[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor on Android

To: tor-java@xxxxxxxxxxxxxx
Subject: Tor on Android
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Wed, 16 Sep 2009 01:18:09 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-java-outgoing@xxxxxxxx
Delivered-to: tor-java@xxxxxxxx
Delivery-date: Wed, 16 Sep 2009 01:18:22 -0400
Openpgp: id=9D0FACE4; url=http://www.appelbaum.net/gpg.asc
Reply-to: tor-java@xxxxxxxxxxxxxx
Sender: owner-tor-java@xxxxxxxxxxxxxx
User-agent: mutt

Hi *,

The last few days has been an interesting time for Android users. I was
shown a rather awesome looking set of packages ("Tor Proxy" and
"Shadow") in the Android Market. I installed it and took it for a spin.
I found the software to be pretty slick. The browser automatically
invokes the "Tor Proxy" and the "Tor Proxy" program provides both an
http and a SOCKS proxy for connections to traverse the Tor network.

Here's the home page:
http://www.cl.cam.ac.uk/research/dtg/android/tor/

My initial thoughts about the project were pretty positive and I was
impressed that without any real contact, someone had implemented a Tor
client from our specifications. I was a little disheartened to find out
that it was actually based on Onion Coffee. OC is of course a great
example that shows that Tor can run in pure Java. From my understanding,
it was also a good example demo and it was not intended for real
anonymity or security. There's a lot of room for future research. In any
case, it certainly should not be the shipping Tor client for an entire
platform.

According to the Android Marketplace, over 1000 users (but less than
5000) have installed these two applications. It seems relevant to start
a forum for discussing some of the issues relating to an implementation
of Tor on Android. Do we want to look at the project as a good starting
point? Should we consider it time, as a community, to pick up where Lexi
left off? Should we get the C client ported over to Android and packaged up?

Roger and I have discussed the idea of a Java wrapper around the C
reference implementation. Adam Langley did a build of the C Tor client
for Android:
http://www.mail-archive.com/or-talk@xxxxxxxxxxxxx/msg09408.html

Some future work may be looking into packaging up the Tor client written
in C and then tying that together with the fine bindings created by
Connell. This would produce a secure client and a useful interface for
the time being. From there perhaps a good direction would be fixing up
Onion Coffee or creating an entirely new Tor
(client/server/HiddenServices/etc) with a focus on mobile platforms.

Some interesting points to address for a mobile platform (as stated by
Merlijn Hofstra):

	Battery life is a constrained resource
	The CPU is probably quite slow
	Mobile devices have minimal memory
	Network traffic may be costly and/or limited

I think having Tor on Android is very important and it's a good first
step to having anonymity enabled mobile devices.

Best,
Jacob

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: Tor on Android
  - From: Connell Gauld

Prev by Author: Welcome to the Tor Java list!
Next by Author: Issues with Onion Coffee...
Previous by thread: Welcome to the Tor Java list!
Next by thread: Re: Tor on Android
Index(es):
- Author
- Thread