Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Android Privacy

First Official Version of Tor Browser for Android Released on Play Store (zdnet.com) 33

The Tor Project today made the first stable version of its privacy-focused browser available on the Google Play Store. From a report: This new mobile browser integrates the Tor protocol stack into a standalone browser and replaces Orfox as the main way to navigate the Tor network from an Android device. Tor Project developers have been working on this browser for eight months now, since September 2018, when they first released an alpha version for public testing. "We made it a priority to reach the rising number of users who only browse the web with a mobile device," said Isabela Bagueros, Executive Director of the Tor Project. "These users often face heavy surveillance and censorship online, so it is critical for us to reach them. We made sure there are no proxy bypasses, that first-party isolation is enabled to protect you from cross-site tracking, and that most of the fingerprinting defenses are working," the Tor team added.
This discussion has been archived. No new comments can be posted.

First Official Version of Tor Browser for Android Released on Play Store

Comments Filter:
  • by Anonymous Coward

    How are you going to make sure no other "app" on the phone is leaking information?

    • by DrYak ( 748999 ) on Tuesday May 21, 2019 @02:36PM (#58631876) Homepage

      1. unlock the bootloader
      (you're a privacy conscious-person, you bought a unlockable phone, right ?)
      2. install LineageOS or some other opensource AOSP-based OS
      3. install Tor browser
      (Apps have different UID/GID on android and can't see each other's data. Tor browser's data should be kind of safe).
      4. optionnally install MicroG (and F-Droid to fetch it)
      (it's an opensource re-implementation of the same API ("com.google.android.gms") as the official proprietary Google Play Services blob.
      But it's much more parametrable and actually honours your limitations regarding data leaks)

      5. Now you can install other apps (e.g.: from Yalp Store, Aptoid, etc.)
      and properly set what they can access, their auto-start and notification and cloud-alerts capabilities, etc.
      Those app will be limited in their attempts to leak information, both on the file system level (see UID/GID above) and on the service level (microG is more likely to block everything you ask it to block)

      It's easy!
      (Well at least for /. geeks)

      Though:

      6. Unless your phone is a Librem 5 by Purism (in which case it's not running Android but some GNU/Linux by Purism), chances are that the cell network modem is part of the main chipset and acts as the chipset's northbridge (has full DMA access, can function even if the CPU is sleeping, plays a key role in the bring-up of memory and other I/O(*) ), so you're just one OTA update of the modem firmware away of your data getting siphonned away. (And given that batteries aren't removable anymore: *even if you've attempted shut down the phone*).
      (As opposed on the Librem 5 and some older phones, where the cell modem is a dedicated separate chip, that only communicates over a standard interface with the main CPU (shows up as a serial port device and/or network) and has absolutely no access to main RAM, main I/O, etc.)
      On the other hand that kind of attack is kind of involved, so unless you get specifically targeted by the country you live in or happen to live in a country that engages in indiscriminate mass surveillance, you should be safe~~

      ----

      (*) the reported advantage is that this enables longer talk time on the same battery, because the main CPU and the OS running on it can go to sleep and the cell modem will keep playing audio autonomously on its own.
      You're trading massive swath for a few millimeters thinner phone and lighter battery.

      • by AmiMoJo ( 196126 )

        All that is only necessary if your adversary is very sophisticated. If it's just the cops or bypassing your mobile provider's blocks/data collection then just installing the app is enough.

        And after all, if you are that paranoid then your computer is nearly as bad.

  • by Anonymous Coward

    ... if you want to keep your ISP from spying on you and serving up stupid targeted ads, fine, But one would have to be totally insane to do anything that really requires security -- say, a journalist covering a corrupt government, such as Venezuela or the USA -- on a cell phone.

  • If you need to access something that requires the level of anonymity that the Tor browser provides.... then FOR THE LOVE OF DONALD TRUMP BOOT UP A TAILS/WHONIX SESSION INSTEAD OF THIS "TOR ANDROID APP"!!!!

    • How about when you're just sufing the web? I mean, if I want to look at (say) medium.com, why should the world and his wife get to know about it? Tor Browser solves that problem nicely.

      • How about when you're just sufing the web? I mean, if I want to look at (say) medium.com, why should the world and his wife get to know about it? Tor Browser solves that problem nicely.

        I guarantee you as soon as your phone provider sees Tor traffic from your cell phone you will be on multiple watchlists. Not only that, but unless it's a burner phone it's 100% tied to your identity and a lot easier to track/monitor that a workstation.

        • All the more reason to use Tor then - get onto as many watchlists as possible, along with the people that really need Tor. They'll become a needle in a haystack.

          As for tracking, Tor doesn't make tracking my phone any easier or harder - that's true. The desire to track my phone is based on the watchlist, so again, having as many people on it as possible would be an advantage (for the majority, not for me personally).

Genius is ten percent inspiration and fifty percent capital gains.

Working...