July 15, 2016

What Is the Best Way to Stream Music for Free on Android?

Despite how you might personally feel about downloading vs. streaming music, it’s abundantly clear that streaming is the way of the future. Just look at how many popular services there are: Spotify, Pandora, SoundCloud, and even YouTube is now officially embracing the goodness of music streaming.
But a lot of these services are Web-centric, and as far as their Android counterparts are concerned, it’s very hit-or-miss. A couple of them are spectacular, but most are flawed in some way or another.

1. Spotify

User Experience


My only real complaint is that everything is on the cloud (unless you have a paid account, which we’ll discuss in a bit), so pages and songs can be slow to load at times. Switching between playlists takes a few more seconds than you might expect, and over time, this can be annoying.
Free vs Paid

2. YouTube Music

User Experience

But the selling point of this app is that it dynamically generates stations of similar songs whenever you play something. As you listen and like, it learns your tastes and the recommendations become more accurate.
Free vs Paid

3. Google Play Music

User Experience

The whole process of uploading is easy, too. Just transfer your music files onto the device — typically using a USB cable or a wireless connection — and use the app to pick and choose the ones you want uploaded to your account. (Or just use your PC’s browser instead.)
Free vs Paid

4. SoundCloud

User Experience

The interface is only okay, though. You’ll be able to get around just fine, but it feels a bit cramped and cluttered on devices with smaller screens (which is weird because it’s mostly just a case of excess whitespace). But overall, it’s smooth and fast, so I can’t complain too much.
Free vs Paid
5. Pandora

User Experience

But because Pandora’s database of music is relatively small (only a few million), you may get sick of it. After 7+ years of regular Pandora use, there’s little left for me to explore in the genres that interest me.
Free vs Paid

6. TuneIn Radio

User Experience

And lastly, unlike most other music streaming apps, TuneIn supports Chromecast, so you can cast whatever station you’re listening to onto any Chromecast-connected TV for better audio.
Free vs Paid
Which Music Streaming App Is Best?
Source: http://www.makeuseof.com/tag/best-way-stream-music-free-android/

Interesting Comments from readers.... So if you mainly stream music on Android, here are the apps you need to consider.
Spotify is the reigning king of streaming music. Its library is absolutely massive, spanning everything from mainstream goodies (except for Adele and Taylor Swift, unfortunately) to some of the most obscure artists you’ve never heard of.
In terms of popularizing the notion of streaming, Spotify is very much the Netflix of music, and there’s a reason for its excellent reputation: the service is high quality, and there aren’t any competitors that can play at Spotify’s level yet.
Overall, there’s a lot to love about Spotify’s Android interface. Whether you’re on a tight-screened smartphone or a big-screened tablet, everything is cleanly laid out and intuitive to follow — no hidden long-press menus for basic functions, which is a relief — and absolutely no clutter.
What’s particularly nice is that you can play Spotify on multiple devices, and they’ll stay synced up: if you move onto the next song with your smartphone, so will your tablet.

Be sure to heed these amazing Spotify tricks and tips to get the most out of it, especially if you bounce between the Android and desktop/Web versions.
The Free version of Spotify is quite unrestricted, but it does play audio ads every few songs. Premium accounts have no ads at all, allow for unlimited skips, and give you the ability to download songs for offline playback.
Don’t forget to take advantage of the offer for 3 months of Premium for $1 while you still can!
In late 2015, Google launched a new mobile app called YouTube Music, designed for users who love using YouTube as their main source of music. In fact, music is the most common content type of all YouTube traffic. Not too surprising, is it?
What is surprising is just how useful this app actually is. I immediately wrote it off as a gimmick when I first heard of it, but having given it a try, I have to say I’m impressed.
One downside is that it requires you to log into a YouTube account before you can start using the app. An anonymous (or guest) option would be really nice, but considering how Google likes to force app logins, I don’t expect that to change.
Note that the first time you use YouTube Music, you’ll be signed up for a free 14-day trial of YouTube Red. No payment information is required, so don’t worry. Just something to be aware of.
The best feature of YouTube Music is that it lets you listen in audio-only form (not available for free accounts). For users on slower connections or those who are tight on data, this feature is a game-changer over the regular YouTube app.
The interface is pretty straightforward — nothing fancy about it, but it never gets in the way either. One thing that I’m glad exists is the Liked Songs list, which is based on all the liked videos on your account.

And of course, the app allows you to cast the songs you’re listening to onto any Chromecast-connected device.
The app is completely free, but ad-supported. With a YouTube Red subscription — $10 per month — you can get rid of ads, download music for offline playback, and listen in audio-only mode. Though there have been some criticisms of YouTube Red since its launch.
Google Play Music comes pre-installed on most Android smartphones these days, but if you don’t have it, you can always get it for free right on the Play Store. And you should! Play Music is oft-considered to be one of the best Android music players.
It’s a two-in-one kind of deal: there is streaming music radio that you can listen to, or you can upload your own music and stream it on the Web or Android no matter where you go. It’s really convenient and the closest competitor to Spotify.
The interface is modern and easy to navigate — the same kind of experience you’d expect from any of Google’s other apps. It’s very fast and responsive, even on a last-gen device like mine, so you’ll rarely be frustrated by lag.
While it’s easiest to just browse stations and libraries based on titles, artists, or genres, Play Music can curate music for you based on decades, activity, or even your current mood. Want happy, uplifting songs? Google can deliver.

Free accounts are limited to 50,000 uploaded songs, which is way more than you think it is, and they have audio ads for radio. A subscription costs $10 per month, but it includes downloading for offline playback, no ads at all, and YouTube Red access.
SoundCloud is a bit different from the rest of the apps here, but this difference is what makes it a worthy mention. It’s not great for listening to your own music library, nor is it good for mainstream radio — it’s for the in-between: budding musicians and indie artists.
If you aren’t using SoundCloud already, you really should. There’s an entire world of undiscovered music out there that you won’t find on Spotify, Pandora, or YouTube.
The reason why SoundCloud is so great for indie artists is because it makes it incredibly easy to share your own music with others. The built-in Record feature records the audio playback of the device, and songs can be one-button shared to Facebook, Twitter, and Tumblr.
No other music service is as artist-centric as this one.

Everything about SoundCloud is free. No paid accounts or subscriptions to worry about.
Pandora pioneered the modern Internet radio trend and consistently lands among the best of the best when it comes to Internet radio apps for Android. You probably know all about it by now, but in case you don’t, just know that we think very highly of it.
The thing to understand about Pandora is that it isn’t a source for on-demand music. If there’s a specific song you want, there’s no way to guarantee that Pandora will play it. However, as a way to expand your music exposure, Pandora is perfect.
Because this app is all about dynamically-generated stations, you can search for any song, artist, or genre, and Pandora will start spitting out songs that are similar to your search query. I can’t even count how many amazing songs I’ve found with my dozens of stations.

Free users must deal with audio ads every few songs, a limit of 6 skips every hour, and standard audio quality. Pandora One costs $5 per month and removes the ads, greatly increases the skip limit, and improves the audio quality.
In the realm of Internet radio apps, TuneIn Radio is something special. Instead of just creating online music playlists — whether those playlists are dynamic or hand-crafted — TuneIn actually streams real-life radio. This instantly sets it apart from services like Pandora.
With over 100,000 radio stations available (including FM, AM, and digital) combined with the fact that it has talk shows, sports, and podcasts in addition to music, it’s pretty much impossible for you to explore everything it has to offer.
With so much to explore, it’s amazing that TuneIn never feels overwhelming. Everything is broken down into manageable categories, and the search bar is great at finding relevant stations.
But the thing that truly impresses me is Car Mode, which simplifies the interface into the bare essential functions represented by larger buttons. Since mobile music is often played during commutes and trips, it pleases me to know that they’re doing something to make it easier (and safer) for drivers.

Free accounts can only access non-premium stations (but there are lots of them available) and must deal with banner ads in the app. Premium costs $8 per month and unlocks premium stations, removes banner ads, and even grants access to 40,000+ audiobooks.
If I could only choose one music streaming app to use, I would probably go with Spotify for its massive library of music and beautiful-yet-practical interface, but I’d also greatly miss all of the other apps.
Do pay special attention to YouTube Music. The concept is wonderful, and if it’s this good at launch, one can only imagine how much better it will be given another year or two of serious development.
And whatever you do, make sure you use this awesome smartphone trick when you’re playing music on your phone but need a bit more volume than your device can handle.
Which app do you prefer for music streaming? Is there one that we missed? Share your thoughts with us in the comments below!

May 13, 2016

Five Steps to a Squeaky-Clean Online Identity

Five steps to managing your online identity and ensuring that when someone Googles you, they see the personal brand you build.
By William Arruda

In 2004, I delivered a personal-branding presentation that, for the first time, included a slide that asked the question: “If you don’t show up in Google, do you exist?” That slide got a huge audience reaction and has been in virtually every presentation I have delivered since.
The answer to the question is no, at least as far as hiring managers and executive recruiters are concerned.
But what if you do show up in Google, and what Google reveals is either unflattering or inconsistent with how you want to be known?
Googling (performing a Google search on someone) is quickly becoming the standard reference check in job searches and a key filter hiring managers and executive recruiters use to evaluate and cull candidates. Studies reveal that executive recruiters Google candidates and have eliminated candidates from the running based on their Google results. So knowing what Google says about you is important, and proactively managing your online identity is an essential element in your job-search strategy.
For $100K+ earners like yourself, you don’t have the same concern about beer-funnel photos that younger managers do, but that doesn’t mean that your online profile is squeaky clean.
There could be content online that does not represent who you are and what you have to offer prospective employers. We call this undesirable content “digital dirt.” Digital dirt includes any Web-based content that will prevent you from reaching your goals.
There are two kinds of dirt:

1. Self-posted dirt.
That’s right, you may have muddied up your own profile. The good news is that most of this self-created content can be easily vacuumed up. But it’s important to note what constitutes “dirt.” Remember, it is not just outright negative or inappropriate content that qualifies as dirt; if you have revealed a little too much about your political views or posted a comment to someone’s blog that is replete with typos and misspellings, you might be removing yourself from consideration for some jobs.
Too much content about what you did in a previous life can also impede your prospects. Be sure virtually everything you post on the Web reflects your unique value and positions you for the role you seek to fill.

2. Dirt posted by others.
This is a much more insidious kind of dirt and typically much harder to clean up. I once had a client who was fired from his investment-industry job, and a Wall Street Journal story about the seemingly fraudulent transactions in which his company was involved included his name. In fact, the word “fraud” was only three words away from his name in the Google description! It was a major problem for him since this data showed up as the first item in a Web search on his name. He was unable to get the Wall Street Journal to remove the story from its Web site.
Like it or not, today your Google results are as important as your resume or cover letter. So as you seek your next role, you must focus on building and maintaining an accurate and compelling online profile. Here’s the five-step process for managing your online identity — sweeping up as much digital dirt as possible.

Step 1: Know what’s out there.
The first step to resolving most challenges is to get the right information. In this case, the information you need is available just by Googling yourself (also known as “ego-surfing”). To help make sense of your Google results, use this free tool: www.onlineidcalculator.com. When evaluating your results, focus on the first three pages of results. Those who perform Google searches rarely look beyond Page Three. Once you know what is out there and where you fall on the digital scale, you can make a plan to address it.

Step 2: Know what you want your Google results to say. 
Now that you know what is out there, you need to think about what you want your Google results to look like. You can’t get from here to there if you don’t know what “there” looks like. It’s time to uncover and define your personal brand. You need to answer these questions:
  • What do you want to be known for?
  • What makes you stand out from all your peers?
  • What’s your area of expertise/thought leadership?
  • What words do you want people to use to describe you?
  • What are your greatest accomplishments?
Learn more about personal branding here: http://www.reachpersonalbranding.com/about/personal-branding/.

Step 3: Clean up the dirt and enhance your digital image.
If you posted anything that might be considered inappropriate or perhaps comes from a past life, remove it. If you have dirt that was posted by others, first ask those who posted it if they will remove it. If you can’t wipe your digital identity clean, you must create enough high-ranking content to move that dirt beyond page three (Steps 4 and 5 below); or, you must at least ensure the “clean” sits alongside the dirt so people have a better understanding of who you are.

Step 4: Build your own place on the WWW.
The best way to get people to understand exactly who you are is to tell your own story. First, you must buy your own domain name — e.g., www.williamarruda.com. You can buy domains at www.godaddy.com. Then you can build (or have built for you) a personal Web site. Blogging platforms such as TypePad and WordPress are great tools for building a Web site — even if you choose not to blog. Remember to include:
  • Your bio
  • A professionally taken headshot
  • Links to all relevant content on the Web about you (making it a one-stop shop),
  • Testimonials from people who have worked with you
  • Proof of performance (PDFs of presentations, video, audio clips, and so on.)
  • Links to Web sites and content on the Web that you think are valuable and help showcase your area of expertise or thought leadership.
Ensure your site content and style reflect your personality. Use color, fonts and imagery to bolster your brand attributes.

Step 5: Use Web 2.0 tools to enhance your online ID.
If you aren’t ready for your own Web site or would like to increase your volume of Google results, take advantage of all the social-networking sites that are available — like LinkedIn, Naymz, Ziki and Ziggs (and countless others). Include your branded bio, professional headshot and other relevant information. You need not use the social networking aspects of these sites (in fact, you won’t have the time to be an active participant on all these sites), so use LinkedIn for networking and the others to enhance your online ID.
In addition, find blogs related to your area of expertise (www.technorati.com is a blog search engine that will help you find relevant blogs by keywords), and subscribe to them. Then append relevant comments to blog posts when you have something valuable to contribute. This becomes part of your online identity.
Of course, your Google results change all the time, so you need to be vigilant. I suggest Googling yourself weekly and subscribing to Google Alerts for your name (www.google.com/alerts). Then, every time something shows up on the Web with your name on it, you’ll be the first to know.

William_Arruda.jpgCredited with turning the concept of personal branding into a global industry, William Arruda is the founder of Reach Personal Branding and author of "Career Distinction" and the upcoming book, "Ditch. Dare. Do!" You can learn more about him at www.personalbranding.tv.

Source: http://info.theladders.com/career-advice/5-steps-squeaky-clean-online-identity?utm_source=wednesday_newsletter_email&utm_medium=email&utm_content=guest_article_william_arruda&utm_campaign=wednesday_newsletter

New Attack Reported by Swift Global Bank Network

Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad online attack on global banking.

New details about a second attack involving Swift — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that robbery, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.

The second attack involves a commercial bank, which Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.”

The unusual warning from Swift, a copy of which was reviewed by The New York Times, shows how serious the financial industry regards these attacks to be. Some banking experts say they may be impossible to solve or trace. Swift said the thieves somehow got their hands on legitimate network credentials, initiated the fraudulent transfers and installed malware on bank computers to disguise their movements.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” Swift said in its warning, which is expected to be posted on a secure part of its website on Friday.
Security experts who have studied the attacks said the thieves probably were lurking inside the bank systems for months before they were detected.

In its warning, Swift pointed to another worrying situation: that the gang of thieves may have been able to recruit bank employees to hand over credentials and other key details.
In both cases, the core messaging system of Swift was not breached; rather, the criminals attacked the banks’ connections to the Swift network. Each bank is responsible for maintaining the security of its connection to Swift. Digital criminals have found ways to exploit loopholes in bank security to obtain login credentials and dispatch fraudulent Swift messages.
“As a matter of urgency, we remind all customers again to urgently review controls in their payments environments,” Swift urges its customers in the letter to be sent on Friday.
Banks — like many major corporations — are constantly under attack by criminals, seeking to find the weak point in their defenses. An attack in the summer of 2014 on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses, but no money was stolen. Thieves frequently steal bank customer’s A.T.M. and credit card credentials.
But these attacks involving Swift stand out, because millions of dollars were stolen — not from a large number of customers, but from the banks themselves. It is as if the thieves used their hacking skills to reach inside a bank vault.

Emboldened and enriched, the thieves are likely to strike again, security experts predict.
“An event like this changes the risk profile for the banking system, since the attackers will inevitably reinvest some of their profits in new large-scale attacks,” said Paul Kocher, a security and encryption expert who is the president of Cryptography Research, a division of Rambus.
Initially, many banks and security experts dismissed the Bangladesh attacks as brazen, but probably isolated, events in a developing country. A stream of news reports from the capital of Dhaka cited rudimentary technology at Bangladesh Bank, like a $10 router and an absence of firewalls. Bangladesh officials have blamed the New York Fed, saying it failed to block the fraudulent transfers.

On Tuesday, representatives from Swift, the New York Fed and Bangladesh Bank met in Basel, Switzerland, to discuss the breach and the vulnerabilities it exposed in the system.
In a joint statement, the three sides said they had agreed to cooperate in trying to “bring the perpetrators to justice, and protect the global financial system from these types of attacks.”
But the details of the second attack — which Swift said occurred in the last few months — suggested a highly sophisticated threat that did not necessarily hinge on weak digital defenses. Swift declined to say how much money was stolen from the bank, which was not located in Bangladesh.

Somehow the thieves obtained a valid Swift credential that allowed them to “create, approve and submit” messages on the network. Those messages — sent from PCs in the bank’s back offices or from laptops — were then used to move money from one of the bank’s accounts.
Many banks have a system of checks and balances by which they can validate and review transactions to root out fraud.

But in this latest case, the thieves used a form of malware that targeted a PDF reader that the bank used to confirm that payments had been made. The malware, according to Swift, then manipulated the PDF to “remove traces of the fraudulent instructions.”
That the thieves knew that the bank used a PDF program to confirm its payments shows the level of detail gleaned about how the particular system worked. At Bangladesh Bank, Swift transactions were tracked using physical printouts. So the thieves tailored their malware in that attack to interfere with the printer and cover their tracks.
The attacks have been a major headache for the ubiquitous and publicity-shy Swift, an acronym for the Society for Worldwide Interbank Financial Telecommunication. Based in Belgium, Swift is partly owned and overseen by the world’s biggest banks, which have used the technology to facilitate money transfers since the 1970s. It prides itself on not disclosing any information about its users.

After the attacks, Swift has had to walk a fine line trying to shore up confidence in the security of its network among its 11,000 users, while urging those members to take additional security measures to defend against future attacks.

“Your first priority should be to ensure that you have all the preventative and detective measures in place to secure your own environment,” Swift said in its message. “This latest evidence adds further urgency to your work.”Nicole Perlroth contributed reporting.

Source: http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html

May 1, 2016

Hackers’ $81 Million Sneak Attack on World Banking

Michael Corkery

“The trend is moving from opportunistic crime to Hollywood-scale attacks,” said Mr. Nish, whose firm has analyzed the malware believed to have been used in the Bangladesh breach.
In the United States, most banks take special precautions with their Swift computers, building multiple firewalls to isolate the system from the bank’s other networks and keeping the machines physically isolated in a separate locked room.
But elsewhere, some banks take far fewer precautions. And security experts who have analyzed the Swift breach said they had concluded that the Bangladesh bank may have been particularly vulnerable to an attack.

“Swift is a great organization,” said Chris Larsen, the founder of Ripple, a financial technology company that aims to speed up global money transmissions. “But the system is fractured and antiquated. The way it is set up, you cannot totally isolate problems in a place like Bangladesh from the whole network.”

In some ways, Swift is a testament to how technology has helped all countries — including poorer ones — gain access to the financial system. But that broader access has a downside.
The central bank in Bangladesh, by some accounts, employed fewer protections against cyberattacks than many other large banks. The bank, for example, used $10 routers and no firewalls, according to news reports.
The server software that the Bangladesh bank employed was a Swift product called Alliance Access, which connects banks to the central messaging system. In a sign of how seriously Swift regards the breach of Alliance Access, the group issued a “mandatory software update” last week to help its members identify possible irregularities.

The central bank of Bangladesh, in Dhaka, the capital. The heist was timed so that when Federal Reserve officials tried to contact Bangladesh, it was a weekend there and no one was working. By the time central bankers in Bangladesh discovered the theft, it was the weekend in New York and the Fed was closed. Ashikur Rahman/Reuters

“These hackers figured out this was a weak point on the periphery, and they went for it,” said Jeffrey Kutler, editor in chief at the Global Association of Risk Professionals, a trade group. “But they were not able to compromise the core.”

Swift’s core is built on technology that has been evolving for decades. What began in 1973 as a relatively small network of 240 banks in Europe and North America is now a sprawling network of 11,000 users that includes both banks and large corporations. At first, Swift could be used to authorize payments across national borders. But it is now also used to transmit messages related to domestic payments, securities settlements and other transactions.

Swift’s growth in recent years — it set a record for messages in March — reflects the increasingly global and interconnected nature of finance. But it also shows the risk of so many financial instructions running through a single system made up of a patchwork of banks and
companies with varying levels of online protection.

Each bank on the Swift network is identified by a set of codes. And it was the codes assigned to the Bank of Bangladesh that were recognized — correctly — by the Federal Reserve Bank of New York when it transferred $81 million of the Bangladesh bank’s money to the Philippines, not knowing that someone, somewhere, had stolen the credentials of the Bangladesh bank and installed malware to cover his or her tracks.
Initially, the thieves requested the transfer of $951 million into a handful of bank accounts in Sri Lanka and the Philippines — a number that prompted the New York Fed to ask the Bangladesh bank to reconfirm that it indeed wanted to move the money.
In the end, the Fed processed only five of the 35 fraudulent payment requests, after it could not reconfirm with officials in Bangladesh.
The hackers seemed to time the attack perfectly: When officials from the Fed tried to reach out to Bangladesh, it was a weekend there and no one was working. By the time central bankers in Bangladesh discovered the fraud, it was the weekend in New York and the Fed offices were closed.

To conceal the crime, the malware disabled a printer in the Bangladesh bank to prevent officials from reviewing a log of the fraudulent transfers.

Representative Carolyn B. Maloney, Democrat of New York, has called for an investigation into the theft. Robin Caplin/Bloomberg

The money was transferred to accounts in the Philippines and then into the Philippine casino system, which is exempt from many of the country’s anti-money-laundering requirements.
The New York Fed has been criticized for letting the $81 million slip out. Representative Carolyn B. Maloney, a New York Democrat and member of the Financial Services Committee, has called for an investigation, warning that the breach “threatens to undermine the confidence that foreign central banks have in the Federal Reserve, and in the safety and soundness of international monetary transactions.”
The New York Fed said in a statement that “there is no evidence that any Fed systems were compromised” and that the transfer of the money had been “fully authenticated” by Swift.
Swift, which prides itself on its secrecy and low public profile, also put out a statement about the attacks. But its executives declined to speak on the record about the episodes, which are still under investigation. The group’s chairman, Yawar Shah, who is a senior executive at Citigroup, also declined to comment.
In its statement, Swift emphasized that the hackers had been able to breach only some of the banks that communicate over Swift, not the network itself.
“The commonality in what we have seen is that (internal or external) attackers have successfully compromised banks’ own environments,” Swift said.
Even if officials at the Bangladesh bank had employed the highest of security measures, the thieves displayed a level of skill, cunning and determination that may have been able to penetrate a far more secure system.
“If you have an attacker who really wants to get in and knows there is a big prize,” Mr. Nish said, “keeping them out over the long term is really difficult.”

Source: http://www.nytimes.com/2016/05/01/business/dealbook/hackers-81-million-sneak-attack-on-world-banking.html?_r=0

April 29, 2016

How to Completely Anonymize Your BitTorrent Traffic with a Proxy

BitTorrent isn't the quiet haven it once was. These days, everyone's looking to throttle your connection, spy on what you're downloading, or even send you an ominous letter. If you use BitTorrent, you absolutely need to take precautions to hide your identity. Here's how to do that with a simple proxy.

This post originally detailed the setup of a proxy called BTGuard. Since its original publication in 2011, we've changed our recommendation to Private Internet Access due to BTGuard's slow speeds, bad customer service, and other difficulties. If you're still interested in using BTGuard, you can find instructions on their web site.

You have a few different options when it comes to hiding your BitTorrent activity, but we've found that a proxy is the most convenient and easiest to set up, so that's what we're going to cover here. We've talked about proxies a few times before, most notably with our original guide on how to set up BTGuard our guide to safe torrenting post-Demonoid. Unfortunately, BTGuard has never been a great service—it was just the most convenient. Thankfully, Private Internet Access—one of our favorite VPN providers—now provides a proxy very similar to BTGuard, but with faster speeds and better customer service. So we recommend using it instead, using the instructions below. If you don't want to use a proxy, check out the end of the article for a few alternative suggestions.

How a BitTorrent Proxy Works

When you download or seed a torrent, you're connecting to a bunch of other people, called a swarm. All of those people can see your computer's IP address—they have to in order to connect. That's all very handy when you're sharing files with other netizens, but file sharers such as yourself aren't necessarily the only people paying attention. Piracy monitoring groups (often paid for by the entertainment industry either before or after they find violators) also join BitTorrent swarms, but instead of sharing files, they're logging the IP addresses of other people in the swarm—including you—so that they can notify your ISP of your doings.

A proxy (like Private Internet Access) funnels traffic—in this case, just your BitTorrent traffic—through another server, so that the BitTorrent swarm will show an IP address from them instead of you. In this case, Private Internet Access' proxy server is in the Netherlands. That way, those anti-piracy groups can't contact your ISP, and your ISP has no cause to send you a harrowing letter.

But wait, can't the piracy groups then go to the anonymizer service and requisition their logs to figure out what you're downloading? Theoretically, yes, but if you're using a truly good anonymizer, they don't keep logs, so there's no paper trail of activity leading back to you. All the piracy monitors see is a proxy service sharing a file, and all your ISP sees is you connecting to a proxy service. If you encrypt your BitTorrent traffic (which we recommend), your ISP won't even be able to see that you're using BitTorrent.

Sounds too good to be true, right? Well, there are a few downsides. Most notably:

    Anonymity isn't free. Well, at least the ones worth using aren't. Private Internet Access costs $6.95 a month or $39.95 a year. That isn't very expensive, though, and it's well worth it for the privacy you get.
    You'll get slower download speeds. Running your connection through another server inevitably slows you down, though how much depends on what torrent you're downloading, who from, and a lot of other factors. In my experience, more popular torrents stayed at their top speed of 3.4 MB/s (my bandwidth cap) with a proxy, while other less popular torrents slowed down from 1 MB/s to about 500-600 kB/s. Your mileage may vary. I lost significantly less speed with Private Internet Access than I did with BTGuard, though.
    Not every BitTorrent client supports proxies. uTorrent for Windows works great, but Mac and Linux favorite Transmission sadly does not support proxies. You'll have to use something like Vuze or Deluge instead (or try one of the alternatives listed at the end of this article).
    Nothing is foolproof. Using a proxy may bring you increased anonymity, but nothing is guaranteed unless you avoid BitTorrent entirely.

Ready to get started? Here's what you need to do.

How to Set Up the Private Internet Access Proxy

Setting up a proxy is actually very simple, and just involves signing up for a service and checking a few boxes in your BitTorrent client. We'll be using Private Internet Access and uTorrent for Windows for this guide, but you can tweak things to fit your own setup pretty easily.
Step One: Sign Up for Private Internet Access

 Private Internet Access is primarily a VPN provider. We'll talk a bit more about VPNs later in this post, but what we really want is the SOCKS5 proxy that comes with their VPN service. So, head to Private Internet Access' web site and sign up for their VPN service. We recommend starting out with a monthly plan to see if you like it before buying a whole year's subscription.

Once you've signed up, Private Internet Access will email you your username and password. Log into the system with those credentials, and change your password from the client control panel.
Step Two: Generate a Proxy Password

How to Completely Anonymize Your BitTorrent Traffic with a Proxy

Your account credentials are only to manage your account—we'll need a new set of credentials for the Proxy service. In the client control panel, click the "Generate Password" button under "PPTP/L2TP/SOCKS Password." This is what we'll be using to configure our BitTorrent client. Write down the username and password that appears here (it's different than your regular account credentials) and move on to step two.

Step Three: Configure Your BitTorrent Client

Next, open up uTorrent and head to Options > Preferences > Connection. Under Proxy Server, choose Socks5 under "Type" and enter the following information:

    Proxy Type: Socks5
    Proxy Host: proxy-nl.privateinternetaccess.com
    Proxy Port: 1080
    Username: Your Private Internet Access Proxy username (from step two)
    Password: Your Private Internet Access Proxy password (from step two)

Check all of the other boxes under "Proxy" and "Proxy Privacy." Your Connection preferences should look exactly like the image above.

Step Four: See If It's Working

To ensure that it's working, head over to Torguard's IP Checker. This site can tell you what your IP address is, and compare it to the IP address of your torrent client, which will let you know whether your proxy is working correctly. To test it, hit the "Generate Torrent" button, and open the resulting torrent in uTorrent. Then, go back to your browser and hit the Refresh button under the "Check IP" tab. If it's the same as your browser IP—which you'll see next to the Refresh button—then your proxy isn't working, and you'll want to double-check all of the above settings. If it shows a different IP address (which should be in the Netherlands), then Private Internet Access is successfully tunneling all your traffic for you.
Other Ways to Anonymize Your BitTorrent Traffic

A proxy like Private Internet Access is the most convenient way to anonymize your traffic, but it isn't the only way. If you want to try something else, here are a few other tricks we recommend.

Use a VPN
A virtual private network (or VPN) is very similar to a proxy, but instead of rerouting just your BitTorrent traffic, it reroutes all your internet traffic. For some people, that's a good thing—it gives you privacy all over the web. However, it can also be inconvenient, navigating you to different web pages for that VPN's country or causing issues with streaming services. If you have a NAS, you can set up your VPN on it to route only your NAS traffic, which is a perfect option for downloading anonymously. VPNs are about the same price as most proxies, and I personally have found that I get better speeds with most VPNs than I do with a proxy.

So which VPN should you use? Check out TorrentFreak's list of the best VPNs for BitTorrent, as well as our Hive Five on the subject to find a provider that works for you.

Rent a Seedbox

Unlike proxies and VPNs, seedboxes don't route your BitTorrent traffic through another country. Instead, you actually rent a dedicated server that resides in that country, and do all your torrenting through that machine. They usually have insanely fast speeds, and if you're on a private tracker, they'll seed 24/7, giving you a great ratio. Once you download a torrent on your seedbox, you can just connect to it via FTP and download the file as fast as your home connection allows. Note that seedboxes also require a bit of extra setup, and some may require a little command line work to get running.

Seedboxes are more expensive than proxies and VPNs, ranging from entry-level boxes at $10 or $20 a month to fast boxes with more storage at $50 or even $100 a month. But, it offers a lot of advantages over proxies and VPNs—if you have the money to spare and want super fast speeds and a good ratio, we highly recommend getting a seedbox. Providers like Whatbox, Feral, and Bytesized come highly recommended, but a bit of searching can provide you with a ton of options. Shop around and see which one's best for you.

Ditch BitTorrent Altogether

Your last alternative is to try a new file sharing service entirely, like Usenet. It offers encrypted connections and doesn't connect to peers, so others can't track what you're doing. It doesn't always have the selection that BitTorrent has (depending on what you're downloading), but it offers a ton of other advantages, most notably higher speeds and better privacy. Check out our guide to getting started with Usenet to see if it's right for you.

Source: http://lifehacker.com/how-to-completely-anonymize-your-bittorrent-traffic-wit-5863380

February 17, 2016

The CIA Campaign to Steal Apple’s Secrets

RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.

The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.

By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.
The CIA declined to comment for this story.

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”
Other presentations at the CIA conference have focused on the products of Apple’s competitors, including Microsoft’s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows.
The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple’s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government’s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies.

“If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”
Apple declined to comment for this story, instead pointing to previous comments Cook and the company have made defending Apple’s privacy record.

October 13, 2015

Get Android 6.0 Marshmallow Features Without Updating

Google has now launched the latest version of Android, 6.0 Marshmallow, for its Nexus phones. But Android updates don’t roll out to all phones at the same time, especially the non-Nexus ones, and they often take a long time. But you get can some of the Marshmallowy goodness right now — regardless of what phone you have!
Whether you’re on Lollipop, KitKat or older versions, you can get several of Android 6.0 Marshmallow’s best features on your phone right away. Not everything, mind you, but enough of the cool stuff.
It’s easier if you root your Android phone, but even if you haven’t, there are ways to get those features.

Get the Marshmallow Look Right Now

For the first time, Google has released the stock Android launcher for anyone who wants it. The new Google Now Launcher is exactly what Marshmallow ships with, and it supports some cool new features such as:
  • Swipe left to get the new “Google Now homescreen”, which has all the information you need from Google Now cards, complete with offline support.
  • When you’re on the homescreen, just speak quick “OK Google” commands, no taps or activation necessary.
  • The App Drawer now scrolls vertically, and is automatically arranged alphabetically.
  • You can search installed apps through the Search Bar, and it will also give suggestions of other apps you might like.
The Google Now Launcher is pretty impressive and lightweight enough to work fast on low-powered hardware too, so it’s definitely a contender for the best free Android launcher.
Download: Google Now Launcher for Android (Free)

Backup App Data and Restore (No Root)

Marshmallow brings a much-wanted feature, the ability to backup an app with all its data and then restore it to a device, without rooting your phone. Well, you might be surprised to know you can already do that.
We already have a multi-layered plan to backup non-rooted Android devices, but Helium is a core part of that. The app, made by the famous Clockwork Mod team, lets you backup apps complete with their data.
All you need is the Helium app, the companion Carbon app for Windows, Mac, or Linux computers, and a USB cable. Start the app, connect the phone to your computer, and you’re ready to go.
Helium backs up most apps, and it will notify you of which ones it can’t. I suggest you also backup the APK, since it makes restoring easier for some apps that break compatibility with new versions.
When you’re ready to install all this to a new phone again, connect it to your PC, download the app, and restore all your apps. It’s seamless and just works.
Helium Premium will also let you backup to cloud devices and external storage, and it supports apps that the free one doesn’t. Cloud backup makes it easier to sync an Android phone or tablet over WiFi. It’s well worth $4.99, if you ask me, but try out the free app first.
Helium isn’t a perfect solution though. For a full and complete backup of Android, you’ll need a rooted device and Titanium Backup Pro.
Download: Helium for Android (Free)

How to Manage Individual App Permissions

Android Marshmallow finally, finally brings the ability to control app permissions on an individual basis. What this means is that if an app asks for permission to read your text messages and your GPS data, you can choose to grant access to location but not your messages.
Controlling individual app permissions helps avoid the seven deadly security risks from apps. If you are using Android 5.x Lollipop or Android 4.3/4.4 KitKat, you can control individual app permissions with App Ops. On Android versions 4.2 and older, you’ll need to root your phone to control permissions.
App Ops is super simple and you’ll be able to toggle the permissions any app uses with a simple switch. That’s exactly how it works in Marshmallow too. So if you’re on Android 4.3 or higher, you’re in luck!
One thing to note: Uninstalling App Ops isn’t as easy as just deleting the app from your phone, you need to download a special App Ops Uninstaller.
Download: App Ops for Android (Free)

Better Cut, Copy, Paste for Android

Mimicking the iOS look, the new Android 6.0 makes it easier to cut, copy, and paste anything by giving you clear options when you select any text or image. However, there’s actually a better way than Marshmallow’s options.
Native Clipboard is probably the best way to improve copy-paste on Android. The app requires deep access to your Android device, but once you grant it those rights, it will copy anything in any text box, and paste any of your recent clipboard copied items to any other box. Double tap an empty box, and it just works.
Even after trying out Marshmallow, I found myself wanting to get this app back, so in this one case, the current systems actually outdo what you’ll get on Android 6.0.
Download: Native Clipboard for Android (Free)

Boost Your Battery Life With Two Apps

Marshmallow has two cool features to lengthen your battery life. First, it automatically puts unused apps to sleep. Second, it detects when you aren’t using your phone and stops using data at that time.
But what do you know? You already have a couple apps that will do the same things! You need to download Greenify and JuiceDefender.
Greenify’s auto-hibernation mode (available on Android 4.1 or newer phones) will stop updating apps you aren’t using and prevent them from slowing down your phone. JuiceDefender, on the other hand, is an all-in-one solution for almost any battery-saving tip on Android.
You get a lot of options in the free app, so try it out. I think you’ll be compelled to fork out $4.99 for JuiceDefender Ultimate.
Download: Greenify for Android (Free)
Download: JuiceDefender for Android (Free)

Ditch Chrome Custom Tabs, Get Firefox 42

One of the cooler features in Android Marshmallow is Google Chrome’s new Custom Tabs. With this, apps can open an optimized browser tab with saved passwords and other Chrome data intact. Plus, the pages will preload in the background so they seem faster.
Even if you aren’t using Android 6.0, you can get all of this goodness with the new Google Chrome for Android, which includes this feature.
Now, Chrome is the fastest Android browser, so this is great news. But Chrome isn’t necessarily the best browser. Personally, I’d recommend going with the new Firefox 42 Beta for Android.
Firefox 42 has a new awesome “Tab Queuing” feature, which is reason alone to get it. With this, when you are using any app, you can continue using it. When you see a link, tap it and it’s added to a queue, without moving you away from the app. Go to your notifications to find your Tab Queue, and with one tap, open them all in Firefox. It’s fantastic!
Download: Google Chrome for Android (Free)
Download: Firefox 42 Beta for Android (Free)

Source: http://www.makeuseof.com/tag/get-android-6-0-marshmallow-features-without-updating/