How to maximise your privacy online with Tor – TechRadar

How to use Tor

How to use Tor

If you want online anonymity, there is no tool more powerful than the Tor network, a system of protocols ensuring that the web sites you visit cannot trace your IP address and even your ISP can't know what sites you're visiting. Unless you voluntarily give away information, you're completely anonymous.

How it works

How to use Tor

Rather than connect directly to a web site, your connection is instead routed through several other PCs, forming a chain link between you and the site. No link on the chain – even your own PC – knows the address of all the other links; each link only knows the previous and subsequent links in the chain in order to forward the data onward. The web site only knows the IP address of the last link in the chain.

Right now, there is no practical method to trace such a connection from beginning to end, so no way to know the origin of a connection. As a result, TOR has become a go-to for people desiring maximum privacy.

Disadvantages

How to use Tor

The downside of Tor is that it is S-L-O-W. To continue on with the chain simile, your connection to the site is only as fast as the slowest link.

What's more, it generates large amounts of extra traffic, you have people routing their data through your connection (just as you route through theirs) and you tend to get massive latency thanks to data bouncing all over the world, which makes lag-sensitive activities like voice chat a nightmare.

That's why it's often best to be selective about when you use Tor. If you need to bypass a content blockade or need maximum privacy, sure, go ahead; but for general use we wouldn't recommend it.

Using Tor

How to use Tor

There are actually a variety of apps that use Tor routing to provide anonymity – there's even an entire operating system called Tails that sends all internet traffic through Tor – but the most popular is the Tor Browser. It's a version of Mozilla Firefox with Tor support built in, as well as several privacy add-ons pre-installed and privacy settings cranked up to max.

Setting up Tor Browser

How to use Tor

On a first time run, you'll be asked if you'd like to connect directly or through a proxy. For the vast majority of users, direct is the way to go.

A box will pop up indicating that you're connecting to the Tor network. It should only be there for a moment before the browser window opens. The browser works just like the Firefox you know and love – although it's rather trimmed down from the regular downloadable version. You can just start browsing normally by entering an address into the bar.

Before you start browsing, you should check that the browser is working properly. Click on the Test for Network Settings button on the homepage, or alternatively go to IPAddress.com.

This will tell you what your 'apparent' IP address is – that is the internet address that sites you visit will think that you're from. IPAddress.com will also tell you which country to appear to be from.

If you want to compare it to your real IP address, open up your regular non-Tor browser and head to ipaddress.com.

Configuring the browser

How to use Tor

The Tor Browser works just like regular Firefox for the most part, with some notable differences:

- The add-ons HTTPS Everywhere (which forces encrypted connections to sites where possible and blocks certain sites) and NoScript (which limits Javascripts on pages visited) are pre-installed, with max settings switched on. They can be adjusted by going to about:addons in the address bar.

- The default search engine is set to Startpage, with DuckDuckGo as the second option. Both are anonymous search engines, as opposed to Google which keeps a record of everything you search for. You can change that using the drop down list.

- Private browsing – in which cookies are not kept between sessions and no browsing history is recorded – is the default mode of operation.

- Browser plugins like Flash are disabled.

- There's a Tor logo button in the toolbar. This gives you access to a menu of quick options.

Clicking on New Identity instantly gives you a new visible IP address – which can be pretty useful for download sites that may limit the number of downloads per hour, for example. If you find that the connection is working outrageously slow, you can also click on it to get a different route and hopefully better performance.

If you head to Preferences and click on Security Settings, you can also tone down some of the default behaviour, allowing cookies and browser plugins to function and re-enabling browsing history. Of course, you then risk losing some of your privacy, which could defeat the purpose of using the Tor browser!

Power BI – Getting Data from Analysis Services – Database Journal

Introduction

Microsoft Power BI is a cloud based self-service BI solution for the enterprise. Power BI provides capabilities that can be leveraged by people with all level of skills including data analyst, power users, business users, data stewards and folks from the IT department.

I’ve discussed Power BI in detail in the last couple of articles and demonstrated how you can create reports or dashboards on the data you have. Over a period of time, you need to refresh the data to reflect the current state or use a mechanism to query data interactively. In this article I am going to demonstrate how you can use Analysis Services connector to query your on-premise data from an Analysis Services instance in Power BI reports or dashboards interactively. Subsequently, in the next article I will talk about scheduling data refresh for other types of data sources.

Understanding Power BI – Analysis Services Connector

Power BI Analysis Services connector lets you query data from on-premises SQL Server Analysis Services instance interactively (as of this writing only tabular models are supported, although multi-dimensional support is expected to come soon). Analysis Services connector is a client or proxy agent that you need to install on any of the machines in the on-premises domain (recommended to install at the same machine on which the Analysis Services instance is running for better performance and to avoid latency). Analysis Services facilitates behind-the-scenes communication from a user in Power BI to your on-premises Analysis Services instance and back to Power BI in a secure and quick way. You can download and install this connector from here.

Understanding Power BI
Understanding Power BI

If you have more than one Analysis Services instance to connect data, you'll need to install and configure one Analysis Services Connector per instance. Installation of Analysis Services Connector is usually done by an administrator who has Server Administrator permission on the Analysis Services instance although once configured, it can be used by any user who has access to the Analysis Services database.  

Getting Started with Power BI – Analysis Services Connector

Once installed, a user with Server Administrator permission on an Analysis Services instance can configure the Analysis Services connector. On the first screen of the wizard of the Analysis Services connector, click on the Next >> button.

Power BI Analysis Services Connector Wizard
Power BI Analysis Services Connector Wizard

On the next screen of the wizard, you need to connect to the Power BI account where you want to use data, which should come from the on-premises Analysis Services.

Sign into Your Power BI Account
Sign into Your Power BI Account

On the next screen of the wizard, you need to specify the Analysis Services Server name; for the default instance you can simply specify the machine name and for the named instance you need to specify machine name\instance name.

Next specify the Windows User Name that has Server Administrator permission on the specified Analysis Services instance, followed by the respective password for the specified windows user name.

Login Screen
Login Screen

Now, on the next screen of the wizard, you can specify the Friendly Name for the connection so that Power BI users can easily identify it while browsing on the Power BI site. You can also specify a description with more details about the connection to help Power BI users to get to know more about the connection. With Friendly error message, you can specify a customized error message to be shown when a Power BI user is not able to connect from the Power BI to the on-premises Analysis Services instance that you have configured.

Friendly Name and Description
Friendly Name and Description

On the final screen of the wizard, you should be able to see the configuration status as shown in the figure below.

Configuration Status
Configuration Status

Once installed and configured, it enables you, with Power BI, to connect to an on-premises Analysis Services instance and query it interactively.

To get started with it, go to the Power BI site, click on the Get Data link and then click on SQL Server Analysis Services from the list on the left pane as shown below.

Power BI Site
Power BI Site

Clicking on the Connect button in the above screen will take you to a page where you can see all the configured Analysis Services servers that are registered with Power BI. You can search for your configured server by using the available Search box on the top.

SQL Server Analysis Services Servers
SQL Server Analysis Services Servers

Now click on the identified Analysis Services server in the above screen, and it will connect to the respective server and will display all the models or cubes available, if you have at least read permissions on them. (For this demonstration, I used AdventureWorks Tabular Model SQL Server 2012 sample, which is available here for download). You can select the cube that you want to use and click on the Connect button.

Select the Cube
Select the Cube

Clicking on the Connect button will create a dataset, which you can verify under the Datasets tree view. Please note, the Analysis Services connector allows you to have a live connection to the on-premise Analysis Services server and is always up to date. In other words, you don’t need to setup or schedule a data refresh cycle for the data coming from the on-premises Analysis Services instance when using Analysis Services connector.

Datasets
Datasets

With the available dataset, you can start creating reports. For that, click on the dataset and you will see the data model on the right as shown below. Now you can drag and drop fields from the Fields list on the report canvas; Power BI will appropriately pick up the visualization type and will show it. In case you want to change visualization, click on the tiny Change Visualization type icon on the right top of the selected visualization and change to any available other visualization.

You can also create multi-page reports here, as shown below, by adding more pages to the report.

Multi-page Reports
Multi-page Reports

Once you are done with creating reports you can save the report or a copy of the report by clicking on the SAVE link in the menu and by giving an appropriate name, as shown below.

Save Your Report
Save Your Report

Power BI includes a rich set of visualizations or charts for better insight and you can use them to analyze your dataset from different angles or views. For example, I created this simple but nice looking report in few minutes, based on the dataset I created earlier on the data from on-premises Analysis Services.

Simple Report
Simple Report

The good part of Power BI Visualizations or charts is, they are linked together in the report page and hence for deeper insight, you can click or filter on any of the charts and the rest will be updated to reflect the selection. For example, as shown below, I clicked on the year 2008 in the first bar chart and as you can see the other three charts have been refreshed to show or highlight only data for the year 2008.

Refreshed Charts
Refreshed Charts

Security While using Analysis Services Connector

A person with Server Administrator permissions configures the Analysis Services Connector and from then on anyone with access to the Analysis Services instance (with their role membership on that instance) can access and use data from Analysis Services. Power BI uses the EffectiveUserName attribute in the connection string to pass on the context of the user who is creating the report and Analysis Services Connector in turn validates and uses the same to query the data from Analysis Services by way of impersonation (please note, credentials of the person who configured the Analysis Services Connector is not used while querying the data from the Analysis Services) and returns the only data on which the user has access to.

As of this writing, when a dashboard is shared with others, others will indirectly inherit all the permissions from the original report author (in essence, when an author shares a dashboard he\she actually shares the data view he\she has access to). For example, consider person A creates a dashboard and shares it with person B, in this case person B will be able to see all the data that person A can see (even though person B directly might not have permission to access the data).

Data Refresh – Queries Being Sent to Analysis Services

Before I begin this discussion, let me talk about a Power BI Report and a Power BI Dashboard.

You can create a Power BI report based on data from a single data source. This report can contain multiple pages, each page having multiple report items or charts control to show the data.

A dashboard is a place where you pin your report items and share it with others. Typically a dashboard contains multiple report items; each of these report items might come from different reports and hence might get data from separate data sources. At the same time, a single report item can also be used in multiple dashboards.

When you click or interact with a Power BI report, Field list or Filter (like clicking on a chart, selecting a filter, or adding a new field to the report, etc.), Power BI generates equivalent DAX queries and sends queries to Analysis Services for execution whereas for the dashboard, Power BI issues queries to Analysis Services approximately every 10 minutes to keep the dashboard up-to-date.

Please note, Power BI and Power BI Analysis Services connector is in its preview stage right now; features mentioned in this article might change in the final release.

Conclusion

Analysis Services connector lets you query data from on-premises SQL Server Analysis Services instance interactively from the Power BI site. In this article, I discussed Analysis Services connector, how to install and configure it and how to use it for querying data directly from an on-premises Analysis Services instance in an interactive manner and how to create Power BI reports or dashboards.

Resources

Microsoft Power BI

Microsoft Power BI Analysis Services Connector (Preview)

Getting Started with Power BI Designer

Understanding Microsoft Power BI – Self Service Solutions

Getting Started with Microsoft Power Query for Excel

See all articles by Arshad Ali

Chrome continues to trounce Firefox in desktop browser market – CNET

net-applications-june-2015-desktop-browser.jpgFirefox continues to lag behind Chome in Web traffic. Net Applications

Google's Chrome keeps gaining in popularity over rival Firefox, which has failed to garner much in the way of users as seen in Web traffic numbers recorded by Net applications.

For the month of June, Chrome's share of Web traffic across the world rose to 27.2 percent from 26.3 percent in May, 25.6 in April and 24.9 in March. During the past year, Chrome's share has shown a significant rise from the 19.3 percent in June 2014.

Firefox's ride has been less cheerful. In June, Mozilla's browser grabbed a Web traffic share of 12 percent, up slightly from 11.8 percent in May and 11.7 percent in April. Over time, though, Firefox's share has actually fallen. Its June 2014 share of Web traffic was 15.5 percent, according to Net Applications.

Why the rise for Chrome? Google's browser has long been considered cleaner and less bloated than Microsoft's Internet Explorer and even Mozilla's Firefox. By default, Chrome eschews menu bars, toolbars and other items that chew up valuable screen real estate. Mozilla has tried to follow the trend of a less bloated browser with its most recent releases, yet Chrome continues to edge up in the ratings as Google keeps fine-tuning its browser. Chrome also offers quicker access to Gmail, built-in language translation, integration with Chrome apps and other features that likely appeal to Google users.

And what of Microsoft's Internet Explorer?

IE is still at the top of the pack, with a 58.1 percent share of Web traffic for June, up slightly from 57.8 in May. Over time, IE's share has been relatively flat, according to Net Applications, as the real battle has been between Chrome and Firefox. But despite its dominant market share, IE is getting long in the tooth and even Microsoft seems to be losing faith in it. The Windows 10 operating system, which arrives for consumers at the end of July, will offer an alternative browser called Edge.

Designed to be sleeker, faster and less burdened by add-ons and extensions, Edge is being touted by Microsoft as one of the draws for Windows 10. Oh, Internet Explorer will still be around in Windows 10, and will probably still hang onto a hefty number of users. But it although it has been getting a cleaner, more streamlined look in recent updates, IE could use a good overhaul at this point if Microsoft still wants to keep it relevant.

Among specific browser versions, Internet Explorer 11 was tops last month with a Web traffic share of 27 percent, followed by Chrome version 43 with 17.5 percent and the aging IE 8 with 13.5 percent.

Net Applications' stats differ from those of other Web trackers. StatCounter, for example, has long shown Chrome dominating over IE, Firefox and the rest of the pack in Web traffic. Why the difference? Each Web tracker uses its own somewhat unique methods and sources to determine Web traffic data. For example, Net Applications counts unique visitors per day rather than page views and has a stronger presence in certain countries than do other Web trackers.

How, why and whether to enter the new VPN war zone – The Stack

A Virtual Private Network (VPN) is not an easy concept to understand or, once understood, to explain. The name is far from self-explanatory, and renaming it to something more approximate to what it is most popularly used for these days – such as ‘Online Country Changer’ – does not respect, for instance, the legitimate ways that businesses use VPNs - often to connect to locations only ten feet away.

In attempting to describe what a country-spanning VPN does, I recently resorted to the metaphor of having one’s windows replaced so that they provide a view of a different country than the one in which they’re actually situated. It’s not a bad metaphor, but I could tell from the response that I was still describing something ‘indistinguishable from magic’; something, perhaps, only available to 300-pound basement-dwelling darknet geeks who deal with the internet exclusively from a Linux command line.

Consider instead that the cable connecting your computer to the internet is probably about six feet long, more or less - even if you’re using Wi-Fi, since your router has to run a wire into the wall.

Now imagine (assuming you are in the UK) that the cable is 3000 miles long and doesn’t start connecting to the internet until it reaches, say, New York.

VPNs speed all your network requests through a secured and (usually) encrypted tunnel which terminates at a server physically located in the target country, and that’s where all your browsing will be seen to be done from.

While using a VPN, your ISP has no access to any of your browsing activity, and sees only a single encrypted connection. The ISP is very likely to know that it’s a VPN connection, despite the encryption, since it is charged with delivering the network packets to the VPN provider over a range of ports that are typically used by VPN services. Additionally the terminating IP address may be one known to be in use by a VPN provider. But that’s all the ISP can know about a VPN-user’s activity.

Business use of VPNs

In business-case use of Virtual Private Networks, the distances traversed can be significantly less than intercontinental – as little as the next office along. A company’s Human Resources department contains such sensitive information that its network is often walled off from the company’s intranet to defend it against general network attacks and potential data breaches. Since authorised users outside HR’s walled garden will still occasionally need access to it, this can be facilitated by a remote access VPN connection, for maximum security.

Site-to-Site VPN Connections are also used to create common company or corporate intranets even when the disparate departments are in different geographical locations.

VPN security protocols and Multihop routing

VPNs have various – and variously criticised – methods of security, starting at ‘none’. One of the oldest is Point-to-Point Tunnelling Protocol (PPTP), instituted by Microsoft in the days of Windows 95. A PPTP connection is unencrypted in itself, simply creating a tunnel and wrapping the data sent, with encryption handled by TCP or GRE. Despite its age and flaws, the ubiquity of the protocol - accountable to who created and diffused it - retains its place in the business market.

Better VPN security is provided by Transport Layer Security (TLS) and Secure Sockets Layer (SSL), which generate security-certificate-based parameters at the start (‘handshake’) of the connection. Thus the two entities connecting swap valid certificates with each other and establish mutual trust until end-of-session.

IP security (IPSec) is often used as an additional measure along with other security protocols. As with PPTP, its support by Microsoft, notably regarding its integration with the Active Directory service, secures its place even as a secondary protocol, and it’s most frequently found in a Layer 2 Tunnelling Protocol (L2TP) connection, where it handles the burden of encryption whilst housed in a superior tunnelling architecture than it can itself generate.

VPNs which offer ‘multihop’ routing provide an additional layer of anonymity to the end-user by attaching a different IP address to the user’s activity than the one in which they entered the VPN network. This does not mean that entities you connect to won’t necessarily know that you’re using a VPN, since all IP addresses in use by the providing company may well have been identified as such at any time; but it does mean that your own ISP can provide absolutely no clue where you went after you left the ‘last-known’ IP address it saw you disappearing into. It’s the digital equivalent of ‘losing a tail’ at the lights.

Negatively, sending one VPN connection to another in this way can have a deleterious effect on latency, something which Tor users (see below) must contend with, as the Onion Router network ‘hops’ them multiple times around Tor nodes (and IP addresses) in order to obfuscate their online tracks.

Can you trust your VPN provider?

Since a significant portion of potential customers are interested, for whatever reason, in securing anonymity online, VPN providers frequently claim to offer ‘logless’ browsing. With several qualifications, this isn’t completely possible, particularly if the provider is furnishing a DNS service – and most especially if it is watching your bandwidth consumption, since ‘data caps’ are completely impossible without log-files.

Anyone who has ever delved into web-centric servers and OSes such as CentOS knows the enormous extent to which logs are generated by default for practically all network actions; even if one restricts the output or later deletes it, the very least a VPN provider has to do is to know that you are using the service, because it has to assign you to an IP address. Since that IP address communicates with other services that likely have zero commitment to log-deletion, it is not possible to guarantee ‘anonymous browsing’ at all times, even where the VPN provider is honouring their commitment to a ‘zero knowledge’ service.

It has been noted that various VPN providers’ promises are frequently at odds, to a greater or lesser extent, with their terms and conditions, offering ‘anonymous surfing’ whilst explicitly stating in the SLA that they will respond to instances, for example, of copyright infringement by cancelling the user’s account – which effectively makes the provider an ISP once-removed.

In 2011 popular UK-based web proxy HideMyAss cooperated with a court order demanding information on a suspected member of the LulzSec hacking team, and was in possession of perfectly adequate records to secure an arrest for the target.

This year TorrentFreak published a list of 53 VPN providers that responded to the site’s questions about what information they log and keep, and it is interesting to note how many of these have ‘internal procedures’ for complaints against the service which would seem to defy the companies’ avowal of amnesia.

Installing a VPN, and falling foul of ‘migrated’ online identity

I use a VPN myself, provided by a company called Private Internet Access (there’s no endorsement intended, though I am not generally unhappy with the service provided – it is simply the only VPN to date that I have ever personally arranged for myself). Costing £25 a year, the installation is provided, to Mac users at least, via a mountable DMG file which installs the software and later provides a drop-down menu by which one can select a ‘country of apparent residence’.

One’s earliest days in VPN-land are fraught with anomalies. Some of them are quite alarming, such as accidentally attempting to log in to your online banking ‘from America’ when your bank knows that you withdrew £20 from a cash machine in London only two hours ago. That kind of thing, be warned, can get your cards frozen.

Automated web services will feed you content based on your apparent IP address, which obviously is going to be associated with the country you chose to browse from. Weather reports suddenly become wildly inaccurate, whilst ads amusingly begin to target a resident of your ‘adopted’ locality, and you find yourself being offered fewer bargain umbrellas and more sun-screen. Depending on your VPN provider, certain protocols may behave erratically or become unavailable; in my case I cannot use FTP whilst connected via VPN, though it is easy enough to turn the VPN off for the duration of an FTP task.

Additionally you’ll find that a whole host of your favourite sites run geographical franchises worldwide in order to leverage geo-based advertising. Hence you’ll often be redirected to a version of a favourite site that is associated with the country you chose for your VPN. Depending on which one that was, the site may not necessarily be in English any longer. On a positive note, this is an easy way to see the more robust and content-rich American versions of sites which attempt to shunt UK viewers into an ad-specific ghetto version. But we’ll return to ‘geoblocking’ shortly.

A cheap and quick way to dip one’s toe in the waters of VPN is to try out the various web-browser plugins that enable proxy surfing on a per-browser basis, such as Hola Better Internet for Google Chrome. More advanced proxy users can configure their Firefox experience with FoxyProxy, in either the standard or the less intimidating basic version. More cutting-edge Firefox users can also try out the fledgeling Free Proxy List add-on, which lets users switch between the constantly emerging free proxies available at Proxy List.

Committing to VPN

Those enamoured of VPN life can commit to it very deeply if they want. At the simplest level one can configure a VPN to run on start-up, and to disconnect the computer from the internet whenever the VPN connection itself is shut down. Negatively this gives you nowhere to go if the VPN service itself should succumb to technical difficulties temporarily, and may cause some confusion as to whether the VPN or your ISP’s connectivity is at fault in the event of an outage.

That notwithstanding, you can go even further and configure your router to connect via a VPN by default. This is a marginal practice, but gives the advantage of supplying the security of a Virtual Private Network to any network-enabled device – such as smartphones, consoles or IoT devices – which accesses the internet via Wi-Fi.

DD-WRT provides a Linux-based open source router firmware framework through which you can truly take charge of a consumer-level router, configuring it to connect to your VPN provider by default. This involves flashing the factory firmware on a device that is not necessarily inexpensive, and needs to be approached with a sensible level of research and preparation. Broadcom-based routers can also be similarly mastered with Tomato’s slightly scary firmware replacement.

Committing to VPN connectivity to this degree is likely to be undertaken more for reasons of online security than geographical flexibility, since most users will need to be identified as resident in their own country in order to use banking services and local services which employ geoblocking (such as BBC’s iPlayer, for UK residents), among others. That said, there’s no technical reason not to launch a second, country-specific VPN connection on top of a same-country VPN tunnel for those occasions where you want to browse from a specific geo-locale for a while. However, latency is likely to be something of an issue in these circumstances - perhaps a chronic one if using Tor on top of all this.

VPNs in the news

VPN uptake at a consumer level is becoming a ‘war zone’ because issues about its use are commingled with The State’s current determination that a secure internet not prevent legitimate state authorities from gaining access to information about individuals who may be the subject of its investigations.

In March the tension between China and the West over post-Snowden surveillance revelations, prompted by a series of NSA-related scandals, led China to demand back-door access in any western technology imported either as a product or a service, a move that would make VPN usage in China problematic, or at best insecure. Since these severe measures are not yet in place, China is trying numerous other tactics to ‘uncloak’ VPN users, including JSON-based JavaScript exploits and blocking or degrading VPN throughput.

In Australia the Copyright Amendment (Online Infringement) Bill 2015 is thought by many privacy advocates to be an opportunity for the government to criminalise VPNs, despite rumours of an amendment that may exclude Virtual Private Networks from the scope of the act. But Australia is currently in the vanguard of pro-security legislation which does affect VPN services, and instructed Australian ISPs in April to stop offering VPN services, on the basis that they were being used to circumvent geo-blocking (of which, more below). The last few holdouts against this proscription have just crumbled.

Though the Tor foundation itself recommends the use of a VPN as an additional safeguard for users, some of the countries where confidentiality are most critical either block, attempt to block or monitor (or attempt to monitor) encrypted protocol tunnelling – such as Iran, periodically.

Russia is taking an increasingly aggressive stance against VPN usage, at least as it applies to the general public, and has even actively blocked a website that provided information about VPN blockades in Russia, and also provided advice on installing VPNs. Though privacy advocates wonder if Russia will really be able to block ‘unauthorised’ VPNs, the Russian administration has committed itself to trying.

VPNs in the firing line over geoblocking and regional licensing

Since the entire world economy is currently predicated on the different traction between national currencies, and since global businesses have to accommodate their prices to the consumer potential of individual economies, it isn’t surprising that VPNs, with their ability to level this playing field and at least partially circumvent regional restrictions, are becoming increasingly controversial as they apparently emerge from the edge into the mainstream. In 2013 Electronic Frontier Foundation member and privacy advocate Nick Pearson wrote in the Washington Post that his online privacy platform IVPN had seen a 56% upsurge in VPN sales in the wake of the Edward Snowden revelations.

Interestingly Google searches for ‘VPN’ were actually in decline for a long time before Snowden, and the opaque nature of the subject has not affected the search results trend for the term as much as some have estimated.

However this provides no information in itself about VPN uptake, whilst a similar look at the term ‘download Tor’ indicates a decided upward swing for the ‘secure’ browser that was originally invented to protect U.S. espionage operatives and their contacts around the world, and which in itself constitutes a VPN of sorts - albeit not quite as secure as many once imagined.

Imagined or not, VPN usage as related to the circumvention of geo-restrictions has come into unusual focus in the last two years.

A fresh Wikileaks dump of the emails harvested by hackers in late 2015 has recently revealed that Sony Pictures lobbied online streaming provider Netflix to tighten up its famously relaxed stance on the numerous (subscribed and paying) users who employ VPNs to access Netflix territories outside their own. Sony Pictures’ president of Distribution Keith Le Goy wrote in one of the highlighted mails: “We have asked Netflix to take steps to more closely monitor circumvention websites, and to restrict methods of payment to more clearly weed out subscribers signing up for the service illegally. This is in effect another form of piracy -- one semi-sanctioned by Netflix, since they are getting paid by subscribers in territories where Netflix does not have the rights to sell our content,”

Since the U.S. version of Netflix has considerably more content than any of its continental annexes around the world, and since many of its customers are presumably only paying for the service because they can ‘work around’ regional restrictions in this way, the prospect of Netflix banning VPN geo-dodgers would be a major company decision affecting profitability.

VPN usage to address ‘net neutrality’ speed-bumps

One interesting use for a VPN is to circumvent protocol-based traffic-throttling by your ISP, particularly if you’re using Verizon to watch video streaming services such as Netflix in the United States. Since all the protocols and ports you’re using are hidden from your ISP whilst using a VPN, it can’t throttle Netflix or Hulu, because it doesn’t know for sure that you’re using these services. Likewise neither can the use of BitTorrent be individuated, blocked or logged. In the case of Hulu, however, that won’t be the last of your hurdles, since it retains a far more aggressive attitude to off-country VPN stowaways than Netflix currently does.

Related links
Russia readying for attempt to ban Tor, VPNs
Netflix to set prices according to local piracy levels
Belarus bans Tor and all anonymising internet technologies

Please enable JavaScript to view the comments powered by Disqus.

The role of proxies and protocols in malware investigations – We Live Security (blog)

A lot of people associate online anonymity with Tor, however it is a much deeper issue than this and does not relate only to privacy while browsing. In this post, we will learn some of the key concepts to keep in mind when analyzing malware, because when we talk about anonymity, we need to understand the role played by proxy servers and certain protocols used for communication in such cases.

It’s important to be aware of these concepts, because when someone is trying to establish an anonymous connection these are the fundamental tools employed.

What is a proxy and what types of proxies exist?

A proxy is nothing more than a tool allocated to act as an intermediary in communications. Depending on what type of proxy is used, it may be possible to identify the information sent by the user—and this may be recorded on some kind of equipment.

They can be used for a variety of purposes: managing bandwidth, applying restrictions on a network (for example on downloading applications or from websites), or blocking access to certain sites, just to name a few.

Basically, a proxy is situated between the client equipment and the destination equipment. The types seen frequently are:

Transparent proxy: does not modify requests or responses beyond requesting authentication and identification, in other words the fields should not be modified. When the client uses a transparent proxy, all requests sent to the destination server come from the IP address of the server. However, it adds a line in the header to indicate the original IP address from which the query came (i.e. the user’s IP address). Highly anonymous proxy: designed to ensure complete privacy for the user, as it does not reveal their IP address or any other type of information. This is the most highly sought-after type, due to the high level of anonymity it offers. Anonymous proxy: does not reveal the user’s IP address on the server from which queries are being made. Although it may contain the header X-Forward-For, where an IP address is shown, this can be the proxy’s IP rather than the client’s.

Now that we are clear about the differences between these types of proxies, we need to look at what type of activity is going to be carried out, in order to know which proxy type is best suited to the needs of the investigation.

Protocols used in the anonymization process

Protocols are sets of rules that enable communication between entities (client – service) in order to send information. The most frequently seen are HTTP, SOCKS4, and SOCKS5.

These are described in turn below:

HTTP: HTTP proxies (named as such due to filtering connections in this protocol) were designed to receive queries and redirect them to the requested resource. They are generally used for unencrypted connections, although they support SSL and FTP. SOCKS4: this protocol was designed for managing traffic between the client and the server, via an intermediary (proxy server). SOCKS4 only supports TCP communications, and does not have any methods of authentication. The extension that followed this, named SOCKS4A, was different in that it incorporated support for resolving names through DNS. SOCKS5: the subsequent and latest version of the above proxy, which incorporates support for TCP and UDP communications, as well as support for authentication from the client to the proxy How does anonymity help with investigations?

It’s important to know what type of information you are sending when you are connecting and interacting with a piece of equipment directly.

Let’s suppose you are carrying out a security audit with the relevant authorities, in order to dismantle a network of cybercriminals—you will need to run a lot of processes that interact with the equipment they are using to carry out their attacks. This way, with anonymity, the investigator would disguise their identity (i.e. IP address) constantly, without exposing their real identity.

If your actions were discovered by the cybercriminals, they might find out that you were trying to make connections from a network belonging to a branch of the authorities, due to the availability of records and public information, including that held by registration organizations.

It’s also useful if the investigator has instructed a tool to automatically download samples of malicious code from websites. If you wish not to leave any type of record anywhere (whether for reasons of confidentiality, for personal reasons, or the requirements of the situation), having tools with this ability will be of great use to you as an investigator.

Let’s consider the example of investigating a botnet: after identifying the address where the botmaster’s control panel is located, if you try to access it to check whether it is active, there are two potential outcomes:

In the case of direct interaction, the attacker may receive an alert in their log and suspect that someone—other than a bot—is attempting to connect to the server. When they notice that this activity is coming from a particular IP address, they might try to block it and thus deny access to their control panel, so that the investigator gets a negative response when they try to access it, meaning they cannot continue their investigation. In the case of having anonymity, the outcome could be very similar, except with the advantage of being able to change the network’s identity (the investigator’s IP address) and this explains all the aforementioned. In this case, you need to make sure to use a highly anonymous proxyso as not to leave any kind of trail. If the attacker blocks the (anonymous) IP address, in reality they would be blocking the address coming from the proxy server. Furthermore, you are protecting your digital identity, thereby preventing any type of attack in response.

The main thing is to keep in mind the differences between HTTP, SOCKS4, and SOCKS5 In many cases of investigations, including security audits and malware analyses, it’s best to leave nothing to chance. Therefore, it’s necessary to consider what type of activity you are going to carry out, what type of anonymity you will need, and what type of connection you are going to use (although for better security, SOCKS5 is recommended).

Conclusion

Beyond the concept of anonymity, there are various other issues to keep in mind depending on the requirements of the situation. While Tor is a free network for browsing based on privacy, there are other tools such as Privoxy and ProxyChains, to name just two, which also help in maintaining privacy while using tools.

In the day-to-day running of an investigation, you have to constantly evaluate what type of activity you need to carry out, and whether or not it requires anonymity. If it does require anonymity, you need to analyze what level, and, of course, the higher the security of the connection, the better the conditions will be.

As investigators, it’s essential to understand how things work and not to limit yourself to one particular tool. This enables you to develop your own customized tools, and will help you in analyzing malware.

Image credits: ©Grant Hutchinson/Flickr

Author Ignacio Pérez, ESET

The role of proxies and protocols in malware investigations – We Live Security (blog)

A lot of people associate online anonymity with Tor, however it is a much deeper issue than this and does not relate only to privacy while browsing. In this post, we will learn some of the key concepts to keep in mind when analyzing malware, because when we talk about anonymity, we need to understand the role played by proxy servers and certain protocols used for communication in such cases.

It’s important to be aware of these concepts, because when someone is trying to establish an anonymous connection these are the fundamental tools employed.

What is a proxy and what types of proxies exist?

A proxy is nothing more than a tool allocated to act as an intermediary in communications. Depending on what type of proxy is used, it may be possible to identify the information sent by the user—and this may be recorded on some kind of equipment.

They can be used for a variety of purposes: managing bandwidth, applying restrictions on a network (for example on downloading applications or from websites), or blocking access to certain sites, just to name a few.

Basically, a proxy is situated between the client equipment and the destination equipment. The types seen frequently are:

Transparent proxy: does not modify requests or responses beyond requesting authentication and identification, in other words the fields should not be modified. When the client uses a transparent proxy, all requests sent to the destination server come from the IP address of the server. However, it adds a line in the header to indicate the original IP address from which the query came (i.e. the user’s IP address). Highly anonymous proxy: designed to ensure complete privacy for the user, as it does not reveal their IP address or any other type of information. This is the most highly sought-after type, due to the high level of anonymity it offers. Anonymous proxy: does not reveal the user’s IP address on the server from which queries are being made. Although it may contain the header X-Forward-For, where an IP address is shown, this can be the proxy’s IP rather than the client’s.

Now that we are clear about the differences between these types of proxies, we need to look at what type of activity is going to be carried out, in order to know which proxy type is best suited to the needs of the investigation.

Protocols used in the anonymization process

Protocols are sets of rules that enable communication between entities (client – service) in order to send information. The most frequently seen are HTTP, SOCKS4, and SOCKS5.

These are described in turn below:

HTTP: HTTP proxies (named as such due to filtering connections in this protocol) were designed to receive queries and redirect them to the requested resource. They are generally used for unencrypted connections, although they support SSL and FTP. SOCKS4: this protocol was designed for managing traffic between the client and the server, via an intermediary (proxy server). SOCKS4 only supports TCP communications, and does not have any methods of authentication. The extension that followed this, named SOCKS4A, was different in that it incorporated support for resolving names through DNS. SOCKS5: the subsequent and latest version of the above proxy, which incorporates support for TCP and UDP communications, as well as support for authentication from the client to the proxy How does anonymity help with investigations?

It’s important to know what type of information you are sending when you are connecting and interacting with a piece of equipment directly.

Let’s suppose you are carrying out a security audit with the relevant authorities, in order to dismantle a network of cybercriminals—you will need to run a lot of processes that interact with the equipment they are using to carry out their attacks. This way, with anonymity, the investigator would disguise their identity (i.e. IP address) constantly, without exposing their real identity.

If your actions were discovered by the cybercriminals, they might find out that you were trying to make connections from a network belonging to a branch of the authorities, due to the availability of records and public information, including that held by registration organizations.

It’s also useful if the investigator has instructed a tool to automatically download samples of malicious code from websites. If you wish not to leave any type of record anywhere (whether for reasons of confidentiality, for personal reasons, or the requirements of the situation), having tools with this ability will be of great use to you as an investigator.

Let’s consider the example of investigating a botnet: after identifying the address where the botmaster’s control panel is located, if you try to access it to check whether it is active, there are two potential outcomes:

In the case of direct interaction, the attacker may receive an alert in their log and suspect that someone—other than a bot—is attempting to connect to the server. When they notice that this activity is coming from a particular IP address, they might try to block it and thus deny access to their control panel, so that the investigator gets a negative response when they try to access it, meaning they cannot continue their investigation. In the case of having anonymity, the outcome could be very similar, except with the advantage of being able to change the network’s identity (the investigator’s IP address) and this explains all the aforementioned. In this case, you need to make sure to use a highly anonymous proxyso as not to leave any kind of trail. If the attacker blocks the (anonymous) IP address, in reality they would be blocking the address coming from the proxy server. Furthermore, you are protecting your digital identity, thereby preventing any type of attack in response.

The main thing is to keep in mind the differences between HTTP, SOCKS4, and SOCKS5 In many cases of investigations, including security audits and malware analyses, it’s best to leave nothing to chance. Therefore, it’s necessary to consider what type of activity you are going to carry out, what type of anonymity you will need, and what type of connection you are going to use (although for better security, SOCKS5 is recommended).

Conclusion

Beyond the concept of anonymity, there are various other issues to keep in mind depending on the requirements of the situation. While Tor is a free network for browsing based on privacy, there are other tools such as Privoxy and ProxyChains, to name just two, which also help in maintaining privacy while using tools.

In the day-to-day running of an investigation, you have to constantly evaluate what type of activity you need to carry out, and whether or not it requires anonymity. If it does require anonymity, you need to analyze what level, and, of course, the higher the security of the connection, the better the conditions will be.

As investigators, it’s essential to understand how things work and not to limit yourself to one particular tool. This enables you to develop your own customized tools, and will help you in analyzing malware.

Image credits: ©Grant Hutchinson/Flickr

Author Ignacio Pérez, ESET

How ‘free’ geo-dodging and proxy services are selling you out – Sydney Morning Herald

Of the proxy services tested, 79 per cent force users into unencrypted browsing, 16 per cent inject ads.

Of the proxy services tested, 79 per cent force users into unencrypted browsing, 16 per cent inject ads. Photo: Louise Kennerley

Netflix, Hulu and a host of other content streaming services block non-US users from viewing their content. As a result, many people residing outside of the United States seek to circumvent such restrictions by using services that advertise "free" and "open" web proxies capable of routing browser traffic through US-based computers and networks. Perhaps unsurprisingly, new research suggests that most of these "free" offerings are anything but, and actively seek to weaken browser security and privacy.

The data comes from Austrian researcher and teacher Christian Haschek, who published a simple script to check 443 open web proxies (no, that number was not accidental). His script tries to see if a given proxy allows encrypted browser traffic (https://), and whether the proxy tries to modify site content or inject any content into the user's browser session, such as ads or malicious scripts.

Haschek found that 79 per cent of the proxies he tested forced users to load pages in unencrypted (http://) mode, meaning the owners of those proxies could see all of the traffic in plain text.

"It could be because they want you to use http so they can analyse your traffic and steal your logins," Haschek said. "If I'm a good guy setting up a server so that people can use it to be secure and anonymous, I'm going to allow people to use https. But what is my motive if I tell users http only?"

Haschek's research also revealed that slightly more than 16 per cent of the proxy servers were actively modifying static HTML pages to inject ads.

Virtual private networks (VPNs) allow users to tunnel their encrypted traffic to different countries, but increasingly online content providers are blocking popular VPN services as well. Tor offers users the ability to encrypt and tunnel traffic for free, but in my experience the service isn't reliably fast enough to stream video.

Haschek suggests that users who wish to take advantage of open proxies pick ones that allow https traffic. He's created and posted online a free tool that allows anyone to test whether a given proxy permits encrypted web traffic, as well as whether the proxy truly hides the user's real internet address. This blog post explains more about his research methodology and script.

Security-conscious users who wish to take advantage of open proxies also should consider doing so using a Live CD or virtual machine setup that makes it easy to reset the system to a clean installation after each use. I rely on the free VirtualBox platform to run multiple virtual machines, a handful of which I use to do much of my regular browsing, tweeting, emailing and other things that can lead sometimes to malicious links, scripts, etc.

This tutorial offers a fairly easy-to-follow primer on how to run a Live CD installation of a Linux distribution of your choosing on top of VirtualBox.

KrebsOnSecurity

Follow Digital Life on Twitter

How ‘free’ geo-dodging and proxy services are selling you out – Sydney Morning Herald

Of the proxy services tested, 79 per cent force users into unencrypted browsing, 16 per cent inject ads.

Of the proxy services tested, 79 per cent force users into unencrypted browsing, 16 per cent inject ads. Photo: Louise Kennerley

Netflix, Hulu and a host of other content streaming services block non-US users from viewing their content. As a result, many people residing outside of the United States seek to circumvent such restrictions by using services that advertise "free" and "open" web proxies capable of routing browser traffic through US-based computers and networks. Perhaps unsurprisingly, new research suggests that most of these "free" offerings are anything but, and actively seek to weaken browser security and privacy.

The data comes from Austrian researcher and teacher Christian Haschek, who published a simple script to check 443 open web proxies (no, that number was not accidental). His script tries to see if a given proxy allows encrypted browser traffic (https://), and whether the proxy tries to modify site content or inject any content into the user's browser session, such as ads or malicious scripts.

Haschek found that 79 per cent of the proxies he tested forced users to load pages in unencrypted (http://) mode, meaning the owners of those proxies could see all of the traffic in plain text.

"It could be because they want you to use http so they can analyse your traffic and steal your logins," Haschek said. "If I'm a good guy setting up a server so that people can use it to be secure and anonymous, I'm going to allow people to use https. But what is my motive if I tell users http only?"

Haschek's research also revealed that slightly more than 16 per cent of the proxy servers were actively modifying static HTML pages to inject ads.

Virtual private networks (VPNs) allow users to tunnel their encrypted traffic to different countries, but increasingly online content providers are blocking popular VPN services as well. Tor offers users the ability to encrypt and tunnel traffic for free, but in my experience the service isn't reliably fast enough to stream video.

Haschek suggests that users who wish to take advantage of open proxies pick ones that allow https traffic. He's created and posted online a free tool that allows anyone to test whether a given proxy permits encrypted web traffic, as well as whether the proxy truly hides the user's real internet address. This blog post explains more about his research methodology and script.

Security-conscious users who wish to take advantage of open proxies also should consider doing so using a Live CD or virtual machine setup that makes it easy to reset the system to a clean installation after each use. I rely on the free VirtualBox platform to run multiple virtual machines, a handful of which I use to do much of my regular browsing, tweeting, emailing and other things that can lead sometimes to malicious links, scripts, etc.

This tutorial offers a fairly easy-to-follow primer on how to run a Live CD installation of a Linux distribution of your choosing on top of VirtualBox.

KrebsOnSecurity

Follow Digital Life on Twitter

“Free” <b>Proxies</b> Aren't Necessarily Free — Krebs on Security

facebooktwittergoogle_plusredditpinterestlinkedinmail

Netflix, Hulu and a host of other content streaming services block non-U.S. users from viewing their content. As a result, many people residing in or traveling outside of the United States seek to circumvent such restrictions by using services that advertise “free” and “open” Web proxies capable of routing browser traffic through U.S.-based computers and networks. Perhaps unsurprisingly, new research suggests that most of these “free” offerings are anything but, and actively seek to weaken browser security and privacy.

proxyThe data comes from Austrian researcher and teacher Christian Haschek, who published a simple script to check 443 open Web proxies (no, that number was not accidental). His script tries to see if a given proxy allows encrypted browser traffic (https://), and whether the proxy tries to modify site content or inject any content into the user’s browser session, such as ads or malicious scripts.

Haschek found that 79 percent of the proxies he tested forced users to load pages in unencrypted (http://) mode, meaning the owners of those proxies could see all of the traffic in plain text.

“It could be because they want you to use http so they can analyze your traffic and steal your logins,” Haschek said. “If I’m a good guy setting up a server so that people can use it to be secure and anonymous, I’m going to allow people to use https. But what is my motive if I tell users http only?”

Haschek’s research also revealed that slightly more than 16 percent of the proxy servers were actively modifying static HTML pages to inject ads.

Virtual private networks (VPNs) allow users to tunnel their encrypted traffic to different countries, but increasingly online content providers are blocking popular VPN services as well. Tor offers users the ability to encrypt and tunnel traffic for free, but in my experience the service isn’t reliably fast enough to stream video.

Haschek suggests that users who wish to take advantage of open proxies pick ones that allow https traffic. He’s created and posted online a free tool that allows anyone to test whether a given proxy permits encrypted Web traffic, as well as whether the proxy truly hides the user’s real Internet address. This blog post explains more about his research methodology and script.

Users who wish to take advantage of open proxies also should consider doing so using a Live CD or virtual machine setup that makes it easy to reset the system to a clean installation after each use. I rely on the free VirtualBox platform to run multiple virtual machines, a handful of which I use to do much of my regular browsing, tweeting, emailing and other things that can lead sometimes to malicious links, scripts, etc.

I’ll most likely revisit setting up your own VirtualBox installation in a future post, but this tutorial offers a fairly easy-to-follow primer on how to run a Live CD installation of a Linux distribution of your choosing on top of VirtualBox.

Tags: Christian Haschek, free proxies, free proxy, http proxy, live cd, Virtualbox, VPNs, Web proxies

Google offers faster Web access on Android phones – Techworld Australia

Google speeds Web pages

Google speeds Web pages

Google will deliver lighter versions of Web pages in search results for Android phones users with slow connections in India and Brazil.

The feature, which will be rolled out in India in two weeks, has been field tested in Indonesia, where it was found that the pages, converted on the fly, load four times faster and use 80 percent less data than before, Hiroto Tokusei, a Google product manager wrote Thursday in a blog post.

A Google spokesman said the company did not have a name for the new feature, which is primarily targeted at emerging markets. He said it was too early to comment on the company's plans to offer the service on phones other than those running the Android operating system.

Rather than linking to a page directly from search results, Google links to its own servers, where it generates what it calls a transcoded version of the page on the fly. The process involves compressing graphics and removing some JavaScript functions.

The technique is likely to be similar to that used by specialized mobile browsers such as Opera Mini, which route mobile browsing sessions through a proxy server where pages are compressed.

Users can view a page in its unmodified form by choosing an option at the top of the page, Tokusei said.

The technology targets the over 200 million Indians accessing the Internet from a smartphone, sometimes with slow and costly Internet connections.

Users will see the converted pages if Google detects that they are on a slow network connection in a country where the conversion, also called transcoding, is enabled.

Google has limited advertisements to three per page and disabled Google Analytics scripts to make the pages lighter. In a support page for website providers, Google said it was working on ways to enable analytics without compromising low bandwidth responses.

Some pages cannot currently be transcoded, and these include pages from websites that require cookies, use significant amount of data like video sites, or are technically difficult to transcode, according to Google. The pages will be labeled as non-transcoded in search results.

To reach users in emerging markets, a number of Internet companies are looking at ways to deliver Internet services over low bandwidth connections. Facebook said recently it had started rolling out in Asia its Facebook Lite, a low-data version of Facebook for Android for slow networks. Facebook Lite will also be available soon in parts of Latin America, Africa and Europe.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is [email protected]

Join the TechWorld newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesAndroid OSGoogleinternet

More about FacebookGoogleIDGNewsTwitter