[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] reproducible builds for Android tor daemon
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx, teor <teor@xxxxxxxxxx>
- Subject: Re: [tor-dev] reproducible builds for Android tor daemon
- From: Hans-Christoph Steiner <hans@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 13 Sep 2019 09:51:13 +0200
- Autocrypt: addr=hans@xxxxxxxxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFY1RO0BEAC94s679hO9oxi2h1GF0hN7xCXxeIyJp58rA2QxuMJ/NvMhrfBGVqhkolUb 7IqvHy8n7jvTCCAJOHP6ZAtUUwV20ZpUa2Mfp0/6dbGkvXcXwGlU9ShpBiXnDsKvgRRX5gOO /WeWLe8x8HRcFfcJVXS9pHRw2bxjrbs3zKlf7yBACcSt6ZSgPsqHuUQSUs4Qo0E0/H14uJiD k32qQ1YicVrE1r2pFe9iZpxBMGTwgZyNUEUYDeVfTDubL7Jc1MUpgotNTxbJ3jVxt0uHn20l hNXG6ybaYK3MhIHIEp9Nbd4l6+Y81ZgIQbs4jAbAPcy+qY3GT2uQfbFb2UK8+hnDotGmejgo YuDZGBaAukiELIKxrsNCvaSg5DI/yrH6Vx6ZceHpitrer6yOwZescc5SGud3btU4Iktfw7w+ 5pxmyypUazaltibSd13o56n/aKrQZw098bhqnh9xTbPVK14t4wTdsJKyZmJv8oKCqppEuhTc q8kur0PWOM85NSBl0igSfj8/CR8CbzgasMPNQVVwUA0Ody0s8wO13+WVaLq7y6Xpy9t6jSVv S8KLgmJ/wTJimHb2cctHNBSQEwnJtRyy/o7kKnge6HPzOprjPAlv6okA2XQaLTxyjW1YCRwN GatNAJ2WnJx3m89WGRONN6qQ3RFX59kbyzR1uL6D3Z6ts7bTmwARAQABtDJIYW5zLUNocmlz dG9waCBTdGVpbmVyIDxoYW5zQGd1YXJkaWFucHJvamVjdC5pbmZvPokCfgQTAQoAaAIbAQUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAIZAQUCVjdjhUMYaHR0cHM6Ly9wZ3AubWl0LmVkdS9w a3MvbG9va3VwP29wPXZpbmRleCZzZWFyY2g9MHhFOUUyOERFQTAwQUE1NTU2AAoJEOnijeoA qlVW/IwP/0Uq8896f4NJPv9m5xKZnpCErXhvGU8b4gwH5EXaw66Z/0Zp56zF+J0rLdQZ9FoL HmShM8ZIEHmbNs/NTxqJ5qR0QDKJl8kJW7P/yfNjYOHtBCxPOS5LcapGtUT9jx7GAPU+oJ7z RC0nF8eot97Ds797n139BSbabZ74j0mfwKdGFxRaZVAfhzOD3tevyxUGMwj3w+zRpSXrDHc+ mZa9oHVE6J632rKMUTyDH/7kjzqN54l+dW29SK2NCfC79jfjDcO+ldbUV0lDz+HcLAiEYY1U ucuGVYgL0s/blCqw8YBmwBFdzYYwL6JXiK0KO+eukEZZl9nAWb0CUtuq/8dqkB5VKE39sBjZ pADf8xknMXJVTN1NlMUv6ZDKgRByL0gWdxmSaLLcjBliieXsDvMDHZnwhVsXeoPB1o6PaNLr Ho6ohf8vUrpVzDt6jwEydKBjJiykoSae4Gb7zgVx2/jvHZG3TrMqwktmPQKc+mS/WQBVMfUm ay3EYuIXRFhh2l4czMxFPWpan0nxV3QSpjPYJFOcKm0fPOLBAfe5WnatO8RGtL/quOdpOhMi rfzZKb0I4CiLGmyUHhewCGcggejqrBNDsip4RE4XwEYbH/VjWs0g5VVodSLUm0aC/98eG+XR 0bV/v0urdHFedFOVbkTBYYYJWNzRxvv2paJVoUzxWn5GuQENBFY1RikBCAC2ZLMA4e7v4nZL 4Fy5X5vfaZ5pGHuh/8i34V4geqbMgWKnTgi2CJkAzglVDkbhpyk/Q8hCj4DdiRMsK4+TpLmp sbCYVGBeoaB/zkhZdjHksymED7V5sUim1BV418JXk19bnrDNFvfyhy8fer8FoDKeT0HJNdab lTt5NJrVFIVmglOZFIF+dSbz+HoH15bbwUDoedM63Q9ChQ5RsPKxiKHbwsYQ6zAJb+f/xLsG RUSzg6q6GPwX0A0P6QMkl2a/OXZhk+LGmzvldg4M0roWr6ohH+4iiBxttId4VACNPjQR7UME c8E6GZTRpviaMTTioXHY2wxkjcD6LmdjZ7Hm7F2NABEBAAGJAiUEGAEKAA8FAlY1RikCGwwF CQlmAYAACgkQ6eKN6gCqVVZbvxAAk1RTjZ017OWt/Tpm7Wa1VprbNPSFmDjzXSjIM2ut7E5B iScJLRy4sl7Fl5GcwS8lWkfIz2n8R7zn0Xj4T91dKZZ4J9m+Mf37cHGBBn5Hp2E6gqoClqbN CNLpWeHtwbLf7p9e513yRZwIdwAC4sHCGSzT6ZpFNhOhTqSj4nllfpbkSSjac5KaeV7oRQXI fE8BvwH02sGM5LpsoifhShrdcoEZe3GjyERbf3oh3cqYnr9pR64DnO8IMc+RL2c+sGPoirVS d/kBCIA8vEABZzpHeoNN4DNu3ykg0d0Knn/2CoMY92w4UGrdDRc++uMOawXtI9aGdtt4AIMy YvHfSO5KtZr+U9sViMhSXiiJ1Ofl46C9nZwjyZ5t5NnwfVh3Am79uhDHrckxJ/2aWOt9KOdY H8QqxovWCCq9esUgV+Q0SXow8zdkBa8lKR2H9xbI4frKULnu29iyIv4CbWOZE8QbjKoBcThA XesRjmVb5bvAYx+t5UMyQKaaH7dVTzvdFiIRM3zm0Hxrpxn3muaGk9WRTzKi+cYlAcT3o2ES mlWXkYGArbRoOtnQ1aXbySkF/+veMptetrZ8nyAZJ5oZmjDJ70EBGHEbEhMhNhYXlua4QIiV HdBRZ93PQnQA5j8JcYkeY8g977F9I/Cjk4xSmEuPZ/rmXci54nqnT4tGKQsdnsW5AQ0EVjVG VQEIAMQWAxQD5XvNeoGOwaT6wA63+R2CY2JWutofvPRdftVyrtp02m8M1gfWevNgiooYpI/4 pJiukC2h1WUyqPVaUdBZC7bM64pSO6LLplel8bASe5gwIIm+zd/0WsjxSmmeJvHwDUzuGp6k kiw2is4b+oiokmgQUZsm0AYkNBjYbsPsBD6b5e8seKidtzdKSmJeZkFw4SqEyxRRbYXtPWub JJQjwDxJMA3xt73wsu08wbshsSESNsT34gxjWWF5EofJrYM2x6jABzhzfbx/tQv7J6z9fBTc e06eanR916OjcDyvEaDRI419Ihlyfp0Lx3zfSy3NP+S0NwALA7pML1h0LbkAEQEAAYkDRAQY AQoADwUCVjVGVQIbAgUJCWYBgAEpCRDp4o3qAKpVVsBdIAQZAQoABgUCVjVGVQAKCRA+F3gX uhub+jcFB/0XRcxwcGMkYiGpTZBt5vo/VlqAv5dBUtG/aNb/Mi4jhXZqWO6SGVpiRHrhlNAd jMWJPB9xvcsxF3GwDJfyIKYJlKAVoArJQDcqyXllqIhmhvWbOFH5Tj/XbZNNbbtvbCXSF+sJ 5l94yI/XGhN+PyQlUaHPOZJparDDuP/WGHe5CkhBLf0zNwf6ingo2qUu2Mi+U/GYhAOIgsz1 sy/8oqLWkMmlNnfYHhNEUTviXiBYd1k9qbCxU7LDvl6+ivbpUiNDn9rhmWz0imQHiheXjuSa H1ytDtxm0V9OxP2SzFrx9cGUV4q24h6ytG1bSE07D96/jSt8xIUfsZUx9BM9XbxhVdYP/jIg tMedxiv6MwVhKbNVhmjaGG/6uYuw+eqQeN1zjmXa1N/TmnEss22hiN9qtsR7QpVcAoo3QtMX YyzeplwMQuEfjCFlGb8sy7IqyoCVnSMVj57zvcQPMzbWbckhpTngYtLqzGPemaGYkoMgS2P8 HRQCQzkR5s3VBDNlpT653lRXo+yVdlJkGk72qlauv4GaRyMASX9f5TNCMl17eXvgyQZvlmge QFWm5UUgxR+J/u+U2yhSJbvkW9d/07zof7D3j+IuNuLXGFszb2916yLSyB7EZATpXFZc9MOj 5wTAf9lvFxo5I69WT999ZtRHVosgtixan2WGhOWjQV5ajCkeVvsBrSP91l8G8bzC5SCO8D5K zBn4SusmgVoK1OVdrNpM9hB5OusRl4ah8+ReC/LaxcFtf/38k73ViKI1+8bD+L7pza5enbLD W95kvIaKmer84FwyD+bfEQo6pvLzxEUBsR30JpmqzkPU8KMFtkbPEIKlQlEbk4vvAN12VDL7 jJsQZIVeH92+X4Wfyf2a7bLufsaNR/YOXLLROeZnzntF7MhS9oO+c8Z/J5py0F0KDRrhCrqb u9lRKRcxpPslTd8DKZ3Qtv64Ij/rPVDzsyHgtcgFd7E6fkKGHeiwz67WjFoLUnf09ry7rua+ yqP9FP9bXSbDaeAq9sGXH7wPTAAwbGSX
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Fri, 13 Sep 2019 03:51:32 -0400
- In-reply-to: <F60FF396-2485-46AF-AF22-95914A0E847B@riseup.net>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- Organization: Guardian Project
- References: <64667627-8ffe-f59e-8109-8258925a7845@guardianproject.info> <F60FF396-2485-46AF-AF22-95914A0E847B@riseup.net>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
teor:
> Hi,
>
>> On 12 Sep 2019, at 20:50, Hans-Christoph Steiner <hans@xxxxxxxxxxxxxxxxxxxx> wrote:
>>
>> Then that work
>> will hopefully be extended into sharing tor between apps, e.g. letting
>> Briar, Tor Browser, etc share the tor SOCKS proxy to other apps that
>> want to use it. That would happen via Android mechanisms like Intents to
>> manage the discovery of SOCKS ports.
>
> It's not always safe to have apps share Tor: a malicious website in one app
> can use various caches to discover activity in other apps. And there may
> be similar data leaks in other shared data structures or network
> connections.
>
> How do these data leaks affect your use cases?
Is there some documentation of these leaks somewhere so I can dive into
it? Like what kind of caches? Browser caches? We're mostly talking
about apps that are not browsers, like messaging, nextcloud, etc.
Currently, running multiple tor daemons is really a showstopper for most
mobile users in the world, both because of battery usage and bandwidth
costs. I guess there was some progress towards getting tor sleeping
more effectively as well as not consuming as much bandwidth in the
background. So the big question is: will it be feasible to have a
usable tor on mobile that aggressively sleeps to stop consuming any
battery and bandwidth when not directly in use? If so, then running
multiple tor daemons should be workable. If not, then we need to find a
way to share the tor daemon across all apps in the device.
With Orbot, all apps are already sharing one tor daemon, so this isn't a
new development.
.hc
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev