

D-RisQ

D-RisQ

D-RisQ is focussed on delivering techniques to reduce the development costs of complex systems and software whilst maximising compliance

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

Cyber Technology Institute - De Montfort University

Cyber Technology Institute - De Montfort University

The Cyber Technology Institute provides training and high quality research and consultancy services in the fields of cyber security, software engineering and digital forensics.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

Ensurity Technologies

Ensurity Technologies

Ensurity is a deep-tech cybersecurity engineering company; designs and manufactures specialized secure hardware, software, and mobile application solutions.

Symantec

Symantec

Symantec delivers data-centric hybrid security for the largest, most complex organizations in the world – on devices, in private data centers, and in the cloud.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

GeoEdge

GeoEdge

GeoEdge is the premier provider of ad security and quality solutions for the online and mobile advertising ecosystem.

ReachOut Technology

ReachOut Technology

ReachOut is a transformative approach to IT Security, Support, and Guidance. But we’re more than that. We’re passionate IT experts driven to make solutions to your problems.

SKADI Cyber Defense

SKADI Cyber Defense

At SKADI Cyber Defense, we specialize in enterprise-grade cybersecurity solutions tailored for small to medium businesses.