On Wed, May 20, 2015, at 03:44 PM, Jens Lechtenboerger wrote: > Hi Nathan, > > many thanks for your quick reply! > > On 2015-05-19, Nathan Freitas wrote: > > > On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote: > >> the usage instructions for Tor on Android at > >> https://www.torproject.org/docs/android.html.en > >> are unsafe for Firefox users. > > > >> Firefox on Android downloads favicons without respecting proxy > >> preferences. See here: > >> https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12 > > > > Yes, that page is very out of date and needs to be updated. It wasn't a > > bug originally, but when Mozilla started moving more code over to > > Android/Java domain, they introduced it. I am making it a priority to > > make sure it is accurate. We have also removed the Proxy Mobile add-on > > from the Mozilla Add-on store awhile ago, when the favicon leak issue > > was discovered. > > Some big warning signs might be a good idea. In particular, on > pages like this: > https://guardianproject.info/apps/firefoxprivacy
Yes, we are actually in a dev sprint right now to do a few things: 1) Remove all traces of broken or no longer recommended solutions 2) Add more clear documentation about when WebView/WebKit apps like Orweb or Lightning are safe to use (on Android 4.3 and higher, etc) > > > Hmm... "Tor Everything" should work if you have a rooted Android device > > with a kernel that supports iptables properly. Also, if you haven't seen > > Mike Perry's post on Android hardening/tuning, please read it: > > https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy > > Great post, many thanks for the reminder! > > > Which Android OS are you running, and which version of Orbot? > > Android 4.2.2. I tried Orbot 15.0.0-RC-3 and 14.1.4-PIE. > > > Have you tried the latest "Apps VPN" feature that tunnels all > > device traffic through Tor without root? > > Initially, I didn’t because the warning said that “it should NOT be > used for anonymity.” > > I just tried that with 15.0.0-RC-3, but failed to get VPN working. > If I klick “Apps” first, and start Tor afterwards, no circuit gets > built. In the log I repeatedly see “The connection to the SOCKS5 > proxy server at 127.0.0.1:10720 just failed.” That is the way to do it (click Apps first, then start Tor). Make sure to disable all root, transparent proxying options, and also flush/remove all transproxy rules in the "Debug" section of Orbot settings. > If I start Tor first, and klick Apps afterwards, I cannot open any > web page. (Very little data transfer is shown for OrbotVPN, some > packets for each web attempt. The Orbot logs show some circuits but > “Tried for 120 seconds to get a connection to [scrubbed]...”) > > I guess that I need “Request Root Access.” Other options? No root is needed for this method. > Firefox without proxy configuration? You don't need any proxy config, correct. > > Finally, if you use Orweb (super basic) or Lightning Browser (most > > features you want), there is no favicon or other leakage. > > I’m surprised that you recommend Orweb. There is a big red warning > at: https://guardianproject.info/apps/orweb/ > > I’ll check out Lightning Browser at some later point in time. Again, that language is out of date. I really need a web / documentation person to help make sure we keep this content accurate. +n -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
