[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Firefox with Tor on Android?



im not sure that using TOR on android is anonymous. Sure your favicons are
leaking your ip, however android itself is a leaky OS, that and backdoors
whatever agencies currently have.

http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act#Technical_implementation

On Tue, May 19, 2015 at 2:11 PM, Nathan Freitas <nathan@freitas.net> wrote:

> On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote:
> > the usage instructions for Tor on Android at
> > https://www.torproject.org/docs/android.html.en
> > are unsafe for Firefox users.
>
> > Firefox on Android downloads favicons without respecting proxy
> > preferences.  See here:
> > https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12
>
> Yes, that page is very out of date and needs to be updated. It wasn't a
> bug originally, but when Mozilla started moving more code over to
> Android/Java domain, they introduced it. I am making it a priority to
> make sure it is accurate. We have also removed the Proxy Mobile add-on
> from the Mozilla Add-on store awhile ago, when the favicon leak issue
> was discovered.
>
> We have also had a variety of issues with successful proxying of
> third-party web browser / engines on Android, including various bugs
> with WebView/WebKit proxying depending upon the Android OS version or
> device type you are running.
>
> > (I tried different configurations of Orbot and Firefox.  Also “Tor
> > Everything” fails, both with HTTP proxy at port 8118 and SOCKS proxy
> > at 9050.)
>
> Hmm... "Tor Everything" should work if you have a rooted Android device
> with a kernel that supports iptables properly. Also, if you haven't seen
> Mike Perry's post on Android hardening/tuning, please read it:
>
> https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
>
> Which Android OS are you running, and which version of Orbot? Have you
> tried the latest "Apps VPN" feature that tunnels all device traffic
> through Tor without root?
>
> > My current attempt for Firefox with Orbot is to configure localhost,
> > port 8118 as system HTTP proxy (long press Wi-Fi connection ->
> > Modify network -> Show advances options).  Then, in Firefox verify
> > via about:config that network.proxy.type is set to 5, which should
> > be the default and lets Firefox use the system proxy, which is also
> > used to fetch favicons.
>
> Yes, for Wifi connections this will work reliably.
>
> > Probably, there are more pitfalls.  Any suggestions?
>
> I think running CyanogenMOD or a similar rom, and using transparent
> proxying, either by app or all, on boot, and optionally with Mike's
> extra hardening, is the most complete solution.
>
> If you don't want to go that far, then the Apps VPN feature feature
> should do, or manually setting the wifi proxy as you have.
>
> Finally, if you use Orweb (super basic) or Lightning Browser (most
> features you want), there is no favicon or other leakage.
>
> +n
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk