5/21/2023 0 Comments Tor new releasesYou've really messed up with the mobile app, Guardian Project had more of an idea what to do. Read the playstore reviews, most people install the update, realise its crap and then downgrade back to the working 68.10.1 version within 5 minute. You also ignored my question about attackers having access to the GPS info (that you've apparently switched off but also made sure the end user can't check for themselves, apparently reading about:config is more of a risk than just hoping a glitchy new release happens to do as asked) You didn't respond about the lack of users making it more fingerprintable either, which leads me to believe that it is indeed more fingerprintable. Yes, I'm sure it is more than possible for a malicious website to bypass the permission requests and gain ungranted access, previous versions didn't have these permissions and all those versions happen to work a hell of a lot better than the last two broken jumbles you've put out (half a year for THIS, really?) It will take another half year just to make it useable. The lack of trust (and thus users) would lead me to also believe that these newer versions are more fingerprintable as the crowd of users is smaller, timed correlation attacks are probably going to be pretty easy for a while, or am I wrong? It was also said that the new app must be used for up to date protection, but isn't it majorly vunerable until the needless permissions get removed? Couldn't a malicious onion site try to access GPS and camera use? Could a malicious node take advantage of this in any way? Please completely remove the Google password saver, many people go through time and effort of custom ROM use in order to avoid Google, the last thing they need is for Google to pop up at one of the last points of contact. The fingerprint/bio info also just adds another needless point of possible failure. If people need to take photos they can use the default camera app and clean the image in ObscuraCam, if people need to be audio recorded over the internet then they don't need Tor in the first place. These permissions are undeed and adds huge attack vectors to an unstable app. In relation to the tickets you have raised for said app, please DO NOT keep the permissions for camera, audio or fingerprint/biometric data. Hopefully this update will see a few issues removed from the very buggy and sketchy Android version.
0 Comments
Leave a Reply. |