I use USB tethering on an Android 10 mobile to access internet on my laptop. I use Tor browser (TB) on laptop and keep my OS (a Linux distro) on laptop patched for security vulnerabilities. At times I need to consume certain content from websites which I don’t want any intermediary to know about.
Can my mobile device see what data I am requesting and receiving other than that I am connected to a Tor entry node and passing data to it back and forth?
Here’s what I have in mind:
- I enter
security.stackexchange.comin TB’s URL bar in laptop
- TB establishes a secure connection and sends my request to Tor network.
- My telecom provider, the first potentially hostile intermediary I usually think of can see only that I am connected to Tor network. For scope reduction of this question, let us become ignorant and assume that my ISP or any intermediary further down does not have the capability to either see my original request or link it back to me.
So far, reasonably good. But, the first intermediary seems to be the Android 10 device itself. How can I be sure that my Android 10 device cannot know what data I am requesting and receiving other than that I am connected to Tor?
I am concerned because my mobile device is potentially hostile in my eyes. I do not know the capabilities of the baseband OS (which some state sponsored entities may exploit), don’t know the vulnerabilities of my Android 10 device which has vanilla Android fused with proprietary code. My mobile device is also at the mercy of its OEM which may not provide security updates for it in future.