I went to update Orbot on my Android phone yesterday, but it wouldn't proceed with the update until I approved new permissions. Pic related.
Why does Orbot need to know my phone number and device ID, when I'm making a phone call, and whom I'm calling? This is fishy.
Is it related to this piece of news about The Guardian Project starting to track users? (Which is chilling enough in itself).
guardianproject.info
Other urls found in this thread:
guardianproject.info
guardianproject.info
play.google.com
guardianproject.info
f-droid.org
f-droid.org
twitter.com
Download the orbot apk directly from here. The one marked 'latest'. Be careful of any mitm ruses.
guardianproject.info
This one, actually (they don't mark one 'latest' in that list apparently).
guardianproject.info
How would that help? They're integrating the tracking into the software itself though the Clean Insights Android SDK. It's not specific to the Play Store as far as I can tell.
There's literally no reason to install orbot when the software underneath it is untrustworthy, which it is for every smartphone.
Please refrain from useless comments.
Its a fact though, cell phones of every type are insecure and should never be used for this sort of thing. Remote activation, backdoors, and who knows what other botnet is installed.
It's irrelevant to the question at hand, which is about Orbot's new required permissions and what that might mean.
If I wanted people to opine about cell phone security, I'd have made a thread about that.
What sort of thing?
Browsing through tor, possibly less then legal activities.
What you should be doing is keeping your identities seperate. Keep your nose clean and look like a good goy on your phone. Don't go installing software which isn't even secure (due to your phone having backdoors and other bullshit).
I could hardly give a fuck about what some retarded user crying about an app's permission on his phone. Its very stupid to install it in the first place.
You have no idea what you're talking about. Run along now. Adults are talking.
the question itself is irrelevant you mongoloid
you do not have the ability to grant permissions. you have nothing but the illusion of control over proprietary software and intentionally defective hardware
adults do not speak like this. you are making a fool of yourself
You've stated your opinion. Now fuck off if you have nothing relevant to the topic of the thread.
I understand you're a ruined person, but shitposting isn't going to make up for the fact that your mom didn't hug you enough.
listen to yourself, mate
I came into your thread with free knowledge and you have responded with nothing but middle school tier insults
have a nice life
No no, the guy is right, and you're behaving like a little faggot who needs to access onion sites insecurely because a stupid phoneposter
opsec matters
Can you say "clean compile of Android"? Can you say "custom ROM"? Can you say "Replicant"? Can you say "Agent Fud doesn't want you to use Tor"?
You're both pretentious idiots with nothing of value to say. Go away.
Right about what? That smartphones are insecure? That baseband firmware is insecure, unauditable, closed-source garbage? That Android has a piss-poor security track record?
No shit, you fucking autist. I have a threat model for my smartphone use. And it doesn't include well-funded nation-state actors. Orbot serves a number of other purposes for my uses. And at the moment, I'm more concerned about why Orbot wants what is essentially metadata about all of my phone calls and my device id than I am about GCHQ popping an 0day to see what I'm posting to Holla Forums.
Holy fuck, you people are stupid.
we were the only two people nice enough to reply to this frankly idiotic thread
have fun by yourself
No need to suddenly get insulting when we tell you what the problem is with using tor on an unsecure platform.
Listen here kiddo, if you care enough to use tor on your phone then whatever permissions you give it really doesn't matter. There are ways to get around "Pls gib this app permissions".
How about instead of worrying what its asking, look instead where you are downloading it from. Is it from the original and trustworthy source? Or from a 3rd party?
By the way, this board is for technology, not children who don't know shit about software and technology and start crying and calling names when someone points out an issue.
Please do the world a favor and get v&
Look at him and laugh
What part of the post you're responding to don't you understand?
I'm not interested in your unsolicited advice. You have nothing to offer me. You don't know anything about this subject that I don't already know. I am not impressed by the fact that you watched Citizenfour a couple of times and you think you're an opsec guru now.
If you can't answer the question in the OP, fuck off.
Whatever your game is, you're not making much sense at all. You're the one coming off as the juvenile here. And a confused one at that. OP doesn't want your bad advice and I can't blame him. Stop shoveling nonsense and get lost. Maybe you can find someone dumber than yourself to impress somewhere else.
I've never had Orbot ask for increased permissions, and I'm using the latest stable version. If I were you, I'd compare the checksum of the apk on your device to a known good copy. I kind of doubt that the Guardian Project is going to do anything intrusive. I'd be more inclined to think you got mitm'd and passed a bad apk.
That's a good suggestion. I'll check.
It does strike me as odd that this happened on the same day they put out the aforementioned blog post, though.
The apk checks out. They also list the "Device ID & call information" permission in the permissions details for the app.
play.google.com
The F-Droid version does not require these permissions, because it is a couple of years out of date (!).
Maybe I'm using an older version than you. It's the latest stable version, and downloaded directly from the Guardian Project site. I never install from the Play Store if I can avoid it. You could be using a beta or rc? Mine asks for no permissions at all on a new, clean install. Following is the apk name and sha-256:
Orbot 15.2.0-RC-8-multi.apk
SHA-256:
3758e1b6e6b9a3b7848b253d08d6c0b1b1b3223184da4bd2ba1aaff8cf676357
No, it isn't and asks for these
Or what the fuck? Last time I used it it was up-to-date.
That's the previous version from Oct. 2016. It's what I was running. The new version is
guardianproject.info
released June 1, 2017.
f-droid.org
f-droid.org
The F-Droid version is out of date.
But the guardian project repo that comes with f-droid have it updated, not? I did clean install yesterday and didn't check the guardian project repo like I always do, my wrong.
Ok, I just upgraded via the Play store just to see what's going on. Then I saved the apk, uninstalled it, and reinstalled it, so I could get a clear picture of what permissions it wanted. Pic-related is what I got. And, yes, it's the version you mentioned. I don't have any hidden services though. That's what the new permissions are for, hidden service backup. It does say they're optional.
Sorry, I only know what I see on f-droid.org. Perhaps the website is out of date and the actual repo is newer.
What version of Android are you running?
I'm using Cyanogenmod 13 which is Marshmallow based. I haven't switched to Nougat based LineageOS because I like to use some Xposed Framework modules.
The apk name I upgraded to on Play store and SHA-256 are listed below. It asked for no permissions on install, as shown in the previous screenshot.
Orbot 15.4.1-RC-1-multi.apk
SHA-256:
b38683345188f6fbfdfd4d5db03f0a2d8cf510c320d056e63c4aff8824d267f3
Ah, Marshmallow allows fine-grained permissions. And manual control on a per-permission basis.
I'm on Lollipop, unfortunately.
I guess I should finally look into installing LineageOS.
Where did you find the information that the new permissions are for hidden service recovery?
That's what it said when I looked through the Play Store Orbot comments.
Btw, the SHA-256 does match the apk on the Guardian Project site, so that's not a problem.
Yep, sounds like it might be a Lollipop thing then.
Thanks for your help.
I suppose I should install Lineage soon. In the meantime, I'm just going to uninstall Orbot.
Read the fucking changelog, or since it's Free Software, read the fucking code. Justread something.
Use F-droid nigger
Phones are irreedemable spyware and botnet, you just have to deal with that.
Just dont use phones for anything non-normalfaggy.
Orfox is good because it gives you proxy layers while web browsing, but it isn't a super-encrypted-private VPN for hackermen.
Permissions change nothing if you run software as root.
Lol what a gay little faggot. enjoy your botnet and personal profile being pieced together by some landwhale at the NSA cause you couldnt take some anons advice.
and you aren't the fucking software police
Some people are unable to help themselves by posting some idiot variation of "All cellphones are theoretically insecure because of some binary blobs, therefore PANIC AT ALL TIMES LIKE A SPAZ!" at every opportunity. I guarantee you that the loser you replied to is the type to post "If you're not paying for the product you are the product derp derp derp etc" on a dozen forums daily, and patting themselves on the back for their amazing unique insight.
Metaphorically patting themselves on the back, anyway. A steady diet of cheetos and mountain dew doesn't really lend itself to a physique that allows for literally patting oneself on the back.
Ackchyually it's a hell of a lot more than that. If you've ever actually looked into it in any remote detail you'd know cellphones belong to the carriers and manufacturers far more than they do the consumer. Thanks to the fact most of the device is run by completely closed source firmware and software you have very little way of controlling your computing to any reasonable degree of security.
But nice straw-manning and ad-hominem, you really made your point there, well done and upvoted
Then stop being a whiny unhelpful bitch, and point to a phone that I can buy today that passes your criteria for "actually belongs to the consumer". I got my credit card handy. I'm literally ready to buy. Just link to a website with such a phone, and I'll buy it today. Waiting on you now. Anytime.
Damn you are fucking new, people here shit on cellphones because they're complete shit by design if you want freedom. You can get all upset and triggered by it because you love your Samsung galaxy model xx or your precious iphone but the fact is it takes a lot of effort and time from very brilliant people to reverse engineer this hardware/firmware and inevitably you're going to be fucked either way because of the design of the networks. Keep on shitposting though,. Maybe go to /g/ if you want to circlejerk about how great your cellphone is or how anyone that criticizes them is just a fat neckbeard
Aww, does my use of a cellphone trigger you? I'm so sorry that you have to face people with different viewpoints, and that /tech can't be your personal little safe-space hugbox.
I don't care what you use, your freedom and security means nothing to me friendo. You're the one who appears to be coming here to be spoon fed and when something you eat tastes bad you throw a fit
So many 12 year olds here on the weekends. All they want to do is fight and whine. And summer coming up. Kill me now...
Write them to release a non-tracking version, so users can select their privacy preference at the time of download, not at the time of installation.
Since you're a fucking retard that can't even go and check the permissions FREE and OPEN SOURCE SOFTWARE uses and why that FREE and OPEN SOURCE SOFTWARE needs those permissions or why those permissions might not be what you think they are because they're misrepresented by your terrible mobile operating system, the only thing I'm certain of is that you made a blog post thread in order to be spoonfed and are the cancer killing Holla Forums, along with all of the other fucking retarded software recommendation/spoonfeeding/ironic shitposting threads.
Let alone the points the other user brought up. The same goes for you, moron. Holla Forums is not your safe space. Don't be surprised when someone calls you out for being a drooling fucktard, when you are one.
Lay off the meth or crack or whatever is making you act like an asshole. You'll feel better. Enjoy your day.
"""Nathan Freitas""" cares not for your freedom.
lists.torproject.org/pipermail/tor-talk/2017-June/date.html
I prefer it when people are as hostile and mean as humanely possible here. It filters out the reddit fags who get too emotional and can't handle it
So you're like what, 12 or something?
That's really, really depressing. I'm glad I'm not you.
I laugh my ass off at people getting roasted on this board all the time. What you want everyone to be unconditionally cordial and boring all the time? Go to reddit or something then
Or you could just get your diaper changed and play with your dolls, junior. lol
I want everyone to be cordial here in Holla Forums. I believe that acting like a retard invites actual retards who believe they're in good company. There are plenty of places in Holla Forums to be funposters, please don't help attract them to Holla Forums of all places.
It's worse than it's ever been right now and this whole thread is evidence, most of the default hostility is coming from the newfags that have no idea what they're even talking about
wow burn, lmao, totally rekkkttttt, lol. Nice, my dude
Your first problem is installing from Google Play
If you run hashes on the orbot apks from google play, f-droid, or the guardian project site itself, they all match.
...