Would you say that is an accurate assessment?
A bit harsh.
Guardian Project is merely hosting Tor Browser for Android on behalf of Tor Project in their repository.
And TBB is only maintained by a single person from the start, @sysrqb.
Do I like seeing this? No, absolutely not. But someone has to foot the bill, and no one is right now sadly.
Whether it is harsh or not, it is important to know the truth about the likelihood that a project as important as a browser has a plan in place to ever ship a version that does not include trackers.
To elaborate some more I’ll post a quote from an email I had with someone at Mozilla in 2017:
[…] we should support building without all of these things, precisely to support “free as in freedom” use cases like F-Droid and Tor. If we don’t, that’s a bug.
But ¯\_(ツ)_/¯
I think it would be even better if upstream Mozilla would ship their browser without any trackers, but I have watched that organization closely enough for long enough to know it will never happen. I say that as a user of Firefox before it was called Firefox (remember the good old Phoenix days?).
Some extra reading:
I think there is a fundamental difference between shipping code while attempting to disable it, and removing the code entirely. Although it is a step in the right direction, the Tor Browser should go all the way and remove the code.
Also, I am fundamentally opposed to any type of telemetry that is not strictly opt-in. This is an example of where Mozilla (including Fennec as your second link shows) and I disagree.
I second that with bromite
Just use a downloaded map app
S’pose the big An0m takedown is a reminder we’re all “on notice.” Again… All communications are probably vulnerable to monitoring by gov’t, and their contractors.
How can you scan PDFs to see if they “call home” or do other nasty stuff?
The idea behind that particular operation was based on the assumption that old school criminals are plain stupid or have non of the technological understanding at all.
The criminals proved the assumption.
Natural selection in action. Lol
If one not able to understand communication/encryption technology, and hope that one can rely on a third party proprietary solution,
that’s what you get.
This “solution” was a 100% honeypot from the beginning.
“Hardened encrypted devices usually provide an impenetrable shield against law enforcement surveillance and detection. The supreme irony here is that the very devices that these criminals were using to hide from law enforcement were actually beacons for law enforcement. We aim to shatter any confidence in the hardened encrypted device industry with our indictment and announcement that this platform was run by the FBI.”
As a free software advocate I think Anom actually vindicates my view on free software being essential: as far as I am aware, the Anom app was a proprietary black box, distributed on locked devices that the user could not tamper with. Users literally only had the word of the company that their messages were private or secure. Privacy policies and nice sounding words are not enough, you need the four freedoms and complete control over your hardware.
For all of the FUD (intentional or otherwise) about Tor and Mozilla floating around, all of their work is free and in the open, users have the four freedoms with it.
On that topic, the grapheneOS’s previous company was actually making deals with gov and criminal org’s to sell compromised devices. Seeing that the only Dev left the company and made GrapheneOS
Tor on Android died around last October when the Tor Development Team ruined all the work of Guardian Project. It started slowly going downhill once they took over but they’ve now depleted it to a state where it’s dangerous. If you spend a while going through the comment section of blog.torproject.org you will see a developer openly admitting and acknowledging to numerous flaws but with zero sense of care of urgency. Take a look here for example, he can’t even be bothered to search the blog he partly owns (this too is in relation to trackers) New Release: Tor Browser 10.0.17 | The Tor Project
As you can see they have no care of concern for the trackers, you might also just now come to learn via the comments that Tor has been leaking your installed applications for an unknown amount of time (protocol flooding attack (scheme flood) (#40432) · Issues · The Tor Project / Applications / Tor Browser · GitLab) . If you’ve had the same software configuration whilst under two “separate” usernames those usernames have now been linked together. Thanks Tor! Have another two million.
It doesn’t help that Mozilla laid off a bunch of their staff last year too.
Yes I’m sure that didn’t help the matter but Tor Project has been rehiring people and bringing in new people (Announcing new Board members | The Tor Project) so I don’t see why it’s such a difficulty for them
“We’ve also been able to re-hire several staff members and about a year on from that moment, we are in a better place.”
It definitely needs to be secured but nobody seems to have any interest in doing so, they all just act like I’m making it up.
June 13:
No, the trackers are disabled. Zero information about your browsing behavior should leave your device. If anyone finds this is not the case, then that is a bug and we will fix it. However, the fact that we didn’t completely remove the trackers in the app does not mean they are enabled.
Anonymous
seems like the same person, but it’s anonymous
That response was issued by someone officially associated with the development of Tor, lots of people are looking for answers and getting nowhere, hence this thread.
Much like when choosing a VPN provider you have to pick apart the words and think of all possible iterations along with why they weren’t used in place of the published work. Do the same with this.
Zero information about your browsing behaviour SHOULD leave your device, we aren’t saying that it won’t, just that it shouldn’t if it does. This is then backed by
If anyone finds this is not the case, meaning they are aware and accepting that under some unknown situations these trackers and telemetry possibly could pose a threat to all users. But not to worry because once your data has already been harvested by numerous companies (mostly based in privacy hating USA) they will perhaps EVENTUALLY step in after we’ve all been used as Guinea pigs and become targets. If you’ve ever attempted to submit a comment to their blog then you’ll be aware of how rare it is for legitimate and informative comments to actually get published. Meaning reports of tracker behavior will go unknown and unnoticed to most. Similar to when noscript updates caused a potential bypass vulnerability which could be fixed by hard disabling JavaScript in about:config (which they also chose to handily remove now) People were posting warnings to the blog about it for days but Tor chose to keep users at risk by not approving them for public view. They only gave in when tech security sites started outing them.
It equally means that the development team made the voluntary choice not to offer the top level protection possible to users/donor’s for zero good reason whatsoever. It certainly wasn’t for speed of releasing updates.
We hear about the unneeded trackers, but the word telemetry never appears.
Why? It’s only right to wonder.
I’d also like to draw much needed attention to
All four freedoms via Mr Mozilla? I am unsure
Reclaimthenet article on Mozilla
Interesting, but should we believe a site with such an article, while they have a list of “private web browsers” that still includes Firefox, and Duckduckgo, but not Mull or PrivacyBrowser?
Also curious why Browser on Tor Mobile had to Captcha game, twice, but on desktop did not…
Edit: And about Tor Browser, they say,
“One thing to note is that the Tor Browser is more lightweight than most other browsers which means it’s less customizable and doesn’t block ads.”
Except it does come with NoScript, and without JavaScript a lot of ads are effectively blocked.
The information on that websites article is repeated across other sites and there have since been further incidences of Mozilla acting against the best interests of its users. We need more than deplatforming
I think it’s fair to trust that Mozilla has lost its core values and will begin (if it hasn’t already) some method of collecting data and scanning data in real time for ‘fact checking’ They essentially want the entirety of the internet to become like Facebook where some governing central overlord gets to hoover up everything and ‘correct’ it to their own desire. Today I looked at a news article on Facebook about the vaccine and someone who was harmed by side effects, Facebooks intolerance and senseless, emotionless censorship system accidentally knocked out the entire article headline and the description that came with every other article. It’s blocking out a real life event simply because it doesn’t suit how they would like for things to go.
If Firefox implement the same system of ‘fact checking’ then we could all be hit at random simply because some code doesn’t like a word we used. We know about the NSA Xkeyscore system but it doesn’t come built into your browser, until now. Encryption is useless if the browser’s on-screen data is being picked up and checked over for naughty words like poo poo.
I personally wasn’t aware of a browser called Mull, I assume it’s from Mullvad VPN? I’ve also seen PrivacyBrowser in apk lists but wasn’t comfortable with the required permissions, although that may have since changed.
The captcha flood was probably related to Google attempting to contact the trackers in Tor (or the other way around) but a response from a developer and his hidden friend has denied this, it’s “normal” for the browser to display differing behaviour after an update… obviously. See
it is flooded with CaptCha
That’s normal. Read:
NoScript does indeed function as an ad blocker for most adverts but not all, assuming those ads only see Tor exit node information and don’t attempt to interact with the trackers or Google Play then it SHOULD be ok. Not that we have any way to be certain of it.
Edit: Here is a demonstration of the Facebook censorship I mentioned, you can see how the article looks in comparison to others.
Censored: https://ibb.co/JB14BcX
Normal: https://ibb.co/f4zVkd3
You assume incorrectly.
It’s from @SkewedZeppelin , developer of DivestOS and more.
“Mull is a browser based on Mozilla technology that is hardened against advanced fingerprinting techniques thanks to the Tor uplift project and arkenfox-user.js project.”
Already abandoned that ship, but thanks.