definitely hacked or something

Aangela · 2025-03-28T04:11:43+00:00

I was using tor browser is GOS and the microphone icon came on. I was not using any other Apps and Iwas loading the website proton.me. I am not using drugs or alcohol, if it matters.

Malicious JavaScript should not be able to exit tor browser sandboxing. No calls were being made. I was looking at the screen and did not accidentally press anything.

I also saw an automatic screen capture earlier. This screen capture I didn't think I did but had the phone laying a certain way, so I thought perhaps some buttons were pressed, but there is absolutely nothing that should have turned the green light mic permission on, I had just rebooted, I had 1 app open.

There is some sort of hack. I only have internet enabled for Foss Apps. This was definitely a hack or error, I was looking right at the phone and am not that stupid.

Well, time to throw this thing out in the trash and go back to not having a cell phone at all. I do not mean that with disrespect. My threat model is low, but I do not want to be tracked all the time.

I can provide logs or a list of Apps or check hashes or whatever, but I'm done, no more smart surveillance phone modems for me. I'll provide any info I can about this and did not get a screen capture. I would not make this up, In don't trust lineage and other Linux mobile distributions don't work well, I want GOS to work well, but not if it's still just a tracking surveillance device, no way. I do not have to have a cell phone, it's not required, I've done it before, I'll do it again.

I do not have another phone to run auditor.

Ddhhdjbd · 2025-03-28T04:20:57+00:00

Does the privacy dashboard say which app did access the microphone?

Tthmf · 2025-03-28T04:24:50+00:00

angela and the microphone icon came on

You weren't hacked. It's a recent upstream bug.

Zzzz · 2025-03-28T05:20:04+00:00

angela Malicious JavaScript should not be able to exit tor browser sandboxing.

Heads up, GOS devs say this about Firefox and variants (including Tor browser):

Firefox doesn't have a basic content sandbox on Android, let alone site isolation, and it has a lot of other security deficiencies.

The browsers referring to themselves as hardened Firefox variants only harden privacy, not security, and in fact most bring more security issues.

This applies to the Tor Browser too.

https://grapheneos.social/@GrapheneOS/111969790767423663

Your issue is probably the upstream bug mentioned earlier, though.

00xsigsev · 2025-03-28T05:46:30+00:00

angela You were not hacked, you pressed buttons to do a screen capture and mic led is a known upstream bug that makes people say they were hacked.

Drop all the Tor nonsense because you don't need it unless accessing onion services or living in a country blocking VPN..

Aangela · 2025-03-28T12:14:58+00:00

thmf except I just had rebooted and hasn't used the microphone at all since the reboot

This error says sometimes if you use mic, green dot comes on later, after having used the mic. Could this error result in green dot showing on a device rebooted slightly earlier with no mic use?

Aangela · 2025-03-28T12:21:50+00:00

zzz even if tor browser lacks decent sandboxing, shouldn't GOS protect me? I also don't even know if this resulted from browser usage. It was at the same time. Other Apps were in background.

Can someone please confirm if green light randomly turning on after fresh reboot with no mic usage could be accounted for by this issue?

Privacy dashboard doesn't show any access at time of green light.

I have also had another call randomly happen in the week or two. Could have been accidental dial, but didn't think so. It feels like someone is hacking me.

Ddhhdjbd · 2025-03-28T12:34:24+00:00

angela not sure if i read wrong but to me it sounds like in the first issue linked they say the bug happens by just turning acces on/off.

were your mic acces on/off and did you turn it on/off?

DDelaney · 2025-03-28T13:15:59+00:00

0xsigsev Drop all the Tor nonsense because you don't need it

Says who? If they want to use tor for general browsing that's their choice

raccoondad · 2025-03-28T13:59:33+00:00

0xsigsev "Drop all the Tor nonsense because you don't need it unless accessing onion services or living in a country blocking VPN"

Tor is a perfectly fine proxy to use and the Tor Browser is a fine browser to use if you wish (however the Android version is lacking if I'm not mistaken.)

VPNs have a minor privacy flaw tor trys to solve with onion routing, not to mention good trustworthy VPNs cost money.

Using Tor is fine, I have contributed to the project a few times, I would be happy if people used the project more for what they wished. We shouldn't gatekeep a network

00xsigsev · 2025-03-28T14:22:04+00:00

raccoondad And I wish people would realize that it is not a silver bullet, and won't solve their problems nor it satisfies their needs. I was in a middle of a response to previous poster asking who would tell them not to use XYZ, but there obviously is a lack of understanding on the usage of various tools..

It's not anonymous as you think it is. It's easily fingerprint-able, and you put trust in random person who runs the nodes.

Just because you can does not mean you should.

raccoondad · 2025-03-28T14:38:30+00:00

0xsigsev "and you put trust in random person who runs the nodes."

You are putting trust in 3 random nodes to not be by a single attacker, including the guard node, and then assuming that Tor themselves doesn't pick up on this and remove them.

Sybli attacks are always an issue on Tor, and it should be talked about more, but you aren't putting trust in a single node operator, that's not accurate framing.

"Its easily fingerprintable", in what capacity? Most people simply want their IP hidden, why VPN services exist.

00xsigsev · 2025-03-28T14:48:57+00:00

raccoondad Most people simply want their IP hidden,

That's not how it looks like when you see discussions why people decide to use tor. I am not trying to say Tor is bad or worse than a VPN. it has its use cases, but I've seen people putting trust in the implementation of it on Android while it was leaking putting them at risk because of using it in countries where it can be penalized.

While many people speak about it based on what they see online, why I discourage usage of Tor instead of VPN is based on my experience and things I witnessed first hand. Every tool has it reasons and usage. All I'm saying.

raccoondad · 2025-03-28T14:55:08+00:00

0xsigsev yes people not understanding their tools is an issue, especially when they don't realize certain implementations, like the mentioned android implementation, are insecure.

As for countries where it is penalized, I also agree that's problematic, less so because of androids implementation, and more so on how bridges are.

I think bridges are a fine idea, just that packet analysis seems to be a serious issue. I never read the protocols details, just that it apparently mimics https to try and hide itself(?)

Tor is great for port forwarding & routing anonymity, I think a lot of issues with Tor comes from outside software unrelated to Tor or not well implemented. Such as the android browser.

The desktop version seems well done, mullvad seemed to agree and copied it for their own browser. Especially if you put it in safest mode.

I feel if you have a security concern with Tor that's anecdotal, you should formalize it and talk about it on the Tor forums or message the project themselves.

Ddhhdjbd · 2025-03-28T16:05:46+00:00

could someone please explain, what they mean, when they say, that the tor android browser is insecure?

i mean are these flaws that like get exploited on a daily basis?
or are you meaning in comparison to chromium.

(I mean is it like worse than firefox? or is it something different (ip leaks))
because sometimes it sounds like firefox users are basically just waiting to get hacked,
while in reality as far as i know is it pretty rare that someone actually gets some virus or something like that from a random website, is it not?

raccoondad · 2025-03-28T19:19:00+00:00

dhhdjbd we aren't talking about security vulnerabilities that would cause serious concern for daily Firefox users, of anything, I'd imagine the concerns we are talking about wouldn't even pass off as CVEs.

Its just weaknesses in anonymity that are baked into some aspects of Firefox, especially Firefox android. If the privacy concerns that I think we are talking about are shared.

As for the protocol, he's referring to sybli attacks, which are an issue but an overstated one. It was framed improperly.

Aangela · 2025-03-29T01:32:22+00:00

This thread drift about proper use cases of tor browser is distracting from the fact I may have been hacked.

This happened after a reboot.

I am still not convinced this is just a bug. :-(

I think someone is hacking me while using GOS. I am willing to submit info to see if it's possible but there's no information about what to do, just a drift "debate" away from the hack.

What is the proper thing to do in this scenario? I likely have been hacked. Enough weird stuff is going on that I don't believe bugs are the problem. This green light thing when nothing is being used is strange and the "stream bug" also would give someone great camoglague if there were a hack going on.

raccoondad · 2025-03-29T01:44:27+00:00

angela "I am still not convinced this is just a bug"

We gave you the upstream bug report details...we can't help you with speculations.

You are literally suggesting a fake upstream bug was reported by multiple users in order to give cover for someone to fuck with you personally, we can't help with that.

Check your privacy settings, see what apps used the mic last, enter safe mode, disable untrusted apps, but we can't help you outside of that without evidence you are experiencing a hack and not a well known upstream bug with the extract things you are describing (the mic indicator light)

Aangela · 2025-03-29T03:07:28+00:00

raccoondad

The mic indicator was on after a reset however. I hadn't enabled the mic after the reset.

Would this issue include that?

raccoondad · 2025-03-29T03:19:15+00:00

angela Why would you assume a reset would do anything? Did you read the bug issue filed? If it is in BFU mode, its almost certainly not an exploit.

Also, "Malicious JavaScript should not be able to exit tor browser sandboxing", Firefox mobile does NOT have sandboxing. This statement alone really makes me question if you understand what you are talking about.

You also instantly assumed it was a "hack" without further investgation and when people gave you reasonable answers of what you are experiencing, you denied it because you seem to have already made your mind up on what your sitaution is. We can't help with that.