![]() ![]() Activity Demographicsĭ01 What device are you using to answer this survey at the moment? You should take from 5-10 minutes do answer all questions, and all responses will be anonimized. This is a quantitative study, and it doesn't have any open-ended questions. Thank you for agreeing to be part of this study. A public report will be released in the UX team gitlab repository. This is a research to better understand Tor users' needs to privacy, security and anonymity when using other services outside of the Tor network. This survey will take between 5-10 minutes to be answered. We want to understand how much they need privacy, security and anonymity, and what are the risks they are willing to take to use a VPN with other services. We also want to understand how they chose their vpn, if it is FOSS, if it is paid, if they have and use more than one vpn, and if they had abandoned a VPN before. Our traditional demographics ask questions regarding gender, age, uses of Tor, need for privacy and security, and expertise in tech.Īdditionally, we want to know if our users use VPN, if they use it with Tor, with every service online, and how much they use. We will use a survey to run this research, in our self-hosted LimeSurvey, with closed questions in two screens. We will use Tor Browser banner to recruit participants for this research, social media channels, such as Twitter and reddit. Regular Tor users, specially Tor Browser for Android users. ![]() Our second goal is to understand how much of privacy, security and anonymity they need and their willing to risk by using a VPN with other products than the Tor Browser. This article has been updated to include comment from Micah Lee.We aim to understand what's our user needs when using a VPN, and what products that they've been using to meet their challenges at the moment. “But that said, I very much appreciate IHTeam digging into our code hunting for bugs, and I hope others do the same in the future.” OnionShare developers have now tackled both issues and released a new version of the software, v.2.4, on September 17.ĭiscussing the disclosure, OnionShare creator Micah Lee told The Daily Swig: “Both of those advisories are pretty low risk because the attacker is required to know the onion address but not the password – something that’s not very likely to happen since both the onion address and the password part of the same URL that people would share. “It is however recommended to avoid initiating a socket.io connection without prior validating the session cookie.” “It seems that without a valid session ID it was not possible to intercept messages between users, since the system heavily on the session to connect into the default room – and without a valid one, messages remain undelivered to unauthenticated users,” the disclosing researcher Simone ‘d0td0tslash’ said. This problem, found in OnionShare’s -chat parameter ( chat_mode.py), allowed websocket connections from unauthenticated users, whether or not they owned a Flask session cookie. The second vulnerability reported by the Italian security team, CVE-2021-41867, could be exploited to disclose the participants of a chat session. Uploaded and stored remotely before an authentication check took place.ĭON’T MISS Mission accomplished: Security plugin HTTPS Everywhere to be deprecated in 2022 However, while analyzing the receive_mode.py function, the team found that a logic issue caused files to be By default, OnionShare generates random usernames and passwords in Basic Auth at startup in non-public mode, IHTeam says, and so uploading functionality should only be limited to those with the right credentials. The team conducted an independent assessment of the software and uncovered two bugs, tracked as CVE-2021-41868 and CVE-2021-41867, which exist in versions of the software prior to v.2.4.ĬVE-2021-41868 was found in OnionShare’s file upload mechanism. On October 4, IHTeam published a security advisory on OnionShare. The service, made available through the Tor network and developed by The Intercept director of infoSec Micah Lee, is used by the general public as well as journalists and whistleblowers to preserve privacy. OnionShare is an open source tool across Windows, macOS, and Linux systems designed to keep users anonymous while carrying out activities including file sharing, website hosting, and messaging. UPDATED A tool used by whisteblowers and the media to securely send information has patched two vulnerabilities that could have impacted the anonymous nature of the file-sharing system. ![]() Open source software is used to protect a sender’s identity ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |