The former CIA and NSA Director discussed about which Internet security threats concern him the most.
With so much of our information available on the internet, maintaining online anonymity can be a challenge. Many of us look for privacy and online anonymity especially in chat services. Ricochet software is the perfect solution as it lets users connect through instant messaging without having to disclose their identity.
Ricochet is open-source software that operates on multiple computing platforms. It was developed initially by John Brooks and was called Torsion IM. It underwent multiple changes since then and was renamed to Ricochet in June 2014. Ricochet recently passed its first security audit conducted by NCC Group and had been sponsored by the Open Technology Fund (OTF). The vulnerability that was found which could deanonymize users has been fixed in the recent version release.
Ricochet is a decentralized instant messenger which means it does not connect to any server or does not share data with any server to maintain online anonymity. It uses Tor to create a hidden service locally on the computer of the user. A user with this Tor hidden service running on his computer can connect to any other user who also runs the hidden service.
Tor maintains online anonymity by directing traffic through several thousand relays over a free, volunteer, worldwide network making it extremely difficult to track traffic back to the user. This hides the user’s details, location and usage from anyone who is trying to identify users through traffic analysis. This detailed relay of traffic also protects disclosure of identity through network surveillance.
Tor networks make it difficult to track Internet activity back to the user keeping the online anonymity of the user intact. These activities include all forms of communication like emails and instant messages, online posts and visits to different websites. To maintain online anonymity, Tor uses encryption of the information in the application layer itself of the communication protocol. This communication protocol is layered like an onion and hence the name. The innermost layer contains the information to be communicated while all outer layers consist of randomly selected relays through which the information passes before reaching the final destination.
When the information is passed over the network, each relay decrypts a layer of the encryptions and receives the information of the next relay through which the remaining encrypted data needs to be passed. Thus the peeling of the encrypted layers happens one after the other and the data passes through multiple relays. The final relay decrypts the actual data that needs to be sent to the recipient’s address and forwards it to the destination. Thus the final relay does not even know and hence cannot reveal the source IP address maintaining complete online anonymity.
Using this complex Tor network, Ricochet sends instant messages to recipients and these messages never leave the Tor network, which maintains complete online anonymity. Ricochet provides every user a screen name which is unique. This screen name is generated automatically the first time a user starts Ricochet. This user name is a combination of two parts, the first part is the word “ricochet”’ and the second part is the address of the Tor hidden service that gets started in the local system of the user when he starts Ricochet.
For two Ricochet users to be able to communicate and yet maintain online anonymity, at least one of them has to share their unique screen name with the other. This can be done either privately or publicly. Sharing screen name does not in any way mean that any details of the user get shared with the others. Neither the IP address, nor the physical location of any of the users is revealed when screen names are shared.
The advantage of Ricochet is that along with online anonymity, even the information shared is encrypted. Users do not have to register themselves at any servers which can pose any kind of threat to their online anonymity. The contact lists are saved locally on the system of users making it tough to know who the user is chatting with. Even chat histories are not saved to preserve online anonymity. Thus, Ricochet offers an instant messaging solution that maintains online anonymity and keeps all communication secure.
The level of Internet security threats is growing. Though organizations are getting better in dealing with Internet threats, some still lack confidence in detecting sophisticated attacks.
The American government through the White House Office of Management and Budget (OMB) has finalized its strategy for the adoption of HTTPs-Only Standard for all its publicly accessible web services and federal sites. This strategy is meant to bring in a new robust baseline for Internet security and user privacy across all APIs and government websites. This step is a new formal memorandum to all executive agencies. The OMB passed this proposal to the public for comments and so far received a tremendous lot of it. The US government is not the sole proposer of this new strategy as other internet bodies are calling for a default encrypted internet. In fact, Firefox and Chrome browsers which carry the highest amounts of traffic also support the idea of migrating to HTTPs from plain HTTP. This is how the US government is changing to HTTPS for improved Internet security.
The US government has come up with a memorandum that requires all the federal agencies to deploy their domains using a variety of guidelines. These guidelines are practical and reasonable for efficient deployment of HTTPs. For the newly developed sites and web services, the memorandum requires that all their federal agency domains and sub-domains adhere to the policy. Existing sites have an obligation to make priorities based on the risk analysis. Sites that involve the exchange of personal information, those that experience high traffic levels, identity, and other sensitive data should migrate immediately.
The unencrypted HTTP protocol subjects data to interception, alteration, modification, tracking and eavesdropping of user data. A majority of the federal sites in the US use the open HTTP protocol hence creating privacy vulnerability through exposure to Internet security threats. To address this, the US government wants such websites to adopt HTTPS-Only policies to protect the privacy of all visitors to their sites. The conversion is expected to begin now for them to adapt to the fast-paced Internet security landscape. This proactive strategy of the government will support the broad Internet adoption as well as promote better adoption of privacy standards by the federal sites.
The US government also require federal agencies to make all the existing sites as well as web services accessible via secure Internet connection i.e. HTTPs by December 31, 2016. Intranets are also being encouraged to use the HTTPs service. So far, the government comes up with a public dashboard that will aid in monitoring the progress of how these sites adopt the use of HTTPS. According to the recent reports, about a third of the sites have adopted the use of HTTPS although the degrees of Internet security vary. The existence of dashboard and grading in security suggests that federal sites looking forward to upgrading to HTTPS should go for the top level security. The OMB expects that the move will eradicate the common pitfalls of inconsistencies in deciding the type of content to be secured and that which should not.
The OMB affirms that though the adoption of HTTPS-Only standard comes with a cost, it is going to be outweighed by the Internet security benefits that come with it. The cost of procuring a certificate coupled with admin and maintenance cost will vary based on the technical infrastructure and size of a site. The timeline that the OMB has provided in the memorandum is enough for the responsible parties to adjust and adopt it.
All browsing activities by Internet users will be considered sensitive and private. This step is going to foster stronger privacy and improve the confidence of the people in their government. Perhaps, there has not been any virtue of consistency in most federal sites that use HTTPS as it leaves most American vulnerable to online threats. This step of providing private browsing experience to the people will therefore will position the government as the trusted leader in Internet security.
Can one really have online anonymity? To stay anonymous, one needs to follow the rules of technology physics, and psychology.
For the past couple of years, Facebook has been allowing users to log into their account on their personal computers using Tor-enabled browsers. This support for Tor network will receive a new boost, after Facebook announced that they will now extend Tor support to Android mobile users. In a move that is aimed to increase Tor functionality for Facebook users, a new feature that supports Tor network will be added to the Android app, which will allow users to browse privately. The announcement comes at a time when there is a heated debate on the issue of Internet anonymity.
About Tor network
Tor is an Internet anonymity network, which encrypts the traffic from the connected device and routes it through several network nodes all over the globe. This helps to conceal the identity of the Internet user and the location of the connection, allowing them to browse anonymously. The network has been the go-to option for Internet users who want to maintain their privacy while browsing online. However, it has gained a lot of popularity in the past few years, especially with the revelation of the massive surveillance of civilians in the USA by the NSA.
With the integration of the new feature, Facebook Android app will now come with a button that allows users the option of connecting to the internet using Tor network. However, users will have to download and install Orbot, the Tor app for Android phones. The new feature will however not be available to iPhone users.
Effects of the Tor Support for Facebook Android App
1) Increase in Internet anonymity
Internet users are always looking for more ways to increase their Internet anonymity, and with over 1.5 billion online users on Facebook, the new feature will significantly increase the ability of people to browse privately. Facebook users who use Tor network to log into their accounts will also benefit from improved online security, as the service encrypts important information such as the IP address and the location, which can help to protect them from hackers.
2) Easy access to Facebook in countries where it is censored
Facebook censorship is a main issue in several countries. The social media network has been banned in some countries. Since Tor network encrypts traffic and provides the user with Internet anonymity, people in countries where Facebook is banned or censored will now be able to use the service without fear of any repercussions.
3) A boost for human rights activists
With about 1.5 billion active users, Facebook is a communication channel that has a very wide reach all over the world. As a result, it has become a popular weapon for human rights activists who oppose authoritarian regimes. The social media network has been used in some countries to oppose human rights violations. However, the massive Internet censorship that exists in some of these countries has always made it hard for human rights activists to effectively use the network. With the Internet anonymity that is offered by the Tor network, activists can now use the network to communicate privately without fear of being discovered and prosecuted.
With about 80% of users connecting to Facebook through their phones, the integration of the Tor network to the Facebook Android app will help to boost Internet anonymity for many online users. In addition, it will increase the number of people who can be able to access Facebook, by allowing people in countries where Facebook is banned or censored to gain access to the social media network.
Small businesses are just as prone to data breaches as large retailers. What can businesses do to protect their Internet security?