Re: [tor-talk] Using Orbot standalone

[Nathan Freitas]

> On Mar 30, 2022, at 10:36 AM, Alessandro Donnini via tor-talk 
>  wrote:
> 
> Hi,
> 
> I apologize in advance if this question (see below) was asked (and answered) 
> previously. I could not find any information on it.
> 
> I would like to incorporate a proxy server in my Androd app to perform gate 
> keeping and toll taking functions.
> 
> Orbot is described as
> 
> "... and also provides an HTTP Proxy for connecting web browsers and other 
> HTTP client applications into the Tor SOCKS interface. ..."
> 
> Could (a modified) Orbot be used as a device-based proxy server without 
> interfacing with the Tor network?

It isn’t really meant for that, and would be overkill.

Running a local proxy server in an Android Service isn’t that difficult.

Alternatively, you could use the VPNBuilder interface, which would make "gate 
keeping and toll taking functions” work quite well.

I would look at NetGuard for that: https://github.com/M66B/NetGuard

+n


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Orbot 16.5.1 BETA 2 and more....

[Nathan Freitas]

Orbot 16.5.1-BETA-2 with tor 0.4.5.9 is posted...

Highlights

- tor now at 0.4.5.9 with improved stability of new "in process" mode
- more tuning of snowflake support
- updated translations
- experimental: enable your device to be a snowflake proxy for others 
(at bottom of settings), optionally only when on wifi + charging


tag/APKs: 
https://github.com/guardianproject/orbot/releases/tag/16.5.1-BETA-2-tor.0.4.5.9


APKs: 
https://guardianproject.info/releases/Orbot-16.5.1-BETA-2-tor.0.4.5.9-fullperm-arm64-v8a-release.apk 
(.asc)


F-Droid: standby for the next repo build!

***

Orbot is now built upon the latest "in process" tor-android work done by 
Hans available at:


https://gitlab.com/guardianproject/tor-android/-/tags/0.4.5.9

and https://gitlab.com/guardianproject/torservices/

This allows anyone to easily build in Tor to their app or to utilize the 
new "headless" TorServices app dependency.



All of the Pluggable Transport support is now done through tladesignz's 
(Benjamin E) IPtProxy:


https://github.com/tladesignz/IPtProxy

This is a one-stop shop mobile optimized library for Android and iOS, 
that supports all current production PT's like Obfs4, Meek and 
Snowflake, built on the work done by the Tor Project anti-censorship team.


***

Happy weekend all.

+n




--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] trackers in OONI Probe Mobile App / was: NEW RiseupVPN test in OONI Probe Mobile App

[Nathan Freitas]

On 2/8/21 5:15 AM, Maria Xynou wrote:
>
> We are not sure if we are going to keep Firebase in the long-run, but
> it's difficult to investigate app crashes without proper reports.
>
> Do you have any suggestions for better tools to collect app crashes on
> Android?


Acra is a good, open-source, self-hosted crash reporting system:

https://www.acra.ch/


Best,

   Nathan




signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Browser for advanced users on Android

[Nathan Freitas]

On 10/11/20 9:47 AM, Jonathan Marquardt wrote:
> For example, 
> Orbot is already quite battery-hungry as it is, but running two Orbot 
> instances all the time for browsing while torifying some other things really 
> ain't that great on a smartphone.

This is definitely something we've been talking about awhile, between
the Guardian Project and Tor Browser team.

The good news is that with recent improvements of Tor "idle" features,
there should be very little battery consumption when tor is not in use.
No longer is the daemon constantly creating new circuits if you aren't
asking for them, for instance.

Similarly, with Tor Browser, you really only need the Tor service
instance running when the browser itself is in the foreground. Work is
underway and continues so that tor can bootstrap more quickly, so that
the user doesn't perceive any delay if tor has been shutdown when you
leave the browser.

Lastly, Hans from the Guardian Project team, continues to work on a more
invisible "Tor Service" daemon, that could be installed much like
"Google Play Services", and used by any app or service in a safe, shared
way. We have more work to do here on security risks and threats for
sure, but it is a promising direction.

Best,

  Nathan




signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Wahay: Mumble + Onion Service

[Nathan Freitas]

On 5/29/20 5:25 PM, Rafael Bonifaz wrote:
>
> Our latest project is call Wahay that combines two great projects:
> Mumble and Tor. The user interface is similar to Zoom, where you can
> start a meeting or join a meeting.
Wrapping this all in a familiar Zoom user interface is a great move.
Keep up the great work!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] New podcasts from Guardian Project with OONI and Tor folk

[Nathan Freitas]

If you are looking for some fantastic medium-length listens this week
that feature fantastic members of the Internet Freedom community, well,
search no more!

We've recorded three episodes in the last two weeks during our Clean
Insights Symposium Extraordinaire, that are available to you, free of
charge and free of surveillance (we host the feed and mp3's on
Mayfirst.org). You can listen directly via the links below, RSS feed, or
in your favorite podcasting app (which will potentially track exactly
what you are listening to, how long, from where, etc):

* RSS: https://guardianproject.info/podcast/podcast.xml

* Apple:
https://podcasts.apple.com/us/podcast/en-garde-the-guardian-project-podcast/id150556229

* Spotify:
https://open.spotify.com/show/534fuFbvrIg84c8vlUr2Kp?si=EwvCW79oRhmpFqryfN4HqQ

-

May 22: "Data, People and Dignity Roundtable with Data4Change, Tor
Project, Simply Secure and Okthanks"

Amazing designers talk about data, people and dignity!

https://guardianproject.info/podcast/2020/cleaninsights-data-people-dignity.html

-

May 20 "Clean Insights: Prof. James Mickens and Dr. Gina Helfrich on
Ethics in Computer Science"

Do Deep Fakes matter because they can fulfill childhood dreams of
photorealistic Godzilla or an Avengers movie starring Gandi? Is tracking
the heck out of your users fine, as long as it is you doing the
tracking, or should ethical analytics mean more than self-hosting? How
can we address the often myopic industry and academia to have fewer tech
blind spots? We discuss these things and more!

https://guardianproject.info/podcast/2020/cleaninsights-ethics-in-compsci.html

-

May 12: "Arturo Filastò of OONI, on Measuring the Internet Like an Octopus"

Nathan and Arturo talk through the promise and peril of uncovering the
hidden truths that lurk below!

https://guardianproject.info/podcast/2020/cleaninsights-panel-ooni.html

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Please fix Orbot.

[Nathan Freitas]

Actually, this is the best place for quick response:
https://github.com/guardianproject/orbot or email to
sup...@guardianproject.info

That said, we will need more details. The beauty of Android is also the
pain - the insane diversity of OS versions, community ROMs, hardware
types, unexpected task killing background services, and more.

For the vast majority of Orbot users, it is working, but Hack3rcon at
Yahoo, we do want to help you, too!


On 3/5/20 12:21 PM, james wrote:
> You may have more luck raising a ticket on the Tor bug 
> tracker:https://trac.torproject.org/projects/tor/newticket
>  Original message From: hack3r...@yahoo.com Date: 05/03/2020  
> 09:43  (GMT+00:00) To: tor-talk@lists.torproject.org Subject: [tor-talk] 
> Please fix Orbot. Hello Tor team,Please fix Orbot. The new version can't 
> working properly.Thank you.-- tor-talk mailing list - 
> tor-talk@lists.torproject.orgTo unsubscribe or change other settings go 
> tohttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk



signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] The Orbot not have any update?

[Nathan Freitas]

On 12/6/19 1:09 PM, hack3r...@yahoo.com wrote:
> Hello Tor team,
> I updated Orbot on my BB Aurora cellphone (Android 7.1.1), but after the 
> update the Orbot just show me "Orbot is starting..." and can't connect. I 
> know some users reported this issue, but not solved.
> Please examine it.
>
We have had a number of beta releases working to address this and other
issues, and expect a full release this week.

+n





signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Heads up: Orfox "RIP" EOL is coming, moving to TBA!

[Nathan Freitas]

 Forwarded Message 

Subject:Heads up: Orfox "RIP" EOL is coming, moving to TBA!
Date:   Mon, 2 Sep 2019 22:16:31 -0400
From:   Nathan of Guardian 
Organisation:   Guardian Project
To: Guardian Dev 



We will be officially announcing the end of Orfox this week, by
releasing a final update to the 1.2 million active users of Orfox on
Google Play and F-Droid. We haven't kept Orfox up to date with Firefox
or Tor Browser fixes, so we must bring it to a forced end. Besides, TBA
is looking good and working great, so anyone who wants Tor Browser on
Android should use it.

This "OrfoxRIP" app will replace the existing Orfox app:
https://github.com/guardianproject/Orfox/releases/tag/Orfox-Final-RIP-v16

If you have Orfox still installed, please try installing it over what
you have, and let me know if you have any issues.

Download the APK:
https://github.com/guardianproject/Orfox/releases/download/Orfox-Final-RIP-v16/Orfox-Final-RIP-v16.apk

Otherwise, you can see the discussion and design work on this ticket:
https://trac.torproject.org/projects/tor/ticket/29955

Thanks!

+n







signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Nice to meet you! / WhatsApp by Tor?

[Nathan Freitas]

On 4/16/19 12:41 PM, GTI .H wrote:
> Em ter, 16 de abr de 2019 às 12:25, Nathan Freitas  <mailto:nat...@freitas.net>> escreveu:
>
>
> On 4/16/19 11:48 AM, GTI .H wrote:
> > Please, how can I use Tor to hide the origin IP in WhatsApp Android?
>
> Since WhatsApp is executable code on your Android phone, it can access
> information about your device directly. This includes accessing your
> "real" IP address through local network information APIs.
>
> Okay, but if you do not want to get caught by MATRIX, you can not put
> personal information on your smartphone except a contact list.
> the concern is with destination not to discover the origin. 
>
Agreed. What I am saying is that if your adversary (WhatsApp/Facebook)
can execute code on your device, in the form of the app, then they can
access your actual IP address, actual phone number, IMSI/IMEI and other
unique global identifiers.


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Nice to meet you! / WhatsApp by Tor?

[Nathan Freitas]

On 4/16/19 11:48 AM, GTI .H wrote:
> Please, how can I use Tor to hide the origin IP in WhatsApp Android?

Since WhatsApp is executable code on your Android phone, it can access
information about your device directly. This includes accessing your
"real" IP address through local network information APIs.

Orbot was not designed to protect apps on your phone from accessing the
IP address of your device.

An app like Signal or Telegram, which both have open source clients, are
much more likely candidates to use as apps that don't lookup/track your
local IP address.

+n




signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Orbot 16.0.5-RC-1-tor-0.3.4.9

[Nathan Freitas]

 Forwarded Message 
Subject:Orbot 16.0.5-RC-1-tor-0.3.4.9
Date:   Wed, 14 Nov 2018 10:05:21 -0500
From:   Nathan of Guardian 
Organisation:   Guardian Project
To: guardian-...@lists.mayfirst.org



New Orbot 16.0.5 out now on Github,
https://guardianproject.info/releases and soon on Play and F-Droid!



Orbot 16.0.5-RC-1-tor-0.3.4.9
https://github.com/n8fr8/orbot/releases/tag/16.0.5-RC-1-tor-0.3.4.9
@n8fr8 n8fr8 released this 9 minutes ago
Assets 6

Orbot-16.0.5-RC-1-tor-0.3.4.9-fullperm-armeabi-release.apk
8.93 MB
Orbot-16.0.5-RC-1-tor-0.3.4.9-fullperm-armeabi-release.apk.asc
833 Bytes
Orbot-16.0.5-RC-1-tor-0.3.4.9-fullperm-universal-release.apk
18 MB
Orbot-16.0.5-RC-1-tor-0.3.4.9-fullperm-universal-release.apk.asc
833 Bytes
Source code
(zip)

    Source code
    (tar.gz)

/** v16.0.5-RC-1-tor-0.3.4.9 / 15 Nov 2018 / 2e2f6e7 **/
2e2f6e7 (HEAD -> master, origin/master, origin/HEAD) udpate custom
language/locale handling
c22bfeb adding support for multiple new languages
a3dba71 update strings
2702eaa (tag: 16.0.4-BETA-1-tor-0.3.4.8) update to 16.0.4-BETA-1-tor-0.3.4.8
fcff7ea reimplement custom language support for Aymara
21896f8 (tag: 16.0.3-RC-1-tor-0.3.4.8, public/master) update to
16.0.3-RC-1-tor-0.3.4.8
03a9e24 update localization strings
f68fdc1 update transifex config
f06939b (tag: 16.0.3-BETA-2-tor-0.3.4.8, dev/master) update build 16030020
9d3bd82 udpate default bridges
c207a1e update new simpler notification with "new identity" button
bcae003 add permission to service manifest
a7130ab update to latest tor android 0.3.4.8
a5d1978 update default bridges
ffda769 update NDK build script
3349454 update to latest Pluto obfs4proxy builds
048ed9f Merge branch 'master' of github.com:n8fr8/orbot
84e0433 (tag: 16.0.3-BETA-1-tor-0.3.4.8) update version to
16.0.3-BETA-1-tor-0.3.4.8 and build to 16030010
66cc8ad improve service checking for running Tor instance
6bc161b update to Tor 0.3.4.8
0ff8d7c Merge pull request #173 from haghighi-ahmad/patch-1
772e0db Improve Persian translation and fix grammar.
129b55a Merge branch 'master' of github.com:n8fr8/orbot
1bef963 Merge branch 'Unpublished-deprecated_torrc'
b2bf3d9 Merge branch 'deprecated_torrc' of
https://github.com/Unpublished/orbot into Unpublished-deprecated_torrc
06c343c update launcher web graphic
3433112 update launcher graphics
bd61739 update version and constrains library
9a866aa update gradle tooling
31238af update tor to 0.3.4.7 RC
b0a4990 Merge pull request #168 from av2k/master
f74dea2 torrc: remove deprecated DNSListenAddress and obsolete
WarnUnsafeSocks
5065a65 Merge pull request #1 from
av2k/av2k-patch-better-german-settings-translation
27ee9ed Clarify a German strings.xml translation
a608a96 Merge pull request #161 from bitmold/get-bridge-dialog-improvement
7340e21 Merge pull request #158 from Unpublished/patch
08d242e unused attribute in layout
3e03d22 update request new bridge dialog text
be2d411 Formatted BridgeWizardActivity and layout; removed unnecessary code
0b15ae5 We get a better material design dialog by not using a custom layout
44d088b Only email clients are listed when you request a bridge over email
edc07b0 no previous zipping further reduces apk size
749ca3e proguard: disable obfuscation
65bf70f (tag: 16.0.2-RC-1) update to 16.0.2-RC-1 build 16020041
18528bc (tag: 16.0.2-BETA-3) update to 16.0.2-BETA-3 build 16020013
ae28293 update gradle to produce APKs appropriately named
41e223f update native build to support armeabi-v7a
f7f03f5 (tag: 16.0.2-BETA-2) update to 16.0.2-BETA-2 build 16020012
1dc740a update to latest tor-android-binary library
9a1e6fc add armeabi-v7a build to split APKs
4bdfb79 update code to properly unzip entries from APK zip if needed
0b74afb (tag: 16.0.2-BETA-1) update to build 16020011 16.0.2-BETA-1 with
tor 0.3.3.5-rc
89906a2 update tor vpn values to 192.168.200 base some people might have
conflicts with 10.10.10 base VPN
f702a0e fix country selector spinner bug with phantom selections
3bbf7a1 ensure pluggable transports are updated and set to executable
fa017cf make sure we handle foreground notifications properly
7dd09db update to tor 0.3.3.5-rc
be61431 make sure all the activities we need are included
af1d933 handle phantom selection of country exit - also support custom
exit override issue
8ebd538 add NEWNYM feature back into main app screen
989cbb2 remove old fullperm manifest
be1f73e go back to one manifest will all perms
93a0092 update implementation of language selector
265caa8 add more releae build crunching compression
074411a always show the hidden service menu
93e6cf3 don't show app vpn selection for devices that don't support it
ad18a40 load PT binaries fromthe native library path
3dc40b8 update to use tor-0.3.2.10-dev build with new tor binary method
0d3ef7c update gradle to 3.1.2
49b7228 implement APK splits for architecture specific builds
142d934 update proguard rules
3e8a92a improve how service starts happen on Android O+
6a911d9 Merge branch 'master' of 

Re: [tor-talk] Tor VoIP PBX Architecture Discussion

[Nathan Freitas]

On Tue, Oct 23, 2018, at 1:55 AM, Roger Dingledine wrote:
> On Mon, Oct 22, 2018 at 05:13:39PM +0100, Iain Learmonth wrote:
> > It might also be that half-duplex communication (even if implemented
> > with humans saying "over") could bring benefits as this would allow you
> > to increase the buffer sizes without having people talking over each other.
> 
> Reminds me of the early days in Guardian Project's voice support in Orbot,
> where they essentially built a "push to talk" feature that encoded your
> thing as an mp3 and sent it across the Tor network and played it on the
> other end. I hear that, once you figured out how to use it, it was
> remarkably usable.

You can still do this today but with the Plumble android app and any Mumble 
protocol server. You can also do this with Signal over Orbot - voice calls 
don't work since they are UDP, but voice messages work just fine!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] How can Orbot for Android contact me?

[Nathan Freitas]

On 10/14/2018 06:36 PM, Seth Caldwell wrote:
> I want to know how I can get orbot to send me an SMS or Email if something
> isn't configured correctly or a bug occurs etc. P.S. I am somewhat new to
> Tor being that I only have had it for less than a month so, please don't
> make your response too complicated.
Hi, Seth. I can try to help you, but I am not quite sure what you are
asking for.

Orbot is an app that runs on an Android device, like a phone, tablet or
Chromebook.

You can configure it through the app itself. It will tell you if you
successfully connect or not. There is no need for it to send you an SMS
or email.

If you want the most "fullproof" solution, use Orbot only with the Orfox
browser (or the new Tor Browser for Android currently in alpha release).

Best,
  Nathan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion

[Nathan Freitas]

On Wed, May 16, 2018, at 8:13 AM, Lara wrote:
> On Wed, 16 May 2018, at 11:53, Nathan Freitas wrote:
> > Since we release Orbot roughly 8 years ago, it has been installed
> > more than 20 million times, by people from hundreds of different
> > countries and walks of life. Even better, we have cross the 2 million
> > active user mark, with growing adoption in many “mobile first” parts
> > of the world.
> 
> Congratulations!
> 
> But see the thread about EFF's reaction to the PGP related issues, be
> sure that people do not confound popularity with safety.
> -- 

Agreed. It is good to celebrate milestones to ensure we keep our energy and 
optimism up. Most of the time, however, we keep our heads down, and focus on 
quality. I have been actively maintaining Orbot for 9 years, so keep hope alive!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion

[Nathan Freitas]

Orbot: Over 20 Million Served, Ready for the Next Billion

https://guardianproject.info/2018/05/16/orbot-over-20-million-served-ready-for-the-next-billion/

We recently published the latest release of Orbot (16.0.2!), and as
usual, we make it available via Google Play, as well F-Droid, and
through direct download on our website. Whether we like it or not,
Google keeps tracks of things like total installs and active installs
(i.e. not uninstalled), and reports on that for us through their
dashboard. While publishing this release, we noticed a milestone that
made us a bit proud… so pardon this humblebrag.

Since we release Orbot roughly 8 years ago, it has been installed more
than 20 million times, by people from hundreds of different countries
and walks of life. Even better, we have cross the 2 million active user
mark, with growing adoption in many “mobile first” parts of the world.

Of course, none of this would be possible without Tor Project itself, at
the core of what we do, and empowering us through the years, to pave the
way on free, open, mobile circumvention. We are also especially excited
about the direction things are headed with Tor’s new executive director,
Isabela Bagueros.

That is because Isa understands that the vast majority of the world,
including her home country of Brazil, accesses the internet using
smartphones, which essentially include surveillance, censorship and
privacy invasion as core features. Fortunately, she shares our optimism
that with the right software and service, we can fight back against this
and provide working solutions for human rights defenders, activists,
journalists and everyday people. We are really excited about Tor’s new
mobile initiative and their new stewardship of Orfox (soon to be Tor
browser for Android!). Also, if you didn’t know Isa is the one
responsible for Twitter adding proxy features into their Android app
many years ago!

With that global population in mind, we’ve focused this latest release
of Orbot on size and efficiency, with the goal of making the app less
than 10 megabytes in size. This 10MB limit qualifies Orbot to be
promoted to Android Go devices, which is Google’s attempt to serve “the
next billion”. You might have heard about lightweight “Go” editions of
apps like YouTube, that are both smaller in size, and have features that
enable data saving and offline use. With Orbot, we have started by
focusing on reducing our binary size (which adds up over time with
regular updates, etc), to reduce it by nearly 1/3, instead of just
letting it grow bigger and bigger with each release. Over the next year,
we will be working with the core Tor team to improve the core efficiency
of the service running on mobile architectures, and to implement new
features for data management, battery saving and more.

A deep, onion-infused thank you to the multitudes who have helped us get
to this point. We couldn’t have done it with out all of your patches,
bug reports, complaints, praise, donations and encouragement. Now, let’s
keep it up until we get to the billion install mark!





signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] New release: Orbot 16.0.2-RC-1

[Nathan Freitas]

Orbot 16.0.2-RC-1
Rolling out to Google Play now, and soon F-Droid.

Direct APKs available on the Github release page below.

Thanks to @bitmold @goapunk @pgerber @rjmalagon @Le1b1 for the help with
this release!

Highlights

updated to tor 0.3.3.5 (Onion Services v3 support and more)
split APK distribution for smaller binary size per chip architecture
(< 10MB!)
many fixes for tor, pluggable transport binary installation
No more "Polipo" HTTP server, just using Tor's new built in capability
improved language selection in app
... and much more!


*
https://github.com/n8fr8/orbot/releases/tag/16.0.2-RC-1

 Orbot 16.0.2-RC-1

@n8fr8 n8fr8 released this 15 minutes ago
Assets

9.07 MB
Orbot-16.0.2-RC-1-fullperm-armeabi-release.apk
819 Bytes
Orbot-16.0.2-RC-1-fullperm-armeabi-release.apk.asc
9.07 MB
Orbot-16.0.2-RC-1-fullperm-armeabi-v7a-release.apk
819 Bytes
Orbot-16.0.2-RC-1-fullperm-armeabi-v7a-release.apk.asc
18 MB
Orbot-16.0.2-RC-1-fullperm-universal-release.apk
819 Bytes
Orbot-16.0.2-RC-1-fullperm-universal-release.apk.asc
9.66 MB
Orbot-16.0.2-RC-1-fullperm-x86-release.apk
819 Bytes
Orbot-16.0.2-RC-1-fullperm-x86-release.apk.asc
Source code (zip)
Source code (tar.gz)

Thanks to @bitmold @goapunk @pgerber @rjmalagon @Le1b1 for the help with
this release!

Highlights

updated to tor 0.3.3.5 (Onion Services v3 support and more)
split APK distribution for smaller binary size per chip architecture
(< 10MB!)
many fixes for tor, pluggable transport binary installation
No more "Polipo" HTTP server, just using Tor's new built in capability
improved language selection in app
... and much more!

65bf70f update to 16.0.2-RC-1 build 16020041
18528bc update to 16.0.2-BETA-3 build 16020013
ae28293 update gradle to produce APKs appropriately named
41e223f update native build to support armeabi-v7a
f7f03f5 update to 16.0.2-BETA-2 build 16020012
1dc740a update to latest tor-android-binary library
9a1e6fc add armeabi-v7a build to split APKs
4bdfb79 update code to properly unzip entries from APK zip if needed
0b74afb update to build 16020011 16.0.2-BETA-1 with tor 0.3.3.5-rc
89906a2 update tor vpn values to 192.168.200 base some people might have
conflicts with 10.10.10 base VPN
f702a0e fix country selector spinner bug with phantom selections
3bbf7a1 ensure pluggable transports are updated and set to executable
fa017cf make sure we handle foreground notifications properly
7dd09db update to tor 0.3.3.5-rc
be61431 make sure all the activities we need are included
af1d933 handle phantom selection of country exit - also support custom
exit override issue
8ebd538 add NEWNYM feature back into main app screen
989cbb2 remove old fullperm manifest
be1f73e go back to one manifest will all perms
93a0092 update implementation of language selector
265caa8 add more releae build crunching compression
074411a always show the hidden service menu
93e6cf3 don't show app vpn selection for devices that don't support it
ad18a40 load PT binaries fromthe native library path
3dc40b8 update to use tor-0.3.2.10-dev build with new tor binary method
0d3ef7c update gradle to 3.1.2
49b7228 implement APK splits for architecture specific builds
142d934 update proguard rules
3e8a92a improve how service starts happen on Android O+
6a911d9 Merge branch 'master' of github.com:n8fr8/orbot
a94d2c9 Merge pull request #146 from bitmold/package-refactor
5f33788 control package name didnt match dir
456f896 set pdnsd path dynamically, in case it is installed elsewhere
2b40105 use Tor's built-in HTTP server instead of Polipo
e903ea9 change how we look up the version of tor being used
6678399 update dependency command
c6630b9 update dependency command
bc863d4 updating to build 16010011
a957986 updating store descriptions
8867c33 adding new strings for onboarding
dd0e2a0 updated strings for multiple locales
a66ff47 update localized strings
e0293ac Merge pull request #135 from bitmold/prefs-improvements
fdd6b52 Merge pull request #139 from bitmold/back-closes-log-not-app
f151b37 Merge pull request #127 from bitmold/string-fixes
923be64 Merge pull request #129 from bitmold/patch-2
d1daf86 Merge pull request #141 from bitmold/no-phone-state-perm
d0cc453 Merge pull request #143 from bitmold/app-sorting-case-insensitive
e244df9 Merge branch 'master' of github.com:n8fr8/orbot
bae861e switch to 1.1.1.1 for default DNS
5d9fc75 update gradle to 4.4
f2c3753 update gradle, SDK, dependencies, etc
1c9afcb toUpperCase -> compareToIgnoreCase
0675600 App sorting for TorifiedApps is case insensitive
505223b removed legacy READ_PHONE_STATE perm
87401d0 When log is open, the back btn closes it
a4ce29d Merge pull request #137 from bitmold/patch-3
ca3856c Update BUILD
13ea11d update preference summaries
f117dac cleanup
49ee3ae textPassword inputType for proxypasswd dialog
8a14136 port settings use inputType=number
db74f05 formatted preferences.xml
d681dce Merge pull 

[tor-talk] Fwd: Orbot 16.0.2-BETA-1 with Tor 0.3.3.5-RC

[Nathan Freitas]

 Forwarded Message 
Subject: Orbot 16.0.2-BETA-1 with Tor 0.3.3.5-RC
Date: Sat, 12 May 2018 01:03:56 -0400
From: Nathan of Guardian 
Organization: Guardian Project
To: Guardian Dev 

Orbot 16.0.2-BETA-1 with Tor 0.3.3.5-RC is out. Please test!

https://github.com/n8fr8/orbot/releases/tag/16.0.2-BETA-1

We are now using the "split APK" build method to automatically generate
seperate APKs for armeabi and x86, as well as a universal APK. We are
also now using proguard optimizations on the release builds.

This allows us to get the size down for the per architecture APK files
to under 10MB, which means it will be included in the Play Store for
Android Go devices. It is also just a general goal of ours to not follow
the trend of bigger and bigger apps, and to instead, be considerate of
those with the least amount of mobile data and storage.

Otherwise, this build includes:
- A new, more reliable method of installing all the various binaries
- Added "new identity" aka "newnym" menu button on main screen
- Improved language selector (no more random swahili)
- No more Polipo, now using Tor's build in HTTP proxy
- and all the latest improvements from Tor 0.3.3.5




@n8fr8 n8fr8 released this just now
Assets

8.35 MB
Orbot-16.0.2-BETA-1-armeabi.apk
819 Bytes
Orbot-16.0.2-BETA-1-armeabi.apk.asc
13.1 MB
Orbot-16.0.2-BETA-1-universal.apk
819 Bytes
Orbot-16.0.2-BETA-1-universal.apk.asc
8.94 MB
Orbot-16.0.2-BETA-1-x86.apk
819 Bytes
Orbot-16.0.2-BETA-1-x86.apk.asc
Source code (zip)
Source code (tar.gz)

0b74afb update to build 16020011 16.0.2-BETA-1 with tor 0.3.3.5-rc
89906a2 update tor vpn values to 192.168.200 base some people might have
conflicts with 10.10.10 base VPN
f702a0e fix country selector spinner bug with phantom selections
3bbf7a1 ensure pluggable transports are updated and set to executable
fa017cf make sure we handle foreground notifications properly
7dd09db update to tor 0.3.3.5-rc
be61431 make sure all the activities we need are included
af1d933 handle phantom selection of country exit - also support custom
exit override issue
8ebd538 add NEWNYM feature back into main app screen
989cbb2 remove old fullperm manifest
be1f73e go back to one manifest will all perms
93a0092 update implementation of language selector
265caa8 add more releae build crunching compression
074411a always show the hidden service menu
93e6cf3 don't show app vpn selection for devices that don't support it
ad18a40 load PT binaries fromthe native library path
3dc40b8 update to use tor-0.3.2.10-dev build with new tor binary method
0d3ef7c update gradle to 3.1.2
49b7228 implement APK splits for architecture specific builds
142d934 update proguard rules
3e8a92a improve how service starts happen on Android O+
6a911d9 Merge branch 'master' of github.com:n8fr8/orbot
a94d2c9 Merge pull request #146 from bitmold/package-refactor
5f33788 control package name didnt match dir
456f896 set pdnsd path dynamically, in case it is installed elsewhere
2b40105 use Tor's built-in HTTP server instead of Polipo
e903ea9 change how we look up the version of tor being used
6678399 update dependency command
c6630b9 update dependency command
bc863d4 updating to build 16010011





signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Anonymity and Voip

[Nathan Freitas]

On 05/09/2018 10:57 AM, Nathan Freitas wrote:
> 
> 
> On 05/09/2018 09:27 AM, panoramix.druida wrote:
>> Hi I would like to know your thoughts about anonymity and voip. I would like 
>> to know if it is possible to hide the fact that Alice is talking to Bob and 
>> that content of the communication is secure of course.
>>
>> I see that Whonix people have thought about this before and have a nice Wiki 
>> page:
>> https://www.whonix.org/wiki/VoIP
>>
>> They recommend Tox and Mumble. Would something like Ring would work over 
>> Tor? Have you try Mumble as hidden service?
> 
> Mumble works great over Tor. On Android, you can use Plumble, and it
> works directly with Orbot, Tor for Android.

One important point though, is that Mumble does NOT have end-to-end
encryption. This means you need to trust whoever is running the Mumble
onion server. The good news is that, as an Onion, you can run it on a
laptop, anywhere, and don't need a fixed server.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Anonymity and Voip

[Nathan Freitas]

On 05/09/2018 09:27 AM, panoramix.druida wrote:
> Hi I would like to know your thoughts about anonymity and voip. I would like 
> to know if it is possible to hide the fact that Alice is talking to Bob and 
> that content of the communication is secure of course.
> 
> I see that Whonix people have thought about this before and have a nice Wiki 
> page:
> https://www.whonix.org/wiki/VoIP
> 
> They recommend Tox and Mumble. Would something like Ring would work over Tor? 
> Have you try Mumble as hidden service?

Mumble works great over Tor. On Android, you can use Plumble, and it
works directly with Orbot, Tor for Android.

In general, the issue with VoIP over Tor, is that Tor only supports TCP,
and not UDP, which most voice and video services require.

+n


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fixing Orchid (Tor reimplementation in Java)

[Nathan Freitas]

On 04/17/2018 10:27 AM, Masayuki Hatta wrote:
> As some of you might remember, there was a thing called Orchid, an
> independent Tor client/library implementation written in pure Java.
> Unfortunately, Orchid became an abandonware (I suppose) and doesn't
> work at all for a while.
> 
> Recently, I was interested in Orchid and could fix most of the
> important bugs.  Now Orchid works again.
> 
> I'm not really a Java (and Tor) guy, so this is basically for my
> education, but if you are interested, please give it a try (and send
> me patches or PRs if you find anything bad).
> 
> You may find new Orchid:  https://github.com/mhatta/Orchid

Nice work! Any interest on doing any performance test comparison against
the native/C tor daemon.

With Orbot, I've definitely been interested in having a extremely
lightweight minimal version of the app, that is pure Java. I know there
are also many still interested in tor-ifying their apps, but without the
3-7MB tax that using native code adds.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] What does this log mean?

[Nathan Freitas]

On Sat, Jan 6, 2018, at 3:24 AM, Jason Long wrote:
> Hello.What does this log mean?

It means you successfully connected to Tor, using Orbot. Congratulations!

You are using one of the Meek Bridge servers, which has a lot of users, which 
is likely why you received the message about the overloaded node.

Is everything else working for you?



> Set background service to FOREGROUNDOrbot is starting…Orbot is starting…
> updating settings in Tor serviceupdating torrc custom 
> configuration...success.Orbot is starting…Waiting for control 
> port...Connecting to control port: 5SUCCESS connected to Tor control 
> port.SUCCESS - authenticated to control port.Starting Tor client… 
> complete.adding control port event handlerSUCCESS added control port 
> event handlerTor started; process id=2192Starting polipo processPolipo 
> is running on port:8118Polipo is runningNOTICE: Bootstrapped 80%: 
> Connecting to the Tor network NOTICE: Bootstrapped 85%: Finishing 
> handshake with first hop NOTICE: Bootstrapped 90%: Establishing a Tor 
> circuit Circuit (1) BUILT: TorLandMeekCircuit (2) BUILT: 
> cymrubridge02NOTICE: Your Guard 
> $B9E7141C594AF25699E0079C1F0146F409495296 
> ($B9E7141C594AF25699E0079C1F0146F409495296) is failing more circuits 
> than usual. Most likely this means the Tor network is overloaded. 
> Success counts are 141/213. Use counts are 59/72. 195 circuits 
> completed, 16 were unusable, 37 collapsed, and 19 timed out. For 
> reference, your timeout cutoff is 163 seconds. Circuit (4) BUILT: 
> TorLandMeek > Hindenburg > AccessNow001NOTICE: Tor has successfully 
> opened a circuit. Looks like client functionality is working. NOTICE: 
> Bootstrapped 100%: Done Circuit (3) BUILT: TorLandMeek > bonjour2 > 
> tollanaCircuit (6) BUILT: TorLandMeek > ieditedtheconfig > 
> morecowbellCircuit (7) BUILT: TorLandMeek > ymkeo > norco176.10.99.201 
> Switzerland (SOFTplus Entwicklungen GmbH)Circuit (5) BUILT: TorLandMeek 
> > PartitoPirata > Multivac85.248.227.164 Slovakia (BENESTRA, 
> s.r.o.)176.121.10.45 Ukraine (Global Data Networks LLC)176.107.185.22 
> Ukraine (PE Freehost)163.172.53.84 France (Online S.a.s.)
> 
> Thank you.
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Orbot v16 (16.0.0-RC-2) is out

[Nathan Freitas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Orbot v16 is out:
https://guardianproject.info/2018/01/05/orbot-v16-a-whole-new-look-and-e
asier-to-use/



Orbot: Tor for Android has a new release (tag and changelog), with a
major update to the user experience and interface. This is the 16th
major release of Orbot, since it was launched in late 2009.

The main screen of the app now looks quite different, with all the major
features and functions exposed for easy access. We have also added a new
onboarding setup wizard for first time users, that assists with
configuring connections to the Tor network for users in places where Tor
itself is blocked. This release also continues to support users looking
to use Orbot to unblock specific apps, that may not be available on
their network or country. From the main screen, users can activate
Orbot’s built-in VPN feature, and easily choose which specific apps they
want to be routed over the Tor network. You can also refresh your Tor
identity, rebuilding all circuit connections through the network, using
the circular reload icon in the expanded notification provided by Orbot.

The update is rolling out on Google Play, and will also be available on
Guardian Project’s F-Droid Repo soon. You can also find Android APKs on
Github.

THANKS TO: pgerber, syphyr, Khsed4, BjarniRunar, Unpublished,
igortoliveira, goapunk, SpotComms, AkshatAgrawal05, dixidroid, arrase
and others for the bug reports and fixes



/** v16.0.0 RC 1 / 5 Jan 2018 /
309c42be916d866a28adacb0a4f92d692cbd6009 **/

7e9890e tweak default bridge behavior based on locale
fec853c updates to notification for Android O / SDK26
b161043 Merge pull request #106 from Unpublished/fix_binary_search
ab472d5 Merge branch 'syphyr-master’
4fc3e7e Merge branch ‘master’ of https://github.com/syphyr/orbot into
syphyr-master
792ee2b Merge branch 'BjarniRunar-master’
0d4a735 Merge branch ‘master’ of https://github.com/BjarniRunar/orbot
into BjarniRunar-master
c7b1441 add comment about app updates URL
d21ff80 update strings and code for switching Locale in app
5c5790c fix binary search
38b0063 update build to 1605/6 for 16.0.0-BETA-2
7da26a3 update strings from transifex
ce714fa use the proper localized start/end params
38cc29c externalize more strings
8bcc9a4 update gitignore
6e3b6ba add onboarding strings localizatoin
154e373 ensure appupdater check starts up
703f8a1 move update back to older (reduce version code)
b556518 move update back to older version
680d108 update json for testing
e4f6348 test updating json
dafcdd7 enable AppUpdater notificatoins through Github
3b5a361 update handling of vpn enabled and app onclick
e21474c updates to layout and strings for bridge wizard
2a9691c make sure the back arrow works
244231c remove activity no longer used
0284130 remove out activity no longer used
e487f34 update strings
8fd0bd0 update tor-android to 0.3.19b (updated geoip databases)
ad51bed update transifex configuration
a08c707 update app store descriptions
2ced17a update build SDK targets to 26
5c22de2 manifest updates: remove superuser, enable chromebooks
b4aa9d8 more improvements for bridge wizard
df37b8c add bridge wizard testing code
14ce4f6 big update for new onboarding, bridge wizard
2ceacf6 move bridges to raw resources
938a740 improve vpn app enable view on main activity
ba358a4 add new orfox and settings icon
5bd5a56 VPN should be off by default
e464044 connection might be null
51216a4 Add new preference: pref_open_proxy_on_all_interfaces
21b4521 Update version strings in help->about
5500b50 update spuport library version
546310a improve notifications, add refresh/newnym button
877406f tweak layout
b68132b fix title for tor app section
7210223 fix handling of intents
47e10e7 fix issues with bridge selection UI
e6bd23a more UI updates and small improvements
d9bd32a more UI updates
7303a33 work on the new UI update
6a19bf6 update UI tweaks for next release
3741434 don’t show app selection each time you turn VPN on/off
4df2fcf move “other” installer back to tor resource installer
f3f9162 don’t delete installed binaries
6493d8d Merge pull request #104 from igortoliveira/remove-java-file
fc4d6aa improve app loading time for VPN app dialog
fbeff25 Remove leftover Java file
544ea7b update build to use tor version constant from tor-android-binary
977167b ZMerge branch ‘master’ of github.com:n8fr8/orbot
b07d4fe removed unused submodules, moved to gradle tor-android
d392ecd remove unneeded external dirs for making tor
3d729fc switch to using tor-android binary in TorService
6f364de use the new tor-android gradle dependency
https://github.com/n8fr8/tor-android
c7f834b moving binary files, use tor-android gradle
3b5e27e removing external depends, moving to tor-android gradle
898f64a Merge pull request #99 from goapunk/update-BUILD-instructions
e14d647 update BUILD
fce5bde add autopoint to dependencies
72c7e04 Merge pull request #97 from SpotComms/padding
8cf412a Merge pull request #98 from 

[tor-talk] Fwd: [guardian-dev] Orbot v16.0.0 alpha 1 is up

[Nathan Freitas]

 Forwarded Message 
Subject: [guardian-dev] Orbot v16.0.0 alpha 1 is up
Date: Wed, 13 Dec 2017 16:01:21 -0500
From: Nathan of Guardian 
Organization: Guardian Project
To: guardian-...@lists.mayfirst.org

Greetings from the Mozilla All-Hands dev meeting in Austin, TX. I always
enjoy coming to these because it makes me focus on Orbot and Orfox for a
few days, thus the updates to Orfox and now Orbot I am posting.

I've tagged and posted an early build of the next big Orbot update:

https://github.com/n8fr8/orbot/releases/tag/16.0.0-ALPHA-1

The focus on the v16 update is to make using the VPN feature easier and
more obvious, as well as helping people use and discover bridges. We
will be incorporating work from the new Onion Browser v2 onboarding
experience, and trying to incorporate best practices from popular VPN
apps, as well.

Other than the new UI, the big difference is that Orbot now incorporate
the tor binaries through a Gradle dependency. This build is updated to
the latest Tor 0.3.1.9 release.

https://github.com/n8fr8/tor-android

repositories {
maven { url
"https://raw.githubusercontent.com/guardianproject/gpmaven/master; }
}

and then add the dependency, setting it to the latest version (or any
version) we have made available, as a release:

dependencies {
compile 'org.torproject:tor-android-binary:0.3.1.9'
}

Thanks for any help or feedback!

+n
___
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Orfox 1.4.1 RC 1 (TB 52.2 / 7.0)

[Nathan Freitas]

We have a new small update of Orfox out, that fixes two minor, but
annoying issues:

* 0dd2ea0 Don't remove referer (Tor Browser doesn't) #23273 tor trac
https://trac.torproject.org/projects/tor/ticket/23273
* 9669dbf update user-agent to 52 Mozilla/5.0 (Android; Mobile; rv:52.0)
Gecko/20100101 Firefox/52.0

Release for testing is here:
https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.0-1%2FOrfox-1.4.1-RC-1





signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Re: [guardian-dev] No more “Root” features in Orbot… use Orfox & VPN instead!

[Nathan Freitas]

FYI...

 Forwarded Message 
Subject: Re: [guardian-dev] No more “Root” features in Orbot… use Orfox
& VPN instead!
Date: Fri, 27 Oct 2017 13:16:34 -0400
From: Nathan of Guardian 
Organization: Guardian Project
To: guardian-...@lists.mayfirst.org

now in plaintext... (sorry new install of Thunderbird had HTML enabled)



https://guardianproject.info/2017/10/27/no-more-root-features-in-orbot-use-orfox-vpn-instead/

Since I first announced the available of Orbot: Tor for Android about 8
years ago (wow!), myself and others have been working on various methods
in which to make the capabilities of Tor available through the operating
system. This post is to announce that as of the next, imminent release,
Orbot v15.5, we will no longer be supporting the Root-required
“Transproxy” method. This is due to many reasons.

First, it turns out that allowing applications to get “root” access on
your device seems like a good idea, it can also be seen as huge security
hole. I am on the fence myself, but considering that the ability to
access root features hasn’t been standardized as part of Android, which
8 years ago I hoped it would, it means there are a whole variety of ways
that this capability is managed and safeguarded (or not, in most cases).
At this point in time, given the sophistication we are seeing mobile
malware and rootkits, it seems like a capability that we did not want to
focus time and energy on promoting.

Second, for those who do want to use root features, and know what they
are doing, there are a bunch of other apps that do that job better than
Orbot did. I admit, we let our code in that area degrade a bit, as the
dev team themselves moved away from phones with root features. So,
instead, if you really want to do cool things with iptables rules, you
can use AFWall+, available on F-Droid and Google Play.

In order to make AFWall+ work with Orbot, you can follow Mike Perry’s
excellent “Mission Impossible Android” guide in which he provides
“DroidWall Scripts” necessary to enable automatic Tor routing on boot.
You can also check out the sadly no longer maintained, but useful,
Orwall app which was meant to take on all the root features of Orbot.

Third, we really, really think it is a bad idea to just send all of the
traffic of your device through the Tor network. While it sounds like a
great idea in theory, much like many “magical” Tor router kickstarter
projects, it turns out that unless you can be assured an app is using
TLS properly, then there is a chance that bad things could happen to
your traffic as it exits the Tor network. Rather than promote some kind
of auto-magical “enable Tor for my whole device”, we want to focus on
ways to enable specific apps to go through Tor, in a way we can ensure
is as safe as possible.

For instance, we now have an excellent browser app, Orfox, that is based
on Tor Browser, and works perfectly with Orbot. If you just want to
access the web and onion services, like the new New York Times onion at
https://www.nytimes3xbfgragh.onion/, then just use Orfox. There is no
need for any fancy rooting or transproxying. There are also many others
that supporting routing through Orbot directly, such as
Conversations.im, Facebook for Android, DuckDuckGo, F-Droid, OpenArchive
and many more to come! If you are interested in enabling your app to
work with Orbot, check out our NetCipher SDK, which makes it easy to do
just that.

Fourth, Orbot has for some time supported use of Android’s VPN features
as a way to tunnel traffic through Tor. You just open the left-side
menu, and tap “Apps VPN Mode” or tap on “Apps…” on the main screen.
Choose the apps you want to run through Tor, press the back button, and
then the VPN will start up, rerouting outbound traffic back through the
local Tor port. This method is 100% support by Android, and requires no
vulnerabilities or exploits of your device to gain root access.


Orbot Apps VPN view, home screen with Apps… button, and VPN sidebar

I know that even with all of these justifications, some users will be
disappointed with the fact we have removed root features from Orbot.
Perhaps that will motivate some to reignite development of Orwall, or
maybe help us make the VPN features in Orbot work even better. Another
route is to support the Tor’s Android phone prototype or perhaps
integrate Tor “root” features directly into a community Android OS
project like Copperhead or Legacy. We would be happy to see all of these
happen.

For us, though, removing root means we can focus on making Orbot more
streamlined, more stable, and more compatible with Android, for our 2
million+ active users, who are mostly focused on finding an easy
solution for unblocking sites and apps, and allowing them to communicate
and browse freely without fear of reprisal.




___
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  

[tor-talk] ANN: Orbot v15.5 RC 1

[Nathan Freitas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



A new release of Orbot has been tagged:

https://gitweb.torproject.org/orbot.git/tag/?h=15.5.0-RC-1-multi-SDK16

CHANGELOG is here:

https://gitweb.torproject.org/orbot.git/tree/CHANGELOG?h=15.5.0-RC-1-multi-SDK16

Highlights

* Update to Tor 0.3.1.8
* Removed support for Root / Transproxy functions as they had become
unreliable and untested
* IMPROVED support for VPN transparent proxying and new "Apps" app
selection user interface
* Address Obfs4proxy license info inclusion issue
* Update to latest Tor support Meek bridge locations

***

You can find APKs posted on the Github release page:

https://github.com/n8fr8/orbot/releases/tag/15.5.0-RC-1-multi-SDK16

and here:

Android 4 / 5:
https://guardianproject.info/releases/Orbot-15.5.0-RC-1-multi-SDK16.apk
(.asc)

Android 6+:
https://guardianproject.info/releases/Orbot-15.5.0-RC-1-multi-SDK23.apk
(.asc)

Expect these builds up in our FDroid repo shortly as well.

***

Here is the changelog through the 15.4.4 beta (which became 15.5 RC 1):

** v15.4.4 / 28 Oct 2017 / 032321656999543ab160f9739ca175d790bbd974 **/

0323216 update to 15.4.4-BETA-2-multi-SDK16
e1ba02a improve the layout!
a685bf1 remove unsupported preferences
0910374 clean up variables and improve how tor process is launched
d24aab8 update to Tor 0.3.1.8-openssl1.0.2k
165e95a update layout to present "Apps..." option on the main screen
dc7aee1 update tor to 0.3.1.8
440290e show warning about removal of transproxy support - also make app
selection more streamlining
9140ba6 we no longer ship xtables, so don't try to install it
f09508d remove unused permission
e6003f6 update tor constants to 0.3.1.7-openssl1.0.2k
d86ace6 update version to 15.4.4-BETA-1 update gradle depends
90975fb update Makefile for tor compression options
25425a6 remove xtables and iptables (no more root support)
b0b6b68 tor-0.3.1.7 update
dceea11 update version 1543 aka 15.4.3-RC-1-multi-SDK16
b98a0ff simplify bridge selection screen
1e2074c update main activity to clean up intents
a5015dc update about layout to show obfs4proxy
b322e53 make sure receiver unregisters when destroyed
2bd5614 update to latest meek amazon bridge:
https://trac.torproject.org/projects/tor/ticket/21918
01176b1 big refactor for multiple reasons - implement LICENSE display in
About dialog - remove root transproxy features - general crufty stuff cle
anup
70693bf update to 4.9 NDK biuld
c4867ba update Makefile to target NDK 4.9
6ca89b3 remove old manifest
cc3c451 update license for better Obfs4proxy display
632824b remove RootCommands library as we don't need it now
d190f3a add license asset for display in the app
ebc362c add copyright notice from Obfs4 in the LICENSE file
5b255df update target SDK to 23 so we don't have perm downgrade issues


-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBAgAGBQJZ8LXhAAoJEKgBGD5ps3qpKcMP/3YIBLJ8PMevrJFGjrjMz6eW
23+AVROG1gf2W7rMGB8adMskxVD/CSvkNFJ3OApdAEe3BiXNKBcnImaTP9KrVV+m
xfpJ+Wehb5lj/7sZnXH+mgwfnOOIljVMI+2AjteFM1QgJJoaYc/OAPt3RMZUn4XQ
lbR1QwvJx/eQpGexUbW+HMUNRXz/dnvVxqUkDdPcs5FOGOaIUz7WmHpm61nxCov5
OBNZHU/RvQN74PfKqdHjZpb4shL1Ir+KhykI/4Ez8JJvhPy2xVUSRTuPSt6i2u4w
vLZDviEC1ECdq9nLxMcxm4BHufQw2vpKYhe8xEDg5YbEajgFf6cJP1TYr3ekmQfo
AQ+WMSpkOHqXzMeRSU1r4MjZ9CS4RXDkdwXdOYFerSanu0tpvXE9EJir5+Uv5kjd
Iq4kwbvbPl0BuOkPrl3ip24MVRHQ/0QKyyBnz5L7zEt8Jld4b5samLexYEbgJgqt
JanyCKcrwOnI46SNTfRe8Nj8fWjS3u46AZKWEdksP+cWklSGUxtpY78Z14ary7Oi
2QmmrLMkTVBjM7wRW++Q11JDouZTpkXe+wMeAMDmidMJ9y/nHffBi3KgYkEgpdcn
I7mNEfEu8RUu4+dj+Do45c+WNXPdHJiYLzqGX4AkxkpG6Lfcpocn0IcX1gyAAO4z
YAm7olsymgGfLAE/OrGX
=cCQr
-END PGP SIGNATURE-

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Orfox v1.4 RC 2 "For Bassel"

[Nathan Freitas]

- Original message -
From: Nathan of Guardian 
To: guardian-...@lists.mayfirst.org
Subject: Orfox v1.4 RC 2 "For Bassel"
Date: Thu, 03 Aug 2017 16:02:07 -0400


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Orfox v1.4 RC 2 "For Bassel"

- - Update based on Firefox ESR 52.2 and Tor Browser 7.0.x releases
- - NEW: Includes new "Orfox Settings" security slider to easily
configure advanced privacy settings
- - ADD-ONS: Updated to latest HTTPS Everywhere and NoScript;
IMPORTANT: To auto-install add-ons, please do a fresh/clean install of
this release
- - All permissions disabled except for "Storage" access to enable
browser to save files to external storage, and to allow the user to
upload files from storage

APK and sigs here:
https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.0-1%2FOrfox-1.4-RC-2

and here:
https://guardianproject.info/releases/Orfox-v1.4-RC-2.apk (.asc)

***

This release is for Bassel:
https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.0-1%2FOrfox-1.4-RC-2-FOR-BASSEL
@n8fr8 n8fr8 tagged this a minute ago

http://freebassel.org/campaign/statements/2017/08/03/death-of-bassel-khartabil/

The following is a statement from the #FREEBASSEL campaign regarding the
death of Bassel Khartabil, an award-winning Palestinian Syrian
open-source software developer. He was 34.

“We are heartbroken to share the news that Bassel Khartabil was executed
by the Syrian government some time after his disappearance in October
2015 in Damascus, Syria.

“Bassel Khartabil, also known as Bassel Safadi, was born in Damascus,
Syria on May 22, 1981. He grew up to pursue an education and career in
computer engineering. He was the co-founder of the collaborative
research company Aiki Lab, and the CTO of the publisher Al-Aous. He
served as the first project lead and public affiliate for Creative
Commons Syria, and contributed to numerous Internet projects, such as
Mozilla Firefox and Wikipedia




- --
  Nathan of Guardian
  nat...@guardianproject.info
-BEGIN PGP SIGNATURE-
Version: Mailvelope v1.8.1
Comment: https://www.mailvelope.com

wsFcBAEBCAAQBQJZg4EwCRCoARg+abN6qQAAx78P/R6RTVPyQfBYf/MFIbzB
JdRhS9GyrHUM7y2hDPC/XqV4UzNax2D0llSh3QEOa8PjSod5NFvW9UBGfzSe
q13gXbzHUlglWQe+WNE6KaegXQTbGFaOTWhIOw4ZZ3RW7TY7ZQeic0YnT7tW
hV4DgP/uHhdKLMZ4k2/5Zba1CdK3vzERQen8bdUkXnJVgGbUATF2aFLM28JH
sYhnkn0sZc9u9kKINkSwQ3eDzFsTf40+FPoqTeazM1vHinjEdJYg3IQKc+QM
x/aOnjWfSiDpX1hru+68r56ihaM3cOsXAmNKbExYGqvLHadAeKvSIpw+aEdq
8Jp836ADQ5AMW46CUbf8gg7CeAnvw1aTZbnQ0SNUeGUxokoX6BOp4dcvF+RD
9aSCPzTF2Y5RLypQBYJj0+9/xjsfZqfYGbr9G9B50y1npVJ+ehpwfUOGuOy5
Iif6FB6wtUEO6BycIoN3hvLos+FgRieVjsZTlSeyU36HPd5KNqPVu9qT5LoM
rCf6z/AoCSDz/SMqHNlbfDcJ/3ma8nMc9hEl2zv4hvzzjZnWagUgMyq81sQW
sFP4I/8qHN4L5Peix2AbwsZiNgQpI889PQNNIX6tssWKy4wYKJ50zEVh4K6M
IWDNk0Mjc8dVMsmQMuFvah1IU5TjCxomR5Fh4rcllt/knfp6KZQtxKOQUItb
tuaH
=fmvV
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: Orfox v1.4 Beta (based onTor Browser 7.5) is out

[Nathan Freitas]

We found some new Android/Java leaks in the last build, and have
produced a new beta for testing. The APK for Orfox v1.4 beta 3 is posted
here:
https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.5-1%2FOrfox-1.4-beta3

If you are interested in helping test, the "Grey Shirts" provide some
great tools for packet capture and network monitoring, that make it easy
to discover leaks:
https://play.google.com/store/apps/developer?id=Grey+Shirts

Unfortunately, they are not open-source. 


On Fri, Jul 21, 2017, at 11:37 PM, Nathan Freitas wrote:
> - Original message -
> From: Nathan of Guardian <nat...@guardianproject.info>
> To: guardian-...@lists.mayfirst.org
> Subject: Orfox v1.4 Beta (based onTor Browser 7.5) is out
> Date: Fri, 21 Jul 2017 23:36:54 -0400
> 
> A new beta build of Orfox 1.4 is now up with an updated version of the
> new Orfox Setsings (aka Tor Browser Settings) add-on. You must do a
> fresh install of the app to get the automatic installation of HTTPS
> Everywhere, NoScript and Orfox Settings.
> 
> WARNING: We are still fully auditing this build and reviewing new
> functionality and code available in Firefox/Fennec ESR52 to ensure there
> are no network leaks or other privacy decreasing features. 
> 
> We expect to ship a release candidate around August 1st. 
> 
> ***
> 
> You can find the APKs for download here:
> https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.5-1%2FOrfox-1.4-beta2
> and here:
> https://guardianproject.info/releases/Orfox-v1.4-beta-2.apk (.asc)
> 
> You can see all the work we do on top of Tor Browser for the desktop
> here:
> https://github.com/guardianproject/tor-browser/commits/orfox-tor-browser-52.2.0esr-7.5-2
> 
> 4db3583 update to latest from TB browser.js prefs file
> 47439da show only the "restricted" onboarding first time screens
> 43ec4c9 update mobile js prefs based on latest TB
> d990101 set default to 'true' to clear all data
> 8ee94f4 add in custom distributio for xpi bundling
> 5b4bdb6 clear on exit is now true by default
> 3bdc2e4 add support for a distribution directory (for bundling add-ons)
> 908ca3b disable building of bouncer.apk so we can bundle in orfox see:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1258372
> 8903a4c change defaults for Orfox
> da750a3 add distribution directory and options settings
> 94abc5b fix #17 from https://github.com/amoghbl1/tor-browser/issues
> don't restore tabs by default
> 674bd83 fix #11 from https://github.com/amoghbl1/tor-browser/issues
> disable mic and QR code reader by default
> 4c2e34e set default browser to DuckDuckGo modify DDG URL to the
> non-javascript site
> e466052 fix crash with registerReceiver for Orbot status
> c413a64 Orfox: Strings fix, probably a WONTAPPLY ESR59.
> 13a683a Orfox: Adding GCM sender ID.
> 0ee17ab Orfox: Disabling search widget.
> 8363071 Orfox: Update orfox branding and icon
> 21b3d9e Orfox: hook up default panic trigger to "quit and clear"
> 629f231 Orfox: disable screenshots and prevent page from being in
> "recent apps"
> d6bcd79 Orfox: remove Tab:Load event queuing and only use Intent queuing
> cc77e66 Orfox: receive Tor status in thread so they arrive when event
> sync blocks
> 9cb33d5 Orfox: queue URL Intents and Tab:Load events when Orbot is not
> yet started
> 69ccad9 Orfox: add BroadcastReceiver to receive Tor status from Orbot
> 863f4ca Orfox: Centralized proxy applied to CrashReporter,
> SuggestClient, Distribution, AbstractCommunicator and BaseResources.
> faa1f5e Orfox: NetCipher enabled, checks if orbot is installed
> 2281bcb Orfox: quit button added, functionality changed to bring it up
> to date with current GeckoApp.java class, earlier version seemed to have
> problems with quitting
> c298b1b Orfox: Removed sync option from preferences
> 1e2e8a9 Orfox: Fix #1 - Improve build instructions
> 2e9ff72 Orfox: top sites changed, used bookmarks icon temporarily.
> ee11c5f Orfox: removed contacts permission
> 7a795e3 Orfox: Added tbb prefs to mobile.js Bug #5404 - We need a mobile
> friendly user-agent. Moving back to the default user-agent used by the
> esr38 build
> ccbad61 Orfox: confvars changes to disable screen casting
> 3bcfac6 Orfox: Add mozconfig for Orfox and pertinent branding files.
> 
> 
> -- 
>   Nathan of Guardian
>   nat...@guardianproject.info
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Orfox v1.4 Beta (based onTor Browser 7.5) is out

[Nathan Freitas]

- Original message -
From: Nathan of Guardian 
To: guardian-...@lists.mayfirst.org
Subject: Orfox v1.4 Beta (based onTor Browser 7.5) is out
Date: Fri, 21 Jul 2017 23:36:54 -0400

A new beta build of Orfox 1.4 is now up with an updated version of the
new Orfox Setsings (aka Tor Browser Settings) add-on. You must do a
fresh install of the app to get the automatic installation of HTTPS
Everywhere, NoScript and Orfox Settings.

WARNING: We are still fully auditing this build and reviewing new
functionality and code available in Firefox/Fennec ESR52 to ensure there
are no network leaks or other privacy decreasing features. 

We expect to ship a release candidate around August 1st. 

***

You can find the APKs for download here:
https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.5-1%2FOrfox-1.4-beta2
and here:
https://guardianproject.info/releases/Orfox-v1.4-beta-2.apk (.asc)

You can see all the work we do on top of Tor Browser for the desktop
here:
https://github.com/guardianproject/tor-browser/commits/orfox-tor-browser-52.2.0esr-7.5-2

4db3583 update to latest from TB browser.js prefs file
47439da show only the "restricted" onboarding first time screens
43ec4c9 update mobile js prefs based on latest TB
d990101 set default to 'true' to clear all data
8ee94f4 add in custom distributio for xpi bundling
5b4bdb6 clear on exit is now true by default
3bdc2e4 add support for a distribution directory (for bundling add-ons)
908ca3b disable building of bouncer.apk so we can bundle in orfox see:
https://bugzilla.mozilla.org/show_bug.cgi?id=1258372
8903a4c change defaults for Orfox
da750a3 add distribution directory and options settings
94abc5b fix #17 from https://github.com/amoghbl1/tor-browser/issues
don't restore tabs by default
674bd83 fix #11 from https://github.com/amoghbl1/tor-browser/issues
disable mic and QR code reader by default
4c2e34e set default browser to DuckDuckGo modify DDG URL to the
non-javascript site
e466052 fix crash with registerReceiver for Orbot status
c413a64 Orfox: Strings fix, probably a WONTAPPLY ESR59.
13a683a Orfox: Adding GCM sender ID.
0ee17ab Orfox: Disabling search widget.
8363071 Orfox: Update orfox branding and icon
21b3d9e Orfox: hook up default panic trigger to "quit and clear"
629f231 Orfox: disable screenshots and prevent page from being in
"recent apps"
d6bcd79 Orfox: remove Tab:Load event queuing and only use Intent queuing
cc77e66 Orfox: receive Tor status in thread so they arrive when event
sync blocks
9cb33d5 Orfox: queue URL Intents and Tab:Load events when Orbot is not
yet started
69ccad9 Orfox: add BroadcastReceiver to receive Tor status from Orbot
863f4ca Orfox: Centralized proxy applied to CrashReporter,
SuggestClient, Distribution, AbstractCommunicator and BaseResources.
faa1f5e Orfox: NetCipher enabled, checks if orbot is installed
2281bcb Orfox: quit button added, functionality changed to bring it up
to date with current GeckoApp.java class, earlier version seemed to have
problems with quitting
c298b1b Orfox: Removed sync option from preferences
1e2e8a9 Orfox: Fix #1 - Improve build instructions
2e9ff72 Orfox: top sites changed, used bookmarks icon temporarily.
ee11c5f Orfox: removed contacts permission
7a795e3 Orfox: Added tbb prefs to mobile.js Bug #5404 - We need a mobile
friendly user-agent. Moving back to the default user-agent used by the
esr38 build
ccbad61 Orfox: confvars changes to disable screen casting
3bcfac6 Orfox: Add mozconfig for Orfox and pertinent branding files.


-- 
  Nathan of Guardian
  nat...@guardianproject.info
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Beware of insecure mobile Tor apps such as Orion/Torion

[Nathan Freitas]

On Wed, Jul 19, 2017, at 01:44 AM, Roger Dingledine wrote:
> On Tue, Jul 18, 2017 at 11:30:44AM -0400, InterN0T wrote:
> > The developer basically took Mike Tigas' iOS app and introduced several 
> > vulnerabilities to it that could be used to track users
> 
> To be clear, right now there are no ios apps that are on par with the
> protections that Tor Browser provides.
> 
> You can read more about the general issue at
> https://blog.torproject.org/blog/tor-heart-onion-browser-and-more-ios-tor
> 
> tl;dr you should assume that there are proxy bypass flaws in every
> single ios app that aims to be a Tor Browser replacement.

Yes, but there is a big difference between malicious, intentional flaws,
and ones that are the result of the limitation of the Apple platform and
policies. We can't lump Mike's Onion Browser effort in with the former.

Onion Browser 2 (now in beta) is NOT Tor browser for iPhone. However, it
is a fantastic privacy-enhancing browser for iOS, that includes Tor,
HTTPS Everywhere, and other security and privacy oriented features
unavailable in most browsers for iPhones. It does not track you. More on
the new beta here:
https://www.patreon.com/posts/quick-onion-2-0-12054247


+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Orbot 15.4.1-RC-1 is out (with Tor 0.3.x!)

[Nathan Freitas]

- Original message -
From: Nathan of Guardian 
To: guardian-...@lists.mayfirst.org
Subject: Orbot 15.4.1-RC-1 is out (with Tor 0.3.x!)
Date: Thu, 01 Jun 2017 00:41:35 -0400


A new RC update of Orbot is out with the latest stable Tor included!

Tagged:
https://github.com/n8fr8/orbot/releases/tag/15.4.1-RC-1-multi
https://gitweb.torproject.org/orbot.git/tag/?id=15.4.1-RC-1-multi

Binary is posted here:
https://github.com/n8fr8/orbot/releases/tag/15.4.1-RC-1-multi
and here:
https://guardianproject.info/releases/Orbot-v15.4.1-RC-1-MULTI.apk
(.asc)

We'll be rolling this out to FDroid and Play over the coming days...

-- 
  Nathan of Guardian
  nat...@guardianproject.info
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Orbot 15.4.0 beta-2 multi (arm,x86)

[Nathan Freitas]

Orbot 15.4.0 beta-2 multi (arm,x86) is tagged and signed APKs posted
here:
https://github.com/n8fr8/orbot/releases/tag/15.4.0-beta-2-multi

(and tagged here:
https://gitweb.torproject.org/orbot.git/tag/?id=15.4.0-beta-2-multi)

Highlights include:
- update to Tor 0.2.9.9 (testing of Tor 0.3.x code on mobile still
underway)
- updated all built-in obfs4 and meek bridges
- improved randomized selection of built-in bridges
- from beta 1, the new "Hidden Services" configuration menu and screens!




-- 
  Nathan of Guardian
  nat...@guardianproject.info
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Setting up own meek servers

[Nathan Freitas]

On Wed, Mar 8, 2017, at 10:20 AM, Jonathan Marquardt wrote:
> So, when meek-google was suspended, one of the recommendations for people
> was 
> to set up their own apps in AppEngine as meek servers.
> 
> https://lists.torproject.org/pipermail/tor-talk/2016-June/041699.html
> 
> Wouldn't it be a good idea to encourage people to do so, but in a way
> that 
> everyone and not just themselfes can benefit from that? Perhaps they
> could 
> make them public or these things make themselfes public just like with
> any 
> other bridge? Has this idea been discussed before?
> 
> Individual supporters running these reflectors could also cut down on
> costs. 
> And in the case of Google AppEngine, these bridge adresses could perhaps
> be 
> distributed using bridges.torproject.org and GetTor, so Google doesn't 
> instantly notice them.
>

I completely agree with this. There should be a push for community
hosting of all Meek cloud services type, and not just Google.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Javascript exploit

[Nathan Freitas]

On Thu, Dec 1, 2016, at 01:27 PM, Nathan Freitas wrote:
> On Wed, Nov 30, 2016, at 11:39 AM, Roger Dingledine wrote:
> > On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote:
> > > * The blog post about the 6.0.7 Tor Browser update will go up any
> > > moment. I see that the Tor Browser team has already put the packages in
> > > https://dist.torproject.org/torbrowser/6.0.7/
> > 
> > And there it is:
> > https://blog.torproject.org/blog/tor-browser-607-released
> 
> ... and Orfox 1.2.1 is tagged and ready for testing.  Signed release
> APKs here:
> 
> https://github.com/guardianproject/Orfox/releases/tag/Fennec-45.5.1esr%2FTorBrowser-6.5-1%2FOrfox-1.2.1

... and now fully released:
https://guardianproject.info/2016/12/02/orfox-1-2-1-released/
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Javascript exploit

[Nathan Freitas]

On Wed, Nov 30, 2016, at 11:39 AM, Roger Dingledine wrote:
> On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote:
> > * The blog post about the 6.0.7 Tor Browser update will go up any
> > moment. I see that the Tor Browser team has already put the packages in
> > https://dist.torproject.org/torbrowser/6.0.7/
> 
> And there it is:
> https://blog.torproject.org/blog/tor-browser-607-released

... and Orfox 1.2.1 is tagged and ready for testing.  Signed release
APKs here:

https://github.com/guardianproject/Orfox/releases/tag/Fennec-45.5.1esr%2FTorBrowser-6.5-1%2FOrfox-1.2.1

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] is it compulsory to enable bridges or apps VPN mode on orbot

[Nathan Freitas]

Thanks for the community support help, Jonathan!

I will just add that you should really install Orfox browser to get the
Tor-only, most private web access setup.

Otherwise, VPN mode is great for other apps that don't know about Tor.

Finally, make sure you upgrade to the final Orbot v15.2.1 RC 8 release:
APK: https://guardianproject.info/releases/Orbot-v15.2.0-RC-8-multi.apk
SIG:
https://guardianproject.info/releases/Orbot-v15.2.0-RC-8-multi.apk.asc

(or available on Google Play)

On Tue, Nov 15, 2016, at 07:35 AM, Jonathan Marquardt wrote:
> On Tue, Nov 15, 2016 at 10:33:53AM +0530, krihsna wrote:
> > orbot version: 15.2.0-rc7
> > os: android asop 5.1
> > 
> > recently i have downloaded & installed orbot on my device.
> > 
> > i have a few questions about the app:
> > 
> > [q] is it absolutely necessary to enable bridges or apps VPN mode ?
> > 
> Bridges are for circumvention of Tor censoring networks/firewalls. If you
> are 
> able to connect to the Tor network, there's no need for you to configure
> one. 
> More info about bridges: https://www.torproject.org/docs/bridges
> 
> > [q] the app says, it is connected to tor network. do i need to configure 
> > each app separately   ?
> > 
> Yes, unless you enable VPN mode.
> 
> > [q] is there any way to configure to divert all network traffic through tor 
> > network ?
> > 
> Yes, enable VPN mode. Keep in mind that the VPN feature is still
> experimental 
> and you should not assume to be anonymous when using this mode.
> 
> > thank you for your time & patience.
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Cyberoam is again blocking Meek

[Nathan Freitas]

On Mon, Aug 1, 2016, at 09:31 AM, Justin wrote:
> I’ve been conducting some more tests against a Cyberoam with Meek, and
> over the past two weeks, they have managed to completely block the
> default front domains of Meek.  Meek-Azure gets blocked at 10% of Tor
> bootstrapping, so it’s probably being fingerprinted on the Firefox 45.2.0
> ESR TLS signature.  Meek-Amazon gets stopped at 25% of bootstrapping, and
> I’m not sure what Cyberoam is fingerprinting.  Any ideas?

Can you test with Orbot with Meek Bridges enabled and see if there are
any different outcomes?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] 2 hop mode for people that only want to use Tor for censorship circumvention to conserve bandwidth and decrease latency?

[Nathan Freitas]

On Mon, Jun 13, 2016, at 04:34 PM, Ivan Markin wrote:
> Greg Norcie:
> > Even if we drastically increase the number of nodes in the network,
> > it's hard to imagine Tor (with 3 hops) will be able to have less
> > latency than a single hop VPN.
> 
> Of course VPNs will have lower latency than Tor anyways. The point is
> that there should be the moment when the lantency advance doesn't matter
> anymore (the difference is negligible). When this will happen there is
> no reason to use VPN for general user. We definetely can get there using
> faster crypto on faster crypto-accelerated/parallell hardware.

New users of Orfox (Tor Browser on Android) say that it feels faster
than the normal web. This is true, on mobile especially, because by
default, we block all javascript with no-script. This indeed makes the
loading of a web page faster, if you have a reasonably well performing
circuit.

In addition, many mobile apps use an asynchronous data fetch model, that
removes all connection between the user experience and the network stack
- Facebook, for instance, being one of these. If you enable the Orbot
routing feature in Facebook on Android, you hardly can feel any
difference, since the time it takes to sync new data into your timeline
is hidden from the user.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] 2 hop mode for people that only want to use Tor for censorship circumvention to conserve bandwidth and decrease latency?

[Nathan Freitas]

On Mon, Jun 13, 2016, at 08:55 AM, Greg Norcie wrote:
> If your main concern is merely circumvention (and you're not worried
> about
> retaliation for circumventing), you might be better off using a VPN.
> 
> Unlike Tor, there is no globally published list of all VPN services, so
> you
> could probably find one that isn't blocked by your country. Most services
> take Bitcoin if payment is an issue... I'd look askance at any "free"
> VPN.

I know you weren't saying this, Greg, but I do often feel that we are
too quick to push people who only want circumvention, and not anonymity,
away from using Tor. Also, increasingly with DPI / traffic
fingerprinting, we are seeing VPN protocols being blocked in places like
China, and thus the VPNs are adopting traffic obfuscation methods like
Meek and ObfsProxy as part of their software.

From Ars, a great thorough assessment of all the downsides to a VPN:

"The impossible task of creating a “Best VPNs” list today: Our writer
set out to make a list of reliable VPNs; turns out the task is
complicated."

http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-in-2016/

Best,
  Nathan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] meek-google suspended for terms of service violations

[Nathan Freitas]

On Wed, Jun 1, 2016, at 09:32 PM, David Fifield wrote:
> In the meantime, you can use meek-amazon or meek-azure. If you set up
> your own CDN instance and point it to the origin domain
> https://meek.bamsoftware.com/, it will be faster than the default meek
> bridges that come in Tor Browser. (The default ones are rate-limited and
> shared among many users.)
> https://trac.torproject.org/projects/tor/wiki/doc/meek#AmazonCloudFront
> https://trac.torproject.org/projects/tor/wiki/doc/meek#MicrosoftAzure

I think is time for Tor Project to do an official community push to get
people to run their own Meek instances (as well as Obfs4 of course), and
allow them to be contributed to a pool we can build into Tor Browser and
Orbot.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Could Tor be used for health informatics?

[Nathan Freitas]

On Mon, May 30, 2016, at 09:08 PM, Seth David Schoen wrote:
> Paul Templeton writes:
> 
> > Where Tor may fit...
> > 
> > The Tor network would provide the secure transport - each site would create 
> > an onion address. Central servers would keep tab of address and public keys 
> > for each site and practitioner.
> 
> I'm not convinced this is a good tradeoff for this application.  The
> crypto in the current version of hidden services is weaker in several
> respects than what you would get from an ordinary HTTPS connection.
> These users probably don't need (or want?) location anonymity for either
> side of the connection and may not appreciate the extra latency and
> possible occasional reachability problems associated with the hidden
> service connection.
> 

I think the benefit of being able to run Onion services deep within a
firewalled network without exposing public Internet IPs is an
operational security value that outweighs the strength of the crypto. If
you add in the extra hidden service authentication feature, it also
means the Onion service is not even reachable unless you have been given
the extra special secret cookie/token through another channel.

It is these aspects of Onion services that have drawn me to them for use
in IoT applications, and I think they are relevant to the exchange of
sensitive health data, as well.

Some of what I've been thinking about our outlined in these slides:
https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20Onion%20Things.pdf

+n

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot

[Nathan Freitas]

On Tue, Mar 22, 2016, at 01:10 PM, libertyinpe...@riseup.net wrote:
> Guardian Project does not seem to be supporting Orbot.  Sent two emails 
> to Support which were ignored.

I'm sorry your emails were lost in the mix. You sent them when we were
all at the last Tor Developer meeting, and then I (who respond to most
of the Orbot support emails), got quite sick for the next week.

Otherwise, making statements like "does not seem to be supporting Orbot"
are never really helpful. Regardless, I will do what I can to help you
here.

>  After several factory resets, however, 
> was finally able to download Orbot from the Guardian Project to the RCA 
> tablet via direct download.  When you click on Browser, a window appears 
> instructing the user Orfox is not installed and would the user wish to 
> install it?  If you click No, the Tor page comes up saying “This is not 
> Tor” and the IP is not changeable.  If you click Yes, Orfox does not 
> download.  Nothing happens.

It seems like your RCA tablet has general issues with installing
software. I am not sure what the factory resets were for, or why you are
downloading the APKs directly, but I assume you don't have Google Play
installed or are not using it? 

That's fine, but at least you should use F-Droid, a free decentralized
open-source app store system, which will help you get the right
software. You can get it here https://f-droid.org/ and if you open the
menu, you will see a repositories menu where you can enable the Guardian
Project official releases repo. Refresh the apps, and you can find Orbot
and Orfox in there.

Otherwise, direct download is fine, but then you have to remember to
upgrade the apps manually yourself. You can find the APK here:
https://guardianproject.info/fdroid/repo/fennec-38.0.en-US.android-arm.apk
or 

> If you click VPN, Tor does properly start.  If you swipe the onion, the 
> IP changes.  When you check the IP, the Tor page comes up with 
> contradictory messages.  On the top of the page it says, 
> “Congratulations.  This browser is configured to use Tor.”  On the 
> bottom of the very same page it says, “However, it does not appear to be 
> Tor Browser.”

Right. Your traffic is routing through the Tor network, but you are
using it with the standard browser on your Android device. They are not
contradictory statements. Your IP is being protected at the network
level, but the browser could be exploited through Javascript, plugins or
other attacks if someone was targeting you. 

We offer the VPN mode for enabling apps that don't know about Tor to be
able to get through firewalls and filters on the network.

If you want to browse the web through Tor, please use Orfox.

 
> generic browser on the droid actually doing the browsing and then 
> calling home to Google?  -- You cannot uninstall the generic browser.  
> Just disable it.  You can uninstall Chrome and I have done so.

The answer is use Orfox. Don't use the system browser. 

> Have subsequently uninstalled as many of the droid apps as the machine 
> would allow.  Since the droid does provide a guest user function, 
> however, how can I be sure that even with all the apps uninstalled 
> and/or disabled on owner mode of operation, the tablet is still not 
> “calling home?”  

This is an issue beyond what we can offer. What we support here is using
Tor on Android, not securing the entire operating system.

>Does Orfox need to be installed and operational for 
> Orbot to properly work?  If so, how do I get the droid tablet to 
> properly download it instead of ignoring the request when the Yes icon 
> is clicked?

I think I have covered this above.

You can also install apps like DuckDuckGo, Courier, ChatSecure,
Lightning Browser and many others that support the use of Orbot or other
proxy servers directly as part of their options.

> So far, this tablet is no more than a paper weight.  Cannot be trusted 
> for anything other than downloads of news sites and other URLs that do 
> not require log in.  None of the droid user groups seems to be current.  
> Are several years old and not currently operational.  Worse, have not 
> been able to find any truly comprehensive guide online regarding the 
> droid operating system.  Intend to continue working on these issues.  
> Thanks for taking the time to read this.  Libertyinperil.

To be honest, you seem to have bought a tablet that is cheap but not
very popular. 

If you want to run a device with a more secure version of Android, then
you should either get a Nexus 7 and follow this post:
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy

or get a Nexus 5, 5x or 6P and install Copperhead on it:
https://copperhead.co/android/

The Nexus devices are easy to modify and widely used.

For further questions on Orbot, Orfox and other Tor on Mobile issues,
please email supp...@guardianproject.info and we'll work to answer your
questions as best as we can.

Best,
  Nathan



-- 
tor-talk mailing list - 

Re: [tor-talk] Fwd: Orbot v15.1.2 released

[Nathan Freitas]

On Sun, Mar 13, 2016, at 04:30 PM, Dash Four wrote:
> I was finally able to test the newest version (below) with my set up (I
> use customised firewall/transproxy settings and a vpn - all outside
> orbot). 
> The good news is that version now works with no major problems, though I
> still found a couple of issues:

Glad to hear.

> 1. Why is it that the app upgrade wipes out the entire app_bin directory?

We hadn't considered that people would put their own files into that
directory. When we upgrade, we like to ensure it is in a clean state. We
can consider instead deleting files one by one.

> up-to-date geoip files (not the ones provided with orbot).

Could you provide these in a pull request or via a safe download link so
we can upgrade Orbot for everyone?
 
> 2. My custom settings had a separate GeoIP statements which were added by
> orbot. That's wrong. Either leave my torrc.custom file alone and don't
> mess with it, 
> or properly replace the statements used in that file.

Right. We didn't consider people would use the torrc to modify values
that Orbot itself manages. Are you writing your own torrc.custom on
disk, or adding your configuration to the field in Orbot settings?

> 3. How can I compile, or at least obtain a tor binary independently of
> the orbot installation? The reason I ask this is because the tor binary
> provided with the 
> latest version is 0.2.7.5 which is not even the latest stable, let alone
> the one I wish to use (0.2.8.0-alpha).

It takes time for us to test tor binaries on Android to ensure there are
no unintended issues with performance, battery life, memory usage, etc.
It isn't automatic.

That said, you are free to compile it yourself. All of the information
is on the code repo:
https://gitweb.torproject.org/orbot.git/tree/BUILD
https://gitweb.torproject.org/orbot.git/tree/external/Makefile

That said, we should be getting to the latest tor RC/stable soon.
 
> 4. Minor nitpick - the notification icon provided with orbot is bloody
> hideous! It looks like a circled blob and you hardly notice the arrows
> when orbot is 
> used. Can you not provide something like the onion on torproject.org, but
> with two vertical arrows (similar to the wifi notification icon)?

Bloody hideous? It is just a small version of the larger icon we use on
the app screen and the icon. If you shrink down any of the various
"onion" graphics, none of them look very good. We'll see if we can
recruit an icon designer to come up with something better, but always
happy again to have a pull request.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Not able to download Tor to droid

[Nathan Freitas]

On Wed, Feb 24, 2016, at 05:03 PM, Nathaniel Suchy wrote:
> If you stop Tor (Orbot) and then start it again the issue should be
> fixed.
> On a side note why isn't Tor built into Orfox on Android? 

We chose not to do this, because you can use Orbot standalone for many
other apps. You don't want every app on your phone that wants to use Tor
to have to run their own instance, as it would eat up battery and
network. We are seeing more and more apps, like Facebook, DuckDuckGo,
OpenKeychain, Conversations, ChatSecure, etc support proxying through
Tor with Orbot.

In addition, Android provides a very good inter-app
communication/coordination mechanism through intents and remote
services, that isn't really possible in a cross-platform way on
desktops. 

On iPhone there
> is an open source project OnionBrowser where the Tor Binary is built in.
> I am curious why the Orbot/Orfox team hasn't done the same.

Onion Browser has to build in Tor because iOS doesn't allow for
background services generally.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Thoughts on Tor router hardware

[Nathan Freitas]

On Wed, Feb 24, 2016, at 03:04 PM, some_guy...@safe-mail.net wrote:
> > My conclusions are that running Tor on the router can enhance both
> > security and usability.
> 
> You are dead wrong on that. (Semi-) transparent proxying is bad for quite
> a few reasons.

> Unless you know what you are doing, a lot of your traffic will run over
> the same circuit (something that TBB tries to avoid) and can potentially
> be correlated. Some of your traffic will likely contain unique
> identifiers that can be tied back to you.

He specifically points out that very issue with transparent proxying in
the post, and actually recommends the TorSocks mode, which blocks all
traffic that isn't specifically using the Tor SOCKS port.

His premise is sound that by physically isolating the Tor runtime
process away from the average person's insecure laptop, smartphone or
tablet, you are decreasing the likelihood that Tor can be tampered with.

I think we all need to stop thinking that "Tor on a hardware device"
automatically means Transparent Proxying of all traffic.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Thoughts on Tor router hardware

[Nathan Freitas]

On Tue, Feb 23, 2016, at 03:46 PM, Rob van der Hoeven wrote:
> My conclusions are that running Tor on the router can enhance both
> security and usability. It further opens new possibilities for expanding
> the Tor-network and can provide a stable source of income for the
> Tor-project.
> Wrote an article about this on my blog:
> https://hoevenstein.nl/thoughts-on-tor-router-hardware

Thanks for the sober, thoughtful post. There are definitely advantages
to the hardware-isolated TorSocks mode for sure, which I think have been
lost with some of the poor implementations out there and focus on the
Transparent proxy type setup.

These kind of trade offs are also something we struggle with on Android
with Orbot, and we are looking at configuration choices like these to
both help the novice user get connected, without unintentionally leaking
data.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Orbot v15.1.2 released

[Nathan Freitas]

We are now using obfs4proxy to support both obfs4 and meek connectivity
using the new "meek_lite" feature provided by Yawning. It is working
great, and Bridges+VPN support now works back to Android 4.1. This is
also reduced the distribution binary size of Orbot from 14MB to 11MB.

- Original message -
From: Nathan of Guardian 
To: guardian-...@lists.mayfirst.org
Subject: Orbot v15.1.2 released
Date: Wed, 24 Feb 2016 10:13:12 -0500

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

/** 15.1.2 / 24-February-2016 / 204733a245d6c06fa73301134e2f107c0c4564b8
**/

APK: https://guardianproject.info/releases/Orbot-v15.1.2.apk
SIG: https://guardianproject.info/releases/Orbot-v15.1.2.apk.asc

... and up on FDroid, Play, etc shortly

5785593 move to using meek_lite mode from obfs4client and update/improve
proxying code
66a5b7a remove meek-client and use obfs4 meek_lite mode instead
f9f33a1 set this to Android 16 SDK for PIE executable We'll use a
different build for non-PIE < Android-16
e9d28a4 handle NPE better for dev.gp.info #6686 in some cases the
connection becomes null while you are interacting with it
9a8e4dd update to orbot ant build version
80e8c47 peg to last ant compat release
5eb628b bridges dedicated to GeorgeTorwell
c8584f6 update superuser commands library
3cc2439 update license to include badvpn
9c82aa8 fix escaping of apostro
eba95b2 update strings and descs from transifex (somehow french got left
out before!)
8047ec6 update the log

- - --
  Nathan of Guardian
  nat...@guardianproject.info

-BEGIN PGP SIGNATURE-
Version: Mailvelope v1.3.6
Comment: https://www.mailvelope.com

wsFcBAEBCAAQBQJWzch8CRCoARg+abN6qQAAMdkP/1gD7imknTnBJqUQz+oV
a+a3DuFqTeTWSj+ZM5Cc6v25iDj0pOy/dobWi6MibNpWDF4Zr8ZWeSNnImz6
QrS+eBKkhRnL4DZmkCGo6FxSaxEEisCYcTyXHk34Ti7+3fslMZ/SuvbIrOyD
ZFIvBK31Tmf/uj/34kJaYG3hT+qceSCtrjyPEz+Bvb7MTl4mSREGeRiG6gvR
j68Wua/ERXIN+kEhJNrPPrP5eohaeU9/c3YuTJ3QKwU/Dbc0Zzrz1HNFd9wM
D1xDs+Dgz6rihqKN1ybzDsC7qezI2ALkSq6WKUQ6PMmF+BGMJcgW2B25FSGN
KT/ywmcQn24EhyknaZFmMze3oB4Mc+NDAAJHmOiF5sgi6oIdqvJzO06SwUfH
ApbWZ4aaLPzjBptPTUl4oWulbRlhtHBfDE+8+447VP5Ejrgkzxnk4NLGRsXx
vSE9jd5t23OXro5rEizJBplPqQCKUriS7RY3HYKaMkf/mU8u6Mo/XWMk5S9P
dxh++RXhsVV8UtmP5iSywiQdsFxUaCXQ8u5OhauxAhFgZu3cFDgU/Z7f5Yv/
guV/6sGQM4k3fSnjsRh7fDFn0DV+vWoe5gPy3fPrbB+MuHkYZNwBq4XovU6E
MF/ugs2Itu9uVjUhSiObzr0gixT0ALtQPujHRfow/srd1V1/IDkV1/kgUL7M
N5nR
=fPac
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Default to meek based on location?

[Nathan Freitas]

On Mon, Feb 15, 2016, at 04:38 AM, rizzo wrote:
> In some big censored countries, meek pluggable transports are the only
> option to connect to the Tor network without manually obtaining
> bridges, a process which I believe many people don't understand enough
> to figure it out on their own. Has there been any discussion on
> whether meek could be made the default or at least recommended option
> when configuring Tor for the first time from certain locations? Could
> we detect the local time zone and then recommend a way to connect
> based on location?

I think the recent Tor Browser releases have done a better job of
walking people through the process of enabling bridges on setup. Adding
some additional logic based on time zone, language setting, etc, would
be a useful idea to gently nudge people towards using bridges by
default. In addition, I think better error handling of failed Tor
connection would be useful ("It looks like you are having a problem
connecting to Tor, and that Tor may be blocked. Can we try an alternate
approach?").

I am working through these ideas right now with Orbot, because the
amount of support emails I receive that basically say "Tor is stuck at
10%" is a bit overwhelming. Often telling them to enable bridges of some
sort, solves the issue.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] orplug, an Android firewall with per-app Tor circuit isolation

[Nathan Freitas]

Neat and thanks! Perhaps we can think about building this into Orbot,
since we already have a very basic VPN.

On Fri, Feb 12, 2016, at 08:31 AM, Rusty Bird wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Hi,
> 
> Maybe someone else will find this useful?
> https://github.com/rustybird/orplug
> 
> Rusty
> 
> 
> 
> orplug, an Android firewall with per-app Tor circuit isolation
> 
> Not affiliated with the Tor Project.
> 
> 
> Short intro
> 
> - - No GUI, please write one ;)
> - - Default deny pretty much everything. Combinable access policies for
>   individual apps, whole Android user accounts, etc.: transparent
>   torification (circuit-isolated per app), fenced off access to Socks/
>   Polipo, LAN access, clearnet access
> - - Multi user account support
> - - Doesn't leak IPv6 traffic
> - - Clean DNS, but requires ANDROID_DNS_MODE=local ROM patch
> - - Logs blocked DNS queries and blocked other packets
> - - Input firewall allows sshd by default
> - - Should work with enforcing SELinux
> - - Includes the "--state INVALID" transproxy leak fix[1]
> - - Tested on CyanogenMod 13 (Android 6.0.1 Marshmallow)
> 
> 
> Longer intro
> 
> Really no GUI, unfortunately I don't have any talent for that. There's a
> simple plain text configuration format[2] though, and the command line
> "orplug-reconf" script could work as a backend to a graphical app. (It
> accepts stdin as well as files for configuration.)
> 
> Unconfigured processes may only communicate with localhost and the
> loopback interface. You can configure an individual app, a Unix user/
> group, or an Android account:
> 
>   - to be transparently torified, with circuit isolation per rule
>   - to be allowed access to local TCP ports 9050/8118 for native Orbot
> support
>   - to be allowed LAN access (except DNS)
>   - to be allowed full clearnet access
> 
> All of the above can be combined: Transparently torify a VoIP app as
> far as possible, but allow clearnet access for the remainder (UDP voice
> packets). Or, for a home media streaming app: transparent torification
> with LAN access.
> 
> Rules can apply to the primary Android device user account or to other
> accounts.
> 
> For incoming traffic, every port is blocked to the outside by default.
> But a hook loads files with raw ip(6)tables-restore rulesets, and one
> such ruleset allows TCP port 22 (sshd).
> 
> The init script uses "su -c", which seems to set up everything properly
> SELinux-wise on CM13. I'm not really sure because I don't have a device
> that's able to run in enforcing mode.
> 
> 
> The DNS mess
> 
> Android 4.3+ mixes DNS requests of all apps together by default[3]; when
> a request finally appears in Netfilter, it's unknown where it came from.
> orplug takes a strict approach and blocks this sludge, so it needs a ROM
> patched[4] to export the environment variable ANDROID_DNS_MODE=local
> during early boot.
> 
> Unfortunately, ANDROID_DNS_MODE=local makes Android send DNS requests to
> 127.0.0.1, instead of the value of the net.dns1 property. Until this is
> somehow fixed, a rule has been added to redirect allowed clearnet IPv4
> DNS traffic to $ClearnetDNS (defaults to Google's 8.8.8.8).
> 
> orplug blocks disallowed DNS requests by sending them to a local dnsmasq
> instance that only logs queries (logcat | grep dnsmasq), but doesn't
> forward them. This is how I noticed that CM13 with "everything disabled"
> nevertheless attempts to connect to the hosts stats.cyanogenmod.org,
> account.cyngn.com, and shopvac.cyngn.com. (Via UID 1000, in this case
> the Settings package.)
> 
> 
> Captive portals
> 
> Enable clearnet access for either UID 1000 (beware of the random stuff
> apparently floating around there), or for a dedicated browser (and run
> "settings put global captive_portal_detection_enabled 0" as root).
> 
> 
> Installation
> 
> 0. Set up some independent way to check for leaks, e.g. corridor[5].
>You've been warned...
> 1. Copy the orplug subdirectory to /data/local/ on your Android device.
>"chmod 755" 00-orplug, orplug-start, and orplug-reconf (all in
>/data/local/orplug/bin/).
> 2. Add the line ". /data/local/orplug/bin/00-orplug" (note the dot) to
>/data/local/userinit.sh and run "chmod 755 userinit.sh".
> 3. Copy the contents of /data/local/orplug/torrc-custom-config.txt into
>the clipboard, e.g. using File Manager. This file contains directives
>for tor to open 99 different TransPort and DNSPort ports.
> 4. In Orbot's settings, paste the clipboard contents into "Torrc Custom
>Config", disable "Transparent Proxying", disable "Request Root
>Access", and choose "Proxy None" in "Select Apps" (that last one only
>applies to current prereleases of Orbot).
> 5. Reboot your device.
> 6. Check that orplug has brought the firewall up: The output of
>"getprop orplug.up" is supposed to say "true". Log files are in
>/data/local/orplug/debug/ in case it didn't work.
> 7. Configure your apps by 

[tor-talk] Internet of Onion Things and the OnionCam

[Nathan Freitas]

I have been working on some ideas about using Tor to improve the state
of inter-connectivity, authentication, confidentiality of so-called
"Internet of Things" devices. The link below is to a rough draft of a
presentation I gave yesterday to start hashing out these ideas in a more
public way. It also includes instructions on how, using Orbot and any
Android device with a camera, you can build your very own private hidden
service-based "OnionCam" setup. It works surprisingly well.

https://github.com/n8fr8/onionthings/blob/master/docs/Internet%20of%20Onion%20Things.pdf

My hope is that we can promote Tor as a very real answer to the need to
connect all these things in a safe and secure way, that doesn't rely on
exposing ports via NAT or depend on syncing data to a cloud.

For a related topic, see Yawnbox's "Create an anonymous document drop
with any Android" post:
https://yawnbox.com/index.php/2015/12/02/create-an-anonymous-document-drop-with-any-android/

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] meek-azure was blocked in China for about 4 days

[Nathan Freitas]

On Mon, Feb 8, 2016, at 06:02 PM, David Fifield wrote:
> For about four days (January 29 to February 1, 2016), meek-azure was
> blocked in China. The blocking may not have been intended for
> meek-azure, and may not have been deliberate blocking, but it had the
> effect of blocking the service. It is unblocked again since February 2.
> 
> The nature of the event seems to be dropping of HTTPS connections to a
> specific Azure CDN edge server, cs3.wpc.v0cdn.net, which at the time had
> an IP address of 68.232.45.200. Plain HTTP connections were not
> affected. The blocking was not DNS blocking of a specific domain name,
> nor was it TLS SNI (Server Name Indication) filtering: all domain names
> we tried for the IP address failed equally.

Was it port 443 only? What if HTTPS was also made available on port
8443? Would that still allow the domain fronting to work?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Not able to download Tor to droid]

[Nathan Freitas]

On Fri, Feb 5, 2016, at 03:11 PM, libertyinpe...@ruggedinbox.com wrote:
> ... Kindly be advised, I did get rid of all the google and other
> commercial apps on the tablet earlier after Tor would not properly
> download.  Every one I could find.  Are any of these apps required by the
> droid to download Orbot? -- Will not download from the google store since
> they demand registration and do track. The ISP does not appear to be a

You should use the free, open-source app store F-Droid, available here:
https://f-droid.org/

Once you install, enable the Guardian Project repository in the
Repository menu, and resync. You should be able to find the latest Orbot
and other apps, and it will notify you of updates. 

More information at https://guardianproject.info/fdroid

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1

[Nathan Freitas]

On Tue, Jan 12, 2016, at 11:12 PM, Nathan Freitas wrote:
> Stay tuned for our next beta update.

Here's Orbot b15.1 Beta 2
(https://gitweb.torproject.org/orbot.git/commit/?id=a0b092856146e49b9c5056fc6f6adb070d76e0ef),
which addresses a number of issues that you referenced, Dash. Please let
me know how it works with your configuration.

This also fixes a problem we had with scanning QR Codes from the
bridges.torproject.org site.

APK: https://guardianproject.info/releases/Orbot-v15.1.0-BETA-2.apk
Sig: https://guardianproject.info/releases/Orbot-v15.1.0-BETA-2.apk.asc

8f7165c fixes for settings processing and QRCode scanning of bridges -
support new JSON array form bridges.torproject.org

Thanks!

+n


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1

[Nathan Freitas]

On Tue, Jan 12, 2016, at 04:42 PM, Dash Four wrote:
> Nathan Freitas wrote:
> > I really don't understand how Orbot or Droidwalls iptables rules are
> > co-existing with Android VPN. This is really a new one for me. I will
> > make sure transproxy is working on Android 5.1 though, so that at least
> > we can be sure we didn't break anything.
> I have completely re-defined the "transproxy" feature using iptables
> rules in the nat table. Transproxy in orbot is completely de-activated (I
> don't use it at 
> all). Didn't trust the Orbot transproxy feature as:
> 
> 1. It was returning icmp codes instead of dropping the packets silently
> (standard practice in firewalling);
> 2. Allows full net access to selected applications (I need to have the
> ability to specify which application should be allowed to transproxy
> which 
> protocols/ports, not just proxying everything with no control over
> anything).

That's great, and yeah, we should probably improve our transproxy
feature, though with things like Orwall and Droidwall, as well as our
VPN feature, it has become less of a focus recently.

I've made changes in Orbot now so that if you don't have the transproxy
feature enabled, it won't write any related settings. This means you can
override it with your own now more easily.

> >> 3. Orbot simply ignores what I have specified as Socks, Transproxy and
> >> DNSPorts to be used. Example: in my configuration I specify the interface
> >> to be used 
> >> explicitly, i.e. "127.0.0.1:5400" as DNS port (this was the only way I
> >> could get it to work in the "latest" stable Orbot version). I tried
> >> variations of that 
> >> configuration (i.e. specify just the port number), but that didn't work
> >> either.
> > 
> > That is strange. It shouldn't ignore that. This is configured in the
> > Orbot individual settings values, or through torrc entries?
> Through the GUI settings. Can't use "DNSPort" because of "DNSPort auto"
> definitions and the fact that tor chokes on it (see below).

DNSPort is also now not specified unless you have Orbot's transproxy
enabled. This means you can override it.

> 
> > 
> >> 4. No matter what I configure in my settings, Orbot (both versions)
> >> always generates torrc file that contains "SocksPort auto", "DNSPort
> >> auto" and "TransPort 
> >> auto". Why? I know that it closes the old (auto-generated) ports and
> >> re-opens different ones (as per my custom torrc) later, but that should
> >> not be the case and 
> >> it should honour what I have specified in my configuration. 

There may have been some bugs in the last build that were causing this.
Again, it now won't set DNSPort or TransPort if you don't have
transproxy enabled, and you can manual set them in the "Torrc Custom
Config" field, or even modify the default torrc file on disk. I have
also made some changes related to using the Orbot settings properly, if
you do have transproxy enabled in the app, but that shouldn't matter for
you now.


> >> 5. There is no GeoIP database supplied with any Orbot version, which
> >> makes all GeoIP-related commands I issued in my custom torrc completely
> >> useless. I had to 
> >> copy these files from my desktop tor version in order to make this work
> >> (Orbot is supposed to "come with tor", but apparently not everything is
> >> included).
> > 
> > There is GeoIP but it only unpacks it from the APK if you specify rules
> > in Orbot settings that need it.
> It should, in my view, always unpack these files. What happens if I don't
> use any options at the point of installation, but include these in my
> custom torrc 
> file at some late point. What then?

Okay, this is now changed, as well. Since we now show an easy exit
country selector option, it is more likely these files are needed
anyhow.

> > Thanks for the very detailed notes. I will try to reproduce what you are
> > seeing.
> No worries - let me know if you need any information from me.
> 
> I have been running the old (stable) Orbot for nearly a week now without
> any issues. Pleasantly surprised how it adjusts to changing IP addresses
> when my VPN 
> connects/disconnects (by the way, I do not use the VPN which comes with
> the stock android - I use the VPN apk which comes from the guardian
> project and the 
> FDroid repo!).

Agreed that Tor's ability to deal with network changes is quite
admirable, and one of the many reasons why it makes sense on mobile
networks and devices.

Stay tuned for our next beta update.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1

[Nathan Freitas]

On Sun, Jan 10, 2016, at 09:03 AM, Dash Four wrote:
> I am having all kind of problems with this, but before I go into the
> details, a bit of background.

Thanks for the report, Dash, and sorry you are having issues. It does
seem your setup is pretty complex (Droidwall plus transproxy AND a
VPN?!), but if it worked before it should now.
 
> Currently, I am running (quite happily) the "latest" Orbot, which uses
> tor 2.6(.10?) with no issues to report.

We didn't radically change anything with how the Tor ports are setup
between the Orbot v15.0.x branch and this one, but I will take another
look to see if something subtle was modified.

> 1. Orbot uses ports outside the "common" list of ports, which are,
> obviously, DROPped by the firewall. For example, the 15.1.0 version uses
> random ports on the 
> loopback interface in both directions (say, src port 51117, dest port
> 53123). The previous Orbot version sticks with source or destination
> ports that are 
> pre-defined (i.e. 9040, 9050, 9051 and 5400, as well as ports that are
> advertised in the tor config file).

Orbot still uses 9050, 9051 and 5400. Not sure why you aren't seeing
those as the defaults.

> 2. Even if I allow Orbot to have a free reign (allow all packets going
> out by Orbot), the transproxy/dns doesn't work. Basically, nothing can
> get proxied at 
> all. I don't have any packets that are dropped on the VPN or anywhere
> else.

I really don't understand how Orbot or Droidwalls iptables rules are
co-existing with Android VPN. This is really a new one for me. I will
make sure transproxy is working on Android 5.1 though, so that at least
we can be sure we didn't break anything.

> 3. Orbot simply ignores what I have specified as Socks, Transproxy and
> DNSPorts to be used. Example: in my configuration I specify the interface
> to be used 
> explicitly, i.e. "127.0.0.1:5400" as DNS port (this was the only way I
> could get it to work in the "latest" stable Orbot version). I tried
> variations of that 
> configuration (i.e. specify just the port number), but that didn't work
> either.

That is strange. It shouldn't ignore that. This is configured in the
Orbot individual settings values, or through torrc entries?

> 4. No matter what I configure in my settings, Orbot (both versions)
> always generates torrc file that contains "SocksPort auto", "DNSPort
> auto" and "TransPort 
> auto". Why? I know that it closes the old (auto-generated) ports and
> re-opens different ones (as per my custom torrc) later, but that should
> not be the case and 
> it should honour what I have specified in my configuration. 

Can you just clarify what you mean my your configuration? Is that via
Orbot settings, or a torrc file somewhere?


>This maybe
> related to the previous issue I described above. As a result of this, I
> cannot have, say, 
> "DNSPort" in my custom torrc as tor refuses to run (duplicate DNSPort
> definitions). Ridiculous! I need to have control of all torrc settings
> and not have Orbot 
> "assume" things. Modifying the torrc file in Orbot's data directory can
> alter some torrc settings, but not all and some are always included (like
> the example 
> I've given above) no matter what.

Point taken.

> 5. There is no GeoIP database supplied with any Orbot version, which
> makes all GeoIP-related commands I issued in my custom torrc completely
> useless. I had to 
> copy these files from my desktop tor version in order to make this work
> (Orbot is supposed to "come with tor", but apparently not everything is
> included).

There is GeoIP but it only unpacks it from the APK if you specify rules
in Orbot settings that need it. Again, you are hand modifying the torrc
file which isn't our expected method of use. We are trying to save
space, and made an assumption. If you enter any value in Orbot's exit
nodes field, it will notice that and unpack our bundled GeoIP files.

> I think that pretty much covers it. I managed to grab the tor executable
> supplied with v15.1.0-ALPHA and dump it in place with the old "stable"
> Orbot version 
> and it works OK from what I can see, though both Tor versions suffer from
> bug #9972 I submitted nearly 3 years ago, which is still open.

This is not an Orbot specific issue though, right?
 
> Another axe to grind with tor is its inability to specify binding
> interface for the various ports it uses. It currently requires an IP
> address 
> (:). That format can't be used when I have VPN running
> or have an interface that has a dynamic IP address for example. I'd like
> to be able to 
> specify, say, "DNSListenAddress tun0:7253" for example.

Again, Tor and not Orbot, but yes, that would be useful!

Thanks for the very 

Re: [tor-talk] Torified Mobile Experience

[Nathan Freitas]

On Fri, Jan 1, 2016, at 07:22 PM, Spencer wrote:
> About a year ago, a discussion touched on what could be TorPhone, or 
> PhOnion, or whatever.
> 
> Following up with this, I find Mike Perry's original post is still 
> alive:
> 
> https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
> 
> But it has been upgraded to a formal project:
> 
> https://github.com/mission-impossible-android/mission-impossible-android

I would call that an unofficial formal project, but yes, really happy
that project is happening. I think it is the right approach.

> TOMY seems to be back burnered, which is fine given the growth of the 
> Guardian Project F-Droid repo over the past year:
> 
> https://dev.guardianproject.info/projects/libro/wiki/Tomy_Detachable_Secure_Mobile_System

Most of our energy got taken up with Orfox / Tor Browser and Pluggable
Transport porting, as well as work on the secure camera project, and our
new effort on mobile developer infrastructure,
deterministic/reproduceability and so on. All of this ultimately
contributes to projects like TOMY and MIA, but for now the idea of
booting a TAILS-like experience from an SD or USB drive is still not
widely practical.

> I inquired about the state of this and the briefly lived GuardianROM and 
> was redirected to Mike Perry's original post.
> 
> Since then, there seems to be some development that could be of interest 
> to followers of this topic:
> 
> NetHunter
> https://www.kali.org/kali-linux-nethunter/
> 
> AOSParadox
> http://www.xda-developers.com/aosparadox-a-new-rom-for-the-oneplus-one-with-a-fresh-perspective/
> https://github.com/AOSParadox
> 
> Both of these seem like easy targets; others would know better.

A few more related, interesting ideas:
https://copperhead.co/android/
https://people.torproject.org/~ioerror/skunkworks/moto_e/

> 
> Thoughts on this or the status of similar things?  Is anybody doing this 
> or something different?  I feel like there is an OS guarded secretly 
> under development :)

No secrets, just many smart people chipping away at a very big problem.
I think some of us have also been thinking about whether Android is the
best solution to build upon, or if we should look towards booting TAILS
on Windows Mobile hardware, or an Ubuntu mobile type solution (Qubes
Mobile?), or even maybe something based on Pi Zero or Project CHIP
device. 
https://www.kickstarter.com/projects/1598272670/chip-the-worlds-first-9-computer

Thanks for keeping hope alive, and keeping the interest going. I think
MIA on a Moto, Nexus or 1+1 is the best turnkey option right now.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Orbot v15.1.0 Alpha 1

[Nathan Freitas]

- Original message -
From: Nathan of Guardian 
To: guardian-...@lists.mayfirst.org
Subject: Orbot v15.1.0 Alpha 1
Date: Mon, 04 Jan 2016 02:04:44 -0500


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


Happy 2016... and here's an update for Orbot to test

APK:
https://guardianproject.info/releases/Orbot-v15.1.0-ALPHA-1-1-gf441736.apk
ASC:
https://guardianproject.info/releases/Orbot-v15.1.0-ALPHA-1-1-gf441736.apk.asc

Primary updates are
- - Update to Tor 0.2.7.6 and OpenSSL 1.0.1q
- - Fixes for DNS leak in VPN mode (using PDNSD daemon for TCP-DNS over
Tor thanks to SocksDroid!)
- - Overall stability improvements to VPN mode with easy ability to
toggle on and off without Orbot restart
- - A pretty major update to the graphics/branding with a new icon from
DrSlash.com

CHANGELOG
f441736 update OpenSSL string to show 1.0.1q
4098e8e update to 15.1.0-ALPHA-1
f1fcec3 add support for PDNSD DNS Daemon for VPN DNS resolution Tor's
DNS port doesn't work well with the VPN mode, so we will use PD
8d8fe0c updates to improve VPN support
699b60d add linancillary for badvpn tun2socks update for DNS
9b2cc52 update badvpn binaries
6dc8cf6 update makefile for new pluto builds
0261236 change this to "browser button"
3462cbd small updates to icon and strings
bb7 update installer to get PLUTO binaries from assets
7d213e2 delete pluggable transport binaries here; build with Makefile
use the external/pluto project
6cf1201 update makefile to support PLUTO builds
871701e add link for new icon
51205b8 update for Orfox
6fb4f0c update binaries
317405d update external versions of Tor 0.2.7.6 and OpenSSL 1.0.1q
0a5dd08 use a browser constant here, with the new constant being Orfox
c54ab18 deleted these graphics
534c2fb update style, icons and graphics




- --
  Nathan of Guardian
  nat...@guardianproject.info

- --
  Nathan of Guardian
  nat...@guardianproject.info
-BEGIN PGP SIGNATURE-
Version: Mailvelope v1.3.2
Comment: https://www.mailvelope.com

wsFcBAEBCAAQBQJWihloCRCoARg+abN6qQAAWPcP/jxHlCNFqRu2mQaZ+VcA
1WhZVyEWZZHx7Yn7TRs0FtKhpjBgy+UDGF9J+jZSNr+M9qI+TNEXTV7/qAD9
4fO2AQVSFmO0EqjciaqEng9QhPxQ8tkIktadskTeZYE8ZQsS3A7oixXMVCPo
+TvsCdcRRJOw0cWnxOj31vMr2Ubh/odTdSPlRxQzFMVEP2lk3lBWFoH1L99w
qtGdCLRZ8k0sGb4E4gtGeA75EOdsPqoiwRocJ9DomOeq5JznHEba1lOqx4G4
C2rbVfKzgLzFMDIGMusCAQPuj6Pjw5v0fIy1Che+r+rUklhhMSOUEWnfWZQC
ylnNLMkpL8Ipmv8wcR5ycqR29Qp50/HCuzxvQoasSqkLRP/umKnB9PbYVSZQ
TWOQWxLrQHeforBUcXzPLUw7QyBBRzbDHgsqRHUIz7JAJM6vZuD8k4XMUags
JiO7eViP7eQIJp6W59weKOtasYFrJxR9tBOK0c6mrQp27722J0OK920MAIiC
4/SASCXAy1gSappUoeawp5sTL0Zkx1XOiX8vlwK22jsQIFEZnWUaWHwrWkBL
LB2aRUal4kb9MIYYVMfh4W0GKn6UV9Ez0I+MmiFYi+iuCUdHp3bo6JC98GfL
eUWOu9oV79zCXbB19scVkWzZ2TPx7pe0ZWPuqcRb2NhSqF7L3pmhXU63V8BE
dMO8
=mm7R
-END PGP SIGNATURE-


-- 
  Nathan of Guardian
  nat...@guardianproject.info
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Internet failure without orbot

[Nathan Freitas]

On Fri, Nov 6, 2015, at 06:23 AM, Metal Heart wrote:
> Thanks a lot!
> But now I have bootstrapped 25% without progression. Im not sure, but
> with WiFi I havent problems alike this.

Please try enabling the "Tunnel through Google" or "Tunnel through
Azure" options under the "Bridges" button on the main screen.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Internet failure without orbot

[Nathan Freitas]

On Fri, Nov 6, 2015, at 11:27 AM, Metal Heart wrote:
> Thank you, but its not helpful. With azure or google i have 25%, without
> them 50% bootstrapped.

Okay. Well be patient - the first bootstrap takes the longest, but if it
is slowly increasing, then it will eventually get to 100%. 

Otherwise, if you have more questions, please email
supp...@guardianproject.info for help with Orbot
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Internet failure without orbot

[Nathan Freitas]

On Thu, Nov 5, 2015, at 03:29 PM, Metal Heart wrote:
> Hi, have you any idea about failure on my android after
> turning off orbot app? My internet is not work till i turn on
> orbot.
> -- 

Please disable all root and transproxy features. Also try "Transproxy
FORCE REMOVE" feature in Orbot settings.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!

[Nathan Freitas]

On Mon, Sep 28, 2015, at 10:44 AM, Alexis Wattel wrote:
> The User-Agent and Accept headers gave me a unique fingerprint on
> https://panopticlick.eff org/. 

Yes, they are unique for Orfox users.

> They should be set to the same as the Tor Browser. There's no point in
> identifying the client as a mobile user if you seek anonymity; and the
> User-Agent is the one most basic way to track browsers besides IP
> addresses. 

We made a conscious choice to not use the same user-agent as Tor
Browser, since there are other things like screen-size, for instance,
that we cannot make the same. Our goal is to have the same user-agent as
Firefox for Android, which we do, and which has tens of millions of
users.
 
> The Accept headers are plain and simple leaked from the device. 

What do you mean leaked? Are you saying the Accept headers are unique
for your device, or just for Orfox/Firefox for Android? I think it is
the latter, and it is not a leak.

> Could easily pass as a honest mistake if this issue had not already been
> reported 2 years ago about Orweb. 

Trust me when I say that the work we have done here is way beyond Orweb
in many ways. Orweb didn't allow us to change the user-agent and accept
headers fully. With Orfox, we are using the fully compiled Gecko engine
from Tor Browser source. 

The few areas that differ are ones like this, where we made a choice to
have mobile web access be the default, based on this user-agent.

+n

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!

[Nathan Freitas]

On Sun, Sep 27, 2015, at 05:26 PM, spencer...@openmailbox.org wrote:
> What are the benefits to the permissions 'run at startup', 'download 
> files without notification', 'install shortcuts', and 'uninstall 
> shortcuts'?

We are still working our way through all the permissions that Firefox
has/expects to have and seeing what we can remove easily. If you compare
to Firefox for Android, you can see we already have quite a few less.

The above permissions are mostly related to the Firefox Marketplace
"Apps" they offer which provide a way to run HTML5 apps directly from
the Android launcher. We don't plan to support these in Orfox, so we
likely remove these permissions.

> What do 'connect and disconnect from Wi-Fi', 'view Wi-Fi connections', 
> and 'view network connections' do that 'full network access' doesn't?

These again are related to some new enhanced wifi behavior that Firefox
has been working on, that doesn't make sense for Orfox. These will
likely go away before we reach RC.

> And is the 'read your Web bookmarks and history' a requirement for the 
> 'New Private Tab' function, or does it provide other benefits?

Still sorting that out, but I think that permissions is for importing
old browser bookmarks into Firefox. I thought that one had been removed,
actually, again because we don't support/promote this feature in Orfox.

> I know I can learn about these permissions in general through the 
> appropriate documentation but I am asking in context to specific 
> experiences OrFox is facilitating.

No problem. Mostly we are trying to modify Firefox for Android in a way
we can easily maintain it, while still ensuring we disable all the
permissions/features that don't make sense.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!

[Nathan Freitas]

Thanks for testing! This is only a replacement for Orweb browser. It
still requires Orbot for the Tor connectivity.

(Sorry for the top post... On the go, on my phone!)

On Fri, Sep 25, 2015, at 04:12 AM, Elrippo wrote:
> Hy,
> installed in cyanogenmod. When I hit "quit" it does not quit, I have to
> kill the process manually
> 
> Nice to have a replacement for orbot, nice work!!!
> 
> Am 25. September 2015 00:33:08 MESZ, schrieb Nathan Freitas
> <nat...@freitas.net>:
> >Orfox Beta is out on our F-Droid repos and Google Play:
> >
> >https://play.google.com/store/apps/details?id=info.guardianproject.orfox
> >https://guardianproject.info/fdroid/repo
> >
> >If you haven't heard about Orfox, you can read more about it here:
> >https://guardianproject.info/2015/06/30/orfox-aspiring-to-bring-tor-browser-to-android/
> >
> >- Original message -
> >From: "Hans-Christoph Steiner" <h...@guardianproject.info>
> >To: Guardian Dev <guardian-...@lists.mayfirst.org>
> >Subject: [guardian-dev] first beta release Orfox!
> >Date: Thu, 24 Sep 2015 09:35:44 +0200
> >
> >
> >At long last, we finally have the first beta release of Orfox!  Orfox
> >is
> >our
> >replacement for Orweb as the private browser for Android.  It is based
> >on a
> >port of Tor Browser to mobile Firefox (aka Fennec).
> >
> >You can get it now from our F-Droid repository.  In F-Droid, go to the
> >Repositories, then flick on the "Guardian Project Official Releases"
> >repository, and let it update the index.  Then you can search for and
> >install
> >Orfox.  If you don't already have F-Droid, get it here:
> >
> >https://f-droid.org
> >
> >Coming soon to Google Play also.
> >
> >.hc
> >
> >-- 
> >PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
> >https://pgp.mit.edu/pks/lookup?op=vindex=0x9F0FE587374BBE81
> >
> >___
> >List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org
> >
> >
> >
> >
> >-- 
> >tor-talk mailing list - tor-talk@lists.torproject.org
> >To unsubscribe or change other settings go to
> >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
> -- 
> We don't bubble you, we don't spoof you ;)
> Keep your data encrypted!
> Log you soon,
> your Admin
> elri...@elrippoisland.net
> 
> Encrypted messages are welcome.
> 0x84DF1F7E6AE03644
> 
> -BEGIN PGP PUBLIC KEY BLOCK-
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd
> BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb
> UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+
> B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5
> Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R
> 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs
> e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9
> jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h
> q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z
> +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI
> KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB
> tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs
> cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL
> BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7
> uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd
> U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW
> oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s
> IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb
> BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI
> kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/
> axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM
> XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi
> dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ
> qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU
> 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY
> s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz
> f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc
> ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich
> O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVny

Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!

[Nathan Freitas]

On Fri, Sep 25, 2015, at 04:42 AM, Elrippo wrote:
> You are welcone. Of course I have orbot installed, I misspelled OrBot
> with OrWeb

Just making sure!

> When I want to quit OrFox with "quit", it does not quit on CyanogenMod
> 11, I have to kill OrFox manually.

Yes, the "quit" function on Android remains complicated, and somewhat of
a hack, since Android does not recommend it. Still, it should work, so
we will track this issue and work on it for the next build.


+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: [guardian-dev] first beta release Orfox!

[Nathan Freitas]

Orfox Beta is out on our F-Droid repos and Google Play:

https://play.google.com/store/apps/details?id=info.guardianproject.orfox
https://guardianproject.info/fdroid/repo

If you haven't heard about Orfox, you can read more about it here:
https://guardianproject.info/2015/06/30/orfox-aspiring-to-bring-tor-browser-to-android/

- Original message -
From: "Hans-Christoph Steiner" 
To: Guardian Dev 
Subject: [guardian-dev] first beta release Orfox!
Date: Thu, 24 Sep 2015 09:35:44 +0200


At long last, we finally have the first beta release of Orfox!  Orfox is
our
replacement for Orweb as the private browser for Android.  It is based
on a
port of Tor Browser to mobile Firefox (aka Fennec).

You can get it now from our F-Droid repository.  In F-Droid, go to the
Repositories, then flick on the "Guardian Project Official Releases"
repository, and let it update the index.  Then you can search for and
install
Orfox.  If you don't already have F-Droid, get it here:

https://f-droid.org

Coming soon to Google Play also.

.hc

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex=0x9F0FE587374BBE81

___
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org


signature.asc
Description: PGP signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] HIDDEN SERVICE IN ANDROID TABLET

[Nathan Freitas]

On Thu, Jul 16, 2015, at 03:30 AM, pmwinzi wrote:
 What is the best web server to host tor hidden service in android tablet?

Orbot can easily be configured to start and host a hidden service on any
port. Just enable the feature in Orbot's settings, and enter the port
you wish for it to be available at.

From there, you must run another app on your tablet that actual provides
a service. There are a variety of server type apps available out there
on F-Droid.org, Google Play or as source.

Another option, is to use Lil'Debi[0], or some other Linux-on-Android
type system, to install a full chroot environment, where you can apt-get
install anything you want, including Tor, apache, and so on. In that
setup, you could even run something like Globaleaks on the tablet.

[0] https://guardianproject.info/code/lildebi/
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: Orbot v15.0.3-RC-3 is out (with Tor 0.2.6.10)

[Nathan Freitas]

- Original message -
From: Nathan of Guardian nat...@guardianproject.info
To: guardian-...@lists.mayfirst.org
Subject: Orbot v15.0.3-RC-3 is out (with Tor 0.2.6.10)
Date: Tue, 14 Jul 2015 17:36:08 -0400


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


Orbot 15.0.1-RC-3 / 14-July-2015

APK: https://guardianproject.info/releases/Orbot-v15.0.1-RC-3.apk
SIG: https://guardianproject.info/releases/Orbot-v15.0.1-RC-3.apk.asc
Tag: https://gitweb.torproject.org/orbot.git/tag/?id=15.0.1-RC-3

* Updated to latest Tor 0.2.6.10 / OpenSSL 1.0.2a
* Overall improvements to system and server stability
* Improvements to Apps VPN mode support
** Android 5+ you can now select apps for using Apps VPN mode
* Improved launch and hidden service API for third-party app interaction

Full changelog and source available here:
https://gitweb.torproject.org/orbot.git/tree/CHANGELOG

We'll be doing an update to our F-Droid repos
(https://guardianproject.info/fdroid) this week to include both the
ChatSecure and the Orbot updates.


- --
  Nathan of Guardian
  nat...@guardianproject.info
-BEGIN PGP SIGNATURE-
Version: Mailvelope v0.13.1
Comment: https://www.mailvelope.com

wsFcBAEBCAAQBQJVpYDBCRCoARg+abN6qQAA7fMP/1tFk/UyRwpVY8e+LnoF
3y2YgCjcf01Puzlo6aje4E2FlEZp8BTuvywuwDm2i7BkGo815SPnSOOLJ3xv
Zvk5juLsDXII0l4ZEORlvV4VL/Cp9gsz9ljuHZEm7YsIfDuTx8OTlP2LOdlG
X3tq2re8BGj+h+gQIXR+slAapfyKhn/1FHg9BuWarnPFEoBpoDqJLlfHC3M8
z8z2gmFB29ToYzLDv3Gz/kA8IlEXAqF70J8rDQvlWS8Jg7ZhLQqRdIn2bJjI
NEjYElMVijfZx83iCG7Tfp6NgoK+VIfvnjRagH8w/Oe3ajuSZHVk5msoqhMW
B7Ls21d1uwfYQsLMkbPABtgS3PBvJm+AbM4aU2dc84IBHweHsjY5vZzW8pAY
RsG5BsORZZdAwLZHo71OKhTxHfppy6f2Bhda3AWTilsBeOqTag801+bNG0/I
VZqm71o0lVAwShbPw5UldQGzXpv2f0nic5+Ub7L6DrsQR/iY/rSgVEyZkqBP
keLl4Y5peRZoK8GvZUW+W0JFjMkX8zuLI02SLMWwp8HTjyXQMh9vWyzCdG2l
wmyWtQAHM/BTW/WMLCBVkzaIW2jJCUBPrir4yb9QFiwJDs4f8BQhESOUt3Ei
HzKrtqf8jaa/cNlhjjqCIbmG89BWjtW0IKQVt7vJNoaM+qMmesC8LOqigxS6
SOsg
=qWou
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor in background on iOS 9?

[Nathan Freitas]

On Sat, Jul 11, 2015, at 07:25 PM, Ed Baskerville wrote:
 Long-time lurker, first-time poster.
 
 It looks like Apple is finally going to allow background-running network
 proxies on iOS, via app extensions. It's not obvious at a glance if you
 can do everything you need to do to run Tor, but it looks promising:

From Chris Ballinger of ChatSecure, who has built Tor into it on iOS:

Unfortunately, you need a special entitlements file from Apple in
order to use the API. I've already requested one but haven't heard
anything back yet.

This is definitely the holy grail for running Tor on iOS.

Sounds promising if you can navigate the usual Apple hoops.




 
 https://developer.apple.com/videos/wwdc/2015/?id=717
 
 https://developer.apple.com/library/prerelease/ios/releasenotes/General/iOS90APIDiffs/frameworks/NetworkExtension.html
 
 Has anyone started working on something like Orbot for iOS 9 yet?
 
 Ed
 -- 
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsubscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Circuits in Orbot

[Nathan Freitas]

On Tue, Jun 23, 2015, at 04:27 PM, forc...@safe-mail.net wrote:
 I am using Orbot for Android and was surprised to see that circuits are
 up to 5 nodes. I remember having read that TOR would not be more secure
 (and even could be UNsecure) if it would use more than 3 nodes to build a
 circuit.

When you say the circuits are up to 5 nodes, are you getting that
information from the log or the notification area display?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Firefox with Tor on Android?

[Nathan Freitas]

On Wed, May 20, 2015, at 03:44 PM, Jens Lechtenboerger wrote:
 Hi Nathan,
 
 many thanks for your quick reply!
 
 On 2015-05-19, Nathan Freitas wrote:
 
  On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote:
  the usage instructions for Tor on Android at
  https://www.torproject.org/docs/android.html.en
  are unsafe for Firefox users.
 
  Firefox on Android downloads favicons without respecting proxy
  preferences.  See here:
  https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12
 
  Yes, that page is very out of date and needs to be updated. It wasn't a
  bug originally, but when Mozilla started moving more code over to
  Android/Java domain, they introduced it. I am making it a priority to
  make sure it is accurate. We have also removed the Proxy Mobile add-on
  from the Mozilla Add-on store awhile ago, when the favicon leak issue
  was discovered.
 
 Some big warning signs might be a good idea.  In particular, on
 pages like this:
 https://guardianproject.info/apps/firefoxprivacy

Yes, we are actually in a dev sprint right now to do a few things:

1) Remove all traces of broken or no longer recommended solutions

2) Add more clear documentation about when WebView/WebKit apps like
Orweb or Lightning are safe to use (on Android 4.3 and higher, etc)

 
  Hmm... Tor Everything should work if you have a rooted Android device
  with a kernel that supports iptables properly. Also, if you haven't seen
  Mike Perry's post on Android hardening/tuning, please read it:
  https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
 
 Great post, many thanks for the reminder!
 
  Which Android OS are you running, and which version of Orbot?
 
 Android 4.2.2.  I tried Orbot 15.0.0-RC-3 and 14.1.4-PIE.
 
  Have you tried the latest Apps VPN feature that tunnels all
  device traffic through Tor without root?
 
 Initially, I didn’t because the warning said that “it should NOT be
 used for anonymity.”
 
 I just tried that with 15.0.0-RC-3, but failed to get VPN working.
 If I klick “Apps” first, and start Tor afterwards, no circuit gets
 built.  In the log I repeatedly see “The connection to the SOCKS5
 proxy server at 127.0.0.1:10720 just failed.”

That is the way to do it (click Apps first, then start Tor). Make sure
to disable all root, transparent proxying options, and also flush/remove
all transproxy rules in the Debug section of Orbot settings.

 If I start Tor first, and klick Apps afterwards, I cannot open any
 web page.  (Very little data transfer is shown for OrbotVPN, some
 packets for each web attempt.  The Orbot logs show some circuits but
 “Tried for 120 seconds to get a connection to [scrubbed]...”)
 
 I guess that I need “Request Root Access.”  Other options?

No root is needed for this method.

 Firefox without proxy configuration?

You don't need any proxy config, correct.

  Finally, if you use Orweb (super basic) or Lightning Browser (most
  features you want), there is no favicon or other leakage.
 
 I’m surprised that you recommend Orweb.  There is a big red warning
 at: https://guardianproject.info/apps/orweb/
 
 I’ll check out Lightning Browser at some later point in time.

Again, that language is out of date. I really need a web / documentation
person to help make sure we keep this content accurate.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Firefox with Tor on Android?

[Nathan Freitas]

On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote:
 the usage instructions for Tor on Android at
 https://www.torproject.org/docs/android.html.en
 are unsafe for Firefox users.

 Firefox on Android downloads favicons without respecting proxy
 preferences.  See here:
 https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12

Yes, that page is very out of date and needs to be updated. It wasn't a
bug originally, but when Mozilla started moving more code over to
Android/Java domain, they introduced it. I am making it a priority to
make sure it is accurate. We have also removed the Proxy Mobile add-on
from the Mozilla Add-on store awhile ago, when the favicon leak issue
was discovered.

We have also had a variety of issues with successful proxying of
third-party web browser / engines on Android, including various bugs
with WebView/WebKit proxying depending upon the Android OS version or
device type you are running.

 (I tried different configurations of Orbot and Firefox.  Also “Tor
 Everything” fails, both with HTTP proxy at port 8118 and SOCKS proxy
 at 9050.)

Hmm... Tor Everything should work if you have a rooted Android device
with a kernel that supports iptables properly. Also, if you haven't seen
Mike Perry's post on Android hardening/tuning, please read it:
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy

Which Android OS are you running, and which version of Orbot? Have you
tried the latest Apps VPN feature that tunnels all device traffic
through Tor without root?

 My current attempt for Firefox with Orbot is to configure localhost,
 port 8118 as system HTTP proxy (long press Wi-Fi connection -
 Modify network - Show advances options).  Then, in Firefox verify
 via about:config that network.proxy.type is set to 5, which should
 be the default and lets Firefox use the system proxy, which is also
 used to fetch favicons.

Yes, for Wifi connections this will work reliably.

 Probably, there are more pitfalls.  Any suggestions?

I think running CyanogenMOD or a similar rom, and using transparent
proxying, either by app or all, on boot, and optionally with Mike's
extra hardening, is the most complete solution. 

If you don't want to go that far, then the Apps VPN feature feature
should do, or manually setting the wifi proxy as you have.

Finally, if you use Orweb (super basic) or Lightning Browser (most
features you want), there is no favicon or other leakage.

+n

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfsproxy for Android

[Nathan Freitas]

On Mon, Apr 27, 2015, at 09:05 AM, Mohsen Khahani wrote:
 I am developing an anti censorship application for Android. Is there a
 way technically to use *obfsproxy *client in my app since it's been
 written
 in Python? Any advice?

I am working on a library named PLUTO to help promote the use of
pluggable transports/obfsproxy in other apps. You can find the current
information on it here: https://github.com/guardianproject/pluto

While it is focused on more typical Java-based Android apps, the way
that PT's work are just simple command line binary executables. Obfs4 is
currently written in Go, but in the PLUTO project, you can find
information on cross-compiling it, as well as pre-built binaries.

To execute and manage a PT instance, you just need to set the proper
environmental variables, which you can read about here:
https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt#n246

Hope that helps!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: [guardian-dev] Orbot v15 beta 1

[Nathan Freitas]

- Original message -
From: Nathan of Guardian nat...@guardianproject.info
To: guardian-...@lists.mayfirst.org
Subject: [guardian-dev] Orbot v15 beta 1
Date: Fri, 03 Apr 2015 13:13:51 -0400

Orbot v15 beta 1 is functionality complete. Beyond the new purple
background, the Apps VPN mode and Bridges setup support directly
available on the main screen are the main obvious changes. Underneath,
there is the latest Tor 0.2.6 release, along with Meek and Obfs4
pluggable transports.

The main area for testing is using the Apps VPN mode while switching
networks and/or in bad coverage, as well as using it in combination with
Meek or Obfs4, for example. Also, the implementation is bit different
between Android 4.x and 5.x, so please report any difference you might
see there.

APK: https://guardianproject.info/releases/Orbot-v15.0.0-BETA-1.apk
SIG: https://guardianproject.info/releases/Orbot-v15.0.0-BETA-1.apk.asc

SRC: https://gitweb.torproject.org/orbot.git/tag/?id=v15-beta-1

/** 15.0.0 Beta 1 / 3-Apr-2015 /
989d43aca7d999c413ba23ae4ebdcac72fb0f9c5 **/

6fd6a5a tune first-time experience (No more wizard!)
b318e6b update tun2socks binaries
cd303bd commit to latest dev head
a2e84b8 fix JNI build info
398ff17 remove browser view handlers in manifest
75426bb Improve VPN service support - fix network switching handling We
now refresh the VPN and tun2socks interfaces when the network 
d14dabb update tun2socks shared libraries
6d15a46 update jni build documents
ab8f8f1 update build path for tun2socks
7774ca3 remove old embedded badvpn_dns
2724551 tag badvpn to latest
39ce7f1 improved clean-up, shutdown of Tun2Socks and VPN service
b1d46e2 use getbridge email instead of web, as it makes more sense for
users in censored/filtered locations to send an email than to a
9d83a5b update app vpn warning
26aeb67 updating string resources / localizations
7dd4949 update jsocks with reduced debug output
8493259 new helper activities for Apps and Bridge setup
150488d fixes for onboot logic and handling
8c5b38e more UI clean-up, removing old wizard code
7b830a0 remove HTTP proxy for VPN - not needed anymore!
6a7c593 a little bit of code re-org and new package for wizard
1a66924 update ant build for new external jsocks
9393928 add jsocks external modules and project
e30c78b remove jsocks from main code and move to external/jsocks
784c1c1 peg external to jsocks commit

More here: https://gitweb.torproject.org/orbot.git/tree/CHANGELOG

-- 
  Nathan of Guardian
  nat...@guardianproject.info
___
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Onion Proxy Library

[Nathan Freitas]

On Wed, Feb 18, 2015, at 08:17 PM, Yaron Goland wrote:
 I just updated the Tor Onion Proxy Library [1]. The library will set up a
 Tor Onion Proxy and help you connect to it as well as use it to host a
 hidden service. It provides an AAR for Android and a JAR for Linux, OS/X
 and Windows.

Thanks for updating us and reminding me of this important effort. We are
looking at breaking up Orbot to be more modular itself, and may utilize
your work to do so, along with our PLUTO effort for pluggable
transports.

 
 The updates are:
 
 Re-wrote the readme to provide some sample code
 Changed build process to simplify it
 Updated binaries for Android, Linux, OS/X and Windows to Tor 2.5.10
 Updated Android project to work with SDK 21
 Updated Android binary to use PIE so it will work on Lollipop
 
 Thanks,
 
 Yaron
 
 [1]
 https://github.com/thaliproject/Tor_Onion_Proxy_Library/releases/tag/v0.0.2
 
 
 
 
 From: Yaron Goland
 Sent: Thursday, July 24, 2014 6:32 PM
 To: tor-talk@lists.torproject.org
 Subject: Tor Onion Proxy Library
 
 I work on the Thali project [1] which depends on being able to host
 hidden services on Android, Linux, Mac and Windows. We wrote an open
 source library to help us host a Tor OP that that we thought would be
 useful to the general community -
 https://github.com/thaliproject/Tor_Onion_Proxy_Library
 
 The library produces an AAR (Android) and a JAR (Linux, Mac  Windows)
 that contain the Guardian/Tor Project's Onion Proxy binaries. The code
 handles running the binary, configuring it, managing it, starting a
 hidden service, etc.
 
 The Tor_Onion_Proxy_Library started off with the Briar code for Android
 that Michael Rogers was kind enough to let us use [2]. We then expanded
 it to handle running on Linux, Mac and Windows. The code is just a
 wrapper around Briar's fork of jtorctl (originally from Guardian I
 believe) and the latest binaries from Guardian and the Tor Project.
 
 This is an alpha release, version 0.0.0 so please treat accordingly.
 
 I hope y'all find it useful.
 
Thanks,
 
  Yaron
 
 [1] http://www.thaliproject.org/mediawiki/index.php?title=Main_Page
 [2] Specifically he dual licensed the code under Apache 2 so we could use
 it.
 -- 
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsubscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Facebook Onion Site: Impending Works

[Nathan Freitas]

On Wed, Feb 4, 2015, at 06:23 AM, Alec Muffett wrote:
 Specifically, we will be testing some experimental code to support both
 “www-” and “m-site” onion addresses, which will bring to Tor the “mobile”
 Facebook website as described in the original announcement:

Just tried this today from Android, and was indeed redirected to the
mobile site at https://m.facebookcorewwwi.onion/

Great work!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor on the iPhone?

[Nathan Freitas]

On Thu, Jan 15, 2015, at 09:59 AM, Jeff Burdges wrote:
 
 On 15 Jan 2015, at 21:54, Nathan Freitas nat...@freitas.net wrote:
 
  On a related note, the latest ChatSecure on iOS includes Tor, as well,
  for XMPP connections.
 
 I thought it needed an external Tor applicaiton, specifically the one by
 Mike mentioned?

No, ChatSecure iOS has Tor built into it now, and we will be keeping it
up-to-date with RC/final releases and other critical updates. iOS
doesn't allow external background proxies in the way that Android does.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor on the iPhone?

[Nathan Freitas]

On Thu, Jan 15, 2015, at 09:18 AM, blo...@openmailbox.org wrote:
Is this a valid app for using Tor on the iPhone?
https://mike.tig.as/onionbrowser/

Leaving aside the issues of iOS and the Apple Store, non-verifiable
binaries, etc, it is definitely a valid project and app. If you trust
using an iPhone, then Onion Browser is the best possible way to use Tor
for web access you can get.

This is primarily because Mike has shown he is committed to maintaining
his open-source project over two-years, including publishing security
audit results, etc.

On a related note, the latest ChatSecure on iOS includes Tor, as well,
for XMPP connections.

All the best,
  Nathan

-- 
  Nathan of Guardian
  nat...@guardianproject.info
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: [guardian-dev] Orbot Orweb updates for Android L/5.x

[Nathan Freitas]

- Original message -
From: Nathan of Guardian nat...@guardianproject.info
To: guardian-...@lists.mayfirst.org
Subject: [guardian-dev] Orbot  Orweb updates for Android L/5.x
Date: Thu, 13 Nov 2014 15:20:02 -0500

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



Orbot v14.1.0-PIE (for 4.1/JB and up):
APK: https://guardianproject.info/releases/Orbot-v14.1.0-PIE.apk
SIG: https://guardianproject.info/releases/Orbot-v14.1.0-PIE.apk.asc

Orweb v0.7 update for all (but with L/5.x fixes thx to Team Psiphon!):
APK: https://guardianproject.info/releases/Orweb-release-0.7.apk
SIG: https://guardianproject.info/releases/Orweb-release-0.7.apk.asc

NetCipher library has also been updated with the WebKit proxy fix:
https://github.com/guardianproject/NetCipher/commit/98f830938a26e798d993e7b5d086fc57da7d3ec7

***

Orbot CHANGELOG:
/** 14.1 / 13-Nov-2015 / 5917e63693141dc08a99f8670ff3e274306a8c05 **/

* Updates to support Android 5.0 Lollipop
5917e63 updates for Android L and PIE binary support
5f49597 updates to appcompat v12 for Android L
7f50f79 update Makefile to support PIE arguments make PIEFLAGS=-fPIE
-pie NDK_PLATFORM_LEVEL=16
f6ad0ff initial modifications for PIE support

* Stability fixes
f9e340b goodbye AIDL file... no longer using bound services
c9bb1c2 remove bind service and use localbroadcast instead this should
fix problems with the service being killed on unbind

* Experimental (not enabled) VPN support for non-root whole device mode
ff86774 let's not build vpn support for now
3ef94e0 more fixes for VPN but not quite ready yet
aeb15e8 add sl4j jar dependecies for socks proxying
97ca6fb set MTU back to 1500 default
284a539 update badvpn commit
1b44dcb remove unused routes
a964bef moves VPN service to background Service so it doesn't die (and
other important fixes)
6a53ddb adding in new jni build files
2d98a29 temporarily use udpgw-client to make DNS and UDP tunneling to
work
6877aaf update to gp fork of badvpn
e459918 first commit of new OrbotVPN integration into Orbot



- --
  Nathan of Guardian
  nat...@guardianproject.info
-BEGIN PGP SIGNATURE-
Version: OpenPGP.js v0.7.2
Comment: http://openpgpjs.org

wsFcBAEBCAAQBQJUZRJICRCoARg+abN6qQAA1/oP/RKqdQRnTj9xT0GGkJOw
ZVhHnmpbpdsSx3eXB+cVmEWlmIPSUYfZo3n1jNzeRLgDg54If+jes/JldClV
H2ugSXxQ1BGe/aIus0kyxNG1Zb5XrKSYFTO50tZ1dD/pj+sWn44+Wd7k74Lm
3FudmIyZPwi8J2F53ATCbTa2QdjliFVl5wPeWe6mjRX5Lk3MJysFGNlMiO+P
JywIbWCg2YlkpnieBLukWGTYjC465uR1tm1NSPoWggyTnLYZ8AgW2abeRq1c
MrqJyiz2te1kruoU1DihMR+zfCNSmrmy5V+klsX1Fbw2XfkqsrE3loZAjMPB
g/fBhGFOJe0PQFDjNn+VlMkDWuoPn4zqy+ksbY8QSQc49QU5t//o+5ByZTgQ
Hk9Pft/ssUI/z0BZaGZuzURLeaI8FMgCb8oPCqqHRSmlzeRsBgq39SNZOMgD
OWli53sW7wmnKzregHBGKfIthHUmkAB0cC4zh8W0uX9ZPsVbSomB3OPRLY1Y
/iySoGs9a5rvfNBXSgrpxAZKZuJLMWuEt2hDrYmCgQpaGPjDClhHOzDUs0BY
np/VQWL0BxQXUCeFQu7708B9gOzQcPYHWmUtE93i5VpAiLz2QqjJhb5sGJ8M
+JUMIn+hPjsK56UDoPNGae1McSdcQXigkhnKfIaw4tbO711CayL4cOOe3yUi
opet
=FB0r
-END PGP SIGNATURE-
___
Guardian-dev mailing list

Post: guardian-...@lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev

To Unsubscribe
Send email to:  guardian-dev-unsubscr...@lists.mayfirst.org
Or visit:

https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info

You are subscribed as: nat...@guardianproject.info
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] ChatSecure Problem?

[Nathan Freitas]

Yeah best to email me direct for support or supp...@guardianproject.info

On Thu, Nov 13, 2014, at 04:43 PM, Alec Muffett wrote:
 Hi Nathan!
 
 I am running CS 14.0.7-beta-2 on a Nexus 5 running 4.4.4.
 
 I can sign into Google Chat and open a connection to Runa over it.
 
 But: no padlock icon, can’t manually start OTR, nothing happens.
 
 Checking the Google Chat logs online, I seem not even to be issuing an
 OTR
 challenge, even in response to Runa trying at her end.
 
 Am I missing something fundamental, please?
 
 Thanks!
 
 - alec
 
 -- 
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsubscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hidden Services vs Onion services

[Nathan Freitas]

On Wed, Nov 12, 2014, at 11:38 PM, Virgil Griffith wrote:
 I'll start trying onion service and just see if it catches on.

Since these things are mostly used for websites, why not call them
onion sites or onionsites? 

Typical users don't talk about web services, they talk about web sites
or pages. Perhaps they say online service but that usually means an
ISP or something larger than just a site, imo.

Turn your website into an onionsite
Access the onionsite in the same way you access a website

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Orbot/Tor talk at MIT tomorrow

[Nathan Freitas]

http://kb.mit.edu/confluence/pages/viewpage.action?pageId=152575577

Anonymity on the Go: The Possibilities and Problems of Tor on Mobile
Devices
This talk discusses what possibilities exist for communicating more
freely on a mobile device. How can we stop telcos, ISPs, and our
governments from tracking the apps we use, the sites we visit, and the
people we communicate with, all tagged with our location data? How can
we ensure that we have open and unthrottled access to the services we
need, no matter where we are? While not a panacea, Tor is one project
working to address these questions, and for five years, has been
supporting mobile devices, as well.

Speaker: Nathan Freitas is the lead developer of Orbot, Tor for Android,
and the Orweb and Orfox privacy enhanced mobile web browsers. He also
founded the Guardian Project, a five year old effort that creates
easy-to-use open source apps, mobile OS security enhancements, and
customized mobile devices for people around the world to help them
communicate more freely, and protect themselves from intrusion and
monitoring.
Thursday, October 23, 12pm - 1:30pm, 37-252 (Marlar Lounge), RSVP
required (email myea...@mit.edu) to attend and receive a free lunch.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: [guardian-dev] Progress on OrbotVPN

[Nathan Freitas]

The work below would remove the root/transproxy feature from Orbot, and
replace it with using a Android VPN/tuntap interface capability routed
through Tor's SOCKS via tun2socks. This means anyone can enable the
send all apps through Tor feature even without needing root. When the
VPN mode is on, we will also by default only allow secure ports (443,
etc) through in the torrc configuration, as well. 

For users wanting to have root/transproxy capabilities (including app by
app proxying options), they will be able to still use Orwall.

Feedback is welcome, especially from anyone with experience using Tor
and tun2socks.


- Original message -
From: Nathan of Guardian nat...@guardianproject.info
To: guardian-...@lists.mayfirst.org
Subject: [guardian-dev] Progress on OrbotVPN
Date: Tue, 21 Oct 2014 13:09:00 -0400

 
I have successfully gotten the Psiphon version of tun2socks working with
Orbot. You can see the code here:
https://github.com/n8fr8/orbot/tree/dev_orbotvpn

The trick with Android VPNService is that you have to mark sockets
protected in order to not have them be sent through the VPN. Tor opens
a ton of sockets all the time to many remote servers, so it is hard to
track those at the Android/Java level, since those are happening in the
Tor native process. Instead, I set Tor to use a mini outbound SOCKS
proxy I am running in the TorService class, and then I mark all the
sockets outbound from that proxy I mark protected. Seems to work without
much performance issue.

Aside from UI integration, the main outstanding issue is getting DNS to
work. When you create an Android VPNServer instance, you can only set
the DNS host 127.0.0.1 but not the port. Since Tor's DNS service is
running on 127.0.0.1:5400 I somehow need to get DNS packets to go there,
and drop the rest of the UDP.

My idea is to use the udpgw_client feature of tun2socks, and then run
the udpgw daemon on the device. I have already modified the tun2socks
code to change all DNS packets to use 5400 port, before they get sent
through udpgw. 

I did also have the idea for a bit of setting up a ton of remote udpgw
servers that Orbot users could randomly connect through, because that
would allow for UDP to work over Tor... I really don't like
running/managing servers however, but maybe Tor exit providers could
start running udpgw instances?

More on badvpn-tun2socks and udpgw here:
https://code.google.com/p/badvpn/wiki/tun2socks
https://github.com/guardianproject/badvpn

+n

-- 
  Nathan of Guardian
  nat...@guardianproject.info
___
Guardian-dev mailing list

Post: guardian-...@lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev

To Unsubscribe
Send email to:  guardian-dev-unsubscr...@lists.mayfirst.org
Or visit:

https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info

You are subscribed as: nat...@guardianproject.info
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] orWall 1.0.0 released!

[Nathan Freitas]

On Fri, Oct 3, 2014, at 03:37 AM, CJ wrote:
 just a small update regarding orWall: it's released 1.0.0!
 There's still *one* annoying issue regarding the tethering, but it
 should be OK next week. Just have to take some time in order to debug
 this for good.

 
I just want to say how gratifying it is to have another person in the
Tor community really dedicating and dev cycles to mobile. It is great to
see Orwall get to 1.0.

 orWall provides now a brand new UI in order to be easier to handle.
 There's also an integrated help (as a first-start wizard we might call
 later on).

My main critique right now is that the UI is quite complicated, and has
way too much text. I know your starting point was to automate the
instructions from Mike's blog post, and you have achieved that. However,
if we want to reach my goal (remove all root/transproxy features from
Orbot), we need to still support the one or two-tap capability that
Orbot now provides.

Perhaps you could add a default easy mode which starts with this, and
then hide the current UI under an advanced mode?

 There are many new features and improvements, like:

These are all great, and go way beyond anything we have in Orbot!

all the best!
+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] orWall 1.0.0 released!

[Nathan Freitas]

On Fri, Oct 3, 2014, at 03:37 AM, CJ wrote:
 just a small update regarding orWall: it's released 1.0.0!
 There's still *one* annoying issue regarding the tethering, but it
 should be OK next week. Just have to take some time in order to debug
 this for good.

Congratulations. Will definitely do testing this week! 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Anonymity of RSS readers

[Nathan Freitas]

On Sun, Sep 21, 2014, at 07:49 AM, Christian Stadelmann wrote:

 b) using Tor

 This is a bad idea too since I regularly fetch some hundred
RSS/Atom

 files, some of them via unencrypted HTTP. This would clearly
undermine

 all anonymity provided by tor. This problem gets even worse
when the RSS

 reader loads content (e.g. images, JavaScript, ...) when
displaying the

 feeds.



 What can I do?



What about configuring Tor to use separate circuits for
different remote IPs:



In the SOCKSPort config, you can enable IsolateDestAddr. If
your RSS app uses SOCKS, then this should work.



[1]https://www.torproject.org/docs/tor-manual.html.en

References

1. https://www.torproject.org/docs/tor-manual.html.en
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: [guardian-dev] Orbot v14.0.8.1 (now with Tor 0.2.5.x)

[Nathan Freitas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Thanks for all the hard work, little t Tor devs. We are really
excited about moving to 0.2.5.x for Orbot.

-  Forwarded Message 
Subject: [guardian-dev] Orbot v14.0.8.1 (now with Tor 0.2.5.x)
Date: Mon, 15 Sep 2014 09:45:05 -0400
From: Nathan of Guardian nat...@guardianproject.info
Organization: The Guardian Project
To: guardian-dev guardian-...@lists.mayfirst.org


Pushed to Google Play, should be on FDroid.org, and any moment now on
the GP Fdroid repos...

APK: https://guardianproject.info/releases/Orbot-v14.0.8.1.apk
GPG SIG: https://guardianproject.info/releases/Orbot-v14.0.8.1.apk.asc
TAG: https://gitweb.torproject.org/orbot.git/tag/refs/tags/14.0.8.1
CHANGELOG: https://gitweb.torproject.org/orbot.git/blob/HEAD:/CHANGELOG

Highlights from the release:

* Update to Tor 0.2.5.7-RC:
https://blog.torproject.org/blog/tor-0257-rc-out which has some fixes
for the airplane mode feature we use to save battery life. This also
means we can now support the Scramblesuit obfuscated transport, which
required 0.2.5.x.

* Multiple fixes for transparent proxying, including a bug (not all
shell commands were being executed), a performance win (root shell is
shared across all setup/teardown commands which speeds things up and
makes it less memory intensive), and anti-leak improvement feature
(all DNS is transproxied in app-by-app mode since DNS is sometimes
resolved from a central service, and not the app)

Thanks, and Happy Monday!

+n
___
Guardian-dev mailing list

Post: guardian-...@lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev

To Unsubscribe
Send email to:  guardian-dev-unsubscr...@lists.mayfirst.org
Or visit:
https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info

You are subscribed as: nat...@guardianproject.info


-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJUFu4nAAoJEKgBGD5ps3qpBDQP/3/ik1IVLHAV8JegeTWoUrgC
3ZWzgpI/jXlvqpTfA6KO+P4RSOuaTF8/PDP05SklgIetJfu6ZoWLX7Z/TmNwYTbH
6DBA+5okveOgm1jZEgdMcHTkayzrvVIBWvC1lAO70KASEp8doW8KN9M6x5uLvLf2
HwDRfYt4VSvIVyWIWG2cUeIu1p4OEuKi/iIOemL0gtF8QDTyKK8xBnY5TNNWG+/j
yfidk3lcvlGT6Qn7xbybB94VVTYh4eT5m7GjYnfvB/jWuhI6RAWNbP/nc+mJc1lA
Oe94+k8yIjWssoRIO8hW3yzXS5O1rnYzkKnJ6StxBBfvQzV9YMnolEaY5YrL/Tz8
EqJghmZ6ZGB1qoQpUdYr1yXwokQPHMkHhSlG/XCNkL+DDBo6tmzJBxtkD9jVOxpA
/N5QggLRO7KxLTdA2q6+UaoW1ZJJzis+U8ZjAzXbNEbRKEPwA7T1FckYorCLbRSo
T1YV/z47rujRjH846QJuGqACg4hx1PXkMKXHw5MWcdM7vbh7siZY5Np4SsciUBg/
utVhaZMYeX5sgQn6gx8G+vFvPqkGnxsZ6mv/9WqZaJUSBD/5xEHSu7jnnPrDgTPf
pgdZE0d1pxxaVqCg/zto6lp9bxz5NTNerL2pxgtnZwytv8J1QW40k14K3+CYiaCN
8jy9vtkpgbVnYbh0IvC2
=lbTZ
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hidden service on Android device through Orbot

[Nathan Freitas]

On September 8, 2014 12:55:13 PM EDT, Dimitar Milkov m...@programings.eu 
wrote:
How i can set hidden service on my rooted Android phone through Orbot?

From the Orbot interface, i requested root access and successfully
granted the application with it.

I have kWS server running locally, and i can access what server streams
on 127.0.0.1 from my web browser.

So, next i just set the server port in Orbot options, and as far as i
understand, the hostname should be generated and be accessible in
.Onion hostname field, but in my case it's not. The field is blank.

I can't find the .onion hostname for my service in order to access it.

What is wrong?

Sounds like you have done everything right. Did you restart Orbot? You should 
see a notification about the hidden service being activated. Then it should 
display the value in the .Onion hostname field.

Root is not required BTW for hidden services.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Better testing through filternets

[Nathan Freitas]

I am working on improving our ability to do more thorough and
standardized testing of Orbot, etc. As part of this, I am trying to
come up with a simple filternet configuration based on OpenWRT, running
on a TP Link MR3020.

Currently, I have this working:

- Use Dnsmasq to block high profile target domains (torproject.org,
google, facebook, twitter, whatsapp, etc)
- Block all HTTPS traffic (port 443)

This simulates most of the common DNS poisoning and port blocking types
attacks, though Tor can still easily connect at this point.

I would like the ability to simulate a more severe environment, where
for instance, Tor itself is targeted, and bridges are required. Any
thoughts or experience doing this?

- Block IPs/domains for known Tor Authority nodes

- block based on Tor protocol characteristics: ssl certs, common ports, etc

Thanks for any feedback, pointers, links, etc.

+n


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] (FWD) ISC Update: StoryMaker

[Nathan Freitas]

On 08/02/2014 01:22 AM, Roger Dingledine wrote:
 An interesting-sounding success story of Tor in action -- and so well
 integrated that people barely even mention Tor. :)

It is all my fault!

I think every app would love to have a standard, easy way to include a
powered by Tor or works with Tor graphic on it, or standard way to
mention it. Perhaps this is part of a branding/outreach effort that can
be done, so that all the amazing work that Tor does to allow apps like
StoryMaker to build on it, is appreciated and touted.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Android app: Torrific (renamed to orWall)

[Nathan Freitas]

On 07/28/2014 12:41 AM, CJ wrote:

So, orWall. So be it. Welcome, little one:).


orBot welcomes you! Just returning from an offline vacation and happy to 
see this thread and news.


I would be more than happy to direct Orbot users who want this 
functionality to your app, once its stabilizes, and as long as we can 
assure a fairly streamlined user experience.


In other words, I doesn't need to be all-in-one-app, but it should feel 
as close to it as we can make it.


+n
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: [guardian-dev] Orbot 14.0.5 Release Candidate 1

[Nathan Freitas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1




-  Forwarded Message 
Subject: [guardian-dev] Orbot 14.0.5 Release Candidate 1
Date: Mon, 28 Jul 2014 22:06:13 -0400
From: Nathan of Guardian nat...@guardianproject.info
Organization: The Guardian Project
To: guardian-...@lists.mayfirst.org


The latest Orbot RC is here, now with Tor 0.2.4.23 hot off the presses.
This update includes improved management of the background processes,
the ability to easily change the local SOCKS port (to avoid conflicts on
some Samsung Galaxy and Note devices), and the fancy new notification
dialog, showing your current exit IPs and country.

APK: https://guardianproject.info/releases/Orbot-v14.0.5-RC1.apk
Sig: https://guardianproject.info/releases/Orbot-v14.0.5-RC1.apk.asc

543c887 update to latest tor and obfsclient
023ef2d boot receive does not need HOME category
cbf4e99 handle CONNECTING state properly
6ed7ab0 onBoot perm should default to true
816d7d7 new icons for martus
6574312 new tips for app download
29a0641 make sure start on boot works properly
54a39f2 only show notifications if we have data
9d541d8 added mobile martus to rec'd apps
4d6c32a support dynamic SOCKS ip in polipo configuration
1cd0dcf fix proguard path for new sdk
c4cf845 handle NPE in case service disconnects
1e6ff35 updating ant build shell permissions
498f647 remove external storage perm (debug log written internally) need
to add ability to share internal file after marking it globa
e1ec776 re-arch status callbacks and improve notification
c7409b7 update commit pegs for external
f2f076c fixes for layout and notification data be sure to only get the
IP of the last hop (that is the exit)
a6da4bf small cleanup of asynctask and error handling
181b922 make the notification larger for more display room!
a82d2e4 remove unnecessary jar file
3bc8760 Merge branch 'new_notification_expanded' of
github.com:amoghbl1/orbot-1 into amoghbl1-new_notification_expanded
41064d8 add persistent flag
b4079f4 update transifex config
8a934c9 don't close socket, and use HALT for shutdown
f9b38e6 if service is null, please start it
a447bbf update strings




-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJT1wLkAAoJEKgBGD5ps3qp//kP/1nRRuk+9dhsUOlXwMxg5cph
isiwM2UHpjzU1i6eiMQW6BtV8MyPIchV5wik4BcICCEoJftCF81h/C3B0Rwee9j0
2a/8/OvG6URJJ3kV/dnVY85yiFTb8YeuYVG+WokL8aAKARzVxfP52PTRCvpX6DsP
zea0oLO3yWGxdRDe5qCXhLknoFILhrfiYBgbcbVTJP/sFxUIVVHtDQghlLySs2UE
1BzBYbjvcUOWrQv0D7MOEQ/VCqK0Lrd5tsyJodREeIAyIyhsMzd+ZflcVWxhRBCD
BKlaHlLGCMSKB8CV9YWOPlYZg4YQR/MBFy29TDr6y/1UEk4kFiY60DjgS9O3SuDS
UQCQEpQlftQPBtd4nEKoTaw7FNfgYJd2/PpwWd/+AcvP9v5bj/vsMpItrLa6sovg
vAW5/tRM/i12Zh6l8yn+a3W00mo0tLlZvUVq0tDJTcfQAyrVQZNympjdrZpJEwKu
njMsHtOXMy0T0BtnO4p3TgB7t88qu+sLlX5IR3uaIPxlrOtgEzWkGMJsUSHm25Im
hnK2QlIXZvYNcNgQyal/13kUSqbYJw8f2Bqxn2YdFP1sCZe1jm1DRR9IwAjZSFDl
dnIXWvOWc8VbbCEBJMT4+oXxopMjuix+DaUI6QtGhwmKrbK2Ds3BOLbgl8ncFJES
Z+u4kkPVC0p7JWauk3NY
=XyCO
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha

[Nathan Freitas]

On 05/04/2014 05:18 AM, George Kadianakis wrote:
 Nathan Freitas nat...@freitas.net writes:

 On May 3, 2014 4:18:28 PM EDT, George Kadianakis desnac...@riseup.net 
 wrote:
 George Kadianakis desnac...@riseup.net writes:

 Nathan Freitas nat...@freitas.net writes:

 On May 3, 2014 6:10:58 AM EDT, George Kadianakis
 desnac...@riseup.net wrote:
 Nathan Freitas nat...@freitas.net writes:

 Orbot now supports Obfs3 and Scramblesuit, thanks to Yawning's
 help.
 Great news! Thanks!

 BTW, how are obfs3 bridges supposed to be used?
 This is the string I use for scramblesuit, copied directly from the
 bridges.tp.o page:
 scramblesuit xxx.xxx.xxx.xxx:x fingerprintxxx
 password=sharedsecretxxx
 I installed Orbot-v14.0.0-ALPHA-2a.apk and checked the Preferences
 menu. There used to be an option called 'Obfuscated Bridges' that
 it's
 not there anymore. I assumed that I just have to specify a bridge,
 and
 then prefix it with the transport name, like you do in the torrc.
 Yes.

 So I clicked on 'Bridges' and then inserted 'obfs3 ip:port'
 (with
 my own ip and port) and started up Orbot. Unfortunately, I think
 that it didn't work very well. In the logs I got:
 
 Adding bridge: obfs3 ip:port
 Hmm Add a fingerprint perhaps?

 Hm, I just tried that bridge again (without adding a fingerprint),
 and
 now I'm getting the usual PT error:
 We were supposed to connect to bridge 'ip:port' using pluggable
 transport 'obfs3', but we can't find a pluggable transport proxy
 supporting 'obfs2'. ...

 I'm not sure why I'm getting this today instead of the error I was
 getting yesterday [0]. I don't remember rebooting or changing
 anything.

 In any case, this new message usually means that obfsproxy crashed
 early: before being configured to be a Pluggable Transport. The same
 should be true for obfsclient too. Could it be a permission issue?

 We played a bit with Yawning on this.

 Are we sure that the ClientTransportPlugin is even set at all?

 Because looking at
 https://gitweb.torproject.org/orbot.git/blob/HEAD:/src/org/torproject/android/service/TorService.java#l1713
 it seems that it depends on the boolean PREF_BRIDGES_OBFUSCATED which
 apparently is never set since commit 147b57af4.

 This seems to agree with my experience since I'm getting the log
 message Using standard bridges which is on the 'else' codepath.

 Or maybe we are missing something.
 Wow, I just realized that I removed that preference UI, but on my test 
 device it was already set to TRUE, since I did not do a clean install.

 Thanks for the testing, and will push a new release our in next 24 hours 
 with that fixed.
 Thanks!

 BTW, I'd suggest to parse the Bridge lines to figure out if PTs are
 used and only then insert a ClientTransportPlugin line (in contrast,
 to always adding a ClientTransportPlugin line). That's to avoid issues
 like #11658.
I am doing that now, by looking for a supported PT type in the bridge
config lines

 You can check if a Bridge line uses PTs, by checking if its second
 element is a C-identifier as the pt-spec.txt suggests. An IP:PORT is
 not a C-identifier because of the colon.
That sounds like a better way, especially since PTs could be run outside
of Orbot as separate apps.
Here's a new alpha-3 build that has been tested on a few devices, with
both obfs3 and scramblesuit bridges:

apk: https://guardianproject.info/releases/Orbot-v14.0.0-ALPHA-3.apk
sig: https://guardianproject.info/releases/Orbot-v14.0.0-ALPHA-3.apk.asc

14.0.0 (ALPHA-2)
583c758 updated to 14.0.0-ALPHA-3
90848b0 reduce memory usage of app and make single process
ba90f73 cleanup of notification and process kill code
76ec147 add some more externalized strings
e80c3bf check if installed apps are enabled
60a822a updated to 14.0.0-ALPHA-2b
69614fb updated Tor version to 0.2.5.4-alpha heartbleed blacklists for
non-updated tor nodes
53673da fix bridge/PT enable code based on bridge types
9096f8c update 14.0.0-ALPHA-2a for some testers (samsung)
42d8ca1 for some devices, the process-id is listed first
fd51281 make sure the unbind intent is not null
b814019 improvement for network state checking code
648b10c updated changelog for v14
ea919c5 add the basic proguard support
147b57a remove unused preference
0dc50cc add log max size feature
b9f14b3 ensure setConft on control port works consistently
b056e7f remove debug waiter

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha

[Nathan Freitas]

On May 3, 2014 6:10:58 AM EDT, George Kadianakis desnac...@riseup.net wrote:
Nathan Freitas nat...@freitas.net writes:

 Orbot now supports Obfs3 and Scramblesuit, thanks to Yawning's help.


Great news! Thanks!

BTW, how are obfs3 bridges supposed to be used?

This is the string I use for scramblesuit, copied directly from the 
bridges.tp.o page:

scramblesuit xxx.xxx.xxx.xxx:x fingerprintxxx password=sharedsecretxxx

I installed Orbot-v14.0.0-ALPHA-2a.apk and checked the Preferences
menu. There used to be an option called 'Obfuscated Bridges' that it's
not there anymore. I assumed that I just have to specify a bridge, and
then prefix it with the transport name, like you do in the torrc.

Yes.


So I clicked on 'Bridges' and then inserted 'obfs3 ip:port' (with
my own ip and port) and started up Orbot. Unfortunately, I think
that it didn't work very well. In the logs I got:

Adding bridge: obfs3 ip:port

Hmm Add a fingerprint perhaps?

Setting conf: SOCKSPort=127.0.0.1:9050
snip
WARN: Controller gave us config lines that didn't validate: If you
setUseBridges, you must specify at least one bridge.
snip
Starting polipo process

and then Orbot bootstrapped directly, without using my bridge :/

Yes... Bridges are applied via the control port, and Tor will still bootstrap 
if the config settings fail. Maybe we should not do that on further thought.


I'm not sure exactly why my bridge was not set in Tor. Maybe I'm not
supposed to specify my obfsbridge using the 'Bridges' dialog?

Will do more testing with obfs3.


Cheers!

PS: I think the move from the 'Obfuscated Bridges' box is a good
idea. IIRC, the 'Obfuscated Bridges' box assumed that the bridge
is obfs2, without even mentioning it to the user, which is not
good now that we have more pluggable transport around.

Yes this is a better design. We will be working on more ways to simplify bridge 
setup including qrcode scanning, NFC tapping and more.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha

[Nathan Freitas]

On May 3, 2014 4:18:28 PM EDT, George Kadianakis desnac...@riseup.net wrote:
George Kadianakis desnac...@riseup.net writes:

 Nathan Freitas nat...@freitas.net writes:

 On May 3, 2014 6:10:58 AM EDT, George Kadianakis
desnac...@riseup.net wrote:
Nathan Freitas nat...@freitas.net writes:

 Orbot now supports Obfs3 and Scramblesuit, thanks to Yawning's
help.


Great news! Thanks!

BTW, how are obfs3 bridges supposed to be used?

 This is the string I use for scramblesuit, copied directly from the
bridges.tp.o page:

 scramblesuit xxx.xxx.xxx.xxx:x fingerprintxxx
password=sharedsecretxxx

I installed Orbot-v14.0.0-ALPHA-2a.apk and checked the Preferences
menu. There used to be an option called 'Obfuscated Bridges' that
it's
not there anymore. I assumed that I just have to specify a bridge,
and
then prefix it with the transport name, like you do in the torrc.

 Yes.


So I clicked on 'Bridges' and then inserted 'obfs3 ip:port'
(with
my own ip and port) and started up Orbot. Unfortunately, I think
that it didn't work very well. In the logs I got:

Adding bridge: obfs3 ip:port

 Hmm Add a fingerprint perhaps?


 Hm, I just tried that bridge again (without adding a fingerprint),
and
 now I'm getting the usual PT error:
 We were supposed to connect to bridge 'ip:port' using pluggable
 transport 'obfs3', but we can't find a pluggable transport proxy
 supporting 'obfs2'. ...

 I'm not sure why I'm getting this today instead of the error I was
 getting yesterday [0]. I don't remember rebooting or changing
 anything.

 In any case, this new message usually means that obfsproxy crashed
 early: before being configured to be a Pluggable Transport. The same
 should be true for obfsclient too. Could it be a permission issue?


We played a bit with Yawning on this.

Are we sure that the ClientTransportPlugin is even set at all?

Because looking at
https://gitweb.torproject.org/orbot.git/blob/HEAD:/src/org/torproject/android/service/TorService.java#l1713
it seems that it depends on the boolean PREF_BRIDGES_OBFUSCATED which
apparently is never set since commit 147b57af4.

This seems to agree with my experience since I'm getting the log
message Using standard bridges which is on the 'else' codepath.

Or maybe we are missing something.

Wow, I just realized that I removed that preference UI, but on my test device 
it was already set to TRUE, since I did not do a clean install.

Thanks for the testing, and will push a new release our in next 24 hours with 
that fixed.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha

[Nathan Freitas]

Orbot now supports Obfs3 and Scramblesuit, thanks to Yawning's help.

We are also experimenting with a switch to Polipo
(https://github.com/jech/polipo.git) from Privoxy.

 Original Message 
Subject:Re: [guardian-dev] Friday Full of Updates
Date:   Fri, 02 May 2014 15:40:47 -0400
From:   Nathan of Guardian nat...@guardianproject.info
To: Guardian Dev guardian-...@lists.mayfirst.org


On 05/02/2014 03:14 PM, Nathan of Guardian wrote:
 - Orbot has been updated to 14.0.0-ALPHA-2a, with amazing new support
 for Obfsclient pluggable transports like obfs3 and scramblesuit. There
 have also been many fixes related to solving the remaining problems on
 various Samsung Galaxy devices, as well.


 Actually, here is a release build of Orbot for testing:

apk: https://guardianproject.info/releases/Orbot-v14.0.0-ALPHA-2a.apk
sig: https://guardianproject.info/releases/Orbot-v14.0.0-ALPHA-2a.apk

14.0.0 (ALPHA-2)
ea919c5 add the basic proguard support
147b57a remove unused preference
0dc50cc add log max size feature
b9f14b3 ensure setConft on control port works consistently
b056e7f remove debug waiter
b2d4bb3 updated to v14-alpha-2
cbbc5e4 improve how we start/stop Tor, Polipo to find process id, do ps
of all, then filter (most compat) use async service for Tor s
t
b31c11f updated icons with dark background
2b6ff4e update manifest for v14-alpha-1
05b6553 add binary stripping to makefile
21c1cad update binaries and torrc for obfs/PT work
144460b fixes for preference handling in multi process context
38700f9 updated to 0.2.5.3 for scramblesuit/obfs support
d3865c0 fix settings handling and add more debug output also make SOCKS
a runtime config
d529334 clean up wizard context use
0178d3e add new binaries and configs for polipo and others
40546c9 change from privoxy to polipo for http proxy
a4d8669 fix variable name to obfsclient
2f7a9dd update to new obfsclient repo
000cf57 update jtorctrl jar
f485015 install obfsclient binary
d003826 update binaries
4d3754b remove obfsproxy, update obfsclient
7af85b5 small updates to Makefile for NDK
2c2d094 Integrate obfsclient/liballium into the build process
43c259a Update the obfsclient submodule to include Android fixes
a6af878 liballium/obfsclient should be sourced from tp.o repos








signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha

[Nathan Freitas]

On May 2, 2014 6:34:25 PM EDT, intrigeri intrig...@boum.org wrote:
Hi,

Nathan Freitas wrote (02 May 2014 19:44:35 GMT) :
 We are also experimenting with a switch to Polipo
 (https://github.com/jech/polipo.git) from Privoxy.

Jacob was strongly advocating that we do the exact opposite change in
Tails, so I'm curious why.

Yes, it seems that when Polipo was removed from TBB (since it was no longer 
needed for Firefox proxying), that around the same time (2011?) there were some 
serious security bugs discovered, and development on Polipo was dormant. This 
led to Tor switching back to recommending Privoxy as the HTTP proxy for those 
that need one.

However, Polipo is being actively maintained again, and the known issues 
addressed. I wanted to explore its use with Orbot because it does seem to use 
less memory than Privoxy, and is a bit faster as well. It is also cleaner to 
integrate due to the project being available as a git repo.

If there is conclusive evidence or a community decision that Polipo must not be 
used, I am willing to follow that, but for now, we are experimenting in 
alpha-ville.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot and ChatSecure not working on CyanogenMod

[Nathan Freitas]

On 04/19/2014 02:24 PM, Elrippo wrote:
 Since the last update, regarding the occurence of the heartbleed bug, from 
 Orbot I can not use ChatSecure with Orbot.
You should grab the latest Orbot 13.0.7-BETA-1 (which is actually now
tagged as 13.0.7 since it is stable).

It is in our repo, and available directly here:
https://guardianproject.info/releases/Orbot-v13.0.7-BETA-1.apk

(and gpg sig:
https://guardianproject.info/releases/Orbot-v13.0.7-BETA-1.apk.asc)

We had a few very unstable beta/RC's but things seem sorted now.

Thanks and please get in touch with me directly if you have further
problems.

+n



signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Orbot v13.0.6-BETA-7 vs. heartbleed

[Nathan Freitas]

The about string is wrong and has been corrected in our latest RC release. 
Sorry for the confusion.

On April 15, 2014 4:45:27 PM EDT, Nusenu 
bm-2d8wmevggvy76je1wxnpfo8srpzt5yg...@bitmessage.ch wrote:
Hi Nathan,

from the changelog of  v13.0.6-BETA-3

 CHANGELOG for v13.0.6-BETA-3
 
[...]
 7229c52 updated to openssl 1.0.1g


The About in Orbot v13.0.6-BETA-7 still says:

3rd-Party-Software:
[...]
OpenSSL v1.0.1e: http://www.openssl.org

which would be a version that is vulnerable to HB.

Is the About or the changelog wrong here?


thanks!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fwd: [guardian-dev] Orbot v13.0.6-RC-3 released

[Nathan Freitas]

 Original Message 
Subject: [guardian-dev] Orbot v13.0.6-RC-3 released
Date: Tue, 15 Apr 2014 23:23:59 -0400
From: Nathan of Guardian nat...@guardianproject.info
To: Guardian Dev guardian-...@lists.mayfirst.org,
guardian-annou...@lists.people-link.net




Aside from a linger startup issue with random Samsung Galaxy S3/4/5
devices, this RC-3 is looking very good, and will likely be final, so we
can move on to v14-alphas! The big improvements in this build are a fix
for the disconnected UI/activity (Tor is on, but UI shows off), and
improvements to the transparent proxying iptables scripts.

There were problems related to resolution of onion addresses
(AutomapHostsOnResolve has been disabled in torrc), and in some cases
DNS leaks were occurring in the previous beta's, RC's. If you do have
root+transproxy enabled, please test your browser against
https://www.dnsleaktest.com/ and http://ipleak.net/ and let me know if
you see any issues.

Also, if it has not been made clear, this v13.0.6 update does include
OpenSSL 1.0.1g for #heartbleed's sake.


APK: https://guardianproject.info/releases/Orbot-v13.0.6-RC-3.apk
SIG: https://guardianproject.info/releases/Orbot-v13.0.6-RC-3.apk.asc

13.0.6
89fc2e6 updated to 13.0.6-RC-3
b9eeb37 ensure Service has foreground priority so it is not killed (and
improve onBind() calls to reset state if it is killed)
3824bc5 improving control port connection code adding additional logging
for problems with Samsungs
fa6c101 bump version to 13.0.6-RC-2
cc020f5 small tweaks to Tor binary startup code
16799ef add automapresolve to ensure .onion address are handled
06d5a6f improve process lookup code
cd8b7e4 connect to localhost instead of 127.0.0.1
4673f04 update UI on rebind of service
c68ce2c fixes for transproxy to fix DNS leaks in some cases latest RC
was leaking DNS due to updates iptables/xtables binary and need
915ff8a updated to 13.0.6-RC-1
3413b34 fixes for getting process id of Tor process
e9d0fea updates resources and tx config for tagalog
10938ed update string resources from transifex
5326d2b updated string values for components
8d73be6 bump to 13.0.6-BETA-8
af95098 remove persistant flag, as its only for system apps
831a52a improved logging and exit code reporting for transproxy
f853271 fix Service init/bind logic also remove updates for background
drawing to save memory
8445f2e ensure appmgr doesn't fail on loading apps also don't load icons
to improve memory usage
227253d updates to optimize resource memory usage
ed76f8b update to 13.0.6-BETA-7
60a79a2 more updates to install clean-up process
f885059 fix problem with UI rotation and screen update
efb9a8c update to 13.0.6-BETA-6
bf8a92c use AbsolutePath instead of Canonical; fix kill code
e1b1ca0 add constants for folder names
e8116f4 ensure existing files are deleted before upgrade
25f4ac8 adding new small icon
981123f update to 13.0.6-BETA-5
b6a9b48 ensure existing binaries are removed before install problems may
be caused by soft links or old bins
ef14ac5 fix large icon incorrect display in alert dialogs
bab67b7 small fixes for the wizard with new UI
3d1f391 updates for icons, backgrounds and improved drawing code to
solve issues related to outofmemory
9d1311c updated to dark icon
b329920 update to BETA-4 for Permission changes
c9bf8d2 fix Shell calls so that we close() shell when done
e78486a update to support specific permissions for Service this is an
attempted fix for Samsung S3/Note3 issues
7990644 update version to 13.0.6-BETA-3
917ea6e fix for mikeperry transproxy leak bug find
https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html
fc0554f fix for binary version upgrade support
4ed6ea1 updated pre-built binaries
7229c52 updated to openssl 1.0.1g
6bce7d5 fix ant build script and target
e5b70ba improve shell command, root and permissions handling
b734c6c add new library for superuser/shell commands
dda5633 updated to 13.0.6-BETA-1
298f73c update Tor version code
75d3ecb update language wizard display to be more clear
fe44c29 add binaries (for non NDK developers)
05bf5b7 add/update translations from transifex
344e914 add transifex tx config
8140b32 a little bit of cleanup of new binary installs
e25dc08 fixes the menus for appcompat library
cc8d3e1 update to return to binaries as ZIPd res/raw stop using the
libs/armeabi hack method
b59bd1a remove binary apps/libs
445f63f updates ant build for new actionbarcompat
765a3bf updated graphic
8c20759 removed ABS depdency in favor of AppCompat
d0d7880 Signed-off-by: Nathan Freitas nat...@freitas.net
75a0d34 Signed-off-by: Nathan Freitas nat...@freitas.net
e5fdf28 updated binaries from new build script
57ef1c3 Fix building of openssl on newer systems
b5a043a updated Makefile to not build libevent TESTS
dab37b5 setting to 4.6 for compat
1a346cf updated makefile
02c389c updated obfsclient external
06b46f1 updated to only build tor binary and not tests, etc
d311f71 13.0.6 minor UI updates, Tor version update
a24eacd add hi