I noticed yesterday that scanning through checks available on browserleaks.com gave out lots of information which it really shouldn’t. Its possible to measure screen size even in safer mode and canvas fingerprint is unique also. The font test also brought back information which it shouldn’t too. Through ipleak.com its also possible to tell of timezone differences unless you happen to land on an exit node using the same time format at you. I think there are a lot of improvements which should be made to advance the protection of TBA users. Through checking PrivacyTests.org: open-source tests of web browser privacy you can see that Brave has plenty of protective features which even Tor doesn’t have, why can’t the Brave code be added to Tor or existing code modified in a way which gives the same effect?
I would also like to question the need for TBA to have microphone and camera access. It creates a large attack vector which could be completely negated by simply removing the ability from the app. The permission within the browser is ‘ask to allow’ which can be changed to ‘blocked’ but by doing so to protect yourself you will actually be more unique since nobody else is doing the same. If someone using TBA needs to upload a photo or video then they can record a video or take a photo through a dedicated camera application and then upload the file, if anybody needs audio to be broadcast they can use a secured messaging app like Signal or Wickr. The permissions are literally needless. I know for a fact that when Tor Project first took over mobile development from Guardian Project people were extremely unhappy that Tor Browser Android contained permission for GPS through both hardware and local network mapping. I also know for a fact that the one and only reason why its not still there today is because a small number of highly vocal individuals kept drawing attention to it through Tor Blog comments (back before the forum existed) and through comments left on Tor Project social media pages. As a result they finally removed what shouldn’t have been there, I distinctly remember someone asking sysrqb if he’d lost his mind whilst questioning why users of anonymity software don’t like the default GPS to within 3 foot option which comes built in.
As pressure mounts within the never ending digital arms race we need to be reducing potential points of gathering data without permission, its inevitable that some form of exploit or malware will use the microphone to listen to people and the front camera to see their faces. Right now a few VPN companies are giving out premium subscriptions for free to people of Ukraine, Tor is still allowing anyone to be an invisible eye and ear if they want it enough. Please follow logic and remove permission for microphone and camera in the next release, its removing code rather than adding it so its not going to be time consuming, I can’t imagine microphone functionality changes ability to connect. Thanks
Has this thread been acknowledged by anybody? I saw one person make three separate threads with three separate questions and nobody responded to a single one of them
I’ve had to remove one of the three because UsErS cAn OnLy PoSt @ MaXiMuM oF 2 LoNkS