byte1000

joined 1 year ago
 

Onion link

Today the Tor Project, a global non-profit developing tools for online privacy and anonymity, and Tails, a portable operating system that uses Tor to protect users from digital surveillance, have joined forces and merged operations. Incorporating Tails into the Tor Project's structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats. In short, coming together will strengthen both organizations' ability to protect people worldwide from surveillance and censorship.

 

Onion link

This is a minor Desktop-only release containing (primarily) updated strings for users on legacy Windows and macOS.

 

Onion link

This version includes important security updates to Firefox.

 

Onion link

This version includes important security updates to Firefox.

[–] byte1000@discuss.tchncs.de 1 points 4 months ago (1 children)

I'm pretty sure that only media content is stored unencrypted, the text database should be encrypted.

[–] byte1000@discuss.tchncs.de 2 points 4 months ago

Some (maybe) useful sources:

 

Onion link

In that respect, Tor Browser 13.5 feels like a milestone: in addition to the dozens of bug fixes and minor improvements noted in the changelog below, this release features major changes to Android's connection experience in preparation for the future addition of Connection Assist, including full access to Settings before connecting and a new, permanent home for Tor logs.

For desktop, we're continuing our efforts to improve the user experience of Tor Browser's fingerprinting protections. Following the changes we introduced to new window sizes in Tor Browser 13.0 for Desktop, this release features welcome design changes to letterboxing, including new options to remember your last used window size and adjust the alignment of the letterbox in General Settings. Bridge users will also discover a myriad of improvements to bridge settings, including a complete redesign of bridge cards with improved sharing features, and a new section designed to help you find more bridges elsewhere. Lastly, the design of onion site errors has received a visual refresh aimed at making them consistent with the other kinds of Network Errors you can find in Tor Browser.

[–] byte1000@discuss.tchncs.de 9 points 7 months ago (7 children)
16
submitted 7 months ago* (last edited 7 months ago) by byte1000@discuss.tchncs.de to c/tor@lemmy.ml
 

Onion link

This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms. Android is unaffected.

[–] byte1000@discuss.tchncs.de 2 points 8 months ago* (last edited 8 months ago) (2 children)

Q: Why do I have to enable Google Password Manager as an additional provider in order to make it work on Android?

[–] byte1000@discuss.tchncs.de 1 points 8 months ago

I didn't know this app existed. Anyway, the project was discontinued.

[–] byte1000@discuss.tchncs.de 0 points 8 months ago (2 children)

That's true, all devices are hackable, there's no 100% protection.
No tool is perfect, but if that's a security improvement, it might be worth enabling.

I know of at least one instance where lockdown mode protected a user from NSO spyware.
A Citizen Lab's research confirmed it:

For a brief period, targets that had enabled iOS 16’s Lockdown Mode feature received real-time warnings when PWNYOURHOME exploitation was attempted against their devices. Although NSO Group may have later devised a workaround for this real-time warning, we have not seen PWNYOURHOME successfully used against any devices on which Lockdown Mode is enabled.

It is encouraging to see that Apple’s Lockdown Mode notified targets of in-the-wild attacks. While any one security measure is unlikely to blunt all targeted spyware attacks, and security is a multi-faceted problem, we believe this case highlights the value of enabling this feature for high-risk users that may be targeted because of who they are or what they do.

[–] byte1000@discuss.tchncs.de 2 points 8 months ago* (last edited 8 months ago) (10 children)

Can any of them prevent a Pegasus-style attack?

If I understand correctly, Apple does it by disabling common attack vectors, remote fonts for example.

 

Is there a fork of Android (or a way to harden it) that locks down the OS similarly to how Apple does it?

Apple's implementation can actually protect you from commercial spyware. I'm impressed.

[–] byte1000@discuss.tchncs.de 4 points 8 months ago (1 children)

~43% of all Lemmy's monthly active users are on lemmy.world .

Yeah, that's even worse.

[–] byte1000@discuss.tchncs.de 7 points 8 months ago* (last edited 8 months ago) (3 children)

The instance has too many people registered. It has ~27% of all Mastodon's monthly active users.

A huge part of the network was down. People should be encouraged to migrate to smaller instances, so we can have better decentralization.

 

Element has been working with Meta since the end of last year to help test their DMA interoperability (given we’re probably the world leader in interoperable end-to-end-encrypted communication) - and Matrix announced last month at FOSDEM that Element has successfully integrated 1:1 chats between Matrix and WhatsApp via the DMA APIs, while maintaining end-to-end encryption (having implemented full Signal compatibility in vodozemac). We’ve also formally requested interoperability with WhatsApp, as of yesterday.

[–] byte1000@discuss.tchncs.de 16 points 8 months ago (1 children)

All internet connections into and out of your Linux device will now be blocked unless a VPN connection to a Proton VPN server is active.

If I understand correctly, before version 4.2.0 (that includes the Advanced setting), the kill switch wasn't active until you opened the ProtonVPN program. So if you restarted you PC, it was connecting to the internet without going through the VPN tunnel, so your traffic was somewhat exposed.

Now, with the new permanent kill switch, there's no internet access without running ProtonVPN.

[–] byte1000@discuss.tchncs.de 5 points 9 months ago (1 children)

The update seems to be bugged. I tried to upgrade version 0.0.57 to 0.0.58, and it seems like nothing have changed. I'm still on 0.0.57 after a "successful" install.

[–] byte1000@discuss.tchncs.de 1 points 9 months ago* (last edited 9 months ago) (1 children)

Dear @Tutanota employee, you've tagged the Brave Lemmy community instead of their Mastodon account, which is Brave

 

Release Notes v1.57.47 (Aug 15, 2023)

view more: next ›