Wired and others report that ProPublica has become the first "major" news outlet to launch a version of the site using Tor:
On Wednesday, ProPublica became the first known major media outlet to launch a version of its site that runs as a "hidden service" on the Tor network, the anonymity system that powers the thousands of untraceable websites that are sometimes known as the darknet or dark web. The move, ProPublica says, is designed to offer the best possible privacy protections for its visitors seeking to read the site's news with their anonymity fully intact. Unlike mere SSL encryption, which hides the content of the site a web visitor is accessing, the Tor hidden service would ensure that even the fact that the reader visited ProPublica's website would be hidden from an eavesdropper or Internet service provider.
"Everyone should have the ability to decide what types of metadata they leave behind," says Mike Tigas, ProPublica's developer who worked on the Tor hidden service. "We don't want anyone to know that you came to us or what you read."
ProPublica accepts news tips using a SecureDrop hidden service. The recent move to include a Tor hidden site was motivated by concerns that Chinese readers could be put at risk by reading reports about the country's Web censorship.
The site can be reached at: propub3r6espa33w.onion
ProPublica often collaborates with The New York Times, NPR, PBS, The Intercept and others to publish stories. Here are a few ProPublica stories that have made it to our front page:
Somebody's Already Using Verizon's ID to Track Users
Fines Remain Rare as Health Data Breaches Multiply
NSA Monitors Americans' International Internet Traffic to Hunt Hackers for FBI
Fairview: AT&T's Collaborative Relationship with NSA Revealed
Psychology Practice Revealed Patients' Mental Disorders in Debt Lawsuits
Related Stories
Wired and Forbes reported earlier this week that the two largest cellphone carriers in the United States, Verizon and AT&T, are adding a tracking number to their subscribers' Internet activity, even when users opt out.
The data can be used by any site — even those with no relationship to the telecoms — to build a dossier about a person's behavior on mobile devices — including which apps they use, what sites they visit and for how long.
ProPublica reports that MoPub ("the world's largest mobile ad exchange"), acquired by Twitter in 2013, uses Verizon's tag to track and target cellphone users for ads and that AT&T and Vodaphone are also testing the waters with similar tracking IDs.
Since October 2009, [US] health care providers and organizations (including third parties that do business with them) have reported more than 1,140 large breaches to the Office for Civil Rights, affecting upward of 41 million people. They’ve also reported more than 120,000 smaller lapses, each affecting fewer than 500 people.
In a string of meetings and press releases, the federal government’s health watchdogs have delivered a stern message: They are cracking down on insurers, hospitals and doctors offices that don’t adequately protect the security and privacy of medical records.
But as breaches of patient records proliferate – just this month, insurer Anthem revealed a hack that exposed information for nearly 80 million people – federal overseers have seldom penalized the health care organizations responsible for safeguarding this data, a ProPublica review shows.
The National Security Agency has been warrantlessly sifting through Americans' international Internet traffic on behalf of the FBI in order to identify malicious hackers since 2012, according to the New York Times, ProPublica, and The Intercept:
The revelation calls into question previous statements made by senior U.S. officials about a claimed lack of ability to detect cyberattacks within the United States. During his time as director of the NSA, for instance, Keith Alexander continually lobbied for more cybersecurity powers, but did not mention the scope of those already obtained by the agency. In March 2014, the then-NSA director told a cybersecurity conference at Georgetown University: "An attack on Wall Street or an exploit going against Wall Street — NSA and Cyber Command would probably not see that. We have no capability there. Against everything that's been said, the fact is we don't have the ability to see it."
The Times report, an embargoed copy of which was shared with The Intercept because co-founder Laura Poitras contributed to it, also reveals that the FBI negotiated in 2012 to use the NSA's surveillance capabilities to monitor Internet traffic passing over "chokepoints operated by U.S. providers through which international communications enter and leave the United States." The NSA would reportedly send the intercepted traffic to a "cyberdata repository" maintained by the bureau in Quantico, Virginia.
Original Submission
The greatest fear of many patients receiving therapy services is that somehow the details of their private struggles will be revealed publicly.
[...] Short Hills Associates in Clinical Psychology, a group based in New Jersey, has filed dozens of collections lawsuits against patients and included in them their names, diagnoses and listings of their treatments.
[...] In cases in which the patients were minors, the practice sued their parents and included the children's names and diagnoses.
The Health Insurance Portability and Accountability Act, the federal patient privacy law known as HIPAA, allows health providers to sue patients over unpaid debts, but requires that they disclose only the minimum information necessary to pursue them.
Still, the law has many loopholes, which ProPublica has been exploring in a series of articles this year. One is that HIPAA covers only providers who submit data electronically — and apparently Short Hills Associates does not.
Who would have guessed that using paper instead of electronic records would make disclosure of confidential medical information more likely?
(Score: 0) by Anonymous Coward on Saturday January 09 2016, @06:18PM
Well, now it's not so hidden anymore, is it?!
(Score: 5, Informative) by Anonymous Coward on Saturday January 09 2016, @06:30PM
Go to this website: https://www.torproject.org/ [torproject.org]
Read up: https://www.torproject.org/about/overview.html.en [torproject.org]
Download: https://www.torproject.org/download/download.html.en [torproject.org]
Install.
Test: http://duskgytldkxiuqc6.onion/ [duskgytldkxiuqc6.onion]
Avoid paying money and losing your anonymity for a unique, worldwide reachable domain: https://www.torproject.org/docs/tor-hidden-service.html.en [torproject.org]
(Score: 2) by frojack on Saturday January 09 2016, @10:06PM
Better yet, just stay away from ProPublica.
Its chock full of trackers, ads, and other things that Ublock tosses out.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Saturday January 09 2016, @06:44PM
Can't a for enabled browser visit a normal web page? idgi
(Score: 0) by Anonymous Coward on Saturday January 09 2016, @06:47PM
For enabled browser, I mean
Edit post is a needed feature.
(Score: 0) by Anonymous Coward on Saturday January 09 2016, @06:57PM
Edit for registered users, with comment history available to anyone. No allowing people to change history without a record!
(Score: 3, Insightful) by frojack on Saturday January 09 2016, @08:47PM
Edit for registered users,
Guy says that posting AC.
Wow.
No, you are mistaken. I've always had this sig.
(Score: 2) by mrcoolbp on Sunday January 10 2016, @04:50AM
Also, This was incorrect, registered users still don't have ability to edit posts. Full comment histories however, are a feature.
(Score:1^½, Radical)
(Score: 2) by frojack on Sunday January 10 2016, @05:39AM
I read the AC's post as a request/demand, not a statement. I just thought it odd he wouldn't log in but was demanding all these features.
I might have misread the thread.
No, you are mistaken. I've always had this sig.
(Score: 2) by mrcoolbp on Monday January 11 2016, @05:07PM
I read the AC's post as a request/demand, not a statement.
I hadn't even considered that = )
(Score:1^½, Radical)
(Score: 0) by Anonymous Coward on Saturday January 09 2016, @06:51PM
Auto correct, amirite
(Score: 0) by Anonymous Coward on Saturday January 09 2016, @08:51PM
Nah just the service that cannot be named (on the open web).
(Score: 0) by Anonymous Coward on Saturday January 09 2016, @07:32PM
propub3r6espa33w.onion
I wonder how long it took to find something that hashed to that.
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by kadal on Saturday January 09 2016, @08:01PM
Facebook did something similar
(Score: 1) by eliphas_levy on Sunday January 10 2016, @01:13PM
I wonder how long it took to find something that hashed to that.
Not more than 30 minutes, according to the performance table of Shallot [github.com]. Don't know if this is is still valid/is what they used, tho.
This is a sigh.
(Score: 1) by eliphas_levy on Sunday January 10 2016, @01:18PM
Reply to self:
There is a key generator that is GPU-based too, that would generate a domain with preselected 8-character in 1h40...
Scallion [github.com]
This is a sigh.
(Score: 2) by frojack on Saturday January 09 2016, @08:41PM
Chinese readers could be put at risk by USING TOR.
Fify.
No, you are mistaken. I've always had this sig.