Need the Tor Browser on iOS? Try Onion Browser

Need a Tor browser on iOS? Onion Browser is the only iOS app recommended on the Tor Project’s website. Starting out at the U.S. Naval Research Lab, Tor is a special network that helps people browse the internet with as much privacy as possible. You should note there are a couple of security advisories on its website: WebRTC/Media leaks: Due to iOS limitations, WebRTC and media files leak outside of Tor and are routed over the normal internet. This will reveal your real IP address to sites using these features. (If you are using a VPN, the VPN IP address is revealed instead.) To defend against this, you may set Strict security mode in Host Settings, which will disable Javascript. More information here. OCSP leak: Visiting EV “Green Bar” HTTPS sites may leak information that can be used to reveal the domain name of the website you are visiting. This is handled within iOS and cannot be changed by Onion Browser. There is no known workaround. A detailed report can be found here. App Store: Free

Privacytools.io Delists Startpage Over System1

Privacytools.io delists Startpage from its list of privacy tools and services. Startpage had been taken over by Privacy One Group, which itself is owned by System1. System1 is a targeted advertising company with a business model that seemed—to many—to be in conflict with Startpage’s own privacy-centric model.

Because of the conflicting business model and the unusual way the company reacted, claiming to be fully transparent but being evasive at the same time, we have no choice but to de-list Startpage from our recommendations until it is fully transparent about its new ownership and data processing. Remaining questions include…

Suspicionless Searches of Travelers' Devices Ruled Unconstitutional

A federal court ruled that suspicionless searches of travelers’ phones and laptops is unconstitutional, a win for privacy rights.

The ruling came in a lawsuit, Alasaad v. McAleenan, filed by the American Civil Liberties Union, Electronic Frontier Foundation, and ACLU of Massachusetts, on behalf of 11 travelers whose smartphones and laptops were searched without individualized suspicion at U.S. ports of entry.

504th Military App Could Expose Soldiers’ Data

The 504th military app gives soldiers weather updates, training changes, and other logistics. But its terms of service say it collects a lot of personal data, and if the app was hacked it could potentially expose top-secret information.

The app’s permissions — which suggested it could pull GPS location data, photos, contacts and even rewrite memory cards — frustrated soldiers who have taken extreme precautions they felt were glossed over by Trotter and other senior leaders…The worst-case scenario, he said, was “our cover might be blown.” While the app said permissions could be disabled, the soldiers said there was a failure of confidence it was secure. Senior leaders checked the phones of subordinates to ensure they had the app installed, soldiers in the unit said.

Why it’s especially concerning: “The app developer, Straxis LLC, is based in Tulsa but has a subsidiary in southern India.”

Is Facebook Secretly Accessing Your Camera? This Man Found a Bug

For years there have been anecdotes from people saying that Facebook secretly uses their phone’s microphone and/or camera for targeted advertising. Joshua Maddux tweeted about a bug he found within the Facebook app. By tapping on a profile picture and slowly sliding it down the screen, you can see his rear camera being accessed on the left hand side. He tested it using five iPhones running iOS 13.2.2.

Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet.

Judge Rules Cops can Search Through DNA Database GEDmatch

A judge recently ruled that law enforcement have the ability to search through DNA database GEDmatch, overriding the choice of its over one million users.

In the wake of that attention-grabbing case, GEDmatch changed its policies in May 2018 to make it less easy for police to access their data. Users now have to opt in to having their data made available to police; information they upload is set to private by default. Rogers told the NYT that as of October, less than 15% of current users, 185,000 out of 1.3 million, have opted in to sharing their data with police.