Tor Gets Help to Anonymise Users of 'dark web'

121_rc_fig2_lg.jpg

Internet Assigened Number Authoority (iana): Address Distribution Hierarchy for the Internet

Information about who is using Tor can leak when computers do not know what to do with the network's data and the Tor network is being given help to keep secret what is done via the "dark web" system.

Two proposals have won approval from key Internet bodies that will limit how widely information is shared about sites hosted on Tor. Some of this information has previously been leaked, potentially giving attackers a way to track users.

The move should also make it easier for sites that are hosted on Tor to encrypt data passing to and from users.

Tor, or The Onion Router, lets people browse the web anonymously by shuttling data through several different computers and encrypting it at every step. This network has also become host to many sites that use a .onion suffix in a similar way to the way domains such as .com and .org are used on the world wide web. Many different organisations, including Facebook, whistle-blowing sites and drug marketplaces, use .onion sites because they help to protect the identity of their users. Before now, when the names of .onion sites were included in some applications many computers tried to locate them by consulting the web's public lists of where all websites are found.

The query would produce no useful location information but could be used by eavesdroppers to track down people using the anonymising Tor network.

Privacy campaigners Jacob Appelbaum and Alec Muffet have tabled two proposals designed to stop this data leakage by giving the .onion domain special status and by making developers handle the suffix properly. This would stop computers and browsers looking on the web for information about sites that only exist on Tor.

Iana, the net administration body that oversees domains, approved the Tor.onion domain proposal this week. In addition, the Internet Engineering Task Force, which works on ways to improve the net, has accepted the other proposals that should stop web applications and programs wrongly seeking information about Tor sites. Together, the two proposals will also make it easier for .onion sites to add encryption to protect users further.

"This enables the Tor.onion ecosystem to benefit from the same level of security you can get in the rest of the web," Richard Barnes, Mozilla's security head for Firefox told news site Motherboard. "It adds a layer of security on top."

BBC:   ImageCisco

 

 

« Over 90% of UK Police Requests to Access Calls & Emails Are Granted
Cybersecurity Is A Competition Issue For Business »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

Dome9

Dome9

Dome9 is a cloud firewall management service that stops vulnerabilities, secures remote access, and centralizes policy management.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

Cyber@StationF

Cyber@StationF

Cyber@StationF is an up to 6 months international startup acceleration programme, whose members provide solutions for the Cybersecurity industry.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.