I’ll raise 3 topics: SafetyCore (built-in spyware), context menu and Telegram trustworthy.
- I suppose everyone who uses or will use Tor should be noticed that they may expose themselves if they have Android Safety Core or Apple device or Windows system with Recall. They can be re-enabled silently any time. It should be articulated explicitly.
Apple scans all files in finder. In their privacy policy, about use of personal data:
Security and Fraud Prevention. To protect individuals, employees, and Apple […] prescreening or scanning uploaded content for potentially illegal content […].
Noticed that just a few people find that Android silently installed “SafetyCore” service that implicitly scans your files, drains battery and may send anything to Google. This case didn’t make noise, awareness is low yet.
-
Ability to modify context menu. Is is necessary to have in Tor Browser context menu things like “Take screenshot”, “Print selection”, “Email image”, “Copy image”, “Set image as desktop background”
Who will use TB to find a background image or to email friend an image or print a document? I think there’s more damage (Leaking be missclicking data to OS handlers) than actual benefits for primar audience.
At least, if one finds them handy and estimates the idea to hide them by default mad, it would be useful to modify the context menu, at least through config file. -
Using Telegram immediately compromises you and it’s dangerous (excluding when one runs it through VM with private VPN and virtual number purchased with some crypto) and should not be used as a primary way to request bridges or ask a support.
Or at least one should be noticed how dangerous it is.
(Although I haven’t find currently Telegram bot listed on the bridges page)
Discuss.