Is traffic routed through TOR? #63
Comments
philippmayrth
added
documentation
|
I think this is unnecessary since you "trust" Apple and/or Google if you use a smartphone to use this app. |
|
Yes, you do have the choice to trust Apple or Google. Yet you have no choice but to place trust in telekom with the backend. |
|
Please, there's already 200+ comments about this in #13 that don't lead anywhere. Opening new issues for the same thing doesn't help at all, it just makes the discussions repeat even more than they already do. No, the traffic is not routed through Tor. No, the server knowing client IPs is not a security issue. |
|
@Leseratte10 those are different things in #13 voices concerns with manipulating data stored on the device whereas this ticket voices concerns with metadata stored on the server. |
Such issues are also discussed there. At a certain point you will have to trust every backend, at least to a certain extent. However, you will be able to see which data is sent to the server, as the backend will be open source. As @Leseratte10 already pointed out, this will most probably be the IP address only (and the maintainers already confirmed that the IP will be deleted after a short period of time). |
|
We don't want to add 40M clients to the TOR network. No one knows if the network would withstand that. Also the load on the mobile networks would increase significantly. |
|
It wouldn't. And it wouldn't be what Tor was designed for. It was designed for people in dictatorships like China, or people that have to fear a political prosecution for their statements. Not because people's feelings are hurt because one server knows a phone's IP that doesn't get logged long-term. |
It was also designed to protect journalists in those dictatorships. Or whistleblowers.
The state could host exit nodes. I'm sure, Deutsche Telekom has infrastructure for doing so.
You're already zero-rating videos of certain service providers. That could be another exemption. |
Tor was designed by the NSA for the american government, only afterwards "given away" as opensource project. I dont see a reason to blindly trust Tor. |
You rarely hear of TOR hacks, though. |
All it takes is one entrypoint ;) The people that initially made Tor are likely also the best to know their weaknesses. |
What is missing
Is the communication between the app and the backend routed in a way that will prevent leaking IPs by design for example using the TOR network?
Why should it be included
Since there is no way (Im aware of) to audit the backend and ensure the logs are deleted an app users should not have to "trust" it to use it.
At least for things like remote updating the configuration.
Where should it be included
In the codebase and documentation.
The text was updated successfully, but these errors were encountered: