Silk Road forums
Discussion => Security => Topic started by: proxanne on August 21, 2013, 07:06 am
-
Is this app a safe way to browse .onion sites?
Quote from their webpage:
Onion Browser is a minimal web browser that encrypts and tunnels web traffic through the Tor onion router network and provides other tools to help browse the internet while maintaining privacy. See more features & benefits.
The Onion Browser grants access to the Tor network, although not affiliated with the Tor project.
It is available for iOS in the app store for 99 cents. I think it is available for android devices and other OS as well.
Any thoughts on using mobile devices to access the deep web? Does this raise any immediate security concerns?
One security downfall for this, I noticed, is it is impossible to disable java script. In fact, there are no settings that allow you to control what web pages do while you view them.
I just bought this recently on the Apple iPhone 4S. It's a little buggy and is the bare essentials of an onion browser.
Edit: their page also mentions it is not available in Iran and China because their governments block access to tor? Is this even possible? I thought tor was used to circumvent government restrictions on Internet access.
-
Is this app a safe way to browse .onion sites?
Quote from their webpage:
Onion Browser is a minimal web browser that encrypts and tunnels web traffic through the Tor onion router network and provides other tools to help browse the internet while maintaining privacy. See more features & benefits.
The Onion Browser grants access to the Tor network, although not affiliated with the Tor project.
It is available for iOS in the app store for 99 cents. I think it is available for android devices and other OS as well.
Any thoughts on using mobile devices to access the deep web? Does this raise any immediate security concerns?
One security downfall for this, I noticed, is it is impossible to disable java script. In fact, there are no settings that allow you to control what web pages do while you view them.
I just bought this recently on the Apple iPhone 4S. It's a little buggy and is the bare essentials of an onion browser.
Edit: their page also mentions it is not available in Iran and China because their governments block access to tor? Is this even possible? I thought tor was used to circumvent government restrictions on Internet access.
(Puts tinfoil hat on). Personally, I would't consider ANY phone app safe, period.
Disclaimer: I don't own a cellphone -- I consider a cellphone a snooping device that also allows you to make and receive telephone calls.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
I think there are a few exploits that can open up your identity to an attacker/spy.
Mike Tigas is pretty open about some of the potential issues of Onion Browser.
From website-->
Bugs, Caveats, Side Notes
See the Github project for a current list of known issues.
Using Onion Browser does not inherently guarantee security or privacy. It simply provides a set of features that may enhance privacy and anonymity while browsing the web. For more information: The Tor Project maintains a small section about staying anonymous over Tor, as do several threads on Reddit and other messageboard sites.
Disclaimer: Onion Browser only tunnels traffic within the Onion Browser app. You are still using a smartphone, and in extremely sensitive circumstances you should be aware that iOS or your cellular provider may continue to leak non-Onion Browser traffic and other information.
Major iOS SDK Limitation: Websites using HTML5 <video> tags will leak <video>-related DNS queries and data transfer outside of Tor. This includes YouTube, Vimeo, and any website using iOS-compatible HTML5 video. This is a behavior of the embedded QuickTime player and there is currently no known workaround. (h/t to josyw.)
iOS SDK Limitation: Javascript cannot be disabled in the `UIWebView`, so script-based detection may identify your device even if User-Agent Spoofing is enabled.
iOS SDK Limitation: Related to above, the HTML5 Geolocation API cannot be disabled. The browser will ask you for permission to access your location if a website asks for it via the HTML5 Geolocation API. If you allow this, then said website will (obviously) know your actual current location.
Common Sense: If you log into websites in Onion Browser that you normally log into outside of the Tor network, they will a) still know who you are, and b) know that you use Tor. In certain circumstances (i.e. political dissent in repressive nations), this may be incriminating information in itself.
-
So would you say that using the app strictly for sr and its forums is enough to protect your identity? The problem seems to be that scripts cannot be disabled, but I don't believe sr runs scripts that will compromise your identity. So as a Silk Road only app, I believe it is a viable option.
-
I wouldn't trust IOS with anything which could be considered illegal or objectable by law enforcement. For all we know they could have a spying suite tucked away inside that code. Sell your iphone and buy an android, install a custom ROM and leave all google oriented apps off that shit.
The only security benefit I can see to using The Onion Browser is that so little people use it that a doubt an exploit would target it.