On June 30, the Tor Project announced updates to both the alpha and stable releases of the Tor Browser. The new releases include fixes for vulnerabilities discovered in FireFox (through an update to FireFox 68.10.0esr) as well as NoScript bug fixes (through an update to NoScript 11.0.32). Complete changelog for 10.0a2 here and 9.51 here. Both releases include minor tweaks to Onion Location links and settings. Onion Location is an easy way for site operators to advertise their onion service to visitors.
U.S. Senators introduced the Lawful Access to Encrypted Data Act in an attempt to mandate backdoors. The bill gives the Department of Justice the ability to force companies and service providers to decrypt data upon request and bans so-called “warrant-proof” encryption. The Lawful Access to Encrypted Data Act (pdf) applies to providers across the board. According to a blog post from the Center for Internet and Society at Stanford Law School, the bill applies to providers of operating systems, messaging applications, email providers, manufacturers of computers, video game consoles, smartphones, or “basically any electronic device with just 1 GB of storage capacity.
ProtonMail, “the world’s largest secure email provider,” recently updated their transparency report to include some of the latest requests for information from law enforcement across the world. The company also added a statement about complying with court orders prior to officially receiving said orders. This concerned some members of privacy communities on Reddit. The most recent update to their Transparency Report added an entry to their list of special or significant interactions with law enforcement as well.
Localbitcoins, one of the services used to purchase bitcoin as anonymously as possible, unexpectedly ended the ability to trade cash for bitcoin. Although users of Localbitcoins have alternative options for buying bitcoin, trading cash for bitcoin was one of the platform’s primary incentives for those concerned with their privacy, such as the users of darkweb marketplaces. Localbitcoins, since early this year, has been implementing new anti-money laundering (AML) and know your customer (KYC) measures and protections.
According to Reddit users on various Tor and privacy related subreddits, Reddit—or Reddit’s CDN, Fastly—is blocking access to many Tor users and directly blocking exit nodes in Germany. Relay Stats According to a post on the Tor subreddit, Reddit or their content delivery netowork (CDN) have been blocking access to Tor users. The users, it seems, are those accessing Reddit while connected to an exit node in Germany. Germany, according to the Tor Projects own metrics, is currently the host of 131 exit nodes.
A recent paste on Pastebin claimed that hackers had hacked the encypted email service Protonmail. The so-called hackers provided no proof of the hack and the email service has responded, denying any hack had every ocurred. In many cases, such immediate denials are categorically false. However, in Protonmail’s case, the denial has a decent chance of being correct. Although the message has raised concerns, the hackers provided no evidence to back up their claims and requested “a small fee” from the email company.
The open-source end-to-end encrypted email service Tutanota successfully dropped Google’s push notification service in an effort to increase privacy and allow Android users to go Google-free and still have access to one of the best encrypted email services available. They announced the release in a blog post on Tutanota.com fairly recently. Although many privacy-oriented services such as Signal have also replaced Firebase Cloud Messaging (formerly GCM) with other options that allow Google-free Android ROMs to receive notifications.