We all walk around with computers in our pockets that are faster than any of us could have imagined a short while ago.
Our cell phones have microprocessors that can tackle the tasks we throw at them as quickly as most netbooks on the markets.
It’s no wonder then that there are a few options for accessing the dark web with your mobile phone depending on your handset’s operating system.
But is it safe to do so? Some may love the ability to throw a device away quickly if they are doing something nefarious on the dark web. What are the benefits and costs of trusting your operational security and even your freedom to a handset?
This week, the public learned that the President of the United States has been pretty lax in his cell phone security practices, deciding not to follow the advice of his security team and opting to continue making calls outside of the official White House switch board.
He has also been refusing to rotate the handsets as regularly as his nervous security team would like.
This got us thinking here at Dark Web News: What are the options for accessing the dark web from your mobile device, and how safe is it to do so?
Android is the darling of tinkerers and programmers everywhere that want to have more control over their device.
The operating system allows more options, more customization and is available on relatively cheap handsets.
The security is at best a little shaky on an Android device though, and at worst it’s a horror show.
Accessing the dark web from an Android phone is a double-edged sword, much like owning the devices in general.
They are easier to customize and are more configurable, meaning you can set parameters and leave the little garden Apple has built around iOS devices.
Some of the features and options provided in the Tor routing software for Android and Orbot can lure users into a false sense of security though. There is a feature to route all network traffic through the Tor onion services, which on paper sounds great for anonymity, but what isn’t generally considered the long list of constant and relentless background apps that are constantly trying to “phone home.”
Something as simple as the Google Store account attempting to check for updates, or any list of personal account apps like email doing the same, can leave a digital trail behind: the same Tor exit node IP address would be logged for example.
Orbot, too, is not without its share of a problems. A few years ago, there was an issue with IP leakage if media was accessed on the dark web.
The next bug can always be around the corner. Regardless, it’s a pretty solid app, and has now been used by over 20 million users.
While risks with the Tor session and Orbot may be relatively minor once you’re aware of how to overcome them, the risks associated with Android as a base operating system are not minor at all.
Generally the user has a responsibility to update their systems, and a lot of Android users fail to do this.
Further, Android manufacturers were caught, just last month, skipping security patches and lying to users about it. This is the main issue with Android as a device to move through the dark web: it’s just in general a “security lazy” device.
A few wrong clicks and you can easily install damaging malware on your phone, a place where for most people, vast amounts of information regarding their real identity lives.
The iPhone and iOS are very different and unique in comparison to other cell phone options out there. It’s an operating system that is only on an iPhone, and the iPhone is made by the exclusive software authors.
It seems as though so long as you don’t consider Apple to be an adversary in your threat modelling, an iPhone is a pretty good option as a device for browsing the dark web.
The most secure method on iOS seems to be the Onion Browser, which connects to the Tor network and runs a browser that automatically has scripts blocked as well as destructive cookies.
The app was required to go through Apple’s strict assessment process before being added to the App Store, something that isn’t necessary on an Android device.
Another option could be jailbreaking your iPhone, something that makes the device act more like an Android: it provides root access and the ability to install whatever a user sees fit, as opposed to what Apple has vetted before adding to its App Store.
This is generally seen as very risky from a security standpoint, as it might tear down the wall Apple built around the garden and to allow you to explore more options. But the wall wasn’t just to keep you in; it was to keep mobile malware out.
If you do decide to proceed though you could add a Tor plugin for the phone. This will get your iPhone on the dark web, and route all traffic through the Tor network like Orbot does for Android. However, you sacrifice a certain level of security when you jailbreak the device.
Which Is Best for the Dark Web?
A distinguishing factor between these two options is that iOS is not open-source software, whereas Android is, and this plays a significant factor in assessing security risks.
Android code can be vetted and can be assessed to ensure there is nothing nasty like a “backdoor” embedded in the underlying system.
iOS’s source code is locked down and proprietary, only seen and worked on by the people in Apple development.
This has its advantages and disadvantages, but for the purpose of assessing which operating system and environment is better suited for accessing the dark web, it seems to be the iPhone.
This is because when you’re on the dark web, the biggest risk isn’t FBI agents and law enforcement all the time, it is malicious links and crafty malware.
Sure, law enforcement may be a risk to you, and you’ll need to act accordingly, but for browsing the dark web the main risk is malware. This means having an up-to-date device is a necessity.
Having a device isolated from your identity is also a good idea. And if you’re doing anything that could damage your life, perhaps using a device that contains mountains of personal information is not the right tool for the job.