Conversation

github.com/guardianprojec What could possibly go wrong holding back dependency upgrades and even forcefully downgrading them to support ancient end-of-life Android versions released in 2014 and end-of-life since after 2017?

github.com

move to older version of dnsjava to support Android 5/6 pre-Java 8 de… · guardianproject/orbot@3d...

…vices

9:39 AM · Mar 22, 2022Twitter Web App

Replying to

Each major Android version receives 3 years of monthly security updates. In the first year, there are also monthly updates with assorted improvements and quarterly updates with major enhancements. 2nd/3rd year are LTS support. Nexus/Pixel phones have never used the LTS support.

Daniel Micay

@DanielMicay

Mar 22

Android 9 was released August 2018 and has been end-of-life since February 2022. Pixel 3 launched with Android 9 and ended up on Android 12. It's EOL due to end of SoC support. It could have had a full 3 more years of updates on Android 12 if the SoC was still supported...

Lilian

@enbyfoxen

Mar 22

Replying to

@DanielMicay

Considering the kind of project orbot is, ensuring people who do not have the option of upgrading their devices retain access doesn't seem completely nonsensical?

Replying to

Do they warn those users that their devices are trivially exploited, and that using Tor makes them into a target of hostile exit nodes which can trivially exploit a bunch of vulnerabilities in their OS from as far back as 2017 and likely significantly older than that?

Replying to

Like, that's TOR.... Peoples lives, literally, depend on it....... ekk!

Show more replies