I don’t use TOR these days, although I did use to use it to mess around on the dark web when I was bored of the clearweb when I was younger, on my PC.
I saw the Onion Browser for IOS on the App Store the other day and I genuinely didn’t know you could get it on any mobile device, I always imagined it was a strictly-PC sort of thing. Now, I’m not looking for a debate, after all I only know the basics of onion browsers, so I don’t know much at all. Why is it considered less secure on IOS?
Because Apple forces all apps to use it’s own browsing engine. So the app has no control over the possible security holes it may have. Even if the apps provider is aware of a security problem, cannot fix it independent of Apple.
Most importantly, there is no officially endorsed app for iOS by The Tor Project.
Cause of opsec, the host OS is another factor one would need to consider not just the browser or how a connection is established.
The Onion Browser on iOS faces several critical security limitations compared to the Tor Browser on Android, mainly due to iOS’s restrictive sandboxing and Apple’s policies. While the Tor Browser integrates a complete Tor client with advanced privacy controls, the Onion Browser uses a partial Tor implementation and cannot run a full Tor daemon. Consequently, it lacks features like advanced security levels, first-party isolation, and robust fingerprinting defenses. Also, the Onion Browser does not provide granular JavaScript controls (like NoScript) or enforce HTTPS, both of which are vital for mitigating exploits and ensuring secure connections.
Another major limitation lies in censorship circumvention. The Tor Browser on Android supports bridges like obfs4 and snowflake to bypass censorship, whereas the Onion Browser offers fewer options. Plus, iOS’s dependence on Apple’s WebKit engine poses a risk of traffic leaks if the Tor connection fails, undermining anonymity. While the Onion Browser offers basic access to the Tor network on iOS, it does not match the security and privacy features of the Tor Browser on Android, which is actively developed and frequently updated by the Tor Project. For stronger anonymity, you may need to consider alternatives outside the iOS ecosystem.
Among other reasons, it reduces your anonymity set. Instead of “a Tor user using the common Tor Browser”, now you’re “a Tor user on iOS”, which is a smaller group. And it’s not just a smaller set, it’s a known set, at least to Apple. They could provide a list of everyone who installed that app, since you’re registered to get anything through their app store.
It is safer to use on PC It is not recommanded to use phone for the dark web
Another person said something similar in another comment - that it’s also the OS, and not necessarily the browser and how the connection was established. Would you say it would be a possibility or security risk to work with Apple in fixing possible security breaches? I don’t imagine they’d be very interested, but worth a try maybe, as I heard Apple heavily encrypt devices, which also tells me they don’t have access to what you are doing on an Apple device, which in turn also tells me they aren’t too interested in peoples information.
Hmm, so more or less what you’re saying is that we don’t really know what could leak through on an IOS operating system as opposed to say, Windows?
What about the Android version? Is it secure like the desktop one?
that it’s also the OS, and not necessarily the browser and how the connection was established.
One of the issues is that third party apps need more access to the OS to have their own browser engine working as it does on other platforms, so it’s more of a security risk for Apple to permit third party browsers - even if they soon have to do so in the EU.
Would you say it would be a possibility or security risk to work with Apple in fixing possible security breaches?
In the past webkit and browser font rendering techniques have allowed people to root their iDevice on multiple occasions: GitHub - GetPsychoJB/Webkit-Jailbreak: iOS 14.5 WebKit/Safari based Jailbreak
You can’t truly trust any proprietary software. But TOR on Windows is much more secure than run on iOS, for the most part.
Yes the android Tor-browser is developed by the Tor-Project so it has all the features just like the desktop version has.
Is there a phone that can run a more secure os?
Or that comes with one…
Would using a burner help close these security gaps?
Thats lovely- so any android could be used somewhat securely… would having a burner phone increase that security?
Yes, although the Tor browser is secure the android is still connected to your Google id which is connected to your personal identity.