CJ:
> Hello!
>
> just a small update regarding orWall: it's released 1.0.0!
> There's still *one* annoying issue regarding the tethering, but it
> should be OK next week. Just have to take some time in order to debug
> this for good.
>
> orWall provides now a brand new UI in order to be easier to handle.
> There's also an integrated help (as a first-start wizard we might call
> later on).
> There are many new features and improvements, like:
>
> - ability to disable all rules and let the device access freely the Net
> - for each app, the possibility to access some advanced settings
> allowing to bypass Tor, or tell orWall the app knows about proxies or Tor
> - better management for the init-script
> - better management for iptables rules
> - translations in French, German and Italian are almost done
Hey CJ, just wanted to let you know that I've tried OrWall and it's a
huge improvement! Way better user experience on just about every front!
I also have not detected any leaks on my upstream router, either.
When I get a chance, I will update the original blog post to recommend
OrWall instead of my crazy Droidwall hack scripts.
> Any feedback from Tor/Orbot users interest me in order to improve
> orWall. I think the current release is pretty good, but as the main dev
> I'm maybe not that neutral regarding this statement ;).
The one thing is that I find the long-press options for "Connectype
type" confusing:
- "Force connection" to what? I assume through Tor's transproxy because
of the REDIRECT text, but this will not be clear to users who are
unfamiliar with iptables.
How about: "Redirect all network activity"
- What does "native capacity"/"fenced path" mean? Does that mean only
access to the local SOCKS/HTTP proxy ports in Tor's case?
How about: "Only allow local proxy port access"
These are complicated ideas to convey, though. I'm not sure my
suggestions are the best ones either.
I also suggest soliciting input about the DNS issue we discussed where
DNS queries are done by root on Android 4.3+ unless the
'ANDROID_DNS_MODE=local' environment variable is set. Perhaps someone
will come up with a clever hack to set this env var in a persistent way
that we haven't thought of, or find some way to write a shim on the DNS
resolution filesystem socket to enforce what we want.
You could list this on a known issues or FAQ page, or in your bugtracker
I guess. Making root/UID 0 handle DNS is also a security risk, and I'm
very surprised the Android team thought this was a good idea. :/
Also looking forward to the "Logs" window doing something :)
--
Mike Perry
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk