-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi coderman,
> with VPN approach you don't get to control traffic outside routed > range, or before VPN activates, or fail-safe if it drops > un-expectedly, or ... I heard that Android VPNs can have some sort of fail-closed mode, does this apply to Orbot? > note that a tor enforcing gateway approach is preferable to > transparent proxy, security wise. e.g. corridor. i haven't seen > this applied to Android env, which might be interesting safety > buffer around Orweb&Orbot. But the Android device isn't a gateway, unless you're tethering? If you mean only applications with native Tor support should be let through, that's the "access:fenced" option. Setting it up for all of the main device user account is literally that as one line, "access:fenced". Or for just a specific app, it's "access:fenced app:com.example.foo": https://github.com/rustybird/orplug/blob/9a9f53154f5da19216d4d2a893057a9b0d5f438f/orplug/conf/rules/90-user.conf.example#L11-L15 I don't see any security problems per se with transtorifying *on the device that's generating the traffic*? (Transtorifying *other client devices* is problematic, for sure.) Rusty -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJWwGECXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfTpcP/14P32z9Bx5DXXgLSiysuSXa +yBg4DnJ6Vf67nB7COxoE6ca8Q2cz7kT/6dV7/KKkB2RM6ghzG+kH1b1Xz1FSl6F Am6xeRFX8Vu1SOzmMQ2ZG1zcIssP7hlqZHqxrHnN1buKiHj5j7PG1bsMsavtUhJB oHLZmQpMl/RZxf1zsv/uABjU3wcPrIMXbFTYi+mywT2Opr/EGq8pFbP5kj5Lj7dt xyC98lgr3A0WGL3lofQ2Dwmz8gcxBsb5my9yip4JKnvp4sh0yhdvw9rNqLI5NDiz ZB2OjrnW2T6UjmDQXprSFsJKoxWV/Gjz/vh5dzEhEBEs9bWIznaMPhtzXrPrs9ns 6hwvpIsQy/7bTS1X6Itrq6Td/EGIHADtegiD9CBQbOB1wGXrPyAs9KCgV8Em2JNb +zdi4vfm2ZToujqGmltinV51XzyEyNw9j3d44uMY3/yIdpVcwVOIiBvvvBqHLZbT ya9ercbB/b9OIF7bgybVjll6B5SutyGxV2oFVv7p87tw/jAKLZG0ThuRIS4qH69Z noS718nOaa52ZM2FRP+h2nOeJvQo784OisZVvWFy/9LbDHdrDfjhswqa0x0RM78Z zqdiOZ57qlkHwL9MQ+BJ11KNqzFN1x7is7OCIQRJaGp/fZNSfZMsZd1+6gUF8p6r RA6BSiCbgHDFqkZLzxwy =hnP5 -----END PGP SIGNATURE----- _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org