[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] reproducible builds for Android tor daemon

To: tor-dev@xxxxxxxxxxxxxxxxxxxx, Hans-Christoph Steiner <hans@xxxxxxxxxxxxxxxxxxxx>, teor <teor@xxxxxxxxxx>
Subject: Re: [tor-dev] reproducible builds for Android tor daemon
From: Nathan Freitas <nathan@xxxxxxxxxxx>
Date: Tue, 17 Sep 2019 06:17:21 -0400
Autocrypt: addr=nathan@xxxxxxxxxxx; keydata= mQINBE/X27MBEACulyj4CfeOClOxZ2/tS6qnwjN8xQCVb7kWAS3yiMaXZ3oTcsay2njap1p4 twkdjJ3CS+4HrAnFlxE1PJYYjTYyWMwswB2sO/I3AFGNQlJVN4pS4EEuOpbXJU1ULg/qW6dl LAWCo1OAzbU2Qp4ABspp1bbmjNIxCIqIyRlVmaE9Ti2bABIWGpr7RbOYOyZ1OUDSldFnxns/ MNKGnLXAUCTVPKHzkGvyTHjhnJEN6f+u9pYs7K+0vCsxJSsdh6viUoDCFa9RMRI6OB8XpqHV 51MVh2ZRTChWRBLeZujS5CfYmlJGABWRx27LYgiYB7bGqfY5d0R1eFpsFscEpYxfWSHeQX61 JiiFBduPyvMrsw2bDhjhDzk6ahK9aIRfJDexVVnw2hQTVClsm85J1COuDoY66KDIstu9lxv5 aSl2auLtcmHTKLD1FaDaKjM5QaaTjZ0251KiunrUKk7xXgvyw2rbeVIMqik5LAZnAl0V8TDC uW7MueySRedndvKTcf6Swgm6RURcAe39q80dmcgxhXvj0/8YELUoZWLjsbjcsiQ2DuQ4vnY1 rCGRT0QJwEhYiKOaq1gTeTa/BKYcd2MI63oPz2cwQx25bQutVuMnozm+eFP3oK9kt08XpZvG 7ysSMa/Qiyx639Mb3bEAkaJDEF9BwaEjUexAaibNdXcQEcP8TwARAQABtDhOYXRoYW4gRnJl aXRhcyA8bmF0aGFuQGZyZWl0YXMubmV0PiA8bmF0aGFuQGZyZWl0YXMubmV0PokCOAQTAQIA IgUCT9fbswIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQqAEYPmmzeqmQNw/+I0SX EDEyNqyfT7EWK1zcgtmGz8pDDmCwASdInBIPM0q72eaP31Aj5Pwflqe5FCyYlobEBcvWYqQ7 ejqCQhPgLB+gh0vIwBSKfZ8JiYsDGANInf/KzIo5MbOWx0Q/h9E1XvqXg6RT4O9xzxcAwFVI 7geC1qwZw02eTC4XK3UuSZ+0woGdwqjB+OBha9u5CazqKJT1lkQ6m5zTh+yb6eDKHUQA7YEN A86qjlrh+jtL6tXJK8qEK+GN8V17FJWWqWztvLOtcMradMB4ZsbdTsmCgrIVBPT9XD9PRkO1 jxVWVe2da1sJJnc7egeO5ZyCrXQU1Bjyz1z/r2SnSi5y8MAb7KE+B23iI7HWCfSU3PqEZgqW sBZfyfJ8JRHRVl0KB4gnsfKdjcEGXWkiXace28E2t6HYvJlLJWXqKO45AgblFx9bgVDWgkYc QvNBbquc+cG5t8fq6wOTIGT+j+wa9urt19etpx3TZoRO1UlBTyu1HA7PJO77VIfWUTymwk2E tKYKthOLc4As97ID6kXLoWaxarESrlayG3OJezUl4EY+8H7NKx3JSwmra9lnHgQatXU7iULk YLl5bzgE9twcgI9w0BKo3DHMg9LxTyPY3fzEu36PIYgGCLbXr9pS4FoFmtSjt/N974Qeyvlm 8KkBDwmlMAdpJzktH67NiyKYk89Aho+5Ag0ET9fbswEQAMGiVLrDZaAy8eA1z4hNGTtPV+im C64PvmYxDM0aMs3ZZs5KbOQxuCsghVR2ICtLg0zQmikENpfA4IsHjTJNh94sx5Fc7+6hmWCA TWySgPgiwag0w+pcBicQgNNbIrSJwtOlRLEFwd6+lb2piUE0duqldMRa0F0POpMX6cYN6IMq h0SEkSKs5Ko0SzSFPLWDUeHQSwf7dBbR800IEJMo3mxlGIUL9eDZ23gpQjPbVqyZAunrBzFf uZIlzMsriNptHnlO3f8B7iMzYSqs+8Ljthke81UTZO7wZbZTQOpEe6FCSF38N1uEpRqMCW/G eLoDO0aOe9Soj85AFY2Mhs+sSkJGIz+afx6By/JelKalYMzPnZjemJFokzlUcQBA/xlZka3z w1bXMvp5E3y3k/hnE1Lgx2HaaSPzqFjnle3lQKLHr9EvkCCGWPGxjCX8YZpLiKNKeiCSMmU8 IblIkte/XQKCKFnSgHiGVuHIzDaR6PDY2WqKjTKgWaB/yqhULWpAabZGd25fjbYhOkvSgraz ffqKw8+wDRGcw9sfi219Cx/qdZtGeK5uBf3Xh68f7JszH/2vS/FiWjB0gl1MKv9ePRgydRgY 5rCcaNZVmUKGJVOvDE9EQwmq3uiLmgcPcSxLSpFkrLELpo5uuUjOP6FE1ocwGNifmdNpNNGE wR2H34H/ABEBAAGJAh8EGAECAAkFAk/X27MCGwwACgkQqAEYPmmzeqkRVg/8C1N+VP4KBW3M tjcA+78e2gZMvX+4OnFiZ53dWb06STkh9b1GccPy7T+5/JQyK6OGwVIIEWz5tPWVa2XgoahC ENjFa2RsDCnCr0iIxiUm5mB6j2GP8Zkch5VvTcBh2yORKR963FoWJio6O2p2n1VL0xqy9DMb Sx/OieqJ3y/qwAtVgf9+nAzyVsLoJTYKa42eL43j22lDue7s6oCMzmK+GdIDrRGEgN2Fdd/J d993OsmjSpw1dpIF5JaTlpBUKczM2N3WNbWLZtjx30XcyhxzXYkiXPv7nUvuJhD07MH8HPvY 9M+J1Uuc218txO4eylGc5jQPyGdewIb/Uf4AYCWAle0j1KXFEntaA18CSBXHukswWZCeq6vk g2V5HdePPFNdS0qnp/k57TGjJKMaNK4HVVj4C1UOeW47I9U3eoSuvCYlJObi/D6BozRBezRx RMHM02fUnib4+O6AOi8zvRf3OGT5OZGfUESyCPHMJJJLAXn3pSJ/dlMHsRuNtrMUtZpIKGBK kD+tNWTeqKSdQLlMyoOb+vBHSUtxiIjo/MkicpxyiM0P0MgEhQWERbVIxmX2D8ya7gUN6EtO p9KGzwYtJb1PbBymTXepEgIRCTr0zsvvOOmxVHDMUHbCEUFm3ofBthB4puKe/poAEzOWXFNL THGHDVKtjh0i6ywxCAQTL/4=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Sep 2019 06:17:37 -0400
In-reply-to: <618af587-4f5a-82ef-f6e2-219a5b2a64c3@guardianproject.info>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <64667627-8ffe-f59e-8109-8258925a7845@guardianproject.info> <F60FF396-2485-46AF-AF22-95914A0E847B@riseup.net> <618af587-4f5a-82ef-f6e2-219a5b2a64c3@guardianproject.info>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

On 9/13/19 3:51 AM, Hans-Christoph Steiner wrote:
>
> teor:
>>
>> It's not always safe to have apps share Tor: a malicious website in one app
>> can use various caches to discover activity in other apps. And there may
>> be similar data leaks in other shared data structures or network
>> connections.
>>
>> How do these data leaks affect your use cases?
> With Orbot, all apps are already sharing one tor daemon, so this isn't a
> new development.
>
> .hc
>
Most the use cases for Tor outside of Tor Browser and Briar tend to be
related to anti-censorship, reduction of passive surveillance, and
opportunistic access to onions (nytimes, DDG, facebook, etc).

Also has hc said, we are talking about non-browser type applications.

Since these are also applications you already have installed on your
phone, they already can know a heckuva a lot about you and your device.
Thus, with the threat model scope for this work, the app itself is not
our adversary, just the network.

+n

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] reproducible builds for Android tor daemon
  - From: Hans-Christoph Steiner
- Re: [tor-dev] reproducible builds for Android tor daemon
  - From: teor
- Re: [tor-dev] reproducible builds for Android tor daemon
  - From: Hans-Christoph Steiner

Prev by Author: Re: [tor-dev] reproducible builds for Android tor daemon
Next by Author: Re: [tor-dev] New Orbot, tor-android and AndroidPluggableTransport updates
Previous by thread: Re: [tor-dev] reproducible builds for Android tor daemon
Next by thread: Re: [tor-dev] reproducible builds for Android tor daemon
Index(es):
- Author
- Thread