[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [guardian-dev] orplug, an Android firewall with per-app Tor circuit isolation

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] [guardian-dev] orplug, an Android firewall with per-app Tor circuit isolation
From: coderman <coderman@xxxxxxxxx>
Date: Sun, 14 Feb 2016 05:17:25 +0100
Cc: Nathan of Guardian <nathan@xxxxxxxxxxxxxxxxxxxx>, guardian-dev@xxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 13 Feb 2016 23:17:42 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xq7yDyb0CYYWG9CucCWdGcN6NHOfRhBAUbJjGWKhmTM=; b=X+EjOPnu9VNAxkeZYLWLv22gQrhKJ+BbJY+sYV1qZp+GeVdmjxgC3dG5nS72C/kPf+ zP23onXpD3nh42L5m89ebP/icx8ZiMU2ben0+aOvW+5JDsRhTv7ODt8h5Bt+1fhihZkr OAW1gg5yF1tgV8EUJtqJAEOlbaXb4rN+nefJm8Atj9B/N3Of0i9s///ktkvq7GeLBhLw Ybjt5kjHftlPZdoyt69aM6/2mbEPJ4D6jy9fzze9T90u6r5i7q+97Nz1qjnKp253we1c 8n8A3KOSbON9UQvrKEulq9SjsDHEBIv+PU1HS5nNgpxiv3gCddhpkSmeQJF1q1Zk4gPh oGcw==
In-reply-to: <56BE4071.50609@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <512753.f0610b5a2ba80e2b5e307afc6982286451c15c63@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <56BDDEB4.1070107@xxxxxxxxxxxxxxx> <1455288823.340246.519465714.3E8E8420@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <56BE4071.50609@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 2/12/16, Rusty Bird <rustybird@xxxxxxxxxxxxxxx> wrote:
> ...
> In my layman's prejudices, the VPN approach's upsides are: no
> superuser privileges needed, and standardization across ROMs. And the
> downside (really unsure here): that some packets, from system
> processes or early in the boot process, could escape the filters?

with VPN approach you don't get to control traffic outside routed
range, or before VPN activates, or fail-safe if it drops
un-expectedly, or ...

it's better than nothing, for some less sensitive uses.

note that a tor enforcing gateway approach is preferable to
transparent proxy, security wise. e.g. corridor. i haven't seen this
applied to Android env, which might be interesting safety buffer
around Orweb&Orbot.

best regards,
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] orplug, an Android firewall with per-app Tor circuit isolation
  - From: Rusty Bird

References:
- [tor-talk] orplug, an Android firewall with per-app Tor circuit isolation
  - From: Rusty Bird
- Re: [tor-talk] [guardian-dev] orplug, an Android firewall with per-app Tor circuit isolation
  - From: Rusty Bird

Prev by Author: Re: [tor-talk] Using SDR
Next by Author: Re: [tor-talk] Large spike in .onion addresses - port scan?
Previous by thread: Re: [tor-talk] [guardian-dev] orplug, an Android firewall with per-app Tor circuit isolation
Next by thread: Re: [tor-talk] orplug, an Android firewall with per-app Tor circuit isolation
Index(es):
- Author
- Thread