Tor Browser for Android users and screen size

All desktop users now have 11.0.1 yet Android still doesn’t even have 11? Our donations are accepted and used like all else’s but we have to be at risk by running outdated software which also makes us stand out?

Doesn’t really seem fair, especially considering I mentioned this two days ago yet it’s voluntarily been ignored?

1 Like

which also makes us stand out?

Everybody is running that version, it doesn’t make you stand out?

This is sadly not the case.

Windows: torbrowser-install-win64-11.0.1_en-US

MacOS: TorBrowser-11.0.1-osx64_en-US

Linux: tor-browser-linux64-11.0.1_en-US.tar

Android: tor-browser-10.5.10-android-aarch64-multi - 10.5.10/tor-browser-10.5.10-android-x86_64-multi - 10.5.10/tor-browser-10.5.10-android-armv7-multi - 10.5.10/tor-browser-10.5.10-android-x86-multi

There is no Version 11 and no version 11.0.1

Source - Tor Project | Download

Yes, everyone on Android is running that version

Meaning we are discernible from all other users. 11.0.1 will be used by a few million whereas 10.5.10 will be used by maybe a few thousand. The smaller the haystack is easier to find the needles. Why is it taking so long to update Android?

Android is always discernible from desktop users.

maybe a few thousand

Or maybe a few million, neither of us have any evidence

(although I can point at the Tor Browser User Survey from 2021 and say “78%, 39,000+, used TB Android”, but I also need to point at “the ratio of Android to Desktop users may have been skewed due to the address bar bug”, which increased the number of TBA responses)

2 Likes

How so? If you go to ipleaks in desktop view it thinks you are using a Linux machine. If you view in mobile mode it then says Android

Android doesn’t follow ESR, I don’t think there is an ESR for android, therefore android might support stuff desktop doesn’t. The user agent includes that it is Android.

Edit: And of course, screen size/aspect ratio

If that’s known to make it stand out then why not design an ESR for Android, whatever an ESR even is. Team Tor do have specialist in many areas after all.

The user agent does not contain the word Android. I’ve checked and I get
“User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0”

Screen size wouldn’t/shouldn’t be an issue if using safest mode as discussed here How does Tor Android hide screen size? - #23 by iekbwalfahngtdpupz

why not design an ESR for Android

Because it’s mozillas job. ESR stands for Extended Support Release. ESR means they don’t add new features.

The user agent does not contain the word Android

Yes, unless you enable “Desktop Site”, when I didn’t I got “Mozilla/5.0 (Android 10; Mobile; rv:91.0) Gecko/91.0 Firefox/91.0”, when I enabled “Desktop Site” I got the same as yours. Remember though, most people probably don’t do that, and anonymity comes from looking like everyone else.

Screen size wouldn’t/shouldn’t be an issue if using safest mode

https://matt.traudt.xyz/posts/how-css-alone-can-help-track-you-YF4ciVY6/

2 Likes

That seems to be the answer for many shortcomings

I know, I said it here

Perhaps it should be set by default with the option of changing to mobile view?

The link you posted has already been discussed and the risk could easily be mitigated if letterboxing was added to Android as it has been to desktop since 2019. I believe some prodding around found that even desktop isn’t 100% secure against CSS attacks but as previously mentioned a legitimate service owner would not deploy such methods, not unless forced or compromised.

Edit* There is more anonymity within the generic label of Linux than there would be in mobile view mode. I assume viewing sites in desktop mode makes your fingerprint (user agent wise) no different than someone viewing from an actual Linux distribution, but I may be wrong. I’d also prefer them following a false shadow until the session ends rather than repeatedly telling the same site when I’m back again via user agent. If updates weren’t so sporadic it could be an idea to spoof all Android user agent to match a regular Linux machine, unless it’s the job of Mozilla :wink:

Hi @Armadillo, ESR stands for Extended Support Release – and is one of two update channels Firefox is available through. As the name implies, it’s a major version of Firefox that receives updates for an extended period of time. Tor Browser for Desktop is, at present, based on the ESR update channel – and is upgraded annually to the newest ESR available too. For example, Tor Browser 11 for Desktop includes an update to the Firefox 91 ESR.

Mozilla doesn’t offer ESRs for Fenix (the latest edition of Firefox’s Android browser) however, which is why Tor Browser for Android doesn’t use them. Although we try and keep both the desktop and mobile releases of Tor Browser in sync, there can occasionally be a slight delay between each.

3 Likes

That is understandable, your response is much appreciated.

Do you have a predicted time of release for 11.0.1 on Android and what changes will it include?

Thanks