So when using Tor, logging into some personal account with real name is usually considered a useless move which it is, but then I don’t understand anything about how Orbot works.
WiFi traffic intercepted using WiFi Pineapple makes an adversary see everything unencrypted, cookies that weren’t secure properly etc, wouldn’t the end node of Orbot hopping your phone traffic reveal everything as well? Since the data from the exit node to the destination is unencrypted. And no way everything you do in your phone is under an alias.
I just don’t understand Orbot. I don’t understand how it is a privacy tool.
So Orbot routes all of your device’s traffic through the Tor network, so your IP address is anonymous for all of your phone’s internet traffic (other fingerprinting features can still be used)
Your traffic is routed through 3 randomly selected nodes worldwide. Therefore, no single node knows who you are, and what you’re browsing, at the same time.
If your wifi traffic is intercepted locally, the attacker knows who you are, but doesn’t know what you’re browsing. If the exit node is compromised, it knows what you’re browsing, but it doesn’t know who you are (your real IP address).
I wrote personal, as in something like your Instagram with your actual name. Since its very hard aliasing your entire phone traffic, won’t the exit node be able to know everything about you if you’re routing traffic through it? That was my doubt.
And I have watched multiple explanations where it’s clearly said the exit node’s connection to your destination is unencrypted.
Exactly my problem with Orbot! If I route my entire traffic through it without any alias, they might not have my real IP but the exit node still knows my identity right?
Aliasing your whole phone is just not possible completely, so why and how is Orbot a good privacy tool?
If you have a bad actor inside your LAN I can assure you that TOR is the least important thing in that case.
All traffic inside of the TOR network is encrypted.
First of all, it’s a tor node. Not an Orbot node, Orbot is the name of the mobile app to access it.
And the trafic that goes from the exit node to the server is encrypted. (Obviusly as far as you use HTTPS, which you should be doing)
You must be aware of that. All of the anonymity that TOR provides is rendered useless if you end up being finguerprinted by another thing.
Ej: the way you type, your timezone, crossing information, JS, etc…
I would advise against using The Tor Browser on Android. Use a whonix VM.
And regarding app traffic, well, routing things like Instagram is useless since they already know a looooot about you and can easily deanonymize you.
Althought it can still be useful for bypassing firewalls and restrictions.
I’m not an expert and I could be wrong about what I’ve said. Also, sorry for the gramatical errors.
I don’t use it, it was merely an example. I am more worried about the traffic of all my secure apps being intercepted or traced back to me.
ahh amateur mistake, sorry.
right alot of what you said clarified some doubts but I uninstalled it from my phone since its too confusing. The place I live in is planning laws to become more Orwellian so I was looking at other ways, but I gotta find something else.
The exit node knows what you’re browsing, but doesn’t know who you are. If you’re using HTTPS encryption on sites you visit, the exit node won’t be able to pick up on other fingerprinting measures used by the site you are visiting.
It is a good privacy tool because it hides your real IP address, and hides your browsing traffic from your ISP.
Just to chime in, Orbot is a very interesting piece to the puzzle since it doesn’t generally have a huge use-case in many people’s threat models. It’s incredibly inconvenient of a tool to run system-wide, without properly being able to guarantee anonymity. So it ends up being just a trustless VPN. (Trustless as in there’s no central party for you to trust)
Because of this, I always go back to Orbot being a trusted, free ‘VPN’ that just swaps in as your VPN. This may be only worth considering for people who are very strapped for cash and can’t afford a quality VPN provider. That’s the only real use-case I come back to for the tool outside very specific situations - like maybe a certain browser you use communicates with Orbot and allows you to onion-route that browser’s traffic via Tor. Even then though, there’s now an official Tor Browser for Android, so