A few thoughts (SafetyCore, Context menu, Telegram)

I’ll raise 3 topics: SafetyCore (built-in spyware), context menu and Telegram trustworthy.

  1. I suppose everyone who uses or will use Tor should be noticed that they may expose themselves if they have Android Safety Core or Apple device or Windows system with Recall. They can be re-enabled silently any time. It should be articulated explicitly.

Apple scans all files in finder. In their privacy policy, about use of personal data:

Security and Fraud Prevention. To protect individuals, employees, and Apple […] prescreening or scanning uploaded content for potentially illegal content […].

Noticed that just a few people find that Android silently installed “SafetyCore” service that implicitly scans your files, drains battery and may send anything to Google. This case didn’t make noise, awareness is low yet.

  1. Ability to modify context menu. Is is necessary to have in Tor Browser context menu things like “Take screenshot”, “Print selection”, “Email image”, “Copy image”, “Set image as desktop background”
    Who will use TB to find a background image or to email friend an image or print a document? I think there’s more damage (Leaking be missclicking data to OS handlers) than actual benefits for primar audience.
    At least, if one finds them handy and estimates the idea to hide them by default mad, it would be useful to modify the context menu, at least through config file.

  2. Using Telegram immediately compromises you and it’s dangerous (excluding when one runs it through VM with private VPN and virtual number purchased with some crypto) and should not be used as a primary way to request bridges or ask a support.
    Or at least one should be noticed how dangerous it is.
    (Although I haven’t find currently Telegram bot listed on the bridges page)

Discuss.

1 Like

Since 85%+ of desktops or laptops use Windows here is the MS article for Recall.
https://support.microsoft.com/en-us/windows/retrace-your-steps-with-recall-aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c

There is a System requirements for Recall
A Copilot+ PC that meets the Secured-core standard
40 TOPs NPU (neural processing unit)
16 GB RAM
8 logical processors
Users need to enable Device Encryption or BitLocker
Users need to enroll into Windows Hello Enhanced Sign-in Security with at least one biometric sign-in option enabled in order to authenticate

TLDR;
Bottom line: Windows logo key +J tells you if recall works. Now you can worry.

Do a search on DuckDuck for: Windows system with Recall
There are links to disable Recall

1 Like