Oddbean new post about login | logout I'm not an expert on Orbot but in which case and how could an IP leak using Orbot, assuming Orbot routs all the activated app's communication only over TOR? And how can an app developer fix this reliably? And how can the user know the client dev fixed it reliably 100% all the time with every update? I'm talking out of the experience where an app used an installed Orbot to talk to some servers then a new dev team introduced other servers but did not care about using Orbot when the still available TOR option was activated, misleading the user to assume to be private where they are not.
Orbot utilizes android's VPN API so I assume it controls the full applications network stack (or full device if configured that way). Still I think androids VPN stack has some holes. nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug Can the in-app component cooperate with an ambient orbot? Best of both worlds?
Not necessarily. Orbot runs with and without VPN mode.
You shouldn't give privacy advice if you don't know what you're talking about.
It depends on whether Orbot is used as a VPN or as a proxy. In the former case, the application cannot escape Tor, in the latter case it can of course, avoiding using the proxy. So Orbot as VPN is safer than current Amethyst's implementation, while the new built-in support has the same robustness, but avoid a dependency and all the troubles related to the configuration, offering a better experience to the user.