Recommend enabling isolation options in Orbot

Let’s say I create an account on discuss.privacyguides.net and discuss.grapheneos.org, one of them is under pseudonym Jake and another one is under pseudonym Luke.

If I use Orbot with isolation options disabled, I connect to both forums with the same IP address that changes at the specific interval, which makes it extremely obvious that Jake and Luke are the same person.

Using isolation options also makes Tor more usable when using it system-wide.

2 Likes

I didn’t know you can enable such isolation in Orbot. How do I do that?

@unlighted3098

1 Like

Current guidance on the site for reference:

We previously recommended enabling the Isolate Destination Address preference in Orbot settings. While this setting can theoretically improve privacy by enforcing the use of a different circuit for each IP address you connect to, it doesn’t provide a practical advantage for most applications (especially web browsing), can come with a significant performance penalty, and increases the load on the Tor network. We no longer recommend adjusting this setting from its default value unless you know you need to.

@jonah

the big issue with that is that Orbot does NOT provide any isolation like Tor Browser, Tails, or Whonix.

(Tor Browser does per-tab isolation and Tails & Whonix set different SOCKS user/pass combos on all the included programs to tell Tor daemon to isolate them)

Every app ends up on the same circuit, the VPN to SOCKS mechanism doesn’t distinguish between apps.

In general I would recommend against it too, but as a workaround for the Orbot limitations I think it is important.

Well in the scenario posed by the OP, wouldn’t using Tor Browser be the proper solution anyways? If you are concerned about that sort of correlation between two different destination websites, your very-unique OS/browser combination is going to be an equal or bigger issue than the problem being “solved” here. Tor Browser has its own protections against this which are better suited than the isolation settings here.

In my eyes, Orbot is best seen as a substitute for a VPN client for Android users[1], and a VPN client would have this same problem as well. For the type of traffic Orbot is intended to handle it feels like very little gain (while at the same time having the downsides mentioned in the sources above).


  1. Although, I don’t know if it should be seen this way because Tor is more dangerous than most VPNs… ↩︎

1 Like

@jonah
Tor Browser would be the better case but then you run into another issue: Orbot in lockdown mode breaks Tor Browser for Android because it won’t route it to prevent Tor over Tor.
So most people I’ve talked to who use Orbot with lockdown set, end up using Mull or similar.

DivestOS actually has an exemption that’ll detect Orbot in lockdown mode and let Tor Browser bypass it, but then you run into another issue which is that Tor Browser and Orbot share the same Orbot service code and end up conflicting.
This even happens on other devices when running across profiles.

(These issues all stem from Orbot really just being broken tbh. Tor thankfully is working on a replacement, albeit slowly.)

1 Like

Hm, that is quite annoying. I’ll look into that.

I liked it better back when TBA (well, Orfox) just used Orbot itself :roll_eyes:

@jonah
Orfox with Orbot has no tab isolation though, and I honestly wouldn’t be surprised if modern Tor Browser has none either since it really just runs Orbot itself internally.

Only benefit of Tor Browser in this case like you suggest is that you can easily close and open anew.

edit, tested this:
Tor Browser on desktop and Android gives different sites in different tabs different circuits, this is correct and desirable.

1 Like

The last comment in the first issue you linked indicates that Tor Browser specifically is able to bypass this limitation in Orbot? I can also just find an Android device to test this when I get home later.

I know Orfox isn’t good lol, but I just liked the modular approach. Tor Browser for Android should have tab isolation though, based on the fact that they fixed it earlier this month.

Nope, just tested with latest Orbot and Tor Browser.
When Orbot with lockdown is enabled, Tor Browser can’t connect.

1 Like

The only way I’ve gotten Tor Browser to run while Orbot is running in VPN mode is by having a dedicate shelter work profile just for Tor Browser… that will prevent Tor over Tor…

No, both me and @SkewedZeppelin are using Orbot system-wide to route everything trough Tor, not just our browser traffic.

I would never use Tor Browser on Android for the same reason why I would never use or recommend any Gecko View based browser on Android.

Your anonymity is only as strong as the security of Tor Browser.

If someone needs the anonymity that Tor Browser provides, they’re better off with desktop TB, Tails or Whonix.

1 Like

That is sort of my point though, isn’t it? The scenario you’ve created in your OP is not a problem that tools on Android are adequately prepared to address in general, in my opinion…

1 Like

What replacement? Would like to check it out.

Completely new and uses Arti (Rust Tor reimplementation): The Tor Project / Applications / vpn · GitLab

Some screenshots:

Summary








4 Likes

The design is really eye pleasing.

first time seeing this, thanks for sharing :slightly_smiling_face:

This looks interesting. What advantages we are aiming over Orbot in this project?

@Cyber-Typhoon
not having a decade+ of tech debt alone will be a huge improvement