Opened 3 years ago

Last modified 12 days ago

#13333 assigned defect

Android users visiting sites using Tor leave all kinds of incriminating evidence in the logs

Reported by: cypherpunks Owned by: n8fr8
Priority: Medium Milestone:
Component: Applications/Orbot Version: Tor: unspecified
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

People using Tor on Android use User-Agents with all kinds of incriminating evidence such as:

"Mozilla/5.0 (Linux; Android 4.1; Nexus 7 Build/JRN84D)
AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166
Safari/535.19"

"Mozilla/5.0 (Linux; U; Android 4.2.2; es-us; HUAWEI Y320-U151
Build/HUAWEIY320-U151) AppleWebKit/534.30 (KHTML, like Gecko)
Version/4.0 Mobile Safari/534.30"

"Mozilla/5.0 (Linux; U; Android 2.3; en-us; GT-I9100 Build/GRH78)
AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"

These are examples with the least personal information in them and they may or may not be from a popular hidden service.

I am not sure who's software or project is responsible for this but it does not exactly make these people "blend in"

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by rl1987

Component: - Select a componentOrbot
Owner: set to n8fr8

comment:2 Changed 3 years ago by n8fr8

Status: newassigned

I assume you mean using the Orweb browser?

It is true that Android's WebKit impl has some serious issues, and does not allow us to control the headers as completely as necessary to avoid browser fingerprinting.

That is why we are working on a full Tor Browser/Firefox based new browser that is in progress:
https://guardianproject.info/builds/OrfoxFennec/
https://lists.mayfirst.org/pipermail/guardian-dev/2014-August/003717.html

comment:3 Changed 12 days ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.