TOR coders who manage to keep Onion browser alive and always available are planning to tighten the browser’s anonymity even more in coming days. They have literally declared a kind of war against snooping bodies such as US Internet surveillance.
Tor, shortly form of The Onion Router, is a system which helps its users to stay anonymous online by disguising where they are and where they are heading. Thus, all nation-state content blockers, law enforcement agencies, intelligent services, cyber crooks, lizard squadders can easily be kept in dark about your online activity.
And also websites which keep a track of each and every visitor can also find it hard to follow when a user accesses the website via a Tor browser.
But from the past couple of years, US NSA and FBI are urging almost all browser offering vendors to give their encryption keys to them, so that they can keep a track record of all those web users in the name of national security.
Web services like Wikipedia, Firefox, Safari have made a clear announcement last year that they would not cooperate with the snooping laws of the US, where all online user’s internet activity will be on surveillance. TOR has also announced the same now and has added that it would like to tighten its encryption further more.
All these days, TOR was running on user’s computer and there was a chance of data spill, before any of the traffic went into TOR’s anonymising system. Cyber crooks could easily trick the browser to uncover details such as user’s login name, their computer name, IP address, which ISP they were using- thus, a direct threat to data security. Law enforcement agencies such as NSA could easily find such bugs (weak points) and can keep a track of the web users in the name of internet surveillance.
But in coming days, user’s activity on TOR will become more private. A group of ninesome researchers, by names Conti, Crane, Frassetto, Homescu, Koppen, Larsen, Liebchen, Perry, and Sadeghi – all who support ‘internet freedom’ have come up with a new exploit prevention tool called Selfrando, which will help TOR users to stay anonymous from snooping eyes. Selfrando will also be presented on paper at privacy conference held in Germany in July 2016.
Selfrando isn’t just applicable to the Tor Browser, as the researchers say that they’ve used it successfully against a wide range of applications, including GNU Bash (the standard command shell on Mac OS X and many Unix/Linux distros), Google’s Chromium browser (the non-proprietary version of Chrome), and the popular Nginx web server.
In general, there are a lot of exploits these days which require an attacker to find snippets of executable code that are already in memory, ready to run, that can be bonded together in sequence to perform malicious operations.
To prevent attackers from abusing a loaded program code, the usual defense is ASLR, short for Address Space Layout Randomization, whereby programs load at different locations in memory every time. In simple words, it’s not that easy to guess which fragments of code will be at what point in memory, so an exploit that works on their test computers probably won’t work out in the real world.
TOR defenders want to raise the bar of protection even more with Selfrando.
More details will be available to the media after the TOR defenders disclose it at the German Conference this month.