There are numerous free messaging apps around, but one of the most popular is Telegram. Telegram earned that reputation mainly because of two features: group chat facilities and security.  Its huge possibilities for groups and channels are unchallenged, but concerning security, there are some issues we have to explore.

Telegram is an open source app created by two Russian brothers, Nikolai and Pavel Durov. The app was banned from Russia, however, and the company now has offices in the United Kingdom, Germany, and Dubai. Concerning data storage, Telegram has a hybrid system where you can decide whether to store the data on your phone or one of the several servers worldwide. The first point of concern: Telegram has not subjected its app to an independent and experienced auditor. For that reason, it is wise to be suspicious.

You need a mobile phone number to register and use Telegram. Apart from that, the phone is not a necessary tool because Telegram also has desktop apps for Windows, Mac, and Linux. However, essential features like secret chats are not available on the desktop version. That can be confusing because you are not necessarily aware of some contacts not having read your secret chats because they do not use a mobile device.

How safe are these normal, secret chats? To start with normal chats, they are not encrypted at all. Even WhatsApp is safer in this regard. Sending normal messages in Telegram, therefore, is an absolute no-go. It is kind of confusing and problematic that encryption is not applied by default. Other secure messaging services – such as Signal – apply end-to-end (E2E) encryption on all communications (normal chats, group chats, and voicecalls) by default.

The group chat possibilities on Telegram are huge, with support for up to 200.000 members per group. These chats (cloud chats) are securely encrypted only in transit between devices. But the group chats are not safe. Telegram can read chat data since it handles the encryption and decryption of messages at the servers.

If you use the secret chat option, all messages are end-to-end encrypted using MTProto. Secret chats are not stored on the Telegram servers and can only be accessed through the sending and receiving devices. Secret chats also have auto self-destruct options and informs about the other end taking a screenshot, further increasing the security. Finally, voicecalls are automatically E2E encrypted and are considered to be secure.

If we take a closer look at the privacy policy and the encryption method – MTProto security – things start to get worse. The protocol has been criticized by several cryptography experts. Concerning Telegram’s privacy policy, Telegram can collect lots of personal information like IP address, devices, and history of usernames and keep it for up to twelve months. They will probably also use this to utilize aggregated metadata. Finally, the information in the cloud chats is not safe either, can be shared with linked companies, and could be provided to law enforcement institutions.

Sophos post exploring Signal’s new PIN Secure Value Recovery system to help you maintain your @signalapp account even if you lose or change phones. I learned they’re using @Intel SGX. https://t.co/oFwBE6qJgf #IAmIntel #security #privacy #messaging

— Jim St. Leger (@JimStLeger) May 22, 2020

To be on the safe side, go for a more secure alternative like Signal. If you wish to continue using Telegram, be aware that your IP address will be saved. Therefore, install a VPN when making an account and to use the app. Furthermore, do not use your own phone number when creating an account, but use a paid or free SMS service (disposable SMS). Finally, only use secret chats and voicecalls. Keep these precautions in mind, and some Telegram features can be safe.

For individuals or groups who place high importance on privacy and security, there are far better alternatives, free or paid. Some examples are Signal, Threema, and Wire.

The post Is Telegram messenger secure? appeared first on Rana News.

In the world of surveillance, there are rarely any absolutes — and that applies to guarantees, too. If NSA, GCHQ and associated agencies really want to get at your communications, and are prepared to invest their resources in doing so, they will usually succeed to some extent. But there is no need to be fatalistic about it: some common-sense steps will go a long way toward frustrating most kinds of electronic surveillance.

Above all, it is important to bear in mind that even in these days of highly automated surveillance, the final step at least has to be undertaken by humans. They remain a scarce resource. So, while it is true nowadays that your phone calls could quite easily be automatically transcribed with a fair degree of accuracy, the quality of that automatic transcript will take a nose dive if you vary the acoustic environment unpredictably.

For example, you could speak with some music playing in the background, or running the words into each other, or by hamming up a strong accent that does not have many millions of speakers and that therefore will trigger a less accurate response by voice transcription algorithms. If you speak obscure foreign languages, sprinkle expressions and sentences in those languages into your speech. Basically, imagine the crystal-cut delivery of news announcers in days of yore — their pitch, their speed, their intonation — and do the exact opposite of them.

You could also revert to old-fashioned techniques for obscuring words, such as playground methods of putting extra syllables into words (e.g. aygo-paygo language). Do not do this just when you have some gobbet of information to hide; instead, do it randomly and with a lot of furtiveness, while what you’re actually saying is junk or humorous information.

Another way of frustrating the humans at the end of the technological chain of voice retrieval is by gassing endlessly about irrelevant or insignificant things in your call — particularly at the beginning and end. That way, you can stuff your sensitive information carefully into the middle sections of long calls with more confidence than if you were just to call your contact quickly, drop the information purposefully and hang up. Needles are best hidden in haystacks, after all.

Edward @Snowden said that if Trump is concerned about wiretapping, he should fix the NSA mass surveillance programs. https://t.co/33sLivcUCD pic.twitter.com/QxKieiNM1T

— The Intercept (@theintercept) March 14, 2017

The choppier your communication patterns are, the harder they are for computers or human analysts to detect rhyme or reason in. Call a contact up and refer darkly to “the message I sent you last week on secure channels”. Make sure he is in on it, so that he plays along by muttering a conspiratorial acknowledgement. Any officers assigned to you will then have the chore of combing back through other data repositories in a wild goose chase for your non-existent message. Even better, you could send such a message with some DIY encipherment, only for that message to turn out to be gobbledegook. Such a profile will help to have you written off as a time-waster.

Now, assuming that an intelligence officer really is listening to your calls, after having seen that the automated transcript is garbage because of the countermeasures you’ve taken as above: how to bore the pants off him? The best ways to do this are to witter on at length about obscure hobbies or religious views. This might cause him to lose the will to live, or at least the will to listen to you again tomorrow and the day after that. You could even address him directly, offering an array of eyebrow-raising conspiracy theories to brighten his afternoon.

You can take this a step further. In a panicked voice, you could predict that something awful and perhaps illegal is going to happen on a certain day soon, which you could describe in lurid detail. Entirely made up, of course. Cometh the hour, happeneth nothing at all. You have just trashed your track record — and have put another nail in the coffin of intelligence agencies’ preparedness to follow your every word.

Of course, while these techniques might reduce the likelihood of intelligence officers wanting to stay on your case, you should also take serious steps to secure your communications where key information is involved. For that, encryption and the use of a wide range of communication methods — including written notes — is the winning combination.

The post How to communicate when your phone is being tapped? appeared first on Rana News.

Video games are a massive industry. With more people playing competitive online games than ever before, we see an increased demand for cheats, mainly cheats that provide players with a distinct advantage, and that does not get them banned.

A lucrative grey market

Hackers have become more sophisticated in the past decade, charging significant sums of money for their cheating software. They often use a subscription model, promising regular updates to keep up with anti-cheat methods. It is not uncommon for these subscriptions to cost more than the actual game that is played.

Generally, (semi) anonymous payment methods are used – such as Bitcoin and gift cards – because many laws are broken. Furthermore, cheat developers risk serious legal consequences. Gaming companies argue that they are violating the terms of service, by illegally reverse engendering their code and exploiting it which falls under copyright law. In addition, cheaters diminish the experience of legitimate players which in turn results in money loss.

South Korea is a country notorious for its video game cheaters, which the government takes very seriously. Being found guilty can lead to fines of thousands of dollars and even jail time. However, in North America and Europe, we have not seen much in terms of punishment. Cheat developers frequently evade legal action, because they are untraceable – residing in countries such as Russia – or are hard to identify. Most cheaters get away with just a ban and a warning.

Nevertheless, the market is far from legitimate as scams, code theft, and false advertisements are rampant. Sellers offer stolen software for sale, or falsely advertise their cheats as ‘undetectable.’ They disappear when their reputation is too tarnished to attract new customers, or they discontinue support for software when they cannot overcome new anti-cheat methods. Subsequently, they abandon their customers with lifetime licenses (that cost hundreds of dollars) without a working product. There is no way to refund the purchase.

The market is predominantly trust-based, and many forums and discord groups surged, helping potential buyers to navigate the market. Such platforms include reputation scores and verified reviewers. Yet, it is likely sellers artificially boost their reputation scores trough false reviews and other methods, with or without the help of forum owners and moderators.

Cheating clients

Most popular games have cheats, some being more sophisticated than others. In the Multiplayer online battle arena (MOBA) genre, one can identify several forms of hacks. Examples are targeting prediction and zoom hacks, allowing the user to zoom out further then the developers intended. In strategy games such as StarCraft, hacks provide the user with visual information that would otherwise be hidden. 

Most cheating however happens in online shooters. Games, such as Counter Strike and Battlefield, have long been targeted by cheat developers, providing players with features such as ESP (Extra Sensory Perception) allowing you to spot enemy through walls and terrain. An ‘aimbot’ moves your crosshair towards the enemy automatically. Given the continually evolving anti-cheat software, there is a constant need for new and improved hacks, creating a lucrative industry.

PlayerUnknown’s Battlegrounds (PUBG), the game as shown on the image’s above, costs thirty euros on Steam. A cheating client from a ‘respected’ seller costs the same amount of money but merely runs for a week. In their promotion video, they show the incredible advantage the cheater has over regular players. Therefore, it comes as no surprise game developers and third-party anti-cheat developers have put enormous resources into their anti-cheat software, although with mixed success.

The response of anti-cheat

Most anti-cheat software runs by checking the users’ memory for code that should not be there, like an anti-virus program. Also, methods such as data encryption and taking screenshots of the players’ client are utilized. Nonetheless, these methods are just catching up to cheaters not preventing cheating outright. And when the developers clamp down on specific cheating code, It takes little effort for the developer to improve the ‘camouflage’ of his hack and the cycle starts over again.

Companies such as GameBlocks promise a better solution. With their fair play application, they put themselves between the game server and client: instead of merely checking game files and data integrity, they focus on player behavior. The idea is that cheaters who have such an unnatural advantage – such as seeing other players through walls – demonstrate this in their in-game behavior. such as aiming at targets not visible to a regular player. Or heaving an unusually high kill death ratio. Hover these methods could lead to more false positives than traditional anti-cheat solutions. And are heavily criticized by community members who claim they have been the victims of a false ban.  

‘Undetectable’ package-based cheats

With the rise of a new subgenre called Battle Royale, we saw a demand for new cheating methods and software. Due to an overall slower game pace and higher risk-reward-fights, many players are more willing to get an illegitimate edge over their opponents.

At the same time, traditional cheating methods are more easily detected – resulting in game developers barring you from playing based on your hardware ID – and becoming a less useful option.

Consequently, developers came up with a creative solution: instead of running cheats in the game client or even on the gaming pc, they do so on an entirely different device. They either use a Virtual Machine (VM) or a second computer. Developers then duplicate the game data stream – containing information about enemy positions – with software (such as Zenmap) to a device that is not monitored by anti-cheat software.

A client on the second device reconstructs this game data in a form that the user can understand and apply. Examples are a map with enemy and loot locations or even a 3D environment where you can see an enemy player screen, similar to traditional cheats.

Some cheat developers plan to expand on this technology and create a cheating client. That client essentially acts as a gameplay client, with all the cheating overlays such as ESP and radar. The difference is that the actual game client remains clean from any “bad” code or behavior, making it significantly harder to detect by anti-cheat.

cat and mouse game

A potential solution for these cheats would be more draconian anti-cheat software running on the players pc. combined with packet encryption. Like we have seen with the recently released Valorant. Anti-cheat software that runs inside your computer kernel, and is actively scanning your system even when not in-game.

implementing packed encryption would force cheat clients to obtain a decryption key in the game client. witch is something that could more easily be detected. in addition, this always-on anti-cheat could actively scan and block vpn’s, virtual machines, and suspicious drivers.

Open season?

The video game cheating market is an interesting one: it is a constant cat-and-mouse game between small and often self-taught developers against multimillion-dollar companies. For now, the legal system appears ineffective and far too slow. Even though scammers, false advertisements, and player bannings are commonplace, the market is still massive and growing.

The post The bizarre world of commercialized video game cheating appeared first on Rana News.

Three companies control the operating system market: Microsoft, Apple, and Google. These companies have a combined market share of 97%, and about 60% of all personal computing devices run on a mobile operating system. The desktop market is dominated by Windows – with a 75% market share – Apple (20%) and Chrome OS (Google’s desktop operating system) with 1 percent. Linux-based operating systems make up roughly 1.5 percent, but it is safe to assume that most  ‘unknown’ operating systems are running some form of Linux.

With smartphones becoming increasingly popular for day-to-day activities – such as browsing the web and buying goods online – most of our more complex tasks are still done on the desktop. That is especially true when working with sensitive documents, or when privacy and information security is of greater concern.

While productivity is certainly higher on the desktop, information security and privacy are not necessarily guaranteed. In this article, we briefly discuss significant flaws of desktop operating systems, as well as ways to avoid them.

• 

Windows

Microsoft is known for discontinuing the development of older operating systems. Eventually, all users will have to adopt Windows 10 or face serious software limitations and security flaws. However, Microsoft has implemented many new user tracking features and backdoors in Windows 10. Furthermore, their business model changed from one-time software purchase to a free and live service model. It is safe to assume intelligence gathering, the installation of apps, and features based on this information, are an integral part of Microsoft’s future business model.  

The backdoors that have been present in previous versions of Windows grant Microsoft access to your computer at any time to ‘update.’ That starts to live a life of its own, such as downloading and implementing updates without the consent of the user. Such features could be used and abused by law enforcement and hacking groups. Moreover, Microsoft could use it to implement spying tools.   

Spying tools are more prevalent than ever before. Most privacy settings enable Windows to send sensitive information to Microsoft. Examples are the time you spend in certain apps, whether they crash, and if you are browsing an online store.

Information concerning hardware configuration is always shared with Microsoft. It provides them and possible attackers with potential hardware abuses. The recent Meltdown and Spectre exploits show the potential risks, demonstrating how a flaw in modern Intel CPU’s could leave your decryption keys vulnerable.

Also, Windows uploads a recovery key of its disc encryption key, essentially giving Microsoft the keys to the castle. The premium service BitLocker provides more security, as it allows to store recovery keys locally. Through CPU security flaws and a surplus of backdoors, Microsoft and attackers could access your data. Even if you would use an alternative encryption solution such as VeraCrypt, there is no guarantee your data is safe.

With Windows being the most popular operating system by far, the majority of malicious software is designed to target that system. Without top-of-the-line security, the poor architecture of Windows leaves you vulnerable to all sorts of attacks.

MacOS

Historically, macOS has been a more popular operating system with professionals. OS is generally associated with higher security and better privacy. However, with the increase of casual users and overall growth in market share, malicious parties now focus on Apple’s operating system. Despite improved privacy and advanced security architecture, Apple was not able to stop the tide of new attackers.

A recent report shows that macOS has seen a sharp increase in malicious code. It is estimated that new attacks on Macs outpace those on Windows computers by as much as 400 percent. Particularly ransomware attacks are increasing and have disastrous consequences for both the private and governmental sectors. In terms of numbers, adware and Potentially Unwanted Programs (PUPs) have seen the largest increase.

Mac devices are just as vulnerable – if not more – than Windows computers, as their components are not nearly as diverse. That allows manufacturers to concentrate their efforts on patching these vulnerabilities. macOS has a baked-in encryption feature just like Windows, but unlike Windows, it requires no payment to manage your encryption keys. You have the option to store your recovery key online, but you do not have the same possibilities as a premium service, such as BitLocker.

Many reports exist about private information ending up on the cloud. Besides, crash reports of Apple’s software get automatically uploaded to their servers, which often contain logs with user data.

Overall, Apple appears to be a better choice than Microsoft regarding privacy. However, in terms of information security, you are just as vulnerable. Unfortunately, many Mac users still believe they have nothing to worry about when it comes to malicious software, and do not take the necessary precautions.

Windows vs. macOS: similar fundamental problems

In case of negative publicity or judicial issues, the reputation of Apple and Microsoft is on the line, which is a price both are not willing to pay. That happened during the FBI vs. Apple dispute over an encrypted iPhone. In the end, the iPhone was cracked by the FBI with help from a third party. Whether or not this party was connected to Apple – to make the court case go away – one can only speculate. Nevertheless, it was in the interest of both parties to make this case go away.

One should also take into consideration that both systems are designed for user-friendliness. Even when you use encrypted files and disks, a lot of sensitive data is stored outside of your encryption in non-volatile memory. That means file logs and other potentially sensitive data could be reconstructed because the information is never actually deleted. Unless you use a tool such as Eraser to scrub data from your hard drive manually, traces of data will remain on your device.

Also, both systems have major boot sequence vulnerabilities. Programs such as Kon-Boot allow you to bypass the password of the computer easily if you get physical access. Using encrypted drives could still secure your data, but the vulnerabilities mentioned above can undo them.

The Linux solution

As mentioned earlier, Linux represents only a small share of the market. Many universal security problems also apply to Linux systems. Yet, it has one major advantage: Linux’s system architecture has security in mind, instead of security being an addition to the system.

Linux has a far more robust permissions system preventing unauthorized access to files. Furthermore, rule-based security features – such as SELinux – prevent potentially malicious programs from reading, writing, and executing files. Though spying features in Windows can only be disabled, Linux products allow the removal of intrusive elements altogether.

Still, data does not magically disappear from your hard drive, and communication can be intercepted and read. However, some excellent security-oriented products – such as Tails OS –  can solve these issues and do so with incredible success.

Although not all Linux distributions are focused on security, they are not targeted nearly as often by hackers. Plenty of vulnerabilities are caught and patched faster because of its more open nature. Linux users are also more tech-savvy, making them more challenging targets. Finally, some Linux products are dedicated entirely to security, making Linux the preferred option for real privacy and information security.

The post Windows vs. macOS vs. Linux: comparing security appeared first on Rana News.

Scientists from the Ben-Gurion University of the Negev in Israel have developed malware that can eavesdrop on computers by using an air-gapped network. By manipulating the power supply, a specific audio signal is transmitted, which in turn is intercepted. That means even data stored on an offline computer is no longer safe.

The scientists named their malware Power-Supplay, referring to data leaks from an air-gapped computer. These are devices that are not connected to outgoing networks, such as the internet. The driving force behind Power-Supplay is a phenomenon called ´singing capacitator,´ which makes a capacitator transmit a sound with high frequency, as soon as different quantities of power are flowing through. The operators of the malware can manipulate the power supply very precisely and determine the audio signal of the capacitator.

Yes, the irrepressible Mordechai Guri has found another weird way to exfiltrate data from an #airgapped machine: using singing capacitors. I bet the CIA is quaking in its boots at his “POWER-SUPPLaY” scheme: https://t.co/Ts39RFMCoK

2/

— @Richi Jennings (@RiCHi) May 6, 2020

Subsequently, an operator nearby can intercept the acoustic signals and steal the binary data from the targeted computer. A smartphone is sufficient to receive and store the stolen data. It is possible to filter the data up to six meters, but it also depends on the ambient noise. In close proximity, the malware can generate up to 40 bits of data per second, and on more considerable distances 10 bits per second.

The group of scientists is lead by Mordechai Guri, an expert in the field of eavesdropping on air-gapped networks. Previously, Guri researched techniques to manipulate screen brightness, to read infrared lenses of security cameras, and to modify sound ports of computers. Hacking is generally considered an online affair. However, Guri takes retrieving data through unconventional means to a whole other level.

The video below roughly demonstrates how Power-Supplay works:

The post Israel to launch advanced malware eavesdropping on your computer appeared first on Rana News.

In an anonymous statement, a Tor administrator explains how the Dutch intelligence agency AIVD attempted to recruit him. His story gives a detailed insight into the expanding power of the security state, whose influence now reaches into the business world, prestigious universities, and (international) hacker communities.

Marco*, the provider of the statement, is a 30-year-old Dutchman with a Master of Science degree from the Delft University of Technology. He is an expert concerning the Tor network who – for research purposes – runs some Tor exit nodes. Marco states:

“Suddenly, I was approached by a man and woman at a gym I frequented at that time. They identified themselves with a badge from the Ministry of Interior and explained they were working for the AIVD. I felt somewhat overwhelmed, and I was afraid I had got myself into trouble.”

That is a common tactic used by intelligence agencies. They do not announce their visit in advance so that they can overwhelm their targets. It also gives them an edge before the recruitment process has started.

“First, they asked all sorts of questions related to my education. They had read my thesis regarding IT security and complimented me extensively.”

‘Ego boosting’ is yet another tactic to make the target feel important and comfortable. It also makes you somewhat forget that you are talking to an intelligence officer.

“At one point, they offered me all types of jobs at the AIVD. I could work from their office, but I could also do fieldwork as an informant or infiltrator. They explained they were creating a special team called the Joint Sigint Cyber Unit (JSCU).”

The JSCU is a special department that encompasses employees from the AIVD, as well as the military intelligence agency MIVD. In the past few years, the department has grown significantly to 700 employees, including fifty hackers. Their task is to intercept radio and satellite communications and to engage in cyberwarfare. The JSCU is known to share intelligence with foreign agencies, such as the CIA and the NSA.

“Their approach clarified to me that the intelligence agencies are monitoring IT students in the final stages of their education. They are also looking for individuals who are slightly older – but still connected with younger generations – for management positions.”

At that point, the intelligence officers become more open about the intended targets of the unit:

“Subsequently, they asked me if I was interested in traveling for several years. I could also work for a German technological company. The idea was to travel to Germany and visit Hackspaces of the Chaos Computer Club. I had to report on these events, and the agency would cover all costs.”

The Chaos Computer Club (CCC) was founded in West-Germany in 1981. It is the largest European hacker organization, with approximately 7700 members. The CCC is an independent association that, among other things, shows a strong commitment to (online) privacy, cryptography, and anonymity. Given the expertise and activities of some members, the CCC acts as a magnet for intelligence agencies.

“They kept offering me proposals. They promised me ‘unparalleled opportunities’ if I decided to work for the AIVD. They told me I could attend hacker parties in Spain, Italy, and Austria, and consider those events as paid holidays.”

Then, more targets were mentioned:

“The male intelligence officer explained the AIVD was interested in the developers of Tor and Tails. What he meant was that they need informants and infiltrators, but he said this in a lengthy way. According to the officer, this was part of an international operation.”

Aside from paid expenses and travel costs, Marco was offered a substantial starting salary.

“I could determine my salary, as long as it was no more than 5000 euros per month.”

Despite these generous offers, Marco was able to see through the grooming efforts. He refused, but initially, the officers kept attempting to convince him. When Marco persisted, the tone of the conversation changed. Now, the time for compliments was over.

“We know you are building Tor exit nodes. If you do that while working for us, you can make a living out of it. If you do not work for the intelligence agency and something illegal occurs, we cannot prevent the police from raiding your house and confiscating your equipment. Finally, the officers explained to Marco that talking about the meeting was a criminal offense. After giving me their number, they left.”

Marco’s story demonstrates the priorities and dedication of intelligence agencies. And already they have achieved success. In 2017, the Dutch authorities announced they had taken over, dismantled, and deleted Hansa Market, at that point, one of the largest markets on the dark web.

If intelligence agencies succeed in infiltrating service providers such as Tor and Tails, this will be a severe blow to online privacy and anonymity.

*Marco is a fictitious name.

The post How intelligence agencies recruit Tor administrators appeared first on Rana News.

With the rise of digital transactions and increasing e-commerce, consumers lost a great deal of privacy. Every transaction is logged by your bank, payment processor, and to whomever they sell your data. Different companies will have specific guidelines and policies when it comes to your data. Some promise a great deal of privacy, but the fact remains that your transactions are directly tied to your name, and you do not have full autonomy over your wealth. 

The rise of Bitcoin 

Cryptocurrency started with Bitcoin, which promised a decentralized digital currency. A transparent ‘ledger’ called the blockchain ensures that transactions are legitimate, by frequently cross reversing all transactions on the blockchain. This constant cross reversing is done by anyone who wants to participate. In return, they generate a small amount of Bitcoin, creating an incentive to ‘mine.’ 

The decentralized nature of Bitcoin made it an attractive option for those who are looking for privacy. It is easy to set up a Bitcoin wallet, which requires no personal information to start sending and receiving currency. For long term storage and increased safety, it is possible to use a cold wallet taking your Bitcoin offline, until you want to start transacting again. 

For whom?

Financial censorship is an increasingly common phenomenon. There are but a few significant players in the payment processing world. We have seen these companies put payments on hold and ban users altogether. Mostly because of pressure by governments, but increasingly because of there own cultural and political goals and ideals. 

The problem is not just with payment processors. Banks and service providers – such as Patreon – have terminated accounts for similar reasons. These banishments commonly target political and cultural dissidents. 

Therefore, it is no surprise that these groups and individuals adopted Bitcoin and other cryptocurrencies. Even though it is not nearly as easy to donate and subscribe, cryptocurrency can be their life support. They also provided potential donors of controversial projects anonymity. 

Privacy and Bitcoin 

However, the open “ledger” in the Bitcoin blockchain has a substantial disadvantage: all wallets and transactions are public. Anyone can look up a wallet and see what is inside, monitor where the currency came from and went to from the moment it was mined. Open Source Intelligence (OSINT) tools such as Maltego can monitor and visualize this information, as shown below. 

Hypothetically, ill-intentioned entities could link you to a specific Bitcoin address when you purchase the coins on a marketplace and when you declare an address publicly. Furthermore, one can follow these coins to their destination. Most marketplaces promise not to share your information with third parties, but there is no guarantee. In the case of a hack or a government raid, your transaction history could be reconstructed and used against you.  

There are numerous methods of obfuscating your transactions on the blockchain, such as never reusing an address and coin controlling. However, these methods could still leave a trace. By using services such as tumblers, mixers, and coinjoins, you can gain more anonymization. However, these come with the risks of theft, seizures, and possible illegality due to anti-money laundering regulations. 

Without going into more technical details, we can conclude that Bitcoin is an excellent option for those who want to avoid using banks and payment processors, although it has its flaws. Guaranteeing anonymization with Bitcoin requires quite a bit of technical knowledge and developed privacy practices, both online and offline. 

Monero (XMR) 

That is where Monero comes into the picture: the most popular cryptocurrency design for optimal privacy and information security. With features such as enforced privacy, ring confidential transaction, ‘bulletproofs,’ stealth addresses, and ring signatures. 

These features combined make it that both the sending and receiving wallet in a transaction remain anonymous. Also, the transaction and wallet values are unknown to the public. Therefore, a hypothetical observer of a public address cannot reconstruct an incoming or outgoing transaction. That makes Monero the preferred option for those who want their transactions to be anonymous. 

Now it should be noted that there are theoretical problems with Monero’s anonymization. Research shows that deanonymization is possible under the right conditions. However, these methods have not been recreated on a significant scale and are unlikely to be utilized by law enforcement. There is also a significant concern with the mining pool size, which could become a problem if an entity gains a majority share. Even though the Monero pool diversity has been improving, it is still far from optimal. 

source

Illicit marketplaces and malicious software

With the relative anonymity of cryptocurrency and user-friendly programs – such as Tor – making it easy to browse darknets we have seen an entirely new market surge. It is a large underground network benefiting from the decentralized nature of these tools. Marketplaces selling drugs and illicit services are commonplace, with the preferred currency being Bitcoin or Monero. 

Law enforcement throughout the Western world has seen a sharp increase in online drug purchases in the last decade. In some countries, up to thirty percent of all drug purchases are online. On the Clearnet, vendors of grey market goods and services have taken a liking to cryptocurrency as well, because of oversight and no involuntary refund in the case of a dispute with a customer. 

Malicious software that encrypts your data – and then offers a decryption key in exchange for cryptocurrency (ransomware) – has also become more prevalent. The anonymous nature of these transactions and the relative ease of purchasing cryptocurrencies made it profitable. 

Towards widespread adoption

The rise of cryptocurrencies and their relative ease of use, decentralized nature, and anonymization have created many new possibilities. That includes individuals who want to store and trade wealth outside of centralized banking and for organizations that continue to receive funds after they are financially blacklisted. It also safeguards the anonymity of members of such organizations.

But with anonymity comes crime, and alongside the crypto speculators and visionaries, criminals have adopted crypto as their preferred currency. That has created entirely new markets and forms of exploitation.

Also, complex technology is rarely perfect: flaws and weaknesses are repeatedly theorized and patched. Concerning speculation, hype, and forks, cryptos are seldom stable and cannot provide the relative stability of gold or cash.

However, cryptocurrencies are exciting technologies that must be watched closely, as they have and will continue to provide new financial possibilities. Nevertheless, we are quite far away from widespread adoption.

The post How does cryptocurrency protect your anonymity? appeared first on Rana News.