From Newsgroup: alt.comp.software.firefox

Hank Rogers wrote:

Bear in mind that Apple's iOS implementation of Tor browsers is insecure.

Will there be an upcoming detailed tutorial covering this?

Hi Hank Rogers,

Happy New Year!

Thank you for asking about a tutorial because most people only know the
(rather brilliant) propaganda that Apple marketing spews about iOS.

Apple propaganda "says" iOS has security.
But iOS has less security (than other platforms) when Tor is involved.

Want proof?

There are many privacy-focused articles explaining the limitations of Tor
on iOS due to Apple's unilaterally imposed ecosystem restrictions.
For example, Comparitech highlights that iOS makes "true anonymity more difficult to achieve" in this article.
<https://www.comparitech.com/blog/vpn-privacy/vpn-and-tor-onion-browser-on-ios/>

The Tor Projectos own forum discussions acknowledge that Onion Browser is
the recommended option, but also that its security model is inherently constrained by iOS sandboxing and Apple's WebKit requirement
<https://forum.torproject.org/t/what-is-the-most-secure-way-to-use-onion-browser-on-iphone/18986>

Since you asked for a tutorial that doesn't exist, I hope you'll accept
this simple bulleted list explaining why Tor on iOS has never been secure.

a. iOS forces all browsers to use WebKit.
Apple requires every browser on iOS to use the WebKit engine.
Tor Browser on desktop and Android uses a hardened Firefox ESR engine
with Tor-specific patches. Because iOS apps cannot use their own browser
engines, Onion Browser cannot implement Tor Browser's security features
such as anti-fingerprinting, first-party isolation, circuit-per-tab,
or Tor Browser's hardened JavaScript behavior.

b. iOS does not allow Tor Browser's security hardening.
Tor Browser includes many custom patches: fingerprinting resistance,
network isolation, circuit isolation, HTTPS-only enforcement, and
integration with NoScript. These cannot be ported to iOS because WebKit
is locked down and cannot be modified by app developers. As a result,
Onion Browser cannot match Tor Browser's security model.

c. iOS sandboxing restricts Tor integration.
Tor Browser on desktop and Android bundles the Tor daemon and controls
how circuits are created and isolated. iOS sandboxing rules prevent apps
from running background daemons in the same way. Onion Browser uses a
simplified Tor integration and cannot replicate Tor Browser's
circuit-per-domain behavior or its fine-grained isolation.

d. There is no official Tor Browser for iOS.
The Tor Project does not ship Tor Browser for iOS. Instead, they
endorse Onion Browser as the best available option, but it is not Tor
Browser and cannot provide the same protections. The limitations come
from Apple's platform rules, not from Tor developers.

e. Android Tor Browser is much closer to desktop Tor Browser.
Tor Browser for Android is built on Firefox ESR, just like the desktop
version. It includes the same Tor patches, the same fingerprinting
defenses, the same security slider, and the same circuit isolation
logic. iOS cannot support these features because of Apple's
arbitrary restrictions on security.

f. Summary.
Tor on iOS provides access to the Tor network, but not the Tor Browser
security model. The differences come from Apple's mandatory WebKit
requirement, iOS sandboxing, and the inability to run Tor Browser's
hardened Firefox engine. Desktop and Android versions share the same
architecture, while iOS is fundamentally limited.
--
Information that is accurate and technically detailed is what we need to distuinguish between brilliant marketing propaganda, and actual facts.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Maria Sophia wrote:

Hank Rogers wrote:

Bear in mind that Apple's iOS implementation of Tor browsers is insecure. >>

Will there be an upcoming detailed tutorial covering this?

Thank you for asking about a tutorial because most people only know the (rather brilliant) propaganda that Apple marketing spews about iOS.

[..snip..]
Summary:

Tor on iOS provides access to the Tor network, but not the Tor Browser
security model. The differences come from Apple's mandatory WebKit
requirement, iOS sandboxing, and the inability to run Tor Browser's
hardened Firefox engine. Desktop and Android versions share the same
architecture, while iOS is fundamentally limited.

Conclusion: if you want or need the security features of the TOR browser,
don't use any Apple-Product.
Better don't us it at all.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

On Jan 1, 2026 at 7:00:07rC>PM EST, "Maria Sophia" <mariasophia@comprehension.com> wrote:

Tor on iOS provides access to the Tor network, but not the Tor Browser
security model. The differences come from Apple's mandatory WebKit
requirement, iOS sandboxing, and the inability to run Tor Browser's
hardened Firefox engine. Desktop and Android versions share the same
architecture, while iOS is fundamentally limited.

Yet iOS is more secure than Android. And we all know that.

Cngratulations, Arlen. You still know nothing about iOS.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Tyrone wrote:

On Jan 1, 2026 at 7:00:07rC>PM EST, "Maria Sophia" <mariasophia@comprehension.com> wrote:

Tor on iOS provides access to the Tor network, but not the Tor Browser
security model. The differences come from Apple's mandatory WebKit
requirement, iOS sandboxing, and the inability to run Tor Browser's
hardened Firefox engine. Desktop and Android versions share the same
architecture, while iOS is fundamentally limited.

Yet iOS is more secure than Android. And we all know that.

Hi Tyrone,

Happy New Year!

This year we will all perhaps understand more about what iOS actually is
(and less about the brilliant Apple marketing that tries to excuse it).

Endlessly parroting Apple marketing propaganda that "iOS is more secure"
does not address the Tor issue we are trying to learn about here, Tyrone.

Endlessly parroting that iOS doesn't need it" is not a technical argument.
The Tor Browser isn't about protecting the OS.

It's about protecting the user's anonymity from fingerprinting, tracking,
and correlation attacks.
Those protections require features Apple does not allow.

Those valuable Tor Browser's protections rely on
a. modifying the browser engine,
b. controlling network isolation,
c. and bundling the Tor daemon.
iOS explicitly forbids all three.

This is a huge deficiency in privacy on iOS, which we've discussed before.
All the (rather brilliant) Apple marketing aside, this is just a fact.

Even if iOS was actually strong in some areas (sandboxing, code signing)
those strengths don't magically replace Tor Browser's required hardening.

Tor Browser's fingerprinting resistance, circuit isolation, and hardened browser engine are privacy mechanisms that are simply lacking on iOS.

The situation is that iOS is not a "real" operating system in that it can't
run a tremendous amount of app functionality that every other OS can run.

The Tor Project itself says iOS cannot run a real Tor Browser.
This isn't speculation. It's fact.
Tor Browser exists on Windows, macOS, Linux, and Android.
Not iOS.

The Tor browser can not exist on iOS because Apple's platform rules make it impossible to implement Tor Browser's security model.

Onion Browser is the best available option, but even its developer (Mike
Tegas) and the Tor Project acknowledge that Apple's iOS restricted design cannot allow the Tor Browser's protections due to Apple's restrictions.

In summary, the issue isn't whether iOS is "secure."

The issue is that iOS prevents Tor Browser from being secure in the way any
Tor Browser must be. You need to know this if you want to understand iOS.
--
Seeking how iOS actually works, not how Apple advertises iOS to work.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

On Fri, 02 Jan 2026 00:52:48 +0000, Tyrone wrote:

Yet iOS is more secure than Android. And we all know that.

No we donrCOt. Apple is not a company known for its technology; its
forte is dazzling the gullible with flashiness.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

On Jan 2, 2026 at 12:39:08rC>AM EST, "Lawrence D-|Oliveiro" <ldo@nz.invalid> wrote:

On Fri, 02 Jan 2026 00:52:48 +0000, Tyrone wrote:

Yet iOS is more secure than Android. And we all know that.

No we donrCOt.

Actually, yes we do:

https://www.cybersecurity-insiders.com/vulnerability-comparison-android-vs-ios-in-the-face-of-cyber-attacks/

QUOTE:

Android Security Landscape: Android, known for its open-source nature, boasts
a vast app ecosystem and customization options. However, this openness also presents certain challenges in terms of security. Due to the diverse array of manufacturers and devices running on Android, the operating system faces fragmentation, which can delay the distribution of security updates. This fragmentation, combined with the ability for users to install apps from
sources other than the official Google Play Store, can create a larger attack surface. As a result, Android devices tend to be more susceptible to malware and phishing attacks.

iOS Security Landscape: On the other hand, iOS, developed by Apple, follows a more closed ecosystem. This closed nature contributes to a more controlled environment, where Apple meticulously reviews apps before allowing them onto the App Store. This process significantly reduces the risk of malicious apps reaching usersrCO devices. Additionally, iOS benefits from a unified hardware and software platform, resulting in more timely updates and a reduced fragmentation problem. The use of a tightly controlled app distribution model and strong encryption measures enhances the overall security posture of iOS.

END QUOTE


https://www.getastra.com/blog/security-audit/malware-statistics/ -- Android devices are 50x more likely to be infected than iOS devices, showing the starkest difference in malware prevalence.


https://www.comparitech.com/blog/vpn-privacy/20-current-android-malware-stats/ -- Android malware attacks reached 33.3 million in 2024; iOS attacks remain very rare.

https://securelist.com/mobile-threat-report-2024/115494/ -- Android is the main target for mobile malware, with Trojan banker attacks up 196%; iOS sees far fewer infections.


https://46745145.fs1.hubspotusercontent-na1.net/hubfs/46745145/MAPS_MTD/REPORT/GEN/Global%20Mobile%20Threat%20Report%202024%20FINAL%20(1).pdf
-- Android's ecosystem is more broadly exposed to attacks than iOS.


https://www.kaspersky.com/resource-center/threats/android-vs-iphone-mobile-security
-- Android faces far higher malware volume; both require updates and safe practices.

https://www.qualysec.com/ios-vs-android-security/ -- iOS is more secure by default; Android needs careful management to match safety.


https://www.researchgate.net/publication/370667917_Comparative_Study_of_Information_Security_in_Mobile_Operating_Systems_Android_and_Apple_iOS
-- iOS has superior information security architecture versus Android.


https://www.researchgate.net/publication/312279414_Security_Evaluation_of_IOS_and_Android/fulltext/587b977308ae4445c06422df/Security-Evaluation-of-IOS-and-Android.pdf
-- iOS offers better enterprise security; Android requires careful management.


https://www.renemayrhofer.com/courses/android-security/selected-paper/2023/Android_and_iOS_Platform_Security-A_Comparison.pdf
-- iOS shows stronger hardware and system-level security in 2023-2024.


https://www.approov.io/hubfs/White%20Paper/WP-Comparison%20of%20Apple%2C%20Android%20and%20Huawei%20Mobile%20App%20Security%20v1.0%20FINAL(2).pdf
-- iOS apps are more secure by default due to App Store restrictions.

Apple is not a company known for its technology; its forte is dazzling the gullible with flashiness.

Your opinion is not shared by experts.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

On Sat, 03 Jan 2026 17:55:13 +0000, Tyrone wrote:

iOS Security Landscape: On the other hand, iOS, developed by Apple,
follows a more closed ecosystem. This closed nature contributes to a
more controlled environment, where Apple meticulously reviews apps
before allowing them onto the App Store. This process significantly
reduces the risk of malicious apps reaching usersrCO devices.

Significantly reduces the rCLriskrCY of *any* apps reaching usersrCO
devices, more like.

So does Apple provide a quality platform for TOR usage, with good
guarantees of usersrCO privacy?

No.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Lawrence D'Oliveiro wrote:

So does Apple provide a quality platform for TOR usage, with good
guarantees of userso privacy?

No.

Hi Lawrence,

Happy New Year!

I agree with Lawrence D'Oliveiro that the topic here is Tor and whether iOS provides the same privacy guarantees that Tor users expect on other
platforms.

Lawrence answered that directly:
iOS does not provide a platform suitable for running Tor in a way
that preserves the privacy properties Tor is designed for.

That's not an opinion.
That's not subject to debate.
It's a fact.

Tyrone bringing up unrelated claims about iOS "security" does not address
the question. In fact, Tyrone is clearly attempting to shift the discussion away from Tor and toward a different topic entirely.

That is classic whataboutism.

Tyrone trying to shift the subject of this thead does not change the fact
that iOS cannot run a Tor relay, cannot run a Tor exit node, cannot run a persistent Tor daemon, and cannot provide the same privacy model that Tor offers on Linux, Android, Windows, or macOS.

It just can't.
Worse, iOS is the only operating system that can't run the Tor browser.

As even macOS can do it.

However, if someone wants to discuss general iOS security, that is a
separate thread. This thread is about Tor, and the technical limitations of
iOS that prevent Tor from functioning as designed.
=====================================================================
There is no professional security researcher on the planet who says iOS is
more secure than Android, but that topic is discussed in detail already:
=====================================================================
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.advocacy
Subject: What are the merits of the claim that iOS is "way more secure"?
Date: Mon, 22 Dec 2025 12:15:53 -0700
Message-ID: <10ic5d9$2mvn$1@nnrp.usenet.blueworldhosting.com>

Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.advocacy
Subject: What did Google's project zero really say about Apple never testing much of their iOS code?
Date: Mon, 22 Dec 2025 11:34:16 -0700
Message-ID: <10ic2v8$307u$1@nnrp.usenet.blueworldhosting.com>

Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.advocacy
Subject: What does the CISA KEV database say about Android/iOS known critical exploits?
Date: Mon, 22 Dec 2025 11:20:58 -0700
Message-ID: <10ic26a$1pu9$1@nnrp.usenet.blueworldhosting.com>

Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.advocacy
Subject: What does it really mean when an entity chooses iOS or Android as their main platform?
Date: Mon, 22 Dec 2025 11:10:02 -0700
Message-ID: <10ic1hq$2ckt$1@nnrp.usenet.blueworldhosting.com>

Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.advocacy
Subject: Assessing the Privacy Impact of Appleos WiFi Positioning System
Date: Sun, 21 Dec 2025 21:34:15 -0700
Message-ID: <10iaho7$2osq$1@nnrp.usenet.blueworldhosting.com>
--
What I write is the technical facts even if facts are not popular.
--- Synchronet 3.21a-Linux NewsLink 1.2