[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Firefox with Tor on Android?



On Wed, May 20, 2015, at 03:44 PM, Jens Lechtenboerger wrote:
> Hi Nathan,
> 
> many thanks for your quick reply!
> 
> On 2015-05-19, Nathan Freitas wrote:
> 
> > On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote:
> >> the usage instructions for Tor on Android at
> >> https://www.torproject.org/docs/android.html.en
> >> are unsafe for Firefox users.
> >
> >> Firefox on Android downloads favicons without respecting proxy
> >> preferences.  See here:
> >> https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12
> >
> > Yes, that page is very out of date and needs to be updated. It wasn't a
> > bug originally, but when Mozilla started moving more code over to
> > Android/Java domain, they introduced it. I am making it a priority to
> > make sure it is accurate. We have also removed the Proxy Mobile add-on
> > from the Mozilla Add-on store awhile ago, when the favicon leak issue
> > was discovered.
> 
> Some big warning signs might be a good idea.  In particular, on
> pages like this:
> https://guardianproject.info/apps/firefoxprivacy

Yes, we are actually in a dev sprint right now to do a few things:

1) Remove all traces of broken or no longer recommended solutions

2) Add more clear documentation about when WebView/WebKit apps like
Orweb or Lightning are safe to use (on Android 4.3 and higher, etc)

> 
> > Hmm... "Tor Everything" should work if you have a rooted Android device
> > with a kernel that supports iptables properly. Also, if you haven't seen
> > Mike Perry's post on Android hardening/tuning, please read it:
> > https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
> 
> Great post, many thanks for the reminder!
> 
> > Which Android OS are you running, and which version of Orbot?
> 
> Android 4.2.2.  I tried Orbot 15.0.0-RC-3 and 14.1.4-PIE.
> 
> > Have you tried the latest "Apps VPN" feature that tunnels all
> > device traffic through Tor without root?
> 
> Initially, I didn’t because the warning said that “it should NOT be
> used for anonymity.”
> 
> I just tried that with 15.0.0-RC-3, but failed to get VPN working.
> If I klick “Apps” first, and start Tor afterwards, no circuit gets
> built.  In the log I repeatedly see “The connection to the SOCKS5
> proxy server at 127.0.0.1:10720 just failed.”

That is the way to do it (click Apps first, then start Tor). Make sure
to disable all root, transparent proxying options, and also flush/remove
all transproxy rules in the "Debug" section of Orbot settings.

> If I start Tor first, and klick Apps afterwards, I cannot open any
> web page.  (Very little data transfer is shown for OrbotVPN, some
> packets for each web attempt.  The Orbot logs show some circuits but
> “Tried for 120 seconds to get a connection to [scrubbed]...”)
> 
> I guess that I need “Request Root Access.”  Other options?

No root is needed for this method.

> Firefox without proxy configuration?

You don't need any proxy config, correct.

> > Finally, if you use Orweb (super basic) or Lightning Browser (most
> > features you want), there is no favicon or other leakage.
> 
> I’m surprised that you recommend Orweb.  There is a big red warning
> at: https://guardianproject.info/apps/orweb/
> 
> I’ll check out Lightning Browser at some later point in time.

Again, that language is out of date. I really need a web / documentation
person to help make sure we keep this content accurate.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk