Tor fingerprints thousands of users who download its phone apps to Android
This is shocking and depressing.
Tor’s Android app download pages are laden with Google trackers!
As we can see by these screen grabs of the Guardian Project’s secure apps page, their syndication deal with the Big G means there are two Google tracker requests on this page (from 2 Google embeds, Gstatic and GoogleAPIs)
Google APIs tends to employ different Google bits like fonts and can be made safe if tweaked by the website's developers, but Gstatic is a collector.
I haven’t checked the HTML but these are probably loaded by the Google widget, bottom left on the page. More worrying is the big fat Canvas Fingerprint set by the site, which sneakily records a user’s device – flagged, ironically, by my Tor browser.
On the Orbot page, where android users have the chance to download a browser that doesn’t track them, 6-7 Google tracking requests load up, while the Guardian Project sets 4 short-term cookies and its Canvas Fingerprint records every privacy-loving user’s device.
Okay, I understand business. Tor want to put a private browser in a massive market, and Google Play users probably want it too, but in return, privacy advocates are tracked and logged by the Big G on Guardian Project’s webpages. And their devices are fingerprinted. I don't know if the Guardian Project share fingerprint data with Google, but this is a case of the private suffering to benefit those without privacy, while those in power record EVERYBODY!