I think that Ben Barber meant Android as a whole cannot be anonymised, at least in a plug-and-play fashion. His citing of backdoors potentiality was to show an example, which is only one of the many iterations of the wide problem.
The other part is that Android is also desperately leaky. Having read this discussion I tried to VPN my connections to Tor, and the proof that it worked is that, in less than a minute, I received a text from Google alerting of a suspicious connections to my account, i.e., K9 mail had already tried to fetch my Gmail over Tor. Conclusion: in less than 1 minutes, I am deanonymised to they eyes of Google, which therefore include a handful of other random Advertising corporations, Intelligence Agencies, not only the ones partnering with Google but also the ones stealing their data, from wherever they can. And it's not over. The text message I received (containing my email address) tips a lot of other entities, starting from my phone company, that the connection anyone may have seen to Google from a Tor exit in the last minute has much chances to be me. And on, and on, and on... And this is just one app. Because of course, I could not use Gmail and all, but the whole ecosystem of mobile apps is based on data harvesting, sniffing and selling. So, all in all, as much as the effort to port an, easily activated, OS-wide Tor protection to Android deserves consideration, it has not the slightest chance of truly working without a lot of thought put in your phone's OS setup, *before* you even turn on for the first time the damn phone. From what I know, Mike Perry's article on hardening Android is the only viable *starting* point to secure an Android platform. Good luck fellas! Le 23 mai 2015 15:18:27 CEST, Jens Lechtenboerger <[email protected]> a écrit : >On 2015-05-20, at 09:28, benjamin barber wrote: > >> im not sure that using TOR on android is anonymous. Sure your >favicons are >> leaking your ip, however android itself is a leaky OS, that and >backdoors >> whatever agencies currently have. >> >> >http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act#Technical_implementation > >I don’t see anything specific to android in that article. >Acts like CALEA probably exist in every country. > >Regardless of the OS, it’s best to avoid centralized services. >And to make sure they only get to see encrypted data. > >Best wishes >Jens >-- >tor-talk mailing list - [email protected] >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
