HTTPS Is A Privacy Nightmare

HTTPS Is A Privacy Nightmare

After reading NSA files, I wouldn’t be surprised if NSA already hacked some of the big CAs. I don’t see what stops governments from issuing a subpoena for the CAs in their countries to sign a certificate so they could sniff the communication of whoever they want.

GitHub - SadeghHayeri/GreenTunnel: GreenTunnel is an anti-censorship utility designed to bypass the DPI system that is put in place by various ISPs to block access to certain websites.

GitHub - SadeghHayeri/GreenTunnel: GreenTunnel is an anti-censorship utility designed to bypass the DPI system that is put in place by various ISPs to block access to certain websites.

GreenTunnel bypasses DPI (Deep Packet Inspection) systems found in many ISPs (Internet Service Providers) which block access to certain websites.For example, if the administrator chooses to block the hostname youtube using this feature, all Website access attempts over HTTPS that contain youtube like in the SNI would be blocked.

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

A vulnerability in Broadcom and Cypress WiFi chips makes it possible for attackers on your local WiFi network to decrypt your WPA2 encrypted internet traffic.

Facebook temporarily bans ads for medical face masks to prevent coronavirus exploitation

Facebook temporarily bans ads for medical face masks to prevent coronavirus exploitation

Facebook is temporarily banning ads and commerce listings for medical face masks amid growing concern over coronavirus-related exploitation, CNBC reports.Update: We’re banning ads and commerce listings selling medical face masks on Instagram and Facebook.

Let's Encrypt Has Issued a Billion Certificates

Let's Encrypt Has Issued a Billion Certificates

Today 81% of page loads use HTTPS globally, and we’re at 91% in the United States!Today we serve nearly 192M websites with 13 full time staff and an annual budget of approximately $3.35M.

Chinese Hackers Break Into Chrome, Safari, Edge; Reveal Browsers' Vulnerabilities

Chinese Hackers Break Into Chrome, Safari, Edge; Reveal Browsers' Vulnerabilities

Organizers plan to submit a report of all bugs uncovered during the event to all vendors when the competition concludes, says ZDNet. This is literally just, like, a hundred Chinese security researchers testing their 0days in competition against modern software targets.

DuckDuckGo Will Automatically Encrypt More Sites You Visit

DuckDuckGo Will Automatically Encrypt More Sites You Visit

But DuckDuckGo's tool has one major difference: Rather than populating a list of upgradable sites manually, Smarter Encryption fills it out automatically using the same web crawling smarts built into DuckDuckGo's private search service.

Configuring DNS-Over-HTTPS on Pi-hole

Configuring DNS-Over-HTTPS on Pi-hole

This means that the connection from the device to the DNS server is secure and can not easily be snooped, monitored, tampered with or blocked.In the following sections we will be covering how to install and configure this tool on.

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Encrypted DNS could help close the biggest privacy gap on the Internet. Why are some groups fighting against it?

Alongside technologies like TLS 1.3 and encrypted SNI, DoH has the potential to provide tremendous privacy protections.But to avoid having this technology deployment produce such a powerful centralizing effect, EFF is calling for widespread deployment of DNS over HTTPS support by Internet service providers themselves.

Mozilla plans to roll out DNS over HTTPS to US users in late September 2019

Mozilla plans to roll out DNS over HTTPS to US users in late September 2019

Starting in late September 2019, DNS over HTTPS (DoH) is going to be rolled out to Firefox users in the United States.Starting in late September 2019, DNS over HTTPS (DoH) is going to be rolled out to Firefox users in the United States.

The Evolution of the Internet, Identity, Privacy and Tracking – How Cookies and Tracking Exploded, and Why We Need New Standards for Consumer Privacy

The Evolution of the Internet, Identity, Privacy and Tracking – How Cookies and Tracking Exploded, and Why We Need New Standards for Consumer Privacy

For years now, hardly a month goes by that we don’t hear negative sentiment regarding HTTP cookies, though they remain the only technical mechanism available within standard internet protocols to support the personalized web experience we expect as consumers, including our privacy preferences.

Windows Defender ranked one of the best antivirus solutions

Windows Defender ranked one of the best antivirus solutions

In the German independent research institute’s May/June 2019 ‘best antivirus software for Windows Home Users’ report, Windows Defender is one of four products to receive perfect 6 out of 6 scores in the protection, performance, and usability categories.

Org - meetings - 2019Stockholm - Notes - FirefoxTorUpliftAndTorModeAddOn – Tor Bug Tracker & Wiki

Org - meetings - 2019Stockholm - Notes - FirefoxTorUpliftAndTorModeAddOn – Tor Bug Tracker & Wiki

There are two main topics of this session: Discussion a proposal for a "Tor mode" addon for Firefox. We looked at ​, which is a list of patches that appear in Tor Browser tickets that may be considered for uplift into Firefox.

😬 About the word “book” in Openbook…

😬 About the word “book” in Openbook…

It’s all good, we’ve also started legal measures to ensure the situation can’t be repeated. We’ve already started on-boarding the first people to sign up for beta and we’ll continue to do so gradually.

Disclosing Tor users' real IP address through 301 HTTP Redirect Cache Poisoning

Disclosing Tor users' real IP address through 301 HTTP Redirect Cache Poisoning

The fact that it is possible to achieve certain persistency in browsers cache, by injecting poisoned entries, can be abused by an attacker to disclose real IP address of the Tor users that send non-TLS HTTP traffic through malicious exit nodes.

P410n3 - blog: Trust is good, cryptography is better

P410n3 - blog: Trust is good, cryptography is better

This is what many people refer to as a "Threat Model".What I am saying is: When choosing a cloud storage provider, we should think about our personal privacy and security, as these two things go hand in hand these days.

Privacy Preserving Ad Click Attribution For the Web

Privacy Preserving Ad Click Attribution For the Web

In the illustration above, an existing request to the existing tracking pixel is redirected by search.example on its own server infrastructure to a well-known location in order to signal to the browser that this is in fact a conversion happening.

Privacy by Compartmentalisation

Privacy by Compartmentalisation

Next we are going to want a browser for personal stuff, like emailing friends and family or watching YouTube.

Remote Code Execution on most Dell computers

Remote Code Execution on most Dell computers

To bypass the Referer/Origin check, we have a few options: Find a Cross Site Scripting vulnerability in any of Dell’s websites (I should only have to find one on the sites designated for SupportAssist) Find a Subdomain Takeover vulnerability Make the request from a local program Generate a random subdomain name and use an external machine to DNS Hijack the victim.

Double Edged Sword of Secure Traffic

Double Edged Sword of Secure Traffic

If this is a device issued by the organization or if a certificate is required to gain internet access, then the user effectively agrees to this level of supervision.

Privacy 2019: Tor, Meek & The Rise And Fall Of Domain Fronting

Privacy 2019: Tor, Meek & The Rise And Fall Of Domain Fronting

This allowed the creation of meek bridge relays on large clouds such as Google App Engine, Amazon CloudFront/EC2 and Microsoft Azure, hiding the actual target hostname behind domains such as , or various static asset CDNs. Domain fronting was nothing short of revolutionary for Tor users in high-risk countries.

Fingerprinting TLS clients with JA3

Fingerprinting TLS clients with JA3

This article is a short guide to using JA3 for fingerprinting TLS clients, with possible use cases and a simple demo. At the implementation level this can translate to: advertising dummy future ciphers each time in order to create unique fingerprints.

HTTPS Isn't Always As Secure As It Seems

HTTPS Isn't Always As Secure As It Seems

Vulnerabilities that are full-on "leaky" involve more deeply flawed encryption channels between browsers and web servers that would enable an attacker to decrypt all the traffic passing through them.

School of Privacy - schoolofprivacy/TUMBLR enabled SSL support for blogs!

School of Privacy - schoolofprivacy/TUMBLR enabled SSL support for blogs!

So we have been using tumblr for a long time and a few years back we started requesting support for SSL and they finally made a option feature in your themes settings if you go to edit appearance you can select enable HTTPS which will add full SSL support for your tumblr blog/site.

The best Chrome extensions to use for privacy in 2019

The best Chrome extensions to use for privacy in 2019

The best Chrome extensions to use for privacy in 2019 Alexandra Persea Mar 12 Burner Mail Burner Mail allows you to generate anonymous email addresses that protect your personal email address.

How To Encrypt Your Internet Traffic

How To Encrypt Your Internet Traffic

You can protect your privacy on a micro-level by focusing on keeping websites from collecting your private information, but on a broader scale, you can encrypt all of your internet activity with one sweep by encrypting your router.

Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else

Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else

Browsers rely on this list of authorities, which are trusted to verify and issue the certificates that allow for secure browsing, using technologies like TLS and HTTPS.

New Release: Tor Browser 8.0.5

New Release: Tor Browser 8.0.5

This release features important security updates to Firefox. This new release updates Firefox to 60.5.0esr and Tor to the first stable release in the 0.3.5 series, 0.3.5.7. The full changelog since Tor Browser 8.0.4 is:

Celebrate Data Privacy Day with most advanced privacy softwares

Celebrate Data Privacy Day with most advanced privacy softwares

Privacy extensions These are the few extensions that I would recommend having in order to increase your privacy online: Privacy badger — It’s a free and open-source browser extensions created by Electronic Frontier Foundation.

What’s wrong with in-browser cryptography?

What’s wrong with in-browser cryptography?

Where installation of native code is increasingly restrained through the use of cryptographic signatures and software update systems which check multiple digital signatures to prevent compromise (not to mention the browser extension ecosystems which provide similar features), the web itself just grabs and implicitly trusts whatever files it happens to find on a given server at a given time.