Tor Browser includes lots of changes beyond just forcing all network traffic over Tor. There are many little details in how apps use the network that can leak identity info that are ameliorated in Tor Browser. I think we should aim to make NetCipher the canonical collection of these config for Android apps.
For example: * TLS Session Identifiers/Tickets * detailed info in HTTP User Agent * HTTP ETag The only question for me is how best to expose this stuff to the developer using the NetCipher library. We should make NetCipher include all protections by default, so it does the right thing for anonymity without special setups. Otherwise it is too easy to mess up and leak private info. But since some of these things provide substantial speed improvements, we need to provide a way to disable them. One idea would be to tell devs to use plain networking when going direct and not through Tor. Another would be to have methods to disable specific settings. I'm hoping to open up the discussion to hear other ideas. .hc -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
