[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [guardian-dev] orplug, an Android firewall with per-app Tor circuit isolation

On 2/12/16, Rusty Bird <rustybird@xxxxxxxxxxxxxxx> wrote:
> ...
> In my layman's prejudices, the VPN approach's upsides are: no
> superuser privileges needed, and standardization across ROMs. And the
> downside (really unsure here): that some packets, from system
> processes or early in the boot process, could escape the filters?

with VPN approach you don't get to control traffic outside routed
range, or before VPN activates, or fail-safe if it drops
un-expectedly, or ...

it's better than nothing, for some less sensitive uses.

note that a tor enforcing gateway approach is preferable to
transparent proxy, security wise. e.g. corridor. i haven't seen this
applied to Android env, which might be interesting safety buffer
around Orweb&Orbot.

best regards,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to