Cwa-documentation: Is traffic routed through TOR?

I think this is unnecessary since you "trust" Apple and/or Google if you use a smartphone to use this app.

Yes, you do have the choice to trust Apple or Google. Yet you have no choice but to place trust in telekom with the backend.

Please, there's already 200+ comments about this in #13 that don't lead anywhere. Opening new issues for the same thing doesn't help at all, it just makes the discussions repeat even more than they already do.

No, the traffic is not routed through Tor. No, the server knowing client IPs is not a security issue.

@Leseratte10 those are different things in #13 voices concerns with manipulating data stored on the device whereas this ticket voices concerns with metadata stored on the server.

@Leseratte10 those are different things in #13 voices concerns with manipulating data stored on the device whereas this ticket voices concerns with metadata stored on the server.

Such issues are also discussed there. At a certain point you will have to trust every backend, at least to a certain extent. However, you will be able to see which data is sent to the server, as the backend will be open source. As @Leseratte10 already pointed out, this will most probably be the IP address only (and the maintainers already confirmed that the IP will be deleted after a short period of time).

We don't want to add 40M clients to the TOR network. No one knows if the network would withstand that. Also the load on the mobile networks would increase significantly.

It wouldn't. And it wouldn't be what Tor was designed for. It was designed for people in dictatorships like China, or people that have to fear a political prosecution for their statements. Not because people's feelings are hurt because one server knows a phone's IP that doesn't get logged long-term.

It was designed for people in dictatorships like China, or people that have to fear a political prosecution for their statements.

It was also designed to protect journalists in those dictatorships. Or whistleblowers.
The more „regular” people hop onto the network, the better those people get protected. (Because the noise increases)

No one knows if the network would withstand that.

The state could host exit nodes. I'm sure, Deutsche Telekom has infrastructure for doing so.

Also the load on the mobile networks would increase significantly.

You're already zero-rating videos of certain service providers. That could be another exemption.
(I'd prefer net neutrality, personally)

It was designed for people in dictatorships like China, or people that have to fear a political prosecution for their statements.

It was also designed to protect journalists in those dictatorships. Or whistleblowers.
The more „regular” people hop onto the network, the better those people get protected. (Because the noise increases)

Tor was designed by the NSA for the american government, only afterwards "given away" as opensource project.
This fact does not get mentioned a lot of time, but seems quite important...

I dont see a reason to blindly trust Tor.
It has already been broken before.

It has already been broken before.
So does iOS and Android. Nevertheless those are used, too.

You rarely hear of TOR hacks, though.

It has already been broken before.
So does iOS and Android. Nevertheless those are used, too.

You rarely hear of TOR hacks, though.

All it takes is one entrypoint ;)

The people that initially made Tor are likely also the best to know their weaknesses.
They have no incentive to report to the public when they find vulnerabilities.
And we know they did so in the past (hiding vulnerabilities), seems reasonable to think they continue being the same way.