Should we all be as pissed as Mozilla about Edge taking over in Windows 10? – BetaNews

microsoft_edge_icon

Microsoft is no stranger to controversy when it comes to web browsers. Internet Explorer has been the butt of jokes for many years, and the company also found itself in trouble in Europe as part of an antitrust case. With the release of Windows 10, history could be about to repeat itself.

Mozilla CEO Chris Beard penned a letter to Microsoft the other day expressing his disappointment that people upgrading to Windows 10 have their default browser choice overridden and changed to Microsoft Edge. While some may feel that Mozilla is whining, it could be argued that the company is right to be pissed -- and Windows 10 users should be just as pissed at the liberties Microsoft is taking.

Of course, there is nothing to stop people from changing the default browser to whatever they prefer but the point is... they shouldn’t have to. Someone upgrading from Windows 7 or Windows 8.1 with Chrome (for instance) installed has already indicated that they have a particular preference when it comes to their web browser -- they installed Chrome. Microsoft should not assume that in upgrading to Windows 10 browsing preferences will change. If a user wants to use Microsoft Edge, they can do so using the taskbar icon. There's just no need to force it upon people.

Microsoft runs a real danger of making Edge something of an unwanted house guest rather than the Internet Explorer replacement it is meant to be. Riding roughshod over the choices that users have already made is no way to make friends and influence people -- as happened with Mozilla, it just rubs people up the wrong way.

Writing to Satya Nadella, Beard said:

When we first saw the Windows 10 upgrade experience that strips users of their choice by effectively overriding existing user preferences for the Web browser and other apps, we reached out to your team to discuss this issue. Unfortunately, it didn't result in any meaningful progress, hence this letter.

We appreciate that it's still technically possible to preserve people's previous settings and defaults, but the design of the whole upgrade experience and the default settings APIs have been changed to make this less obvious and more difficult.

This is something of a theme that runs through Windows 10. Just as it is possible to opt out of the features of the operating system that invade privacy, it is not immediately obvious how to go about it. Does this mean that a lot of people will stick with using Microsoft Edge simply because they don't know how to change the default browser? Only time will tell, but it certainly feels as though we're treading familiar ground here. Microsoft is essential forcing users' hands, and that not something that tends to go down particularly well.

Of course, the obvious comeback is something along the lines of "well, Windows 10 is Microsoft's operating system; it's only right that it is free to do whatever it wants". To a certain extent this is true, but at the same time Microsoft has a moral responsibility to respect the choices that people have already made. Of course Microsoft is free to wipe out any and all program default if it feels inclined, but that doesn’t make it right. There's a big difference between exercising a right, and doing something that is right.

Unlike my colleague Brian Fagioli, I agree wholeheartedly with Chris Beard. He is spot on when he says:

Sometimes we see great progress, where consumer products respect individuals and their choices. However, with the launch of Windows 10 we are deeply disappointed to see Microsoft take such a dramatic step backwards.

It is naïve to suggest, as Brian does, that "the real people this impacts are the ones that don't know how to change their default web browser, and quite frankly, if they don't know how to change back to Firefox, they also probably didn't know how to choose it." Whether done by the user, or through the proxy of a more knowledgeable friend or relative, I assert that it is Microsoft's duty to respect the choices that have been made on a computer.

What is sad is that the people who don’t know how to change the browser may stick with Microsoft Edge simply because they don’t know otherwise. Microsoft's new browser has launched without one of its main selling points -- extensions. We don’t know when this will be added and for those who cannot or do not switch to the likes of Chrome or Firefox (or one of the other alternatives), their experience of the internet is going to be substandard. That's Microsoft's fault, and it's not something that people should be happy to put up with, whether it affects them directly or not.

Why Safari is still the best iPhone web browser – Macworld UK

Opera is widely understood to be the connoisseurs' choice of web browser software. It occupies only about one percent of the web browser market on desktop, but its users claim (not without some justification) that it's the best product around.

On iPhone, Opera has two browser apps to choose from.

The first we'll look at, Opera Mini, takes the approach that speed is key. By some clever trickery involving proxy browsers returning static pages (don't worry about it) Opera Mini is quicker than the most popular browsers.

In (very unscientific) tests it appeared to return pages in about half the time it took Safari and Chrome (oddly enough, Dolphin was the slowest, although it has the habit of returning a page fairly quickly but then sitting with the progress bar virtually finished for another 10 seconds, so the experience isn't significantly worse).

It's also an economical browser, reducing your data usage significantly. You can track the savings you're making on a dedicated analytics page.

Opera Mini makes compromises to achieve these savings, but you are able at least to choose how extreme you want these compromises to be. There are three settings - Mini, Turbo and Off, of which the fastest, confusingly, is Mini - and you can choose to load or not load images, and at what quality you want them to appear.

The tab manager view is 3D, as is apparently industry-standard now, and like Chrome allows you to simply swipe a tab to close it. The tabs are arranged horizontally, though, and therefore swiped upwards. This horizontal layout also means (in this user's humble opinion) that it's a little easier to see at a glance what's on each page. And again like Chrome, the interface incorporates a handy 'drag down to refresh' that we'd like to see in Safari.

Opera Mini's keyboard, meanwhile, is masterly - the best of any browser in this roundup. It includes two handy shortcut buttons: one to input a QR code, and another to switch between default searches in Google, Wikipedia, eBay and Amazon. But its triumph is the central slider/rocker switch that deftly moves the cursor in the URL bar and, if you hold it down for a moment, selects text too. The only thing missing is a '.com' or 'co.uk' autocomplete button.

Finally, like a few other browsers here, Opera Mini boasts a 'Smart night mode', which claims to reduce blue light and help you to sleep better after browsing late at night.

Advantages: Fast; saves on data consumption; fantastic keyboard helps handle fiddly URL text on a small screen

Disadvantages: We've found it a tiny bit crash-prone; compromises in image quality etc required in order to achieve big speed/data improvements

FREE | App Store link

Tor anonymity called into question as alternative browser surfaces – TechTarget

No stranger to scrutiny, the Tor network was dealt another set of blows this week when not only were two new proof-of-concept vulnerabilities disclosed, but also an alternative onion router network made the news.

Tor has received a bad rap lately; the anonymity network is often associated with illegal and illicit dealings alongside its legitimate ability to protect journalists, activists and oppressed users, as well as other privacy-seeking folks.

But it's not just a select group of Tor's estimated 2.5 million daily users causing the problem. Tor anonymity is now being called out by a group of researchers who claim they can -- with 88% accuracy -- determine the Tor services and websites a user accesses … all without breaking Tor's strong encryption.

In a proof-of-concept attack published this week, researchers from MIT and the Qatar Computing Research Institute claimed through traffic fingerprinting they were able to infer a hidden server's location and the source of information being accessed by Tor users -- all by analyzing the traffic patterns of encrypted data passing over the all-volunteer Tor network.

The attack only works, however, if an adversary's computer serves as the "guard" computer in a Tor circuit.

"For a while, we've been aware that circuit fingerprinting is a big issue for hidden services," said Tor project developer David Goulet. "This paper showed that it's possible to do it passively, but it still requires an attacker to have a foot in the network and to gather data for a certain period of time."

Researchers also found through traffic analysis that machine-learning algorithms could with 99% accuracy determine whether the circuit was an ordinary Web-browser circuit, introduction-point circuit or rendezvous-point circuit.

The group also offered defense tactics. "We recommend that they mask the sequences so that all the sequences look the same," researcher Mashael AlSabah said. "You send dummy packets to make all five types of circuits look similar."

According to the MIT News article, the fix was suggested to Tor project representatives, who may add it to a future version of Tor.

"We are considering their countermeasures as a potential improvement to the hidden service," Goulet said. "But I think we need more concrete proof that it definitely fixes the issue."

The research will be presented at the Usenix Security Symposium in August.

Tor anonymity erased with behavior profiling

Security researchers Per Thorsheim and Paul Moore separately published details about how behavior biometrics can threaten user privacy, throwing the promise of Tor anonymity out the window.

In a blog post published Tuesday, Moore wrote, "You can forget Tor, a VPN and your favorite proxy site … if you have JavaScript enabled and you've been profiled, there's a very good chance they'll identify you."

The pair developed Keyboard Privacy, a Google Chrome extension which "interferes with the periodicity of everything you enter into a website" to prevent behavioral profiling and help maintain privacy.

In his post, Moore described using the extension to protect an online banking profile created over Tor using the extension.

HORNET -- a Tor alternative?

In other Tor news, researchers from the Swiss Federal Institute of Technology and University College London introduced an alternative onion network dubbed HORNET. Short for high-speed onion routing at the network layer, it offers the same promise of anonymous browsing but with better scaling, stronger privacy and higher speed -- researchers claimed it can process anonymous traffic at over 93 Gbps. Researchers also said each HORNET node can process anonymous traffic for "a practically unlimited number of sources."

Like Tor, HORNET uses a group of relay nodes to mix and encrypt traffic -- and hide users' locations and IP addresses -- in layers to ensure anonymity. However, researchers say it is not plagued with the decreased speed that Tor and other anonymity networks regularly experience.

The low-latency onion routing system "uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate nodes," researchers wrote.

"Unlike other onion routing implementations, HORNET routers do not keep overflow state or perform computationally expensive operations for data forwarding, allowing the system to scale as new clients are added.

"It is designed to be highly efficient; instead of keeping state at each relay, connection state (such as onion layer decryption keys) is carried within packet headers, allowing intermediate nodes to quickly forward traffic for large numbers of clients."

Because the system does not store per-session states, it also providers "stronger security guarantees" than other onion network options.

The researchers also claimed it is less vulnerable to identity-revealing attacks such as session linkage and packet correlation. However, it is not completely immune to attack; confirmation attacks leveraging flow analysis, timing analysis and packet tagging can potentially be successfully executed to determine identity. "However," researchers wrote, "HORNET raises the bar of deploying such attacks for secretive mass surveillance: the adversary must be capable of controlling a significant percentage of ISPs often residing in multiple geopolitical boundaries, not to mention keeping such massive activity confidential."

Users should not jump on the bandwagon yet, however; HORNET has not yet been peer-reviewed.

In other news The state of Android security took multiple hits this week, yet a new report found the issue may not be as bad as some make it out to be. In a blog post published Monday, seven flaws collectively known as the Google Stagefright Media Playback Engine Multiple Code Execution vulnerabilities were described, all of which affect an Android device's media playback component called Stagefright. Exploitation of any of the seven flaws involves an adversary sending specially crafted media files via MMS to targets. If successful, the attack could result in remote code execution. The scary part of the flaw, researcher Joshua Drake from Zimperium zLabs said, is that only a telephone number is needed to complete the attack -- victims don't need to take any action. "A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited," Drake wrote. "Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual -- with a trojaned phone." Drake notified Google of the flaws in April and May; Google subsequently released a patch on May 8. However, devices are still at risk until carriers and manufacturers roll out the patch. Users are urged to disable automatic retrieval of multimedia messages, exercise caution when opening multimedia messages, and apply patches as soon as they are received. Approximately 95% of Android devices -- or 950 million -- are reportedly exposed to the flaw. Drake's research will be presented at Black Hat on August 5 and at DEF CON on August 7. Similar to the Stagefright vulnerabilities, Trend Micro Inc. researchers separately published a blog post this week describing a new Android vulnerability that can renders a device "apparently dead -- silent, unable to make calls, with a lifeless screen." The vulnerability lies in the mediaserver service Android uses to index media files. If mediaserver attempts to process a Matroska file, the device could potentially crash. Devices can be infected by downloading a malicious app or through a specially-crafted website. The flaw, caused by an integer overflow, leaves victim devices "totally silent and non-responsive" -- no ring tone, text tone or notification sounds, a low or non-responsive user interface, and -- if the phone is locked -- it won't unlock. The flaw affects Android 4.3 through 5.1.1, which account for approximately half of all Android devices in use today. Trend Micro researchers reported the issue to Google in May. While the company acknowledged the flaw as a low-vulnerability risk, it has not yet released a patch. Users are urged to boot devices in safe mode and use on-device security technology to prevent the threat until a patch is released. Not all on the Android horizon is grim, at least not when backed with research from the "Q2 2015 Malware and Vulnerability Report" released by 360 Mobile Security Limited this week. In analysis of more than 200 million Android devices, researchers found only one out of every 100 devices -- or 1.4% -- across the globe was affected by malware. This finding is consistent with Google's research in the Android Security Report released in April. The 360 Mobile researchers also concluded that only .2% of devices in the U.S. were infected by malware in Q2 2015. However, of the .2% of devices infected, 62% contained privacy-stealing malware. The report also highlighted the importance of upgrading to recent versions of the Android OS; despite low malware infections, researchers found Android devices are subject to other vulnerabilities if not kept up to date. For example, 81.2% of all Android devices version 4.4 and earlier are exposed to the TowelRoot Linux bug, while 38.1% of all Android devices version 4.3 and earlier are exposed to the AOSP Browser vulnerability, and 38.1% exposed to Masterkey vulnerability. The Xen Project released an update to fix a host escape flaw in Xen hypervisor. If exploited, the flaw dubbed CVE-2015-5154 could potentially allow a privileged guest to bypass security controls and infiltrate and execute code on the host operating system. The flaw involves the CD-ROM drive emulation feature of QEMU, an open source emulator used by Xen, KVM and other virtualization platforms. While not as serious as the similar VENOM vulnerability disclosed and patched in May, Xen Project researchers recommend updating the issue as soon as possible. All systems running x86 HVM guests without stubdomains are vulnerable; systems not configured to emulate a CD-ROM drive inside the OS are not affected. Xen Project researchers suggest avoiding the use of emulated CD-ROM devices altogether, or enabling stubdomains. The U.S. government's proposed amendments to the Wassenaar Arrangement are being sent back to the drawing board after a meeting with industry stakeholders Wednesday. A U.S. Department of Commerce spokesman told Reuters that "a second iteration of this regulation will be promulgated, and you can infer from that that the first one will be withdrawn." The changes -- which aimed to limit the export of technologies related to intrusion and traffic inspection -- were met with much criticism by the security community after a 60-day comment period was announced in May. The Commerce Department spokesman, who declined to give his name, told Reuters the comments received will be "carefully reviewed and distilled" in a process that will likely "take months." Next Steps

Does Tor use pose an enterprise risk? Find out here

Learn the latest about Android security, Xen hypervisor safety and the Wassenaar Arrangement

big <b>proxy</b> list,alive <b>proxies</b>,<b>Proxies</b> Forums – Divas Mobile Solutions

[unable to retrieve full-text content]By activating their personal surfing options upon most most popular web browsers, you'll browse in the way you're accustomed, however with your IP information protected through a proxy host. To do this, you have first reached find a listings to ...

The role of proxies and protocols in malware investigations, according to ESET – SecurityWatch NZ

A lot of people associate online anonymity with Tor, however it is a much deeper issue than this and does not relate only to privacy while browsing. In this post, we will learn some of the key concepts to keep in mind when analysing malware, because when we talk about anonymity, we need to understand the role played by proxy servers and certain protocols used for communication in such cases.

It’s important to be aware of these concepts, because when someone is trying to establish an anonymous connection these are the fundamental tools employed.

What is a proxy and what types of proxies exist?

A proxy is nothing more than a tool allocated to act as an intermediary in communications. Depending on what type of proxy is used, it may be possible to identify the information sent by the user—and this may be recorded on some kind of equipment.

They can be used for a variety of purposes: managing bandwidth, applying restrictions on a network (for example on downloading applications or from websites), or blocking access to certain sites, just to name a few.

Basically, a proxy is situated between the client equipment and the destination equipment. The types seen frequently are:

·       Transparent proxy: does not modify requests or responses beyond requesting authentication and identification, in other words the fields should not be modified. When the client uses a transparentproxy, all requests sent to the destination server come from the IP address of the server. However, it adds a line in the header to indicate the original IP address from which the query came (i.e. the user’s IP address).

·       Highly anonymous proxy: designed to ensure complete privacy for the user, as it does not reveal their IP address or any other type of information. This is the most highly sought-after type, due to the high level of anonymity it offers.

·       Anonymous proxy: does not reveal the user’s IP address on the server from which queries are being made. Although it may contain the header X-Forward-For, where an IP address is shown, this can be the proxy’s IP rather than the client’s.

Now that we are clear about the differences between these types of proxies, we need to look at what type of activity is going to be carried out, in order to know which proxy type is best suited to the needs of the investigation.

Protocols used in the anonymisation process

Protocols are sets of rules that enable communication between entities (client – service) in order to send information. The most frequently seen are HTTP, SOCKS4, and SOCKS5.

These are described in turn below:

·       HTTP: HTTP proxies (named as such due to filtering connections in this protocol) were designed to receive queries and redirect them to the requested resource. They are generally used for unencrypted connections, although they support SSL and FTP.

·       SOCKS4: this protocol was designed for managing traffic between the client and the server, via an intermediary (proxy server). SOCKS4 only supports TCP communications, and does not have any methods of authentication. The extension that followed this, named SOCKS4A, was different in that it incorporated support for resolving names through DNS.

·       SOCKS5: the subsequent and latest version of the above proxy, which incorporates support for TCP and UDP communications, as well as support for authentication from the client to the proxy

How does anonymity help with investigations?

It’s important to know what type of information you are sending when you are connecting and interacting with a piece of equipment directly.

Let’s suppose you are carrying out a security audit with the relevant authorities, in order to dismantle a network of cybercriminals—you will need to run a lot of processes that interact with the equipment they are using to carry out their attacks. This way, with anonymity, the investigator would disguise their identity (i.e. IP address) constantly, without exposing their real identity.

If your actions were discovered by the cybercriminals, they might find out that you were trying to make connections from a network belonging to a branch of the authorities, due to the availability of records and public information, including that held by registration organisations.

It’s also useful if the investigator has instructed a tool to automatically download samples of malicious code from websites. If you wish not to leave any type of record anywhere (whether for reasons of confidentiality, for personal reasons, or the requirements of the situation), having tools with this ability will be of great use to you as an investigator.

Let’s consider the example of investigating a botnet: after identifying the address where thebotmaster’s control panel is located, if you try to access it to check whether it is active, there are two potential outcomes:

·       In the case of direct interaction, the attacker may receive an alert in their log and suspect that someone—other than a bot—is attempting to connect to the server. When they notice that this activity is coming from a particular IP address, they might try to block it and thus deny access to their control panel, so that the investigator gets a negative response when they try to access it, meaning they cannot continue their investigation.

·       In the case of having anonymity, the outcome could be very similar, except with the advantage of being able to change the network’s identity (the investigator’s IP address) and this explains all the aforementioned. In this case, you need to make sure to use a highly anonymous proxyso as not to leave any kind of trail. If the attacker blocks the (anonymous) IP address, in reality they would be blocking the address coming from the proxy server. Furthermore, you are protecting your digital identity, thereby preventing any type of attack in response.

The main thing is to keep in mind the differences between HTTP, SOCKS4, and SOCKS5 In many cases of investigations, including security audits and malware analyses, it’s best to leave nothing to chance. Therefore, it’s necessary to consider what type of activity you are going to carry out, what type of anonymity you will need, and what type of connection you are going to use (although for better security, SOCKS5 is recommended).

Conclusion

Beyond the concept of anonymity, there are various other issues to keep in mind depending on the requirements of the situation. While Tor is a free network for browsing based on privacy, there are other tools such as Privoxy and ProxyChains, to name just two, which also help in maintaining privacywhile using tools.

In the day-to-day running of an investigation, you have to constantly evaluate what type of activity you need to carry out, and whether or not it requires anonymity. If it does require anonymity, you need to analyse what level, and, of course, the higher the security of the connection, the better the conditions will be.

As investigators, it’s essential to understand how things work and not to limit yourself to one particular tool. This enables you to develop your own customised tools, and will help you in analysing malware.

By Ignacio Pérez, ESET

To learn more about ESET, please visit their website. 

Featured

Related

Websites can track us by the way we type – here’s how to stop it – Naked Security

Keyboard. Image courtesy of Shutterstock.Meet KeyboardPrivacy: a proof-of-concept Google Chrome extension that masks how long your fingers linger on each key you depress as you type and how much of a time lag there is between each of your key presses.

And just why would you need to disguise these typing traits - also known as periodicity - which are as unique to individuals as fingerprints?

Because there's technology out there that can measure our typing characteristics, on the scale of millisecond-long delays and key presses, and use the data to profile us with such a high degree of accuracy that - Tor or no Tor - you won't stay anonymous when browsing online.

Examples include profiling technology from a Swedish company called BehavioSec that can identify site visitors, based on their typing habits, with a session score of 99% and a confidence rate of 80%.

That type of success comes after the technology has been trained on a mere 44 input characters.

The extension, designed to obfuscate our typing patterns, comes from security researchers Per Thorsheim and Paul Moore.

On Tuesday, Moore said on his blog that UK banks are rumored to be actively trialing such technology to try to detect and minimize the risk of fraud.

That rumor is backed up by news reports mentioning that, as of March 2013, BehavioSec counted Sweden's top ten national banks - along with Samsung - among its clients.

Why would the researchers want to fight off banks' efforts to detect fraudulent activity on our accounts?

And why would bank customers want to reduce security by throwing a monkey wrench - or, really, in this case, it's more like introducing the technical equivalent of a highly accurate cat walking across our keyboards - into banks' efforts?

Because as it is, we're trading privacy for security, Moore said.

In essence, we're unwittingly leaking identifying information to every site that tracks our typing fingerprints, or what's also known as our behavioral biometrics: the measurement of something that somebody does, be it walking, speaking or typing.

Behavioral biometrics - i.e., measuring what we do - differs, of course, from our biometrics, which is a measure of what we are, be it fingerprints or iris scans.

As Thorsheim explained, behavioral profiling is far from new.

As far back as World War II, British intelligence operators listening to German morse code operators made anonymous profiles of the various people signaling the morse code, including how fast they coded and their typing errors - all data used to differentiate between operators.

The researchers said that for all we know, anybody could be profiling us based on behavioral biometrics: not just banks looking out for the safety of our accounts, but also, theoretically, repressive governments snooping into our online activities, Moore said:

How many other sites use it [besides BehavioSec's customers]? Would they tell you if they were?

In a separate post, Thorsheim presented a scenario of how such profiling can be used in surveillance:

Your favorite government agency - pick your country - could set up spoofed and fake pages on the dark web as well as in the real world, in order to identify people across them. For oppressive regimes, this is most certainly of high interest.

It doesn't matter if we're using Tor, a VPN or a proxy site to anonymize our online activity: the keystroke logging isn't done remotely so it's not affected. The logging actually happens locally, inside the web pages that we're rendering and executing in our web browsers, after it's been downloaded.

The tracking code is written in Javascript, an incredibly important and widely used programming language that runs in our browsers and makes an awful lot of the interesting things websites do possible.

Among its many useful features, Javascript has the ability to capture user input such as the mouse movements and keystrokes we use when we're interacting with web pages.

Runa Sandvik, an independent security researcher and former Tor developer, told Ars Technica that the risk may seem small when considering one single website using this information to profile us, but the risks to privacy and anonymity increase when one company or organization profiles us across multiple sites:

The risk to anonymity and privacy is that you can profile me and log what I am doing on one page and then compare that to the profile you have built on another page. Suddenly, the IP address I am using to connect to these two sites matters much less.

Sandvik tried out the profiling technology herself, visiting BehavioSec's profiling demo site with a fully updated Tor browser.

She said that the site was able to construct a profile of her unique typing habits, despite Tor - a daunting prospect for those who don't want to be tracked on the public internet or as they journey to dark web destinations.

Ars Technica's Dan Goodin notes that as well as trying to cover our tracks the Tor browser also features other privacy-enhancing features including limits on how much JavaScript sites can run.

Unfortunately those features don't offer much protection either, given that in Sandvik's experiment, the demo site had enough JavaScript to successfully profile her.

Would blocking JavaScript altogether help? Yes, Goodin says, blocking JavaScript can be useful, but that won't help if profiling apps resort to other ways to profile.

Think of our unique, unchangeable typing patterns as another version of password reuse, Moore suggests:

The single biggest problem with passwords is not length or strength, but re-use. Your behavioral biometrics (knowingly or not) are essentially secrets which you unwittingly share with every site.

Keyboard Privacy works by disrupting that predictable, easily profiled pattern, flattening the rate at which our keyboard entries reaches a site.

Once installed, you can continue to use the web exactly as you do now, typing along as usual.

KeyboardPrivacy will artificially alter the rate at which your entry reaches the Document Object Model (DOM), which is a cross-platform and language-independent convention for representing and interacting with objects in HTML, XHTML, and XML documents.

Instead of the highly distinctive, predictable way that we type, Keyboard Privacy imposes a 50 millisecond dwell and gap time - i.e., the duration of key presses and lag between them.

A demo shows that the Chrome plugin managed to knock the previously very high success rate of profiling down to, essentially, nothing: a .01% session accuracy on BehavioSec, while another profiler, KeyTrac, was throttled down to matching with only 3% accuracy.

Expect a Firefox version of the Keyboard Privacy extension soon, the researchers promised.

Follow @LisaVaas

Follow @NakedSecurity

Image of keyboard courtesy of Shutterstock.

Download ChrisPC Anonymous <b>Proxy</b> Pro 6.20 Full Patch <b>…</b>

ChrisPC Anonymous Proxy Pro 6.20 Full Patch :: About :: ChrisPC Anonymous Proxy Pro 6.20 Full Patch is the privacy tool that anybody would need to use to protect their online experience. Browsing, buying online, watching online TV channels or reading online newspapers are part of our daily life. What is important to know is that when we connect to the Internet we are exposed, our buying/browsing habits and our confidential data are at risk. Of course there are several means and levels of security you can take online, like the ones you have for your home: you have a door lock, you have even a dog barking and you may have also a security system, surveillance system and so on.

Every person needs a different level of protection for his/her privacy. Therefore you are in charge with deciding the level of protection you need. You should be aware of this: when connected to the Internet your location and browsing habits are exposed to the accessed websites, because they know your IP/country/city/street that you are accessing from. If you don't mind, that is fine.

:: Features :: ChrisPC Anonymous Proxy Pro has many key features like:
Protect your privacy and browse anonymously on the internet. Many proxy servers available from all over the world: USA, Germany, Canada, U.K., France, Italy, Austria, Spain, Switzerland, India, China and other countries. Bypass area restrictions of websites and have access to full content. No censorship while you browse the internet. Watch YouTube videos that are blocked in your country. Access your Twitter account without problems or get in touch with your Facebook friends. Block annoying banner ads, reducing the page loading time and conserving your bandwidth. Block rich media and other non-standard types of ads. Block tracking scripts of ad networks and web counters. Multilanguage interface: English, French, German, Romanian. Watch all your favorite TV programmes from outside the UK, USA, Germany, Canada, Switzerland, Italy, France, Spain with Expat Internet Browsing Mode. Support for all major browsers: Internet Explorer 7 or higher, Google Chrome, Firefox 3 or higher, Opera, Safari. Choose which browsers to use the proxy connection. Launch software on Windows boot. Minimize ChrisPC Anonymous Proxy Pro to systray.
:: System Requirements :: Hardware: 1000 MHz processor or higher, such as an Intel Pentium III or AMD Athlon Memory : more than 256 MB RAM HDD Space : 15 MB Software: Windows XP, Microsoft Vista, Windows 7 or Windows 8 Internet Explorer 7 or higher, Firefox 3 or higher, Google Chrome, Safari.
What's New?
Version 6.20 (July 20, 2015)

Improved and optimized connection speed for USA proxies. Other minor fixes and improvements. Sebenarnya software ini tidak jauh beda dengan Hotspot Shield, ya pasti setiap software terdapat kelebihan dan kekurangannya. Silahkan kalian nilai sendiri. Langsung saja bagi yang tertarik silahkan Download ChrisPC Anonymous Proxy Pro 6.20 Full Patch di link dibawah ini:
Via Solidfiles Via DataFileHost Via Facebook (3 AON User) Thank's to: piXel Patcher Tweet a {background-image:none !important;} ]]>

How to use a VPN for secure transactions – Komando

Banking, shopping and posting photos and status updates online are very convenient. It means you don't have to physically go to the bank, the store or travel long distances to catch up with family and friends who might be scattered around the country.

The drawback to doing things online is that your information is traveling through the Internet. It isn't a straight shot between you and the site you're using either. The data can bounce through servers around the country or even around the world.

That gives hackers a lot of opportunities to try and steal your information. If they can grab it in transit, they can learn your passwords, details about you they shouldn't know, or even pretend to be you to trick your bank or other secure sites.

Aside from hackers, the government and your Internet service provider can also monitor your connection to see where you go, and, if they want, what you do. If you aren't a fan of that, there is a way you can keep these parties out of your business.

The state of Internet security

Before I talk about that, however, let's do a quick review of the secure measure that's already in place. Any finance, medical or shopping site that's even a little security conscious is going to provide you with an encrypted connection.

The encryption scrambles your traffic so hackers can't get your passwords or other information. You can tell encryption is running on a site when the Web address in your browser starts with "https://".

Aside from the types of sites I've already mentioned, Facebook, Google and other major sites have adopted always-on encryption as well. However, not every site you encounter will, and some only provide partial encryption.

That means they might not encrypt the connection until you log in, which gives hackers a possible opening to steal your password. Or they only encrypt your login information and leave things like email messages exposed to traffic snoops.

Fortunately, more sites are moving to full-time encryption. Netflix is going to enable it over the next year, and even news sites are turning it on, with the largest one so far being The Washington Post.

Canadian networking company Sandvine estimate that by the end of this year 50% of the world's Internet traffic and 66% of North American traffic will be encrypted (you can read the report here). Mozilla, the developer of the popular Firefox browser, is even making plans to stop supporting unencrypted websites entirely.

Of course, you don't have to wait for that level of security. You can fully encrypt your connection today.

VPN basics

To encrypt your connection, you can use a virtual private network. In the business world, VPNs let employees working remotely create an encrypted connection with the company network so they can work safely, as shown in this handy diagram:

VPNCourtesy of Shutterstock

Windows and Mac both have VPN features built in just for this purpose. However, for the average home user or traveler, these aren't very helpful because you need something to connect to. That's where a third-party VPN service comes in handy.

A VPN service lets you create an encrypted connection with one of its servers and you use that server to browse the Internet. The connection is encrypted through the server, so the VPN can't see your traffic either. OK, it's a bit more complicated than that behind the scenes, but that's the result.

To start, you need to choose a program or service to use. There are dozens that offer a mix of security features, privacy options, server locations and other considerations.

For the average user, it's important to make sure they have U.S.-based servers, know how much bandwidth you can use, and that they don't keep logs of your activity. Paid services will require some personal information and payment information, naturally, but you can find one that minimizes what it needs to know.

Some services will accept prepaid cards and alternative payments that are more difficult to trace back to you. However, even if you give the service your information, as long as it doesn't keep logs of what you do with the service then it doesn't matter so much.

For PCs, Macs and Android smartphones and tablets, CyberGhost is a popular free option that has strong encryption, unlimited bandwidth and doesn't store logs. If you go for a paid plan, there's an Apple app as well, plus you get access to more servers around the world.

Hotspot Shield VPN is a good free app for Apple and Android gadgets that has more than 300 million downloads. You get to choose your location, and it also blocks viruses and phishing attempts before they get to your gadget. There's also Windows and Mac versions, however the free software has ads.

Using a VPN

Once you've installed your VPN of choice, fire it up and let it establish a connection. You can then browse the Internet like you always do. The traffic will flow to your computer, tablet or smartphone through the VPN's server and over the encrypted connection.

This means any unencrypted sites you visit will be safe from prying eyes and encrypted sites will basically have double encryption. As a side bonus, your Internet service provider will no longer be able to see what sites you're visiting. It will only see your connection to the VPN.

Note: If you're searching for VPNs, you'll see VPN services and "proxy" services. A proxy service can disguise your computer's identity, but it doesn't encrypt your connection. Always go with a VPN for security.

The sites you're visiting also won't know where you're coming from. They'll just see the connection from the VPN. That means the government will have a harder time tracking what you're doing as well.

Disclaimer: While the government will have a harder time seeing your activity, it isn't impossible to find out. So, keep what you're doing legal.

I strongly recommend using a VPN when you're on public Wi-Fi. Wi-Fi makes it easy for hackers on the same network to snoop on what you're doing. The VPN encryption should stop them.

Even then, you shouldn't do anything too sensitive on public Wi-Fi, like online banking. Save that for home, or use a cellular connection on the go.

More things to know

Using a VPN is a good way to increase your security, but it does have a cost. While most VPN services claim otherwise, it can slow down your connection.

That's because your traffic is making more stops between you and the site you're using. If you find that your browsing is sluggish, you can turn off the VPN while using sites that aren't critical.

You could run into trouble if your VPN hooks you up with a server in another country. Some things, like streaming online video, are often region locked. So if you find YouTube, Netflix or another site refusing to play video because it says you aren't in the U.S., you'll need to adjust your VPN settings or find one with more U.S.-based servers.

Similarly, some sites that you use regularly might say they don't recognize you. You might need to go through security procedures to prove you are who you say you are before you can log in.

While the VPN will hide your surfing from your ISP and the sites you're visiting, your computer, smartphone or tablet are still recording your browsing history. If you don't want that recorded, you'll need to browse in private or incognito mode. Learn how to activate that in your browser.

A VPN is just about the connection between you and a website. If you choose to store personal information on a website, it can still be lost in a data breach. So, as always, be careful what sites you choose to trust with your information.

While a VPN encrypts your connection between you and the VPN server, the connection between the VPN server and the site you're visiting isn't necessarily going to be secure. While the odds of a hacker breaking in at that point are minimal, it's still possible.

Be sure to check your browser's address bar to make sure you see the "https://" before sending any sensitive information to a website. If a site doesn't offer an encrypted connection for sensitive information, then you probably don't want to be using it, VPN or not.

Stores like Bass Pro Shops and Restoration Hardware add restaurants and bars … – Tampabay.com

How about a glass of wine to celebrate the $11,230 purchase of a Parisian burnham leather recliner from Restoration Hardware?

At the new Restoration Hardware store opening in International Plaza this fall, shoppers won't have to go farther than the three-story retailer's rooftop garden bar for some wine and hors d'oeuvres. Tampa is among the first cities in the country to get a Restoration Hardware gallery store concept, which is currently under construction next to the Capital Grille at Bay Street. When it opens in November, Restoration Hardware will be one of several retail chains in the Tampa Bay area that let customers eat and drink where they shop — a trend that has been revived by names like Nordstrom, Bass Pro Shops, IKEA and others in recent years in an effort to give shoppers more reasons to come to brick and mortar stores.

"The basic proxy is that the longer you keep people in the store, the more stuff they're going to buy," said Steve Kirn, executive director of the David F. Miller Retailing Education and Research Center at the University of Florida. "They want you to linger longer and take in the sights, tastes and smells you're not going to get from an LED screen if you're shopping online."

Bass Pro Shops is opening a 130,000-square-foot Outdoor World store in Brandon next week, and will include a 7,000-square-foot Islamorada Fish Co. restaurant, which will serve seafood and other entrees, as well as cocktails.

The average Bass Pro enthusiast shops inside the store for up to two and a half hours and drives more than 50 miles to get there, a draw that makes the mega outdoor retailer a unique destination, said Katie Mitchell, a spokeswoman with Bass Pro Shops.

"The restaurant does make a nice 'perk' for customers, but it is possible for customers to just come and enjoy full-service dining at our restaurant entities," Mitchell said.

Some Bass Pro Shops concepts have a restaurant with an attached bowling alley inside.

Similar to IKEA, the Swedish home furnishings retailer whose mammoth stores have cafeterias known for European fare and cheap prices, Bass Pro Shops is an entertainment destination that is able to span different demographics of shoppers with additional amenities. By adding a restaurant component, the store becomes more family-friendly, said Jeff Green, a retail analyst based in Phoenix.

"A man can shop at Bass Pro Shops and then head to the restaurant with his family," Green said. "Or the mom heads to the mall nearby while the husband shops at Bass Pro Shops, and they meet for dinner."

Dining in department stores isn't new. It was fairly common to find lunch counters and restaurants in stores like Maas Brothers in the 1960s. But as more stores emerged and competition increased, restaurants were converted to additional sales floor space to make way for more merchandise.

Food and fashion have re-merged in recent years. Nordstrom has its own cafe at International Plaza, which serves lighter fare, coffee and cocktails. Saks Fifth Avenue opened its second in-house restaurant, called Sophie's, at the Mall at University Town Center in Sarasota last year. A third opened in San Juan, Puerto Rico, this year.

"The first thing that comes to mind is 'ladies who lunch,' but it's much more than that," said Cathy Green, vice president of Fifth Dining, the joint venture behind Sophie's restaurant, which is named after Saks fashion designer Sophie Gimbel. "The restaurant serves customers who come to Saks for personal shopping experiences in private rooms and cater trunk shows and other events at the store. It kind of has a global use beyond just being another restaurant."

Macy's has dabbled with restaurant concepts in some markets, like Stella 34 Trattoria, an Italian restaurant found on the sixth floor of the Macy's department store in New York.

The new Crayola Experience children's store in the Florida Mall has its own cafe.

"Even if the food operation barely breaks even, it encourages sales in other parts of the store, which they must think is worth it," Kirn said. "The idea of integrating eating and relaxing into a retail atmosphere keeps people browsing for longer."

Contact Justine Griffin at [email protected] Follow @SunBizGriffin.

‘Civic Eagle’ App Wants To Bring Americans Face To Face In Online Debate – Huffington Post

Whether a social network will become popular depends upon far more than the technology its creators deploy. Its fate rests on who its earliest users are and how they put its features to use. As many failed efforts demonstrate, the success or failure of social networks also may depend on factors like speech standards and privacy policies, along with the ultimate determinant: whether people use them. 

A new civic social network called Brigade, backed by tech billionaire Sean Parker, is off to a good start, at least measured by activity. According to Buzzfeed, Brigade's users have already shared over one million views. If that growth continues, expect to hear politicians citing what "young people say" on Brigade: 83 percent of those using its private beta are under age 33.

With that kind of competition, the path to success for another fledging civic social network, St. Paul, Minnesota-based Civic Eagle, looks much steeper. It will be hard to fight the network effect now boosting Brigade, but CEO Damola Ogundipe is not discouraged. He believes in his mobile-first product, which includes a compelling feature: a way for ordinary Americans to be part of the public conversation through video debates.

"We want the entire nation to join," said Ogundipe in an interview with The Huffington Post. "Most of the time we have these kinds of conversations face to face, at the dinner table, at the water cooler and at work. We're not texting them or messaging them. We want to bring that kind of civic discourse where it's face to face, where you can empathize with them, to a mobile platform."

So far, the bootstrapped startup's user base is just a rounding error by modern social media standards, standing at around 1,600 users since the launch of its public beta. And Ogundipe is the only person dedicated full-time to Civic Eagle, although he has five co-founders and a contractor on the team. But all that could change: The Civic Eagle team has built a more interesting civic app than many I've seen demonstrated in the past few years. 

Like Brigade, Civic Eagle is focused on the discussion of political issues. Additionally, it is personalized to each user, pulling in open data from the Sunlight Foundation about national and state legislation related to users' expressed interests.

"Say you're passionate about civil liberties, the economy and foreign relations," said Ogundipe. "We filter legislative information at the federal level to you. We're working on the state and local level." 

The mobile app offers a slick, fast interface for browsing bills, with options to favorite, support or oppose them, or share over Facebook, Twitter, Whatsapp, text messaging or email. Tapping on a bill sponsor brings up a picture of the legislator and contact information, including social media channels. 

The feature that makes Civic Eagle worth keeping an eye on, however, is its use of 30-45 second videos, the lingua franca of modern mobile media, which it organizes into debates optimized for mobile users.

The app hosts "micro-video debates," as Ogundipe puts it. "Then, we have ways peripherally to help people understand the legislation and policy so they can get into a more informed discussion," he said.

Users don't have to participate to watch the videos, but they do have to download the app. Civic Eagle is currently available only on the iPhone, although an Android version is in the works. Like Instagram, there was no website at launch: Now Civiceagle.com includes product information, news and a link to download the app. 

"When I downloaded the app, the thing that stuck out to me was video debates," said early adopter Kaylord Hill, a general manager at Raising Cane's in Houston. "None of the apps that I have or have heard of have video debate or other type of collaborative video. This is a different way of arguing," Hill said.

After only a couple of weeks in public beta, it's unclear whether Civic Eagle will catch on or not.

This March, Mark Zuckerberg said that at age 18, he knew that "if you build something that people really like, then that's enough" to succeed online. While it's hard to disagree with a Facebook founder -- and while even great marketing can't make up for a bad digital product -- marketing can certainly make a difference in adoption rates among comparable apps.

Brigade's considerable resources for marketing mean that potential competitors, from Civic Eagle to PopVox.com, may not be able to compete on paid outreach. The rivals' technology and communities will have to be more compelling, and the people who love them will have to push them. 

Ogundipe said that he thinks his team has created a product superior to Brigade.

"I think our features are better, in terms of what we built with the community," he said. "We focus more on video, not text. They're in beta, so who knows what they'll end up launching."

Hitting the video theme hard, he said, "That's the trend we're seeing: Whether pictures or video, imagery is reigning supreme."

It's not clear yet if a focus on mobile video is enough to differentiate Civic Eagle. Google Hangouts on Air hosts robust debates among up to 10 participants, shared and archived on YouTube. Snapchat is partnering with media companies and getting involved in the 2016 election. Facebook could add video comments any day. 

What is clear is the importance of social networks in civic life today. So it's critical to pay attention to each network's specific demographics -- from who is overrepresented, to who is underrepresented, to who is not represented at all. That's one reason to be cautious about politicians citing what "the people" say on social networks or journalists covering them as a proxy for public opinion.

Surveys from the Pew Research Center tell us that the demographics of social networking platforms differ significantly. Although Facebook penetration has gone the furthest, social networks are not yet statistically representative of individual cities or states. Women dominate Pinterest. Google+ users are mostly men. Reddit users are mostly young men. A majority of LinkedIn users are college graduates.

At present, Civic Eagle is about 80 percent millennials, mostly college graduates or college students, about 60 percent of whom are African-American. (To date, Brigade has declined to provide demographics beyond age.)

Which platforms members of the public choose to use is tied to power, class, race, gender, political ideology and even privacy features. Finding the right space for the right kind of sharing isn't easy or risk-free.

"There's a culture of fear that's put behind expressing political thought and civic expression in public," said Hill, who studied political science in college. "This app gives public discourse another kind of validity. You don't have to be a big-time scholar or sit on a public council to have an opinion. This makes the idea of civic engagement informal but cool."

Despite what you may have seen in "The Social Network," Sean Parker never said that a billion dollars was cool. In fact, he told the Financial Times in 2011 that he thought the opposite was true. But when a linked-in billionaire backs a for-profit social network like Brigade to "use social media to transform politics," the public might understandably wonder, "For whom, and to what end?"

Brigade's stated goals are to help people "feeling alone and powerless" to "work towards collective action" around shared local and national issues that span the ideological spectrum as represented by its partner organizations.

Its goal might also be to create a database of voter positions. Advocacy groups and political campaigns might find that useful -- as they do polling data -- in targeting voters who agree with their positions. Given enough data, Brigade might even be able to suggest what kinds of arguments could shift citizens' positions or votes.

So, for that matter, might Civic Eagle. Its app similarly includes a platform for "Our Leaders," which elected officials and advocacy organizations can use for analytics and outreach. The latter is how Civil Eagle generates money. To date, Ogundipe said, his company has three such customers in a private beta, with a waiting list of 12 more. 

Brigade is focused on growing on college campuses this fall. It's not clear what other communities it's targeting. CEO Matt Mahan said Brigade expects to do outreach "in places where the average Internet company would never target."

With its starting base among African-Americans, Civic Eagle is already in one of those places. Whether it expands further is up to the public. 

"I think Civic Eagle will get picked up," said Hill. "It's going to slow people down into a different conversation. Driving a civic message versus a comical message is a different thing. I do think, if and when people slow down and get out of Black Twitter, Vine, Instagram, it will be really interesting to see."