In this article we can read that researchers Adam Podgorski and Milind Bhargava, from Deloitte Canada, have setup several TOR exit nodes just to see what they could find, and they claim that 30% of all Android devices, and 5% of iOS devices, are transmitting data that could be used to build a strong profile of an individual.
In a series of demonstrations, including live dashboards shown by Bhargava, the researchers showed what data they had collected from mobile users that were inadvertently using Tor. The data included GPS coordinates, web addresses, phone numbers, keystrokes and other PII.
Bhargava explained that the exit nodes the researchers set up intentionally attempted to force browsers to not use encrypted versions of websites, forcing the devices to regular HTTP when possible. With data coming to the exit node without encryption, it was possible for the researchers to see the user data. Bhargava noted that for sites that force HTTPS encryption and do not offer any fallback option to regular un-encrypted HTTP, they wouldn’t be able to see the users data.
Also of note, Bhargava admitted that he found his own phone number in the data, which was a surprise to him, as he had not installed Tor on his device. The only applications on his phone were applications installed by the carrier.
This bit of the article is what worries me the most:
What the researchers determined is that Tor is being bundled, embedded and installed in other applications and users are not aware of its existence. It was not entirely clear to the researchers why Tor was being bundled with so many applications. Podgorski said that it could be due to a misunderstanding of the technology and how it can be used.
In your opinion is TOR being bundled and used in the mobiles devices to track us secretly, or do you think that the developers just misunderstood the TOR technology and how it should be used?
Please leave your opinion in the comments.