How to build & install the latest Pidgin on CentOS/RHEL/Fedora

Both CentOS/RHEL and Fedora come with RPMs in their standard repos for the pidgin and libpurple packages.  Unfortunately, they are far out of date (Though please note, at least for CentOS, this may not be an issue, as all critical security fixes/vulnerabilities have their patches back-ported to the old build by RedHat). Below are the instructions for building the newest version on your system.

1. Download the latest tarball archive from https://pidgin.im/download/source/ – Click on “Download Now”

2. Save the .tar.bz2 file into /usr/local/src/

3. In a root terminal, perform the following command and install any dependent packages as well:

yum install nss-devel cyrus-sasl-devel tcl-devel ncurses-devel gnutls-devel rpm-build intltool gcc glib2-devel gtk2-devel libgcrypt-devel glibc-devel tk-devel perl-ExtUtils-Embed

Also, you don’t need these tools (or anything with -devel at the end) once you’re done building the Pidgin RPMs, so you may uninstall these packages as an optional step 7 by performing step3 again, except replace “yum install” with “yum remove”, like so: “yum remove nss-devel cyrus-sasl-devel tcl-devel ncurses-devel gnutls-devel rpm-build intltool gcc glib2-devel gtk2-devel libgcrypt-devel glibc-devel tk-devel perl-ExtUtils-Embed”.

4. As an unprivileged user (not root!), perform the following commands:

cd /usr/local/src
rpmbuild -tb –nodeps -D ‘_unpackaged_files_terminate_build 0’ pidgin-2.10.7.tar.bz2

5. After a good little wait for all your RPMs to compile, you should see this near the end of the output:

Wrote: /home/user/rpmbuild/RPMS/x86_64/pidgin-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/pidgin-devel-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/libpurple-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/libpurple-devel-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/finch-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/finch-devel-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/pidgin-debuginfo-2.10.7-0.x86_64.rpm

6. As root, again (navigate back to your root console/terminal session), perform the following commands:

yum remove finch finch-* purple-plugin_pack libpurple libpurple-* pidgin pidgin-*
cd /home/user/rpmbuild/RPMS/x86_64/
yum –nogpgcheck localinstall pidgin-2.10.7-0.x86_64.rpm libpurple-2.10.7-0.x86_64.rpm

And, optionally, assuming you’ve already built it using our guide, also install the pidgin-otr package:

yum –nogpgcheck localinstall pidgin-otr-4.0.0-*.rpm

You should now have the latest version installed and ready to launch & configure. If you already had your linux distribution’s default version installed, no need to worry about user accounts or other data getting clobbered in the upgrade, as the program and its data are stored quite separately.

How to build & install Pidgin OTR-4 on CentOS/RHEL/Fedora

For a long time now, the official repositories in most major linux distributions haven’t bothered to update their Off-The-Record chat encryption packages from it’s former version of 3.2.1 in quite some time. 4.0.0 Includes major protocol improvements as well as bug, security & preferences fixes. It is available (as source code) from the their official website, http://www.cypherpunks.ca/otr/.

Not everyone is thrilled at the prospect of compiling the source code by hand, not to mention the headache incuding implications of straying from our comfortable, tried and true routine of using a handy package manager to handle all of our software installs. If you say “nonsense, that’s all fine and well, I just can’t stand waiting around while there are known security holes lurking in some of my most often used, privacy-sensitive software – Pidgin’s OTR plugin,” then take notes from the below illustration of how to compile the pidgin-otr and libotr packages on CentOS AKA RHEL 5/6 and Fedora (probably good for at least 16-18).
Enter the following commands into a root shell (or insert the sudo command before “yum”):

yum install rpm-build intltool gcc glib2-devel gtk2-devel libgcrypt-devel libgpg-error-devel pidgin-devel libotr-devel perl-XML-Parser

In a separate shell (of an unprivileged user), enter the following commands:

cd /usr/local/src/
wget http://www.cypherpunks.ca/otr/libotr-4.0.0.tar.gz
wget http://www.cypherpunks.ca/otr/pidgin-otr-4.0.0.tar.gz
rpmbuild –tb pidgin-otr-4.0.0.tar.gz
rpmbuild –tb libotr-4.0.0.tar.gz

Optional Step: Uninstall the un-needed build tools.
Now, back in a root shell (again, shell of the root user OR enter “sudo” in front of “yum”):

yum remove rpm-build intltool gcc glib2-devel gtk2-devel libgcrypt-devel libgpg-error-devel pidgin-devel libotr-devel perl-XML-Parser

Mission complete! – with RPMs built in you unprivileged user’s RPM build dir (perhaps /home/user/rpmbuild/RPMS/x86_64/). In a root shell (as root, or using sudo before yum), peform the following (OR, if you would like to install this alongside the newest build of pidgin itself, follow our guide for pidgin.):

cd ~user/rpmbuild/RPMS/x86_64/
yum –nogpgcheck localinstall pidgin-otr-4.0.0-*.rpm libotr-4.0.0-*.rpm

If for some reason, yum localinstall doesn’t do the trick, you can use rpm -Uvh pidgin-otr-4.0.0-*.rpm libotr-4.0.0-*.rpm

A shell script to chain socks proxies

//edit (2013-03-23), I replaced this (non-working) script with one that I know works & recently tested, which I’ve also put up online here if anyone has trouble with the formatting as its laid out below:

#!/bin/sh

#admin's perset vars
runasuser=nobody
#default_upstream_socks_name=SOCKS
default_upstream_socks_name=TOR
default_upstream_socks_host=127.0.0.1
default_upstream_socks_port=9050
default_socks_port=1080

#If user doesn't give the correct syntax, inform user and quit
if [ $# -lt 3 ] ; then
 echo "Usage: $0 <Local_Listen_IP> <Local_Listen_Port> <SOCKS_Host> [SOCKS_port] [${default_upstream_socks_name}_Host] [${default_upstream_socks_name}_Port]"
 echo " Desc: First 3 inputs are required, last 3 are optional and default to ${default_socks_port}, ${default_upstream_socks_host} and ${default_upstream_socks_port}, respectively."
 echo "Example: $0 127.0.0.1 5000 12.34.56.78 1081"
 echo "Explanation: Launches $0 listener on tcp port 5000, connects to Tor @127.0.0.1:9050 socks4a host, then 12.34.56.78 port 1081 as socks4a."
 echo "Explanation:  Now use localhost:5000 as your proxy in FireFox or wherever."

else
 if [ -z "$6" ] ; then
  i6=$default_upstream_socks_port
 else
  i6=$6
 fi
 if [ -z "$5" ] ; then
  i5=$default_upstream_socks_host
 else
  i5=$5
 fi
 if [ -z "$4" ] ; then
  i4=$default_socks_port
 else
  i4=$4
 fi
 i1=$1
 i2=$2
 i3=$3
 if [ "$(whoami)" == "root" ] && [ -n "${runasusser}" ] ; then
  runasmod=",su=${runasuser}"
 else
  runasmod=""
 fi
 socat "TCP4-LISTEN:${i2},bind=${i1}${runasmod},reuseaddr,fork" "SOCKS4A:${i5}:${i3}:${i4},socksport=${i6}"
# socat "TCP4-LISTEN:${i2},bind=${i1},reuseaddr,fork" "SOCKS4A:${i5}:${i3}:${i4},socksport=${i6}"
fi

Syntax for using this script explained:

./socksviasocks.sh <LISTEN_IP> <LISTEN_PORT> <EXIT_SOCKS_HOST> [EXIT_SOCKS_PORT] [ENTRY_SOCKS_HOST] [ENTRY_SOCKS_PORT]
./socksviasocks.sh 127.0.0.1 5000 55.55.55.55 1080 127.0.0.1 9050
But of course, you don’t have to write the 127.0.0.1 9050 arguments at the end, because this script *assumes* that if the last 2 are not given, it should use TOR as the entry socks proxy.  Now then, if you connected to the shell from which this is being run using ssh or putty, and forwarded your local port 127.0.0.1:5000, to, with respect to the shell, local IP:port 127.0.0.1:5000, you should now have a complete, 3x proxied socket connection initiated to whatever destination you choose in, say Firefox, where you specify 127.0.0.1:5000 as the browser’s proxy.

.

WikiLeaks Bypasses Financial Blockade With Bitcoin

8/20/2012 @ 9:47AM

WikiLeaks Bypasses Financial Blockade With Bitcoin

People shouldn’t fear their government; government should fear its people. Publishers and journalists will not be intimidated nor silenced. Now entering day 626 of the financial blockade against WikiLeaks, Julian Assange sits in the Ecuadorian Embassy in London awaiting safe passage.

Following a massive release of secret U.S. diplomatic cables in November 2010, donations to WikiLeaks were blocked by Bank of America, VISA, MasterCard, PayPal and Western Union on December 7th, 2010. Although private companies certainly have a right to select which transactions to process or not, the political environment produced less than a fair and objective decision. It was coordinated pressure exerted in a politicized climate by the U.S. government and it won’t be the last time that we see this type of pressure.

Fortunately, there is way around this and other financial blockades with a global payment method immune to political pressure and monetary censorship.

On its public bitcoin address, Wikileaks has taken in over $32,000 equivalent in more than 1,100 separate bitcoin donations throughout the blockade (1BTC = $10.00). But these amounts may be significantly higher, because it does not even include the individually-generated bitcoin addresses that WikiLeaks provides for donors upon request.

Also announced last month, WikiLeaks appears to have found another way around the VISA and Mastercard blockade by using the French national credit card system, Carte Bleue, to process these payments (at least temporarily).

According to WikiLeaks, VISA and MasterCard are contractually barred from directly cutting off merchants through the Carte Bleue system and the French non-profit FDNN (Fund for the Defense of Net Neutrality- Fonds de Défense de la Net Neutralité) has set up a Carte Bleue fund for WikiLeaks.

Time Magazine declares that WikiLeaks “could be as important a journalistic tool as the Freedom of Information Act.”

It used to be that people had secrets and the government was transparent; now it’s the people that lack privacy and the government has secrets. Freedom of payments is an extension of financial privacy and digital cash-like transactions without financial intermediaries become a critical piece of that foundation. Money was never intended to act as a form of identity tracking or payments restriction and this is why the option for anonymous and untraceable transactions is so vital as society moves to a world of digital currency.

“It is the privatization of censorship, because this is being done because of extreme pressure by the U.S. Government,” says Kristinn Hrafnsson, spokesman for WikiLeaks. “It’s extremely important to fight back and stop this process right here and now so that we won’t see in the future, ….where we have the financial giants deciding who lives and who dies in this field.”

To those that don’t support freedom of payments, consider this financial blockade invoked in the name of political correctness before you dismiss the inherent value of a nonpolitical unit of account and of a decentralized medium of exchange. It should be offensive to most free-minded people that you are not the final arbiter of how and where you spend your money. Bitcoin restores the balance.

Anonymous supposedly Hacks IRS Database and publishes Romney Tax Returns

Via http://www.disclose.tv/news/Anonymous_Hacks_IRS_Database_and_publishes_Romney_Tax_Returns/85688

Anonymous Hacks IRS Database and publishes Romney Tax Returns

 

 

 

 Please don’t
forget to:

 

August 1, 2012 – Late last night, the mysterious group of hackers known as Anonymous successfully hacked the main database for the Internal Revenue Service. The group appeared to have a singular target- Republican Presidential nominee Mitt Romney. Romney has been criticized by both parties for his failure to produce more than one past tax return.

The Anonymous attack successfully retrieved 25-years worth of Romney’s tax returns and published them without permission on major websites throughout the Internet. The majority of these websites removed the returns within minutes, however it was too late to completely protect the candidate’s already tainted image.

Romney campaign spokeswoman Andrea Saul stated last week that “there has been no year in which Romney paid zero taxes”. In 2008, this was true. He earned $23,425,316 and paid $412.18 in federal income taxes. This calculates to a federal tax rate of 0.0018%. How did Romney get his tax burden so low? According to his return, he had approximately $23,407,000 in itemized deductions. These deductions ranged from $78,923 for “Toupee Creators Unlimited” and $41,826 for “Spray-on tan services” to a $3.8 million dollar write-off for a trip to Las Vegas with potential campaign donors. The Romney family also paid salaries to their numerous employees including, two yacht captains, three pilots for their private jets, two professional dog walkers, one toupee stylist and a “live-in contortionist”. What someone does with a live-in contortionist, one can only speculate. However, the $891,064 Romney spent on an “EWS Donor Party at the Pennsylvania Mansion” might give us a clue. While the return does not indicate what “EWS” stands for, given that the deducted supplies for the party included “Venetian masks, alcohol, lubricant and various Egyptian leather accessories” it was most likely an “Eyes Wide Shut” party.

In addition to his wild nights, Romney also deducted health related expenses. These included $127,000 for Cognitive Behavioral Therapy for a condition termed “Pseudologia fantastica” also known as Compulsive Liar Syndrome. This may explain why the Republican nominee’s views seem to change dramatically depending on his audience. In fact, his recent string of political gaffes may be the direct result of his inability to keep up with the many competing “truths” he has spoken over the past year. According to noted Psychiatrist Bryan King, “Pathological liars seem utterly sincere about their lies, but if confronted with facts to the contrary, will often just as sincerely reverse their story.” According to Politifact, a news organization that researches the veracity of politician’s statements, only 16% of Romney’s examined statements were found to be completely true.

( via freewoodpost.com )

New Tor Browser Bundles Released!

New Tor Browser Bundles

Posted July 29th, 2012 by erinn

in

• alpha release
• firefox update
• tbb
• tor browser
• vidalia releases

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.6esr release.

The alpha Tor Browser Bundles have also (finally) been updated with numerous new pieces of software, including the latest Tor release candidate (0.2.3.19-rc).

All users are strongly urged to upgrade.

https://www.torproject.org/download

Tor Browser Bundle (2.2.37-2)

• Update Firefox to 10.0.6esr
• Update Vidalia to 0.2.20
• Update NoScript to 2.4.8
• Disable Firefox crashreporter
• Windows: Fix Firefox transparency problems with Aero theme (closes: #4795.)

Tor Browser Bundle (2.3.19-alpha-1)

• Update Tor to 0.2.3.19-rc
• Update Firefox to 14.0.1
• Update libevent to 2.0.19-stable
• Update OpenSSL to 1.0.1c
• Update zlib to 1.2.7
• Update Torbutton to 1.4.6
• Update NoScript to 2.4.9
• Update HTTPS Everywhere to 3.0development.5
• Downgrade Vidalia to 0.2.20
• Update libpng to 1.5.12

• erinn’s blog

Bitcoin Mainline with Support for Tor hidden services

From: http://anonymous.livelyblog.com/2012/06/29/bitcoin-support-for-tor-hidden-services/

Bitcoin Mainline with Support for Tor hidden services

Friday, June 29th, 2012 at 5:26 am.

   
bitcoin-tor-network

/// Meanwhile, on bitcoin-devel…

Hello everyone,

a few days ago we merged Tor hidden service support in mainline. This means that it’s now possible to run a hidden service bitcoin node, and connect to other bitcoin hidden services (via a Tor proxy) when running git HEAD. See doc/Tor.txt for more information. This is expected to be included in the 0.7 release.

Additionally, such addresses are exchanged and relayed via the P2P network. To do so, we reused the fd87:d87e:eb43::/48 IPv6 range. Each address in this 80-bit range is mapped to an onion address, and treated as belonging to a separate network. This network range is the same as used by the OnionCat

application (though we do not use OnionCat in any way), and is part of the RFC4193 Unique Local IPv6 range, which is normally not globally routable.

Other clients that wish to implement similar functionality, can use this test case: 5wyqrzbvrdsumnok.onion == FD87:D87E:EB43:edb1:8e4:3588:e546:35ca. The conversion is simply decoding the base32 onion address, and storing the resulting 80 bits of data as low-order bits of an IPv6 address, prefixed by

fd87:d87e:eb43:. As this range is not routable, there should be no compatibility problems: any unaware IPv6-capable code will immediately fail when trying to connect.

–

Pieter

The documentation for using Bitcoin with Tor has already been leaked to github:

TOR SUPPORT IN BITCOIN

======================

It is possible to run Bitcoin as a Tor hidden service, and connect to such services.

The following assumes you have a Tor proxy running on port 9050. Many distributions

default to having a SOCKS proxy listening on port 9050, but others may not.

In particular, the Tor Browser Bundle defaults to listening on a random port. See

https://www.torproject.org/docs/faq.html.en#TBBSocksPort for how to properly

configure Tor.

1. Run bitcoin behind a Tor proxy

———————————

The first step is running Bitcoin behind a Tor proxy. This will already make all

outgoing connections be anonimized, but more is possible.

-socks=5 SOCKS5 supports connecting-to-hostname, which can be used instead

of doing a (leaking) local DNS lookup. SOCKS5 is the default,

but SOCKS4 does not support this. (SOCKS4a does, but isn’t

implemented).

-proxy=ip:port Set the proxy server. If SOCKS5 is selected (default), this proxy

server will be used to try to reach .onion addresses as well.

-tor=ip:port Set the proxy server to use for tor hidden services. You do not

need to set this if it’s the same as -proxy. You can use -notor

to explicitly disable access to hidden service.

-dnsseed DNS seeds are not resolved directly when a SOCKS5 proxy server is

set. Rather, a short-lived proxy connection to the dns seed

hostname is attempted, and peer addresses are requested.

-listen When using -proxy, listening is disabled by default. If you want

to run a hidden service (see next section), you’ll need to enable

it explicitly.

-connect=X When behing a Tor proxy, you can specify .onion addresses instead

-addnode=X of IP addresses or hostnames in these parameters. It requires

-seednode=X SOCKS5. In Tor mode, such addresses can also be exchanged with

other P2P nodes.

In a typical situation, this suffices to run behind a Tor proxy:

./bitcoin -proxy=127.0.0.1:9050

2. Run a bitcoin hidden server

——————————

If you configure your Tor system accordingly, it is possible to make your node also

reachable from the Tor network. Add these lines to your /etc/tor/torrc (or equivalent

config file):

HiddenServiceDir /var/lib/tor/bitcoin-service/

HiddenServicePort 8333 127.0.0.1:8333

The directory can be different of course, but (both) 8333′s should be equal to your

bitcoind’s P2P listen port (8333 by default).

-externalip=X You can tell bitcoin about its publically reachable address using

this option, and this can be a .onion address. Given the above

configuration, you can find your onion address in

/var/lib/tor/bitcoin-service/hostname. Onion addresses are given

preference for your node to advertize itself with, for connections

coming from unroutable addresses (such as 127.0.0.1, where the

Tor proxy typically runs).

-listen You’ll need to enable listening for incoming connections, as this

is off by default behind a proxy.

-discover When -externalip is specified, no attempt is made to discover local

IPv4 or IPv6 addresses. If you want to run a dual stack, reachable

from both Tor and IPv4 (or IPv6), you’ll need to either pass your

other addresses using -externalip, or explicitly enable -discover.

Note that both addresses of a dual-stack system may be easily

linkable using traffic analysis.

In a typical situation, where you’re only reachable via Tor, this should suffice:

./bitcoind -proxy=127.0.0.1:9050 -externalip=57qr3yd1nyntf5k.onion -listen

(obviously replace the Onion address with your own). If you don’t care too much

about hiding your node, and want to be reachable on IPv4 as well, additionally

specify:

./bitcoind … -discover

and open port 8333 on your firewall (or use -upnp).

If you only want to use Tor to reach onion addresses, but not use it as a proxy

for normal IPv4/IPv6 communication, use:

./bitcoin -tor=127.0.0.1:9050 -externalip=57qr3yd1nyntf5k.onion -discover

Reactions can be read on the Tor mailing list.

How To Make VPNs Even More Secure

Torrentfreak made an interesting post about VPN security this week:

From being a niche product used by the few, in the past few years VPN services have hit the big time. These days more and more Internet users see running a privacy enhancing service as a requirement rather than just a luxury. Today we take a look at a few tips and tricks that can enhance the security of any VPN.

While simple to set up and use out of the box, it may comes as a surprise that the security of VPN anonymity services can be improved. Of course, when things run absolutely to plan there’s little to worry about, but there are occasions where there may be a hiccup or where an extra level of security is needed.

Securing your privacy when your VPN fails

Ok, so you’ve purchased your VPN subscription, enabled the service, and you’re enjoying your new found levels of privacy. Then – disaster strikes. While you were away from your machine somehow and for some unknown reason your VPN disconnected and now snoopers have a clear view of your IP address.

Fortunately, there are solutions.

“To protect against the event of VPN failure/disconnection, disable any internet access that does not tunnel through your VPN service provider,” Andrew from PrivateInternetAccess told TorrentFreak. “This can be achieved using specific Firewall rules (Ubuntu) or by changing TCP/IP routes.”

But of course, not everyone wants to spend time with these manual configurations that could potentially cause problems if they’re not done properly. So, TorrentFreak spoke with the creators of two free pieces of software that do the job more easily.

VPNetMon

“VPNetMon continuously watches the IP addresses of your PC. If the IP address of your VPN is not detected anymore, VPNetMon closes specified programs instantly. The program reacts so quickly that a new connection through your real IP will not be established by these applications,” creator Felix told TorrentFreak.

VPNetMon (Windows) can be downloaded here.

VPNCheck

“VPNCheck helps you to feel safe if your VPN connection breaks, this is done by shutting down your main network connection or programs of your choice and showing a notification box,” Jonathan from Guavi.com told TorrentFreak. “Basically it constantly looks for a change in your VPN network adapter. You can connect to either PPTP or L2TP with VPNCheck.”

VPNCheck (Windows/Linux) can be downloaded here.

Stop DNS Leaks

When using a VPN service one might expect that all of the user’s traffic will go through the privacy network, but on rare occasions a phenomenon known as “DNS leakage” might occur. This means that rather than using the DNS servers provided by the VPN operator, it’s possible that the user’s default DNS servers will be used instead or otherwise become visible.

“A DNS leak may happen whenever a DNS query ‘bypasses’ the routing table and gateway pushed by the OpenVPN server. The trigger on Windows systems may be as simple as a slight delay in the answer from the VPN DNS, or the VPN DNS unable to resolve some name,” explains Paolo from AirVPN.

A tool for checking for leaks can be found at DNSLeakTest.com and a solution for fixing any problems can be found here. Alternatively, anyone using the pro version of VPNCheck will have this feature built in.

Double up your security for extra sensitive data transfers

What if you don’t have 100% trust in your VPN provider and worry that even they might snoop on your communications? Admittedly it’s a very unusual hypothetical situation, but one with an interesting solution.

“If you don’t trust your VPN provider 100%, use two VPNs,” explains Felix from VPNetMon. “This way you are tunneling your already encrypted connection through another tunnel.”

In Windows this is easily achieved. First, simply set up at least two VPN accounts as normal (if you’d like an extra one for testing purposes you can get a free limited account from VPNReactor). Then connect to one VPN, and when complete connect to another without disconnecting the first. Like magic, a tunnel through a tunnel.

Its also possible to VPN over TOR, but please please don’t use TOR for file-sharing traffic, it’s not designed for it.

“VPN over TOR gives several security advantages, for a performance price, above all partition of trust,” explains Paolo from AirVPN. “In case of betrayal of trust by one party, the anonymity layer is not compromised in any way.”

A VPN over TOR tutorial can be found here, further discussion here.

Fix the PPTP / IPv6 security flaw

As revealed here on TorrentFreak in 2010, people using a PPTP VPN and IPv6 are vulnerable to a nasty security flaw which means that Windows and Ubuntu users could leak their real IP addresses. The following fix comes from Jonathan at VPNCheck.

For Windows Vista and above:
Open cmd prompt and type:
netsh interface teredo set state disabled.

For Ubuntu 10+:
Copy and paste all four lines into a terminal:
echo “#disable ipv6″ | sudo tee -a /etc/sysctl.conf
echo “net.ipv6.conf.all.disable_ipv6 = 1″ | sudo tee -a /etc/sysctl.conf
echo “net.ipv6.conf.default.disable_ipv6 = 1″ | sudo tee -a /etc/sysctl.conf
echo “net.ipv6.conf.lo.disable_ipv6 = 1″ | sudo tee -a /etc/sysctl.conf

Pay for your VPN with untrackable currency.

“When anonymity is a factor, pay with an un-trackable currency,” explains Andrew from PrivateInternetAccess.

“For example, signup for an anonymous e-mail account using Tor and use a Bitcoin Mixer to send Bitcoins to a newly generated address in your local wallet. Alternatively, use the Bitcoin-OTC to purchase Bitcoins ‘over the counter’ from a person, rather than an exchange.”

“Then, use a patched Bitcoin client, such as coderrr’s anonymity patch to avoid linking the newly generated address to any of your pre-existing Bitcoin addresses.”

Only use VPN providers that take your privacy seriously

We’ve said this before but it’s worth repeating. VPN providers who heavily log are useful if all you’re concerned about is securely communicating with the Internet through an open public WiFi connection, but not beyond that. For a run down of providers who do not log any data which would enable a 3rd party to identify a user, see our previous article here.

Do you have a helpful security tip for VPN users? If so, feel free to add it to the comments below.

TorMail.net’s domain held hostage? They switch to TorMail.org.

20 April 2012 – TorMail.net Domain Problems – tormail.net is now tormail.org

Early this morning, April 20, our domain registrar nic.ru suspended the domain tormail.net.
The reason they gave is because they require us to submit ID documents to them, apostilized and certified by the Russian Embassy.
We are unable to do this to protect our own identity, and also this request is very unusual and suspicious.
They have further refused to unlock the domain and allow us to transfer it to a different registrar.

We have filed a complaint with ICANN as per the domain transfer rules, they are not allowed to do this.
As it is the weekend, we probably wont get a response until next week, and even to transfer a domain normally takes about a week to be completed.
For this reason, at the earliest we can hope for is to have the domain back within two weeks.
It is possible the domain is gone for good and it may not be possible to get it back.

Up until two months ago, the domain was registered with a USA company, Moniker domains.
They were great and we had no problems with them, but with the recent domain seizures we decided to move the domain offshore.
It appears this was a big mistake, the Russian providers are much worse!

The chances of getting the domain back does not look good, and even if we get it back it will take a long time.
For that reason we have registered a new domain name tormail.org and will use that one to continue the service.
If we do get the tormail.net domain back, we will change back to using that one.

Every user who had a @tormail.net address now has the same address @tormail.org

You may continue to use the @tormail.net addresses on the Tor Mail website, but they will not work with external services.
You should quickly change the email addresses at any services you are using.
If we get the tormail.net domain back, both addresses will be able to reach you.

If you are using our webmail service, (squirrelmail or roundcube) no changes are necessary.
If you are using thunderbird or other SMTP software, you will need to change the “From” address to your new tormail.org address or you will be unable to send mail.

Sorry for the inconvenience, but we were taken by surprise by this and had no time to avoid it.
Admin.

FOIA Request Shows Which Printer Companies Cooperated With US Government

From Slashdot:

Posted by timothy on Saturday February 18, @08:08AM
from the stick-with-handwriting dept.

New submitter Dave_Minsky writes “The U.S. Secret Service responded to a FOIA request on Monday that reveals the names of the printer companies that cooperate with the government to identify and track potential counterfeiters. The Electronic Frontier Foundation revealed in 2005 that the U.S. Secret Service was in cahoots with selected laser printer companies to identify and track printer paper using tiny microscopic dots encoded into the paper. The tiny, yellow dots — less than a millimeter each — are printed in a pattern over each page and are only viewable with a blue light, a magnifying glass or a microscope. The pattern of dots is encodes identifiable information including printer model, and time and location where the document was printed.”

Easy enough to avoid government dots; just don’t buy printers from Canon, Brother, Casio, HP, Konica, Minolta, Mita, Ricoh, Sharp, or Xerox.