spencer...@openmailbox.org writes: > Awesome! > > Though a tablet could work, I am more for a more pocket-sized mobile > device. Also, Seth, thanks for the more in-depth concern regarding > the WiFi MAC address and guard nodes, however, though I am all for > people knowing how their devices work and why, the details of that > kind of stuff is a bit over my head, even if I know what they are.
Hi Spencer, The MAC address, at least, is a very important issue if you actually want users to have location privacy with the device. One of the most important ways that governments and companies track physical locations today is by recognizing individual devices as they connect to networks (or, with some versions of some technologies, when the devices announce themselves while searching for networks). If the device itself has a recognizable physical address that a network operator or just someone listening with an antenna can notice, that is a tracking mechanism -- and not a theoretical tracking mechanism but one that's been reduced to practice by advertisers, hotspot operators, and governments. Depending on what kind of privacy you're looking for, using Tor in this scenario might not help much, because other people can still tell where "you" are (at least a particular device!), and, depending on the scope of the trackers' view of things, may be able to go on to make a connection between "your device using Tor today over here" and "your device using Tor next week over there". In that case, the users of such devices don't get the level of blending-into-a-crowd they might expect. One privacy property you might want as a user of such a device is that when you get online from a particular network, other people on that network don't know it's you, but just see that some non-specific user of the TorPhone is now on the network. Without solving the MAC address issue, and possibly some other related issues, you won't get that property, even if the device is totally great in other ways. The guard nodes historically may have constituted a similar problem ("oh, it's the Tor user who likes to go through nodes x, y, and z, not the other Tor user who likes to go through w, x, and y, or the other other Tor user who likes to go through p, q, and x"). A more general point is that someone who's trying to track you may use _any_ available observable thing about you, your devices, your behavior, and so on. That's why really making users less distinguishable calls for a lot of careful thinking and a lot of hard work, like in https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability If you're talking about making a whole device like a phone, a lot of that process has to be repeated, over and over again, to have a hope of getting really strong privacy properties. (Some people trying to make Tor-centric operating systems like Whonix and Tails have definitely been thinking about these problems at the operating system level, but they're currently targeting laptops rather than phones. And yes, they do worry about the wifi MAC address!) -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk