Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anonymous Browsing On Android Phones Using Tor

Posted by Soulskill on from the privacy-on-the-move dept.

ruphus13 writes "Privacy is becoming a scarce commodity, especially with geo-aware phones. Now, Android phone users can browse anonymously using Tor — a capability, until now, limited to the desktop. From the post: 'We have successfully ported the native C Tor app to Android and built an Android application bundle that installs, runs and provides the glue needed to make it useful to end users. Secure, anonymous access to the web via Tor on Android is now a reality,' writes Guardian Project team member Nathan Freitas. The Tor 0.2.2.6-alpha release uses toolchain wrapper scripts to run Tor without requiring root access."

2 of 109 comments (clear)

  1. !secure by sopssa · · Score: 4, Informative

    Secure, anonymous access to the web via Tor on Android is now a reality

    People should really stop using the word secure with Tor. Anonymous, sure, but you actually forfeit some of your security and privacy when using Tor. Anyone can snoop your outgoing connections from Exit node, or if you're using https or other secure connection, change the certificates. On top of that there's a change the exit node changes your http pages in addition to stealing or just snooping for information. Implying "secure" in news likes this gives lots of false sense of security to users, like has been seen many times before.

    Eavesdropping by exit nodes

    In September 2007, Dan Egerstad, a Swedish security consultant, revealed that by operating and monitoring Tor exit nodes he had intercepted usernames and passwords for a large number of email accounts.[15] As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption, e.g. SSL. While this does not inherently violate the anonymity of the source, it affords added opportunities for data interception by self-selected third parties, greatly increasing the risk of exposure of sensitive data by users who are careless or who mistake Tor's anonymity for security.[16]

    Another thing is that you are still usually leaking DNS queries to your ISP, which may even return false results if you're being censored in China or something and they still see what sites you're visiting.

    The summary also quickly mentions geo-aware phones. If you happen to be using that bad exit node, now your geo-location updates will be transmitted via it too. And goverments should be able to set up a lot different exit nodes all around the world easily.

    So no, it's not secure. It's maybe anonymous, if you use it correctly and don't login to your banking, slashdot account or whatever with it.

  2. Use it for .onion only by zoloto · · Score: 4, Interesting

    I use TOR mostly for browsing .onion sites, inaccessible without it. Also, if you set up your connection/system properly, you *can* browse anonymously. The idea is that your ISP and external website (and exit node) can't identify who you are. This is a VERY good thing. I would, however, not log into any service that could identify me as "me" online through tor. Ever.

    As a personal opinion, many of the .onion services (forums etc) are more interesting than what's on the rest of the public internet anyways. It's amusing and interesting to see what people have to say on forums when they are really able to be anonymous (trolling aside).