[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] All I Want For X-mas: TorPhone



spencerone@openmailbox.org writes:

> Awesome!
> 
> Though a tablet could work, I am more for a more pocket-sized mobile
> device. Also, Seth, thanks for the more in-depth concern regarding
> the WiFi MAC address and guard nodes, however, though I am all for
> people knowing how their devices work and why, the details of that
> kind of stuff is a bit over my head, even if I know what they are.

Hi Spencer,

The MAC address, at least, is a very important issue if you actually
want users to have location privacy with the device.  One of the most
important ways that governments and companies track physical locations
today is by recognizing individual devices as they connect to networks
(or, with some versions of some technologies, when the devices announce
themselves while searching for networks).  If the device itself has a
recognizable physical address that a network operator or just someone
listening with an antenna can notice, that is a tracking mechanism --
and not a theoretical tracking mechanism but one that's been reduced to
practice by advertisers, hotspot operators, and governments.

Depending on what kind of privacy you're looking for, using Tor in this
scenario might not help much, because other people can still tell where
"you" are (at least a particular device!), and, depending on the scope of
the trackers' view of things, may be able to go on to make a connection
between "your device using Tor today over here" and "your device using
Tor next week over there".  In that case, the users of such devices
don't get the level of blending-into-a-crowd they might expect.

One privacy property you might want as a user of such a device is that
when you get online from a particular network, other people on that
network don't know it's you, but just see that some non-specific user of
the TorPhone is now on the network.  Without solving the MAC address
issue, and possibly some other related issues, you won't get that
property, even if the device is totally great in other ways.

The guard nodes historically may have constituted a similar problem
("oh, it's the Tor user who likes to go through nodes x, y, and z, not
the other Tor user who likes to go through w, x, and y, or the other
other Tor user who likes to go through p, q, and x").

A more general point is that someone who's trying to track you may use
_any_ available observable thing about you, your devices, your behavior,
and so on.  That's why really making users less distinguishable calls
for a lot of careful thinking and a lot of hard work, like in

https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability

If you're talking about making a whole device like a phone, a lot of
that process has to be repeated, over and over again, to have a hope of
getting really strong privacy properties.  (Some people trying to make
Tor-centric operating systems like Whonix and Tails have definitely been
thinking about these problems at the operating system level, but they're
currently targeting laptops rather than phones.  And yes, they do worry
about the wifi MAC address!)

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk