[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Firefox with Tor on Android?

To: Jens Lechtenboerger <tortalk@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, benjamin barber <barberb@xxxxxxxxxxx>
Subject: Re: [tor-talk] Firefox with Tor on Android?
From: Alexis Wattel <alexiswattel@xxxxxxxxx>
Date: Sat, 23 May 2015 15:47:59 +0200
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 23 May 2015 09:49:31 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=in-reply-to:references:mime-version:content-transfer-encoding :content-type:subject:from:date:to:cc:message-id; bh=z160Ed4qn3HXKiFdLP2ONKiBVtbEB6FNL5ih0g9Jrsc=; b=HD7q0/hiiZC2nk46JlIvvXmzpx4D17RgwYF4L8ndR1HnFmlgHRNdcfAWqZwR+MwWdS 494ekNUBtev2WFeh5EWZFkBSeNmY2ilGyd9jIaedrDh+9n6yKBEWHgCCiq/QLiEGZQ5W lF+Jn5yWfywvZL8F5+j9HYRoE+405gpZt14bxQUqOMRsyjQH3I7A8C1wCHwCFp7AyC8I TDGgiwlaKt6Kw42x1Y5KmY3NhDzoQB7joxlHw9k31nN5gkVLwNbt411DRUZ9LUuj4sg1 /HB/RzdfNAAS3I3xL3gMeTzY7d6Mh53Ls0bTJKCsxccTEH+YpuNdH4dBnZzehlcsHVcH 1xAg==
In-reply-to: <87zj4v8mak.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <87iobo8fzv.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <512753.5549443130353135392d31343036383939313433@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1432069898.394980.273147569.5582B404@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <CAMTdTS8WCkSYNoCpMt_JOJhqUzZ+RGgoZC85ZOxuXWy-9Cu82g@xxxxxxxxxxxxxx> <87zj4v8mak.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

I think that Ben Barber meant Android as a whole cannot be anonymised, at least in a plug-and-play fashion. His citing of backdoors potentiality was to show an example, which is only one of the many iterations of the wide problem. 

The other part is that Android is also desperately leaky. 

Having read this discussion I tried to VPN my connections to Tor, and the proof that it worked is that, in less than a minute, I received a text from Google alerting of a suspicious connections to my account, i.e., K9 mail had already tried to fetch my Gmail over Tor. 

Conclusion: in less than 1 minutes, I am deanonymised to they eyes of Google, which therefore include a handful of other random Advertising corporations, Intelligence Agencies, not only the ones partnering with Google but also the ones stealing their data, from wherever they can. 
And it's not over. The text message I received (containing my email address) tips a lot of other entities, starting from my phone company, that the connection anyone may have seen to Google from a Tor exit in the last minute has much chances to be me. And on,  and on, and on... And this is just one app. 
Because of course, I could not use Gmail and all, but the whole ecosystem of mobile apps is based on data harvesting, sniffing and selling. 

So, all in all, as much as the effort to port an, easily activated, OS-wide Tor protection to Android deserves consideration, it has not the slightest chance of truly working without a lot of thought put in your phone's OS setup, *before* you even turn on for the first time the damn phone. 

From what I know, Mike Perry's article on hardening Android is the only viable *starting* point to secure an Android platform. 

Good luck fellas! 

Le 23 mai 2015 15:18:27 CEST, Jens Lechtenboerger <tortalk@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> a Ãcrit :
>On 2015-05-20, at 09:28, benjamin barber wrote:
>
>> im not sure that using TOR on android is anonymous. Sure your
>favicons are
>> leaking your ip, however android itself is a leaky OS, that and
>backdoors
>> whatever agencies currently have.
>>
>>
>http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act#Technical_implementation
>
>I donât see anything specific to android in that article.
>Acts like CALEA probably exist in every country.
>
>Regardless of the OS, itâs best to avoid centralized services.
>And to make sure they only get to see encrypted data.
>
>Best wishes
>Jens
>-- 
>tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Firefox with Tor on Android?
  - From: Mirimir

References:
- [tor-talk] Firefox with Tor on Android?
  - From: Jens Lechtenboerger
- Re: [tor-talk] Firefox with Tor on Android?
  - From: Nathan Freitas
- Re: [tor-talk] Firefox with Tor on Android?
  - From: benjamin barber
- Re: [tor-talk] Firefox with Tor on Android?
  - From: Jens Lechtenboerger

Prev by Author: Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
Next by Author: Re: [tor-talk] What is being detected to alert upon?
Previous by thread: Re: [tor-talk] Firefox with Tor on Android?
Next by thread: Re: [tor-talk] Firefox with Tor on Android?
Index(es):
- Author
- Thread