[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26764 [Applications/Orbot]: HTTP proxy bug in Orbot 16.0.2-RC-1
#26764: HTTP proxy bug in Orbot 16.0.2-RC-1
--------------------------------+--------------------------
Reporter: soren@… | Owner: n8fr8
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Applications/Orbot | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------+--------------------------
Comment (by soren@…):
Replying to [comment:7 n8fr8]:
> As for this problem specifically, we moved from using Privoxy inside of
Orbot as our HTTP proxy, to using the new, built-in HTTP proxy feature now
available in Tor. Unfortunately, it only supports HTTP Connect proxy
features, which in the case of Android, seem to only work with HTTPS
traffic. For most apps, this is fine and a good requirement, to ensure
traffic moving through Tor is always HTTPS. However, for a browser, which
may still have HTTP traffic, I see how it can cause problems.
Thanks for the information.
> The answer is to just guide your users to use the VPN feature, which
does work.
I have been recommending that to users for a while, but that doesn't work
well in all scenarios.
https://www.stoutner.com/problems-with-orbot/
For example, Privacy Browser allows users to quickly toggle proxying
through Orbot while leaving Orbot connected so that they can access
resources that are blocked via Tor. This doesn't work with VPN mode
enabled, and starting and stopping Orbot takes a lot longer than the quick
toggle Privacy Browser provides.
https://redmine.stoutner.com/issues/326
> You could also consider building your browser from Mozilla's GeckoView
component, which Firefox Focus uses.
GeckoView is an interesting project, but it isn't a good fit for Privacy
Browser. I have written quite an extensive explanation that is hosted on
my website.
https://www.stoutner.com/geckoview/
The short version is that part of the future of Privacy Browser will be to
create a rolling fork of Android's WebView called Privacy WebView that
exposes many more privacy controls that either GeckoView or WebView.
Privacy WebView will be backwards API compatible with WebView, allowing
custom ROMs to use it as a drop-in replacement for Android's WebView.
This is something that is not possible with !GeckoView.
> This supports SOCKS proxying, which works very well with Tor, and is
much more secure than relying on Android's WebView.
SOCKS proxying support is a nice feature, but Privacy WebView will provide
a more secure web experience that I can see anywhere on the horizon for
!GeckoView.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26764#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs