New Release: #Tails 7.9

https://blog.torproject.org/new-release-tails-7_9/

#cybersecurity #anonymity #privacy #Tor #FOSS #Linux

The transition to Post-Quantum Cryptography in the #Tor network’s #TLS layer is making progress! 😎 We are now at 44.57% of relays supporting the X25519MLKEM768 hybrid handshake. This number is up from 34.65% in March.

I’ve uploaded a list of relays and their scan results from yesterday on https://ahf.me/tor-tls-pqc/2026-06-18/ and wrote an email to the tor-relays@ mailing-list summarising the results in https://lists.torproject.org/mailman3/hyperkitty/list/tor-relays@lists.torproject.org/message/IY7FJU5XDSZ2O4SKUTN5VJFRLBRHYZ6W/

#cryptography #postquantumcryptography #pqc

This week: WhatsApp patched a flaw where a single crafted message could make your phone load content from an attacker’s URL. And India’s Telegram ban is now reaching users in the UAE too, a national court order cutting off people in another country entirely.

Two different problems, same root cause: centralized apps are both attack surfaces and single points of control.

No server, no surface to exploit, nothing to ban.

zerion.chat

#privacy #android #tor #encryption #foss

"Due to heavy information controls, people in Iran face significant barriers to accessing the Internet. Authorities have actively blocked numerous websites and apps, including conventional circumvention and digital security tools such as VPNs, social media platforms, and the app stores themselves. This creates a "chicken-and-egg" problem: users need a VPN to download a VPN.

Launched in 2016, Paskoocheh, Persian for "alleyway," is an open source alternative app store, community hub, and one-stop-shop for users to access information and tools to circumvent censorship, enhance their privacy, securely communicate, and express themselves freely online. Developed and maintained by ASL19, a technology and exiled media organization named after Article 19 of the Universal Declaration of Human Rights, Paskoocheh restores access and allows people to reach trusted tools through four censorship-resilient channels: the Paskoocheh website, Android App, Email bot, and Telegram bot.

Users are also able to reach our Persian-speaking support team through the Paskoocheh Helpdesk, which handles over 200 tickets daily. In addition, ASL19 translates and publishes accessible user guides, blog posts, and multimedia content to help users navigate online privacy and digital security best practices."

https://blog.torproject.org/when-you-need-a-tool-to-reach-the-tool-Paskoocheh/

#Iran #DigitalRights #TOR #Privacy #VPNs #Paskoocheh #Anticensorship

New Release: #Tor Browser 15.0.16

https://blog.torproject.org/new-release-tor-browser-15016/

#privacy #anonymity #FOSS #cybersecurity

Canada’s Bill C-22 would force every messenger to build a backdoor or leave the country. Signal said it will leave. NordVPN too. Apple said it will never comply.

The government calls it “lawful access.” Every security researcher calls it a vulnerability.

No server means no backdoor to demand. That’s not a workaround, it’s the architecture.

zerion.chat

#privacy #canada #billc22 #tor #encryption #foss

Zerion 2.0.3 is now live on F-Droid, Play Store and GitHub. This is our most stable release yet.

What’s in it: reliable voice calls in both directions, video calls as opt-in beta, faster startup, and lower battery use during sync.

F-Droid: https://f-droid.org/packages/com.professor.zerion
GitHub: https://github.com/zerionproject/Zerion/releases/latest
Play Store: https://play.google.com/store/apps/details?id=com.professor.zerion

#fdroid #foss #privacy #tor #android #encryption #p2p #opensource #infosec #grapheneos

Разрушаем миф: «Чёрный рынок» – это не голливудский боевик, а просто свободный рынок в подполье‍

Удивительно то, как иногда обыватели представляют себе «чёрный рынок» или даркнет. Благодаря Netflix, криминальным сводкам и государственным страшилкам, у большинства в голове рисуется этакая картина из «Безумного Макса». Сплошной авариционизм: брутальные картели, перестрелки из автоматов за точку сбыта, мрачные хакеры-социопаты, торгующие ураном и заказными убийствами, и абсолютная жестокость.

Но давайте спустимся с небес на землю и посмотрим, как это выглядит в реальности. Представьте себе типичную сделку на «страшном и ужасном» чёрном рынке:
– Псс, парень, ты принёс товар?
– Да, держи. Здесь фермерский сыр из непастеризованного молока, фриланс-дизайн без уплаты конского налога, крипта, купленная без KYC-унижений, и лекарство из-за рубежа, которое наш Минздрав почему-то решил запретить.

Звучит уже не так кровожадно, правда? Потому что 99% так называемого «чёрного» рынка – это абсолютно мирный, добровольный обмен между людьми, которые просто хотят жить своей жизнью. Это реакция здорового организма на удушающий захват стационарного бандита. Поэтому стоит разобраться, откуда вообще берётся теневая экономика и почему она не имеет ничего общего с насилием:

Во-первых, это защита от финансового стриптиза (AML/KYC). Сегодня, чтобы перевести свои же честно заработанные деньги, ты должен вывернуться наизнанку. «Антиотмывочные» процедуры превратили банки в филиалы спецслужб. «Откуда у вас эти 500 долларов? А докажите! А принесите справку! А мы заморозим ваш счёт до выяснения обстоятельств!». Люди уходят в крипту и даркнет не потому, что они отмывают миллионы долларов от картелей. Они делают это, потому что хотят вернуть базовое право на финансовую приватность.

Во-вторых, это бегство от зарегулированности каждого чиха. Государство обожает создавать монополии и кормить бюрократов. Хочешь открыть бизнес? Получи 150 разрешений, пройди пожарную инспекцию (которой нужна взятка), купи лицензию. Для многих мелких предпринимателей это просто не по карману. Теневой сектор – это гаражные мастера, репетиторы, домашние кондитеры и IT-фрилансеры, которые просто говорят: «Отстаньте от нас, мы хотим работать, а не кормить армию проверяющих».

В-третьих, это товары, запрещённые по прихоти Левиафана. Государство постоянно решает, что нам можно читать, смотреть, есть и чем лечиться. Запретили ввоз нормальных антидепрессантов? Они появятся на сером рынке. Заблокировали удобные сервисы подписки? Появятся люди, которые помогут это обойти. Запретили вейпы или определенные виды растений? Добро пожаловать в даркнет. Спрос никуда не исчезает от того, что мужик в пиджаке стукнул деревянным молотком по столу.

А как же насилие? А как же мафия? А вот тут самое интересное. Насилие на чёрном рынке – это прямое следствие государственного вмешательства, а не свойство свободного рынка. Вспомните Сухой закон в США. До запрета алкоголя пивовары судились в судах или конкурировали ценой. Как только алкоголь запретили, появились Аль Капоне, перестрелки и Томми-ганы. Почему? Потому что легальные механизмы разрешения споров исчезли, а риски взлетели до небес. Государство само создаёт криминал, выталкивая целые индустрии за рамки правового поля.

Кстати, сам даркнет – это гениальный пример того, как свободный рынок решает проблему доверия без всякого государства. Там нет полиции и нельзя подать в суд. Но там есть система репутации, отзывов и эскроу-счетов (когда деньги замораживаются гарантом до получения товара). Продавцы на маркетплейсах в даркнете трясутся за свой рейтинг больше, чем легальный ресторан за звёзды Мишлен. Если магазин обманет клиента или продаст некачественный товар, его просто уничтожат отзывами, и он потеряет бизнес. Чистая экономика репутации и агоризм в действии.

Так что в следующий раз, когда вам будут рассказывать ужасы про «нелегальные» рынки, вспомните: самая большая и опасная группировка, регулярно применяющая насилие и отбирающая у людей деньги, сидит не в даркнете, а собирает налоги.

Волюнтарист, Битарх

Most messengers can say “we can’t read your messages.” Almost none can say “we can’t see who you talk to, when, or how often.” That metadata lives on their servers.

Zerion has no servers. Connections run device to device over Tor, contacts are keys instead of phone numbers, and the social graph exists nowhere but on your own phone.

Free, open source, GPL v3, on F-Droid:
https://zerion.chat

#privacy #tor #foss

We want Zerion independently audited. A real security audit is how a privacy app proves itself, because code should speak louder than marketing, and we’d rather be checked than believed.

Audits cost money, and we’re independent, so we’re asking for help. Every bit genuinely counts, no amount is too small, and it all goes toward getting Zerion properly reviewed.

If you believe in what we’re building, you can support it here:

https://zerion.chat/donate.html

#privacy #opensource #FundInternetFreedom

Zerion 2.0.3 is out, sooner than we planned. We pushed it forward because it brings real stability fixes and improvements to voice and video calling, and that felt worth getting into your hands fast.

Play Store and F-Droid are still pending review, but you can grab the APK directly from GitHub right now:

https://github.com/zerionproject/Zerion

Full release notes:
https://zerion.chat/blog/zerion-2-0-3-release.html

#privacy #tor #encryption

Zerion 2.0.2 is out. 🧅 Playstore Live - Fdroid underway!

No phone number — not even Signal can say that. No email, no server. Runs entirely over Tor; your data stays encrypted on your device.

End-to-end encrypted with hybrid post-quantum crypto. No telemetry, no logging — metadata-free by design.

2.0.2: more reliable broadcast channels, smoother onboarding, faster & more stable messaging.

Free & open source · GPL-3.0
→ https://zerion.chat

#privacy #Tor #FOSS #PostQuantum #Android

Quick reminder that Zerion runs on exactly two things: Tor and donations. Every contribution goes directly into stability fixes, new releases and the iOS version we’re working on. No investors, no ads, no company behind us. Just us and the people who want this to exist.

https://zerion.chat/donate.html

Boosts help more than you’d think.

#privacy #foss #tor

A source wants to reach you safely. With most messengers that starts with a problem: they need your phone number, you get theirs, and a server in the middle logs that you two talked.

Zerion skips all of that. You share a QR code or link, the connection runs device to device over Tor, and no record of the contact exists outside your two phones.

Source code and protocol docs are public. Verify before you trust: https://github.com/zerionproject/Zerion

#journalism #infosec #privacy #tor

Xeres v0.7.0
[https://xeres.io/]
[https://github.com/zapek/Xeres]

Xeres is a Peer-to-Peer (Friend-to-Friend), decentralized, encrypted and secure application designed for communication and sharing.

Features:
Peer-to-Peer (Friend-to-Friend), fully decentralized
No censorship. Cannot be censored
Compatible with Retroshare 0.6.6 or higher
🛠 Hardware accelerated encryption
🖥 Modern looking desktop user interface with several themes including dark mode
Remote access
Free software (GPL), source code on GitHub
Available for Windows, Linux and MacOS

Changelog:
[https://github.com/zapek/Xeres/releases/tag/v0.7.0]

#Retroshare #Tor #I2P

https://bastyon.com/post?s=deb1f87219fa0073456359dd501497808046290842c723e05db52909c3fddbbb&ref=PPGbadoQuQGhApEZeRr5tv5zkY2xSdLQhQ

We wrote an honest comparison of Zerion against Signal, WhatsApp, Telegram, Threema, Wire, Session, Cwtch and Tox.

Honest meaning: Signal gets credit for pioneering post-quantum key exchange, Cwtch is genuinely close in spirit, and each app is the right call for some threat model.

Where Zerion stands alone: post-quantum encryption on every single message, and everything (including calls) over Tor.

https://zerion.chat/blog/zerion-vs-mainstream-messengers.html

#privacy #tor #encryption #grapheneos #fdroid #android #p2p

Built something I’ve wanted for a while...
An open-source Docker container that makes running a Tor relay actually simple and reliable.

One command. Self-healing. Multi-arch. Runs everywhere from Raspberry Pi to VPS

🔗 https://github.com/r3bo0tbx1/tor-guard-relay

If you care about privacy infrastructure:
🧱 Try it out
🐛 Report bugs
💡 Suggest features
⭐ Star it to help others discover it

Maintaining this in my free time, donation info’s in the README (and please support @torproject, @eff and @privacyguides too).

Protecting privacy, one relay at a time ✨

#Tor #Privacy #OpenSource #Docker #FOSS #SelfHosting #Infosec

onion-relay v2.0.0 is out, and it's been a long road from v0.0.1 ⬇️

ℹ️ What started as "one command to run a relay" is now a hardened, production-tested AIO stack: guard, exit, and bridge (obfs4) in a 16.8 MB image.

What's new in v2.0.0:
🩺 health + status tools now expose build_version & config_source
⚡ healthcheck.sh fails fast on missing/empty torrc
🔒 DirPort now defaults to 0 (disabled) in ENV-generated configs

What the project has grown into since launch:
🔑 Happy Family support (Tor 0.4.9+ FamilyId, 🪦 RIP MyFamily lists)
🧰 6 busybox only diagnostic tools
🌍 Battle-tested across 10+ countries: https://relays.brokenbotnet.com
🔐 35+ security fixes, CVE coverage, weekly automated rebuilds
🐋 Works with Docker CLI, Compose, Cosmos Cloud & Portainer

https://github.com/r3bo0tbx1/tor-guard-relay

If you care about privacy infrastructure:
🥢 Try it out
🐛 Report bugs
💡 Suggest features
⭐ Star it to help others find it

Still maintaining this in my free time, donation info
in the README. And please support @torproject

@eff and @privacyguides too.

Protecting privacy, one relay at a time ✨

#Tor #Privacy #OpenSource #Docker #FOSS #SelfHosting #Infosec

Is there facility to run the phone app via TOR network, to hide user IP from the relay?

#Holos #Tor #Fediverse #Privacy #Anonymity #ActivityPub

Inform your friends and family about these tools.

#Briar ... https://briarproject.org

"Censorship-resistant peer-to-peer messaging that bypasses centralized servers. Connect via Bluetooth, Wi-Fi or Tor, with privacy built-in."

#Retroshare ... https://retroshare.cc

"Retroshare establish encrypted connections between you and your friends to create a network of computers, and provides various distributed services on top of it: forums, channels, chat, mail... Retroshare is fully decentralized, and designed to provide maximum security and anonymity to its users beyond direct friends. Retroshare is entirely free and open-source software. It is available on #Android, #Linux, #MacOS and #Windows. There are no hidden costs, no ads and no terms of service."

#RicochetRefresh ... https://www.ricochetrefresh.net

"Ricochet Refresh is an open-source project to allow private and anonymous instant messaging."

#OnionShare ... https://onionshare.org

"OnionShare is an open-source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network."

#DeltaChat ... https://delta.chat

"Delta Chat is a decentralized and secure messenger app."

#Bitmessage ... https://bitmessage.org

"Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs."

#TorBrowser ... https://www.torproject.org/download

"Protect yourself against tracking, surveillance, and censorship."

#I2P ... https://geti2p.net

"The Invisible Internet Project (I2P) is a fully encrypted private network layer. It protects your activity and location. Every day people use the network to connect with people without worry of being tracked or their data being collected. In some cases people rely on the network when they need to be discrete or are doing sensitive work."

#Hyphanet ... https://www.hyphanet.org/

"Hyphanet is peer-to-peer network for censorship-resistant and privacy-respecting publishing and communication. The original Freenet."

#BitChan ... https://github.com/813492291816/BitChan

"BitChan is a decentralized anonymous imageboard inspired by BitBoard and built on top of Bitmessage with Tor, I2P, and GnuPG."

#DarkMX ... https://darkmx.app

"DarkMX is a new decentralized communication app that utilizes Tor hidden services to allow you to easily have an anonymous, reliable, and censorship-resistant presence on the internet. You can chat. You can share files. You can search other people's files. You can keep a contact list and send private messages to your friends. You can create your own custom .onion site, available to anyone with a Tor Browser."

#Decentralized #TOR #AntiSurveillance #Anonymity #Anonymous #Privacy #Filesharing #Networking #Communication #P2P #F2F #PeerToPeer #Censorship #AntiCensorship #FreeSpeech

I figured out several ways to run DarkMX on a headless server without GUI. This allows me to install it on a remote server without any desktop environment and run the software as a daemon without the GUI.

First I used the X forwarding feature of SSH to pipe the GUI to a local machine. On that machine I did all the configuration inside the GUI. Then I closed the program.

Then on the remote machine I used 'xvfb' to run DarkMX as a nohup'd daemon with a dummy GUI buffer. That way I don't need to be connected to the GUI from a local machine and the application will still run. It also uses less RAM without the GUI.

There are other ways to do this, such as VNC and xpra. I just chose the quickest, dirtiest method in this case.

Why would I go to all that trouble? Well, I don't need to, but there are some people who might need to publish while maintaining strict anonymity. So they would need tools like DarkMX and TOR. For me it's just fun.

DarkMX operates over the TOR privacy preserving network. As a result the location of my peer is hidden and extremely hard to impossible for an adversary to locate. So when I publish something, such as a letter, or paper, or opinion, anyone can download it since censoring it is not viable. It ensures that my speech remains free and available to the general public. Now when I author essays, papers, homiles and such, I can publish them as file shares, and I can publish them simultaneously as a TOR hidden website with the built-in webserver feature. So readers don't need DarkMX to read my files--they can just fire up TOR Browser or use a TOR proxy with their web browser. If they want to snarf a whole directory they can install DarkMX, or use a script to snarf them via TOR.

If you are inclined to fiddle around with installing this software on a headless server, please share the techniques and tools used that suit you.

(DarkMX download site: https://darkmx.app)

#DarkMX #P2P #FileSharing #Anonymous #SelfHosting #TOR #OnionNetwork #Censorship

@selfhosted@a.gup.pe @infostorm@a.gup.pe @darknet@a.gup.pe infosec@a.gup.pe

"Hosting a Tor hidden service — also known as an onion site — typically requires in-depth technical skills and manual configuration. With TorServ, you can host a static website anonymously in seconds, without touching any config files."

#TorServ #TOR #Onions #OnionNetwork #Privacy #Anonymity

@selfhosting@a.gup.pe
@infosec@a.gup.pe
@linux@a.gup.pe
@networks@a.gup.pe
@crypto@a.gup.pe
@darknet@a.gup.pe
@privacy@a.gup.pe
@infostorm@a.gup.pe

Alt...

Two slices of red onion stacked one atop the other. The onion symbolizes TOR, The Onion Network, and its multiple layers of cryptographic obfuscation.