All desktop users now have 11.0.1 yet Android still doesn’t even have 11? Our donations are accepted and used like all else’s but we have to be at risk by running outdated software which also makes us stand out?
Doesn’t really seem fair, especially considering I mentioned this two days ago yet it’s voluntarily been ignored?
Meaning we are discernible from all other users. 11.0.1 will be used by a few million whereas 10.5.10 will be used by maybe a few thousand. The smaller the haystack is easier to find the needles. Why is it taking so long to update Android?
Or maybe a few million, neither of us have any evidence
(although I can point at the Tor Browser User Survey from 2021 and say “78%, 39,000+, used TB Android”, but I also need to point at “the ratio of Android to Desktop users may have been skewed due to the address bar bug”, which increased the number of TBA responses)
Android doesn’t follow ESR, I don’t think there is an ESR for android, therefore android might support stuff desktop doesn’t. The user agent includes that it is Android.
If that’s known to make it stand out then why not design an ESR for Android, whatever an ESR even is. Team Tor do have specialist in many areas after all.
The user agent does not contain the word Android. I’ve checked and I get
“User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0”
Because it’s mozillas job. ESR stands for Extended Support Release. ESR means they don’t add new features.
The user agent does not contain the word Android
Yes, unless you enable “Desktop Site”, when I didn’t I got “Mozilla/5.0 (Android 10; Mobile; rv:91.0) Gecko/91.0 Firefox/91.0”, when I enabled “Desktop Site” I got the same as yours. Remember though, most people probably don’t do that, and anonymity comes from looking like everyone else.
Screen size wouldn’t/shouldn’t be an issue if using safest mode
Perhaps it should be set by default with the option of changing to mobile view?
The link you posted has already been discussed and the risk could easily be mitigated if letterboxing was added to Android as it has been to desktop since 2019. I believe some prodding around found that even desktop isn’t 100% secure against CSS attacks but as previously mentioned a legitimate service owner would not deploy such methods, not unless forced or compromised.
Edit* There is more anonymity within the generic label of Linux than there would be in mobile view mode. I assume viewing sites in desktop mode makes your fingerprint (user agent wise) no different than someone viewing from an actual Linux distribution, but I may be wrong. I’d also prefer them following a false shadow until the session ends rather than repeatedly telling the same site when I’m back again via user agent. If updates weren’t so sporadic it could be an idea to spoof all Android user agent to match a regular Linux machine, unless it’s the job of Mozilla
Hi @Armadillo, ESR stands for Extended Support Release – and is one of two update channels Firefox is available through. As the name implies, it’s a major version of Firefox that receives updates for an extended period of time. Tor Browser for Desktop is, at present, based on the ESR update channel – and is upgraded annually to the newest ESR available too. For example, Tor Browser 11 for Desktop includes an update to the Firefox 91 ESR.
Mozilla doesn’t offer ESRs for Fenix (the latest edition of Firefox’s Android browser) however, which is why Tor Browser for Android doesn’t use them. Although we try and keep both the desktop and mobile releases of Tor Browser in sync, there can occasionally be a slight delay between each.