[tor-dev] reproducible builds for Android tor daemon

Nathan Freitas nathan at freitas.net
Tue Sep 17 10:17:21 UTC 2019


On 9/13/19 3:51 AM, Hans-Christoph Steiner wrote:
>
> teor:
>>
>> It's not always safe to have apps share Tor: a malicious website in one app
>> can use various caches to discover activity in other apps. And there may
>> be similar data leaks in other shared data structures or network
>> connections.
>>
>> How do these data leaks affect your use cases?
> With Orbot, all apps are already sharing one tor daemon, so this isn't a
> new development.
>
> .hc
>
Most the use cases for Tor outside of Tor Browser and Briar tend to be
related to anti-censorship, reduction of passive surveillance, and
opportunistic access to onions (nytimes, DDG, facebook, etc).

Also has hc said, we are talking about non-browser type applications.

Since these are also applications you already have installed on your
phone, they already can know a heckuva a lot about you and your device.
Thus, with the threat model scope for this work, the app itself is not
our adversary, just the network.

+n




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190917/820937eb/attachment.sig>


More information about the tor-dev mailing list