While the US government is trying to bring into law and into book everything that allows it to get into peoples private lives through the Internet, the spooks at an American University have decided to do exactly the opposite.

These researchers have come out with a paper describing what an address space layout randomisation (ASLR) -esque technique called Selfrando: Securing the Tor Browser against De-anonymisation Exploits [PDF] which it believes will frustrate efforts by government agencies to de-anonymise the Internet.

The researchers aim to improve on the current ASLR techniques used by present browsers such as Firefox. Additionally claim the researchers, “Selfrando can be combined with integrity techniques such as execute-only memory to further secure the Tor Browser and virtually any other C/C++ application.”

The research team at the University of California has nine members;  Mauro Conti; Stephen Crane; Tommaso Frassetto; Andrei Homescu; Georg Koppen; Per Larsen; Christopher Liebchen; Mike Perry, and Ahmad-Reza Sadeghi.

It may be noted that in 2013, the FBI used an exploit to de-anonymise uses by compromising  Tor hidden services servers. The exploit made use of an use-after-free vulnerability in Firefox to gain arbitrary code execution and then collected the MAC address and the host name from the victim machine and then transfer this data to a server bypassing Tor. The data also connected a specific user by using a unique ID to track their surfing habits.

The team also plans to strengthen the local storage support which will be operating system specific. Currently Tor relies on Firefox’s default heap allocator jemalloc for this feature. The effort is receiving support for this from the Tor development team as well.

This is good news for all those who believe in anonymity and privacy of the Internet. However a word of caution for those using Tor to avoid getting entrapped by the FBI:

  • Don’t be the only person using Tor on a monitored network at a given time. Example: Don’t go to a hotel and connect from Tor. This will make it obvious and guarantee an arrest. Connect to a VPN first.
  • Use a bridge.
  • Don’t use Tor to log on to a darknet forum and then use Gmail or some other mainstream website.
  • Never download anything through tor browser.

Source: commons.wikipedia.org

About The Author

"Founded in July, 2016, WhackHack.com is a cyber security blog that covers important security issues affecting common users, industry and governments. It aims to create awareness among its readers about malware, hacking, encryption, identity theft, privacy, etc and also offer solutions to protect themselves from such attacks"

5 Comments

  1. Quite! This was a truly amazing post. Thank you for your
    supplied information

  2. EXCEPTIONAL Post.thanks for share..more wait.

  3. Great line up. We will be linking to this excellent article on our website.

    Keep up the good writing.

  4. The article has actually peaks my interest.
    I’m going to bookmark your website and keep checking for
    new info.

  5. This really answered my issue, thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

18 − fifteen =

Close