Hey PaulD, If you're testing out Orweb, could you also take a look at Orfox, you can get the apk here https://guardianproject.info/builds/Orfox/ . You could also report issues over at https://dev.guardianproject.info/projects/orfox-private-browser/issues?fixed_version_id=169&set_filter=1&status_id=* .
On 27/01/15 00:21, PaulD wrote: > I have reason to believe that it is possible to deanonymize an orbot > user using the verizon supercookie. Possibly other "supercookies" as well. > > Provided that: > (a) the phone is communicating on mobile data, not wifi > (b) user visits an http page (not https) > (c) no other anonymity tools such as vpns stand in the way. > > Unclear whether root permissions matter. My phone is NOT rooted. > > My sample size is really small. just my phone. With that said, it seems > that it is possible to deanonymize a pretty big chunk of tor users, > without serious effort. > > The bottom line is that I visited the "do you have the verizon > Supercookie" website with orweb, and it appears that I do. > > http://lessonslearned.org/sniff > > > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected]
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
