What difference does it make if i use the tor Browser on Grapheneos vs Stock-Google-Android Device?
Is there any?
I mean in terms of security of the annonymity.
Is Tor Browser more save on Graphene than on Stock Android?
Firstleavebananas Apps are harder to exploit on GrapheneOS, but the Tor Browser and Firefox are a rare special case not benefiting from most of the GrapheneOS exploit protection features. They're the least protected against exploitation of all mainstream browsers, especially on mobile where Firefox does not implement a sandbox at all. The Tor network itself may or may not be a good option for you depending on what you need and your threat model. Bear in mind that it can be seen you're using Tor on the local network and ISP. Exit nodes often mess with the traffic leaving them. A lot of malicious Tor nodes have been discovered but in general there's no way to know if nodes are participating in mass surveillance, logging traffic, etc. Anyone can make Tor nodes and join the network.
- Edited
I was thinking all Android apps are sandboxed by the OS design.
If I summarise, about 24 % of users have probably lost their anonymity in the worst case (middle relay) using Tor before 2021. The
“KAX17” actor behind the malicious relay have a non-amateur level.
The "BTCMITM20" was replacing bitcoin addresses in tor exit traffic.
The Tor browser app don't use any sandbox, so the app add a week door to the Pixel device.
Edit : a "weak door"
Hat I was thinking all Android apps are sandboxed by the OS design.
They are. He didn't mean the standard "untrusted_app" sandbox, but further sandboxing, which usually happens in browsers, for example with "isolatedProcess"+seccomp, like Chromium does. This sandboxing is needed in browsers because they execute a lot of untrusted code every day, have a huge code base and need to protect their own user data like cookies, history and so on, against malicious websites.
Firstleavebananas I mean in terms of security of the annonymity.
Shut be more secure than on stock. The annonymity is the same.
- Edited
GrapheneOS Tor Browser and ... not benefiting from most of the GrapheneOS exploit protection features.
So they benefit from a few features. Or am I mistaken.
TheGodfather
Storage & cache should be cleared at each new session ?
GrapheneOS would you say, that i leave the web browser experience to a laptop?
If i try to reach max annonymity possible, is it a bad idea to do web browsing?
Or would you say yes but just with firefox based browsers on android?
What if i use Vanadium with Orbot then? Is this safer than tor browser?
And as i understand what you say, it is definetly not a good idea to surf onion sites with tor browser on Grapheneos. It would be safer to surf onion sites in another enviroment like tails lr whonix.
Because the tor browser on Android/Grapheneandroid is less safe of explortations then on other os'ses. Right?
Hat Storage & cache should be cleared at each new session ?
Right. Post-exploitation data is still a problem. Also a full-system compromise can be easier from inside the untrusted_app sandbox than from isolatedProcess.
a month later
GrapheneOS The Tor network itself may or may not be a good option for you depending on what you need and your threat model. Bear in mind that it can be seen you're using Tor on the local network and ISP. Exit nodes often mess with the traffic leaving them.
What if my device is ,always routed through TOR via Orbot?
What if i always use snowflake Bridges?
Than the isp does not know i am using tor right? Or could the isp still know that i am using tor because even if the first hop is not an official tor node, the traffic is still tor traffic?
What is this with the tor exit nodes about you are talking about?
How could they "mess" with me if i always route all traffic through tor on my device?
MalterMhite What if my device is ,always routed through TOR via Orbot?
If your traffic is routed through Tor for sites you are logged into with a personal email/phone number/ID, your activities can be linked to that information. If you ever logged into a service with your real IP address and later use Tor to login, your activities can be linked to your real IP address.
MalterMhite What if i always use snowflake Bridges?
Than the isp does not know i am using tor right? Or could the isp still know that i am using tor because even if the first hop is not an official tor node, the traffic is still tor traffic?
The default Tor bridges are public knowledge and can easily be identified as Tor traffic. The only exception is meek-azure which routes your traffic through Microsoft, so at face value anyone monitoring your internet traffic will just see you are connecting to Microsoft servers. However, a determined adversary could uncover that it is Tor traffic via deep packet inspection.
You have to step back and realistically ask yourself: "Who am I protecting myself from?"
MalterMhite What is this with the tor exit nodes about you are talking about?
How could they "mess" with me if i always route all traffic through tor on my device?
Exit nodes do not know who the user is, but they can see "some Tor users are visiting so and so websites." This only applies to clear net sites as your traffic has to leave the Tor network at the exit node to communicate with the website, although .onion sites are unaffected as traffic never leaves the Tor network; so there is no exit node over the dark net.
The problem is that some exit nodes log which websites are being visited and if the guard node and the exit node are run by the same adversary, they can potentially connect your IP address to the clear net sites you visit over Tor, which can de-anonymize your activities.
17 days later
Firstleavebananas I'm not sure if therr is any difference besides that desktop version allows more control over the circuite.
also i just discovered the new secity settings available after some recent update. Went thru enforcing all. Quite confused on the DCL not having a default toggle to not having to set each app one by one.
Soback to Tor browser on mobile, i cant remember when was the last time I opened it, but right after restricting the DCL to it in device sertings, a suspicious notification popped up with Tor browser crash even though it was not opened for weeks if not months. And later one more notification saying Tor browser tried to perform DCL via memory.
Wondering what is that code that Tor browser tried to load? is there any way to find out?
- Edited
Onlyfun Quite confused on the DCL not having a default toggle to not having to set each app one by one.
DCL via memory has a default toggle, available from the Owner profile. DCL via storage currently has the default toggle temporarily disabled until Google gets rid of dynamite modules or something.
after restricting the DCL to it in device sertings, a suspicious notification popped up with Tor browser crash even though it was not opened for weeks if not months. And later one more notification saying Tor browser tried to perform DCL via memory.
Wondering what is that code that Tor browser tried to load? is there any way to find out?
No idea, but the notification showed for a number of apps (Tor, Mull, Spotube, Just Eat) which had issues with restricted DCL so I doubt its anything to worry about. Would be nice to know though.
8 days later