Reply to post: Re: Tor, DNSCrypt, etc.

Apple iOS 14.5 will hide Safari users' IP addresses from Google's Safe Browsing

doublelayer Silver badge

Re: Tor, DNSCrypt, etc.

"Can a personal phone (not a burner) be made equivalently secure?"

Yes, if you're willing to go to quite extreme lengths, including buying only a specific subset of available phones, hacking bootloaders to let you in, and the like. Some steps don't require it, but some do. I'll take each in turn:

"I can run Linux from a non-persistent thumb drive": This one's hard. Even when a phone supports a custom image, it's a persistent one. Very few phones support an easy non-persistent system. A few exist, all designed for Linux mobile distros, but those are a little rough and don't support everything, so unless you want to hack around with them you likely aren't buying them. If you're using a more normal Android device, your best chance is to backup an image, use the current one, then manually erase and reflash the old one back on. That can take half an hour and requires manual intervention.

"and set up a signal chain that looks like ISP-->VPN-->Tor-->DNScrypt,": This one's easier. Android supports VPN, and most providers will have a client. OpenVPN is one of them in case you're running your own. If Tor is configured on your VPN endpoint, that will work fine. I think any on-device Tor client that works on all Android traffic would conflict with your VPN configuration, but you do have the Tor Browser available in case you can't make your endpoint run the circuits for you.

"then run locked-down Firefox on same.": There is Firefox for Android, or the Tor Browser which is based on it, or a few other options. Locking those down is possible.

The harder part is limiting software placed on the device. With effort, you can find and disable or uninstall some of the stuff, but it's not always possible to determine what everything is or what it's doing. That's why, if you want certainty, you have to get a customized Android or Linux variant. The unfortunate part is that many phones simply will not let you install one, and those which are open enough may not be supported. If you're willing to recompile kernels and the like, then you can get closer to the goal, but that takes time and expertise.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon