[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Firefox with Tor on Android?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Firefox with Tor on Android?
From: benjamin barber <barberb@xxxxxxxxxxx>
Date: Wed, 20 May 2015 09:28:01 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 May 2015 12:28:15 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=mmbgrlkFj4/aMqOGM3qrQJxOD66ftdejwW6+RXUkbkI=; b=LCl7EnxWAtEYiEGxJkBlGsJnkzI+tS9NyrvIuqeUDaVZ5gLsuG8I7R/DvEFoSy28Fn leRlH/tyvRsisP1pDM4QJU2I3UR39GjL0Of56Zn4sCfOl2/n7yPKDPq2Hmhu4vwsutsh r4UxTGtpfiE6mi3bpkVfI9nrCJ/9mEmv1/ey1X8LW0SXXa3Budq2dNIG6KNZsb4GHXeJ P+Beior4kSBCjeMGJ1p4swZ8iNtJfforXQu4ER7phVJaGcEPGTDe72yKlqFjDpoI1SG6 m6+lVY2Hxhqr1xJogNT6AphEr7Ah36qdzuKMZvfFcd5qiCn7YRA1vXI1YsCtDAnbhfgg WLaw==
In-reply-to: <1432069898.394980.273147569.5582B404@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <87iobo8fzv.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <512753.5549443130353135392d31343036383939313433@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1432069898.394980.273147569.5582B404@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

im not sure that using TOR on android is anonymous. Sure your favicons are
leaking your ip, however android itself is a leaky OS, that and backdoors
whatever agencies currently have.

http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act#Technical_implementation

On Tue, May 19, 2015 at 2:11 PM, Nathan Freitas <nathan@xxxxxxxxxxx> wrote:

> On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote:
> > the usage instructions for Tor on Android at
> > https://www.torproject.org/docs/android.html.en
> > are unsafe for Firefox users.
>
> > Firefox on Android downloads favicons without respecting proxy
> > preferences.  See here:
> > https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12
>
> Yes, that page is very out of date and needs to be updated. It wasn't a
> bug originally, but when Mozilla started moving more code over to
> Android/Java domain, they introduced it. I am making it a priority to
> make sure it is accurate. We have also removed the Proxy Mobile add-on
> from the Mozilla Add-on store awhile ago, when the favicon leak issue
> was discovered.
>
> We have also had a variety of issues with successful proxying of
> third-party web browser / engines on Android, including various bugs
> with WebView/WebKit proxying depending upon the Android OS version or
> device type you are running.
>
> > (I tried different configurations of Orbot and Firefox.  Also âTor
> > Everythingâ fails, both with HTTP proxy at port 8118 and SOCKS proxy
> > at 9050.)
>
> Hmm... "Tor Everything" should work if you have a rooted Android device
> with a kernel that supports iptables properly. Also, if you haven't seen
> Mike Perry's post on Android hardening/tuning, please read it:
>
> https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
>
> Which Android OS are you running, and which version of Orbot? Have you
> tried the latest "Apps VPN" feature that tunnels all device traffic
> through Tor without root?
>
> > My current attempt for Firefox with Orbot is to configure localhost,
> > port 8118 as system HTTP proxy (long press Wi-Fi connection ->
> > Modify network -> Show advances options).  Then, in Firefox verify
> > via about:config that network.proxy.type is set to 5, which should
> > be the default and lets Firefox use the system proxy, which is also
> > used to fetch favicons.
>
> Yes, for Wifi connections this will work reliably.
>
> > Probably, there are more pitfalls.  Any suggestions?
>
> I think running CyanogenMOD or a similar rom, and using transparent
> proxying, either by app or all, on boot, and optionally with Mike's
> extra hardening, is the most complete solution.
>
> If you don't want to go that far, then the Apps VPN feature feature
> should do, or manually setting the wifi proxy as you have.
>
> Finally, if you use Orweb (super basic) or Lightning Browser (most
> features you want), there is no favicon or other leakage.
>
> +n
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Firefox with Tor on Android?
  - From: Jens Lechtenboerger

References:
- [tor-talk] Firefox with Tor on Android?
  - From: Jens Lechtenboerger
- Re: [tor-talk] Firefox with Tor on Android?
  - From: Nathan Freitas

Prev by Author: Re: [tor-talk] Use of TOR for illegal activities
Next by Author: Re: [tor-talk] Firefox with Tor on Android?
Previous by thread: Re: [tor-talk] Firefox with Tor on Android?
Next by thread: Re: [tor-talk] Firefox with Tor on Android?
Index(es):
- Author
- Thread