Re: [tor-talk] Using Orbot standalone
> On Mar 30, 2022, at 10:36 AM, Alessandro Donnini via tor-talk > wrote: > > Hi, > > I apologize in advance if this question (see below) was asked (and answered) > previously. I could not find any information on it. > > I would like to incorporate a proxy server in my Androd app to perform gate > keeping and toll taking functions. > > Orbot is described as > > "... and also provides an HTTP Proxy for connecting web browsers and other > HTTP client applications into the Tor SOCKS interface. ..." > > Could (a modified) Orbot be used as a device-based proxy server without > interfacing with the Tor network? It isn’t really meant for that, and would be overkill. Running a local proxy server in an Android Service isn’t that difficult. Alternatively, you could use the VPNBuilder interface, which would make "gate keeping and toll taking functions” work quite well. I would look at NetGuard for that: https://github.com/M66B/NetGuard +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Orbot 16.5.1 BETA 2 and more....
Orbot 16.5.1-BETA-2 with tor 0.4.5.9 is posted... Highlights - tor now at 0.4.5.9 with improved stability of new "in process" mode - more tuning of snowflake support - updated translations - experimental: enable your device to be a snowflake proxy for others (at bottom of settings), optionally only when on wifi + charging tag/APKs: https://github.com/guardianproject/orbot/releases/tag/16.5.1-BETA-2-tor.0.4.5.9 APKs: https://guardianproject.info/releases/Orbot-16.5.1-BETA-2-tor.0.4.5.9-fullperm-arm64-v8a-release.apk (.asc) F-Droid: standby for the next repo build! *** Orbot is now built upon the latest "in process" tor-android work done by Hans available at: https://gitlab.com/guardianproject/tor-android/-/tags/0.4.5.9 and https://gitlab.com/guardianproject/torservices/ This allows anyone to easily build in Tor to their app or to utilize the new "headless" TorServices app dependency. All of the Pluggable Transport support is now done through tladesignz's (Benjamin E) IPtProxy: https://github.com/tladesignz/IPtProxy This is a one-stop shop mobile optimized library for Android and iOS, that supports all current production PT's like Obfs4, Meek and Snowflake, built on the work done by the Tor Project anti-censorship team. *** Happy weekend all. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] trackers in OONI Probe Mobile App / was: NEW RiseupVPN test in OONI Probe Mobile App
On 2/8/21 5:15 AM, Maria Xynou wrote: > > We are not sure if we are going to keep Firebase in the long-run, but > it's difficult to investigate app crashes without proper reports. > > Do you have any suggestions for better tools to collect app crashes on > Android? Acra is a good, open-source, self-hosted crash reporting system: https://www.acra.ch/ Best, Nathan signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Browser for advanced users on Android
On 10/11/20 9:47 AM, Jonathan Marquardt wrote: > For example, > Orbot is already quite battery-hungry as it is, but running two Orbot > instances all the time for browsing while torifying some other things really > ain't that great on a smartphone. This is definitely something we've been talking about awhile, between the Guardian Project and Tor Browser team. The good news is that with recent improvements of Tor "idle" features, there should be very little battery consumption when tor is not in use. No longer is the daemon constantly creating new circuits if you aren't asking for them, for instance. Similarly, with Tor Browser, you really only need the Tor service instance running when the browser itself is in the foreground. Work is underway and continues so that tor can bootstrap more quickly, so that the user doesn't perceive any delay if tor has been shutdown when you leave the browser. Lastly, Hans from the Guardian Project team, continues to work on a more invisible "Tor Service" daemon, that could be installed much like "Google Play Services", and used by any app or service in a safe, shared way. We have more work to do here on security risks and threats for sure, but it is a promising direction. Best, Nathan signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wahay: Mumble + Onion Service
On 5/29/20 5:25 PM, Rafael Bonifaz wrote: > > Our latest project is call Wahay that combines two great projects: > Mumble and Tor. The user interface is similar to Zoom, where you can > start a meeting or join a meeting. Wrapping this all in a familiar Zoom user interface is a great move. Keep up the great work! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] New podcasts from Guardian Project with OONI and Tor folk
If you are looking for some fantastic medium-length listens this week that feature fantastic members of the Internet Freedom community, well, search no more! We've recorded three episodes in the last two weeks during our Clean Insights Symposium Extraordinaire, that are available to you, free of charge and free of surveillance (we host the feed and mp3's on Mayfirst.org). You can listen directly via the links below, RSS feed, or in your favorite podcasting app (which will potentially track exactly what you are listening to, how long, from where, etc): * RSS: https://guardianproject.info/podcast/podcast.xml * Apple: https://podcasts.apple.com/us/podcast/en-garde-the-guardian-project-podcast/id150556229 * Spotify: https://open.spotify.com/show/534fuFbvrIg84c8vlUr2Kp?si=EwvCW79oRhmpFqryfN4HqQ - May 22: "Data, People and Dignity Roundtable with Data4Change, Tor Project, Simply Secure and Okthanks" Amazing designers talk about data, people and dignity! https://guardianproject.info/podcast/2020/cleaninsights-data-people-dignity.html - May 20 "Clean Insights: Prof. James Mickens and Dr. Gina Helfrich on Ethics in Computer Science" Do Deep Fakes matter because they can fulfill childhood dreams of photorealistic Godzilla or an Avengers movie starring Gandi? Is tracking the heck out of your users fine, as long as it is you doing the tracking, or should ethical analytics mean more than self-hosting? How can we address the often myopic industry and academia to have fewer tech blind spots? We discuss these things and more! https://guardianproject.info/podcast/2020/cleaninsights-ethics-in-compsci.html - May 12: "Arturo Filastò of OONI, on Measuring the Internet Like an Octopus" Nathan and Arturo talk through the promise and peril of uncovering the hidden truths that lurk below! https://guardianproject.info/podcast/2020/cleaninsights-panel-ooni.html -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Please fix Orbot.
Actually, this is the best place for quick response: https://github.com/guardianproject/orbot or email to sup...@guardianproject.info That said, we will need more details. The beauty of Android is also the pain - the insane diversity of OS versions, community ROMs, hardware types, unexpected task killing background services, and more. For the vast majority of Orbot users, it is working, but Hack3rcon at Yahoo, we do want to help you, too! On 3/5/20 12:21 PM, james wrote: > You may have more luck raising a ticket on the Tor bug > tracker:https://trac.torproject.org/projects/tor/newticket > Original message From: hack3r...@yahoo.com Date: 05/03/2020 > 09:43 (GMT+00:00) To: tor-talk@lists.torproject.org Subject: [tor-talk] > Please fix Orbot. Hello Tor team,Please fix Orbot. The new version can't > working properly.Thank you.-- tor-talk mailing list - > tor-talk@lists.torproject.orgTo unsubscribe or change other settings go > tohttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] The Orbot not have any update?
On 12/6/19 1:09 PM, hack3r...@yahoo.com wrote: > Hello Tor team, > I updated Orbot on my BB Aurora cellphone (Android 7.1.1), but after the > update the Orbot just show me "Orbot is starting..." and can't connect. I > know some users reported this issue, but not solved. > Please examine it. > We have had a number of beta releases working to address this and other issues, and expect a full release this week. +n signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Heads up: Orfox "RIP" EOL is coming, moving to TBA!
Forwarded Message Subject:Heads up: Orfox "RIP" EOL is coming, moving to TBA! Date: Mon, 2 Sep 2019 22:16:31 -0400 From: Nathan of Guardian Organisation: Guardian Project To: Guardian Dev We will be officially announcing the end of Orfox this week, by releasing a final update to the 1.2 million active users of Orfox on Google Play and F-Droid. We haven't kept Orfox up to date with Firefox or Tor Browser fixes, so we must bring it to a forced end. Besides, TBA is looking good and working great, so anyone who wants Tor Browser on Android should use it. This "OrfoxRIP" app will replace the existing Orfox app: https://github.com/guardianproject/Orfox/releases/tag/Orfox-Final-RIP-v16 If you have Orfox still installed, please try installing it over what you have, and let me know if you have any issues. Download the APK: https://github.com/guardianproject/Orfox/releases/download/Orfox-Final-RIP-v16/Orfox-Final-RIP-v16.apk Otherwise, you can see the discussion and design work on this ticket: https://trac.torproject.org/projects/tor/ticket/29955 Thanks! +n signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Nice to meet you! / WhatsApp by Tor?
On 4/16/19 12:41 PM, GTI .H wrote: > Em ter, 16 de abr de 2019 às 12:25, Nathan Freitas <mailto:nat...@freitas.net>> escreveu: > > > On 4/16/19 11:48 AM, GTI .H wrote: > > Please, how can I use Tor to hide the origin IP in WhatsApp Android? > > Since WhatsApp is executable code on your Android phone, it can access > information about your device directly. This includes accessing your > "real" IP address through local network information APIs. > > Okay, but if you do not want to get caught by MATRIX, you can not put > personal information on your smartphone except a contact list. > the concern is with destination not to discover the origin. > Agreed. What I am saying is that if your adversary (WhatsApp/Facebook) can execute code on your device, in the form of the app, then they can access your actual IP address, actual phone number, IMSI/IMEI and other unique global identifiers. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Nice to meet you! / WhatsApp by Tor?
On 4/16/19 11:48 AM, GTI .H wrote: > Please, how can I use Tor to hide the origin IP in WhatsApp Android? Since WhatsApp is executable code on your Android phone, it can access information about your device directly. This includes accessing your "real" IP address through local network information APIs. Orbot was not designed to protect apps on your phone from accessing the IP address of your device. An app like Signal or Telegram, which both have open source clients, are much more likely candidates to use as apps that don't lookup/track your local IP address. +n signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Orbot 16.0.5-RC-1-tor-0.3.4.9
Forwarded Message Subject:Orbot 16.0.5-RC-1-tor-0.3.4.9 Date: Wed, 14 Nov 2018 10:05:21 -0500 From: Nathan of Guardian Organisation: Guardian Project To: guardian-...@lists.mayfirst.org New Orbot 16.0.5 out now on Github, https://guardianproject.info/releases and soon on Play and F-Droid! Orbot 16.0.5-RC-1-tor-0.3.4.9 https://github.com/n8fr8/orbot/releases/tag/16.0.5-RC-1-tor-0.3.4.9 @n8fr8 n8fr8 released this 9 minutes ago Assets 6 Orbot-16.0.5-RC-1-tor-0.3.4.9-fullperm-armeabi-release.apk 8.93 MB Orbot-16.0.5-RC-1-tor-0.3.4.9-fullperm-armeabi-release.apk.asc 833 Bytes Orbot-16.0.5-RC-1-tor-0.3.4.9-fullperm-universal-release.apk 18 MB Orbot-16.0.5-RC-1-tor-0.3.4.9-fullperm-universal-release.apk.asc 833 Bytes Source code (zip) Source code (tar.gz) /** v16.0.5-RC-1-tor-0.3.4.9 / 15 Nov 2018 / 2e2f6e7 **/ 2e2f6e7 (HEAD -> master, origin/master, origin/HEAD) udpate custom language/locale handling c22bfeb adding support for multiple new languages a3dba71 update strings 2702eaa (tag: 16.0.4-BETA-1-tor-0.3.4.8) update to 16.0.4-BETA-1-tor-0.3.4.8 fcff7ea reimplement custom language support for Aymara 21896f8 (tag: 16.0.3-RC-1-tor-0.3.4.8, public/master) update to 16.0.3-RC-1-tor-0.3.4.8 03a9e24 update localization strings f68fdc1 update transifex config f06939b (tag: 16.0.3-BETA-2-tor-0.3.4.8, dev/master) update build 16030020 9d3bd82 udpate default bridges c207a1e update new simpler notification with "new identity" button bcae003 add permission to service manifest a7130ab update to latest tor android 0.3.4.8 a5d1978 update default bridges ffda769 update NDK build script 3349454 update to latest Pluto obfs4proxy builds 048ed9f Merge branch 'master' of github.com:n8fr8/orbot 84e0433 (tag: 16.0.3-BETA-1-tor-0.3.4.8) update version to 16.0.3-BETA-1-tor-0.3.4.8 and build to 16030010 66cc8ad improve service checking for running Tor instance 6bc161b update to Tor 0.3.4.8 0ff8d7c Merge pull request #173 from haghighi-ahmad/patch-1 772e0db Improve Persian translation and fix grammar. 129b55a Merge branch 'master' of github.com:n8fr8/orbot 1bef963 Merge branch 'Unpublished-deprecated_torrc' b2bf3d9 Merge branch 'deprecated_torrc' of https://github.com/Unpublished/orbot into Unpublished-deprecated_torrc 06c343c update launcher web graphic 3433112 update launcher graphics bd61739 update version and constrains library 9a866aa update gradle tooling 31238af update tor to 0.3.4.7 RC b0a4990 Merge pull request #168 from av2k/master f74dea2 torrc: remove deprecated DNSListenAddress and obsolete WarnUnsafeSocks 5065a65 Merge pull request #1 from av2k/av2k-patch-better-german-settings-translation 27ee9ed Clarify a German strings.xml translation a608a96 Merge pull request #161 from bitmold/get-bridge-dialog-improvement 7340e21 Merge pull request #158 from Unpublished/patch 08d242e unused attribute in layout 3e03d22 update request new bridge dialog text be2d411 Formatted BridgeWizardActivity and layout; removed unnecessary code 0b15ae5 We get a better material design dialog by not using a custom layout 44d088b Only email clients are listed when you request a bridge over email edc07b0 no previous zipping further reduces apk size 749ca3e proguard: disable obfuscation 65bf70f (tag: 16.0.2-RC-1) update to 16.0.2-RC-1 build 16020041 18528bc (tag: 16.0.2-BETA-3) update to 16.0.2-BETA-3 build 16020013 ae28293 update gradle to produce APKs appropriately named 41e223f update native build to support armeabi-v7a f7f03f5 (tag: 16.0.2-BETA-2) update to 16.0.2-BETA-2 build 16020012 1dc740a update to latest tor-android-binary library 9a1e6fc add armeabi-v7a build to split APKs 4bdfb79 update code to properly unzip entries from APK zip if needed 0b74afb (tag: 16.0.2-BETA-1) update to build 16020011 16.0.2-BETA-1 with tor 0.3.3.5-rc 89906a2 update tor vpn values to 192.168.200 base some people might have conflicts with 10.10.10 base VPN f702a0e fix country selector spinner bug with phantom selections 3bbf7a1 ensure pluggable transports are updated and set to executable fa017cf make sure we handle foreground notifications properly 7dd09db update to tor 0.3.3.5-rc be61431 make sure all the activities we need are included af1d933 handle phantom selection of country exit - also support custom exit override issue 8ebd538 add NEWNYM feature back into main app screen 989cbb2 remove old fullperm manifest be1f73e go back to one manifest will all perms 93a0092 update implementation of language selector 265caa8 add more releae build crunching compression 074411a always show the hidden service menu 93e6cf3 don't show app vpn selection for devices that don't support it ad18a40 load PT binaries fromthe native library path 3dc40b8 update to use tor-0.3.2.10-dev build with new tor binary method 0d3ef7c update gradle to 3.1.2 49b7228 implement APK splits for architecture specific builds 142d934 update proguard rules 3e8a92a improve how service starts happen on Android O+ 6a911d9 Merge branch 'master' of
Re: [tor-talk] Tor VoIP PBX Architecture Discussion
On Tue, Oct 23, 2018, at 1:55 AM, Roger Dingledine wrote: > On Mon, Oct 22, 2018 at 05:13:39PM +0100, Iain Learmonth wrote: > > It might also be that half-duplex communication (even if implemented > > with humans saying "over") could bring benefits as this would allow you > > to increase the buffer sizes without having people talking over each other. > > Reminds me of the early days in Guardian Project's voice support in Orbot, > where they essentially built a "push to talk" feature that encoded your > thing as an mp3 and sent it across the Tor network and played it on the > other end. I hear that, once you figured out how to use it, it was > remarkably usable. You can still do this today but with the Plumble android app and any Mumble protocol server. You can also do this with Signal over Orbot - voice calls don't work since they are UDP, but voice messages work just fine! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How can Orbot for Android contact me?
On 10/14/2018 06:36 PM, Seth Caldwell wrote: > I want to know how I can get orbot to send me an SMS or Email if something > isn't configured correctly or a bug occurs etc. P.S. I am somewhat new to > Tor being that I only have had it for less than a month so, please don't > make your response too complicated. Hi, Seth. I can try to help you, but I am not quite sure what you are asking for. Orbot is an app that runs on an Android device, like a phone, tablet or Chromebook. You can configure it through the app itself. It will tell you if you successfully connect or not. There is no need for it to send you an SMS or email. If you want the most "fullproof" solution, use Orbot only with the Orfox browser (or the new Tor Browser for Android currently in alpha release). Best, Nathan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion
On Wed, May 16, 2018, at 8:13 AM, Lara wrote: > On Wed, 16 May 2018, at 11:53, Nathan Freitas wrote: > > Since we release Orbot roughly 8 years ago, it has been installed > > more than 20 million times, by people from hundreds of different > > countries and walks of life. Even better, we have cross the 2 million > > active user mark, with growing adoption in many “mobile first” parts > > of the world. > > Congratulations! > > But see the thread about EFF's reaction to the PGP related issues, be > sure that people do not confound popularity with safety. > -- Agreed. It is good to celebrate milestones to ensure we keep our energy and optimism up. Most of the time, however, we keep our heads down, and focus on quality. I have been actively maintaining Orbot for 9 years, so keep hope alive! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion
Orbot: Over 20 Million Served, Ready for the Next Billion https://guardianproject.info/2018/05/16/orbot-over-20-million-served-ready-for-the-next-billion/ We recently published the latest release of Orbot (16.0.2!), and as usual, we make it available via Google Play, as well F-Droid, and through direct download on our website. Whether we like it or not, Google keeps tracks of things like total installs and active installs (i.e. not uninstalled), and reports on that for us through their dashboard. While publishing this release, we noticed a milestone that made us a bit proud… so pardon this humblebrag. Since we release Orbot roughly 8 years ago, it has been installed more than 20 million times, by people from hundreds of different countries and walks of life. Even better, we have cross the 2 million active user mark, with growing adoption in many “mobile first” parts of the world. Of course, none of this would be possible without Tor Project itself, at the core of what we do, and empowering us through the years, to pave the way on free, open, mobile circumvention. We are also especially excited about the direction things are headed with Tor’s new executive director, Isabela Bagueros. That is because Isa understands that the vast majority of the world, including her home country of Brazil, accesses the internet using smartphones, which essentially include surveillance, censorship and privacy invasion as core features. Fortunately, she shares our optimism that with the right software and service, we can fight back against this and provide working solutions for human rights defenders, activists, journalists and everyday people. We are really excited about Tor’s new mobile initiative and their new stewardship of Orfox (soon to be Tor browser for Android!). Also, if you didn’t know Isa is the one responsible for Twitter adding proxy features into their Android app many years ago! With that global population in mind, we’ve focused this latest release of Orbot on size and efficiency, with the goal of making the app less than 10 megabytes in size. This 10MB limit qualifies Orbot to be promoted to Android Go devices, which is Google’s attempt to serve “the next billion”. You might have heard about lightweight “Go” editions of apps like YouTube, that are both smaller in size, and have features that enable data saving and offline use. With Orbot, we have started by focusing on reducing our binary size (which adds up over time with regular updates, etc), to reduce it by nearly 1/3, instead of just letting it grow bigger and bigger with each release. Over the next year, we will be working with the core Tor team to improve the core efficiency of the service running on mobile architectures, and to implement new features for data management, battery saving and more. A deep, onion-infused thank you to the multitudes who have helped us get to this point. We couldn’t have done it with out all of your patches, bug reports, complaints, praise, donations and encouragement. Now, let’s keep it up until we get to the billion install mark! signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] New release: Orbot 16.0.2-RC-1
Orbot 16.0.2-RC-1 Rolling out to Google Play now, and soon F-Droid. Direct APKs available on the Github release page below. Thanks to @bitmold @goapunk @pgerber @rjmalagon @Le1b1 for the help with this release! Highlights updated to tor 0.3.3.5 (Onion Services v3 support and more) split APK distribution for smaller binary size per chip architecture (< 10MB!) many fixes for tor, pluggable transport binary installation No more "Polipo" HTTP server, just using Tor's new built in capability improved language selection in app ... and much more! * https://github.com/n8fr8/orbot/releases/tag/16.0.2-RC-1 Orbot 16.0.2-RC-1 @n8fr8 n8fr8 released this 15 minutes ago Assets 9.07 MB Orbot-16.0.2-RC-1-fullperm-armeabi-release.apk 819 Bytes Orbot-16.0.2-RC-1-fullperm-armeabi-release.apk.asc 9.07 MB Orbot-16.0.2-RC-1-fullperm-armeabi-v7a-release.apk 819 Bytes Orbot-16.0.2-RC-1-fullperm-armeabi-v7a-release.apk.asc 18 MB Orbot-16.0.2-RC-1-fullperm-universal-release.apk 819 Bytes Orbot-16.0.2-RC-1-fullperm-universal-release.apk.asc 9.66 MB Orbot-16.0.2-RC-1-fullperm-x86-release.apk 819 Bytes Orbot-16.0.2-RC-1-fullperm-x86-release.apk.asc Source code (zip) Source code (tar.gz) Thanks to @bitmold @goapunk @pgerber @rjmalagon @Le1b1 for the help with this release! Highlights updated to tor 0.3.3.5 (Onion Services v3 support and more) split APK distribution for smaller binary size per chip architecture (< 10MB!) many fixes for tor, pluggable transport binary installation No more "Polipo" HTTP server, just using Tor's new built in capability improved language selection in app ... and much more! 65bf70f update to 16.0.2-RC-1 build 16020041 18528bc update to 16.0.2-BETA-3 build 16020013 ae28293 update gradle to produce APKs appropriately named 41e223f update native build to support armeabi-v7a f7f03f5 update to 16.0.2-BETA-2 build 16020012 1dc740a update to latest tor-android-binary library 9a1e6fc add armeabi-v7a build to split APKs 4bdfb79 update code to properly unzip entries from APK zip if needed 0b74afb update to build 16020011 16.0.2-BETA-1 with tor 0.3.3.5-rc 89906a2 update tor vpn values to 192.168.200 base some people might have conflicts with 10.10.10 base VPN f702a0e fix country selector spinner bug with phantom selections 3bbf7a1 ensure pluggable transports are updated and set to executable fa017cf make sure we handle foreground notifications properly 7dd09db update to tor 0.3.3.5-rc be61431 make sure all the activities we need are included af1d933 handle phantom selection of country exit - also support custom exit override issue 8ebd538 add NEWNYM feature back into main app screen 989cbb2 remove old fullperm manifest be1f73e go back to one manifest will all perms 93a0092 update implementation of language selector 265caa8 add more releae build crunching compression 074411a always show the hidden service menu 93e6cf3 don't show app vpn selection for devices that don't support it ad18a40 load PT binaries fromthe native library path 3dc40b8 update to use tor-0.3.2.10-dev build with new tor binary method 0d3ef7c update gradle to 3.1.2 49b7228 implement APK splits for architecture specific builds 142d934 update proguard rules 3e8a92a improve how service starts happen on Android O+ 6a911d9 Merge branch 'master' of github.com:n8fr8/orbot a94d2c9 Merge pull request #146 from bitmold/package-refactor 5f33788 control package name didnt match dir 456f896 set pdnsd path dynamically, in case it is installed elsewhere 2b40105 use Tor's built-in HTTP server instead of Polipo e903ea9 change how we look up the version of tor being used 6678399 update dependency command c6630b9 update dependency command bc863d4 updating to build 16010011 a957986 updating store descriptions 8867c33 adding new strings for onboarding dd0e2a0 updated strings for multiple locales a66ff47 update localized strings e0293ac Merge pull request #135 from bitmold/prefs-improvements fdd6b52 Merge pull request #139 from bitmold/back-closes-log-not-app f151b37 Merge pull request #127 from bitmold/string-fixes 923be64 Merge pull request #129 from bitmold/patch-2 d1daf86 Merge pull request #141 from bitmold/no-phone-state-perm d0cc453 Merge pull request #143 from bitmold/app-sorting-case-insensitive e244df9 Merge branch 'master' of github.com:n8fr8/orbot bae861e switch to 1.1.1.1 for default DNS 5d9fc75 update gradle to 4.4 f2c3753 update gradle, SDK, dependencies, etc 1c9afcb toUpperCase -> compareToIgnoreCase 0675600 App sorting for TorifiedApps is case insensitive 505223b removed legacy READ_PHONE_STATE perm 87401d0 When log is open, the back btn closes it a4ce29d Merge pull request #137 from bitmold/patch-3 ca3856c Update BUILD 13ea11d update preference summaries f117dac cleanup 49ee3ae textPassword inputType for proxypasswd dialog 8a14136 port settings use inputType=number db74f05 formatted preferences.xml d681dce Merge pull
[tor-talk] Fwd: Orbot 16.0.2-BETA-1 with Tor 0.3.3.5-RC
Forwarded Message Subject: Orbot 16.0.2-BETA-1 with Tor 0.3.3.5-RC Date: Sat, 12 May 2018 01:03:56 -0400 From: Nathan of GuardianOrganization: Guardian Project To: Guardian Dev Orbot 16.0.2-BETA-1 with Tor 0.3.3.5-RC is out. Please test! https://github.com/n8fr8/orbot/releases/tag/16.0.2-BETA-1 We are now using the "split APK" build method to automatically generate seperate APKs for armeabi and x86, as well as a universal APK. We are also now using proguard optimizations on the release builds. This allows us to get the size down for the per architecture APK files to under 10MB, which means it will be included in the Play Store for Android Go devices. It is also just a general goal of ours to not follow the trend of bigger and bigger apps, and to instead, be considerate of those with the least amount of mobile data and storage. Otherwise, this build includes: - A new, more reliable method of installing all the various binaries - Added "new identity" aka "newnym" menu button on main screen - Improved language selector (no more random swahili) - No more Polipo, now using Tor's build in HTTP proxy - and all the latest improvements from Tor 0.3.3.5 @n8fr8 n8fr8 released this just now Assets 8.35 MB Orbot-16.0.2-BETA-1-armeabi.apk 819 Bytes Orbot-16.0.2-BETA-1-armeabi.apk.asc 13.1 MB Orbot-16.0.2-BETA-1-universal.apk 819 Bytes Orbot-16.0.2-BETA-1-universal.apk.asc 8.94 MB Orbot-16.0.2-BETA-1-x86.apk 819 Bytes Orbot-16.0.2-BETA-1-x86.apk.asc Source code (zip) Source code (tar.gz) 0b74afb update to build 16020011 16.0.2-BETA-1 with tor 0.3.3.5-rc 89906a2 update tor vpn values to 192.168.200 base some people might have conflicts with 10.10.10 base VPN f702a0e fix country selector spinner bug with phantom selections 3bbf7a1 ensure pluggable transports are updated and set to executable fa017cf make sure we handle foreground notifications properly 7dd09db update to tor 0.3.3.5-rc be61431 make sure all the activities we need are included af1d933 handle phantom selection of country exit - also support custom exit override issue 8ebd538 add NEWNYM feature back into main app screen 989cbb2 remove old fullperm manifest be1f73e go back to one manifest will all perms 93a0092 update implementation of language selector 265caa8 add more releae build crunching compression 074411a always show the hidden service menu 93e6cf3 don't show app vpn selection for devices that don't support it ad18a40 load PT binaries fromthe native library path 3dc40b8 update to use tor-0.3.2.10-dev build with new tor binary method 0d3ef7c update gradle to 3.1.2 49b7228 implement APK splits for architecture specific builds 142d934 update proguard rules 3e8a92a improve how service starts happen on Android O+ 6a911d9 Merge branch 'master' of github.com:n8fr8/orbot a94d2c9 Merge pull request #146 from bitmold/package-refactor 5f33788 control package name didnt match dir 456f896 set pdnsd path dynamically, in case it is installed elsewhere 2b40105 use Tor's built-in HTTP server instead of Polipo e903ea9 change how we look up the version of tor being used 6678399 update dependency command c6630b9 update dependency command bc863d4 updating to build 16010011 signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Anonymity and Voip
On 05/09/2018 10:57 AM, Nathan Freitas wrote: > > > On 05/09/2018 09:27 AM, panoramix.druida wrote: >> Hi I would like to know your thoughts about anonymity and voip. I would like >> to know if it is possible to hide the fact that Alice is talking to Bob and >> that content of the communication is secure of course. >> >> I see that Whonix people have thought about this before and have a nice Wiki >> page: >> https://www.whonix.org/wiki/VoIP >> >> They recommend Tox and Mumble. Would something like Ring would work over >> Tor? Have you try Mumble as hidden service? > > Mumble works great over Tor. On Android, you can use Plumble, and it > works directly with Orbot, Tor for Android. One important point though, is that Mumble does NOT have end-to-end encryption. This means you need to trust whoever is running the Mumble onion server. The good news is that, as an Onion, you can run it on a laptop, anywhere, and don't need a fixed server. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Anonymity and Voip
On 05/09/2018 09:27 AM, panoramix.druida wrote: > Hi I would like to know your thoughts about anonymity and voip. I would like > to know if it is possible to hide the fact that Alice is talking to Bob and > that content of the communication is secure of course. > > I see that Whonix people have thought about this before and have a nice Wiki > page: > https://www.whonix.org/wiki/VoIP > > They recommend Tox and Mumble. Would something like Ring would work over Tor? > Have you try Mumble as hidden service? Mumble works great over Tor. On Android, you can use Plumble, and it works directly with Orbot, Tor for Android. In general, the issue with VoIP over Tor, is that Tor only supports TCP, and not UDP, which most voice and video services require. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fixing Orchid (Tor reimplementation in Java)
On 04/17/2018 10:27 AM, Masayuki Hatta wrote: > As some of you might remember, there was a thing called Orchid, an > independent Tor client/library implementation written in pure Java. > Unfortunately, Orchid became an abandonware (I suppose) and doesn't > work at all for a while. > > Recently, I was interested in Orchid and could fix most of the > important bugs. Now Orchid works again. > > I'm not really a Java (and Tor) guy, so this is basically for my > education, but if you are interested, please give it a try (and send > me patches or PRs if you find anything bad). > > You may find new Orchid: https://github.com/mhatta/Orchid Nice work! Any interest on doing any performance test comparison against the native/C tor daemon. With Orbot, I've definitely been interested in having a extremely lightweight minimal version of the app, that is pure Java. I know there are also many still interested in tor-ifying their apps, but without the 3-7MB tax that using native code adds. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] What does this log mean?
On Sat, Jan 6, 2018, at 3:24 AM, Jason Long wrote: > Hello.What does this log mean? It means you successfully connected to Tor, using Orbot. Congratulations! You are using one of the Meek Bridge servers, which has a lot of users, which is likely why you received the message about the overloaded node. Is everything else working for you? > Set background service to FOREGROUNDOrbot is starting…Orbot is starting… > updating settings in Tor serviceupdating torrc custom > configuration...success.Orbot is starting…Waiting for control > port...Connecting to control port: 5SUCCESS connected to Tor control > port.SUCCESS - authenticated to control port.Starting Tor client… > complete.adding control port event handlerSUCCESS added control port > event handlerTor started; process id=2192Starting polipo processPolipo > is running on port:8118Polipo is runningNOTICE: Bootstrapped 80%: > Connecting to the Tor network NOTICE: Bootstrapped 85%: Finishing > handshake with first hop NOTICE: Bootstrapped 90%: Establishing a Tor > circuit Circuit (1) BUILT: TorLandMeekCircuit (2) BUILT: > cymrubridge02NOTICE: Your Guard > $B9E7141C594AF25699E0079C1F0146F409495296 > ($B9E7141C594AF25699E0079C1F0146F409495296) is failing more circuits > than usual. Most likely this means the Tor network is overloaded. > Success counts are 141/213. Use counts are 59/72. 195 circuits > completed, 16 were unusable, 37 collapsed, and 19 timed out. For > reference, your timeout cutoff is 163 seconds. Circuit (4) BUILT: > TorLandMeek > Hindenburg > AccessNow001NOTICE: Tor has successfully > opened a circuit. Looks like client functionality is working. NOTICE: > Bootstrapped 100%: Done Circuit (3) BUILT: TorLandMeek > bonjour2 > > tollanaCircuit (6) BUILT: TorLandMeek > ieditedtheconfig > > morecowbellCircuit (7) BUILT: TorLandMeek > ymkeo > norco176.10.99.201 > Switzerland (SOFTplus Entwicklungen GmbH)Circuit (5) BUILT: TorLandMeek > > PartitoPirata > Multivac85.248.227.164 Slovakia (BENESTRA, > s.r.o.)176.121.10.45 Ukraine (Global Data Networks LLC)176.107.185.22 > Ukraine (PE Freehost)163.172.53.84 France (Online S.a.s.) > > Thank you. > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Orbot v16 (16.0.0-RC-2) is out
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Orbot v16 is out: https://guardianproject.info/2018/01/05/orbot-v16-a-whole-new-look-and-e asier-to-use/ Orbot: Tor for Android has a new release (tag and changelog), with a major update to the user experience and interface. This is the 16th major release of Orbot, since it was launched in late 2009. The main screen of the app now looks quite different, with all the major features and functions exposed for easy access. We have also added a new onboarding setup wizard for first time users, that assists with configuring connections to the Tor network for users in places where Tor itself is blocked. This release also continues to support users looking to use Orbot to unblock specific apps, that may not be available on their network or country. From the main screen, users can activate Orbot’s built-in VPN feature, and easily choose which specific apps they want to be routed over the Tor network. You can also refresh your Tor identity, rebuilding all circuit connections through the network, using the circular reload icon in the expanded notification provided by Orbot. The update is rolling out on Google Play, and will also be available on Guardian Project’s F-Droid Repo soon. You can also find Android APKs on Github. THANKS TO: pgerber, syphyr, Khsed4, BjarniRunar, Unpublished, igortoliveira, goapunk, SpotComms, AkshatAgrawal05, dixidroid, arrase and others for the bug reports and fixes /** v16.0.0 RC 1 / 5 Jan 2018 / 309c42be916d866a28adacb0a4f92d692cbd6009 **/ 7e9890e tweak default bridge behavior based on locale fec853c updates to notification for Android O / SDK26 b161043 Merge pull request #106 from Unpublished/fix_binary_search ab472d5 Merge branch 'syphyr-master’ 4fc3e7e Merge branch ‘master’ of https://github.com/syphyr/orbot into syphyr-master 792ee2b Merge branch 'BjarniRunar-master’ 0d4a735 Merge branch ‘master’ of https://github.com/BjarniRunar/orbot into BjarniRunar-master c7b1441 add comment about app updates URL d21ff80 update strings and code for switching Locale in app 5c5790c fix binary search 38b0063 update build to 1605/6 for 16.0.0-BETA-2 7da26a3 update strings from transifex ce714fa use the proper localized start/end params 38cc29c externalize more strings 8bcc9a4 update gitignore 6e3b6ba add onboarding strings localizatoin 154e373 ensure appupdater check starts up 703f8a1 move update back to older (reduce version code) b556518 move update back to older version 680d108 update json for testing e4f6348 test updating json dafcdd7 enable AppUpdater notificatoins through Github 3b5a361 update handling of vpn enabled and app onclick e21474c updates to layout and strings for bridge wizard 2a9691c make sure the back arrow works 244231c remove activity no longer used 0284130 remove out activity no longer used e487f34 update strings 8fd0bd0 update tor-android to 0.3.19b (updated geoip databases) ad51bed update transifex configuration a08c707 update app store descriptions 2ced17a update build SDK targets to 26 5c22de2 manifest updates: remove superuser, enable chromebooks b4aa9d8 more improvements for bridge wizard df37b8c add bridge wizard testing code 14ce4f6 big update for new onboarding, bridge wizard 2ceacf6 move bridges to raw resources 938a740 improve vpn app enable view on main activity ba358a4 add new orfox and settings icon 5bd5a56 VPN should be off by default e464044 connection might be null 51216a4 Add new preference: pref_open_proxy_on_all_interfaces 21b4521 Update version strings in help->about 5500b50 update spuport library version 546310a improve notifications, add refresh/newnym button 877406f tweak layout b68132b fix title for tor app section 7210223 fix handling of intents 47e10e7 fix issues with bridge selection UI e6bd23a more UI updates and small improvements d9bd32a more UI updates 7303a33 work on the new UI update 6a19bf6 update UI tweaks for next release 3741434 don’t show app selection each time you turn VPN on/off 4df2fcf move “other” installer back to tor resource installer f3f9162 don’t delete installed binaries 6493d8d Merge pull request #104 from igortoliveira/remove-java-file fc4d6aa improve app loading time for VPN app dialog fbeff25 Remove leftover Java file 544ea7b update build to use tor version constant from tor-android-binary 977167b ZMerge branch ‘master’ of github.com:n8fr8/orbot b07d4fe removed unused submodules, moved to gradle tor-android d392ecd remove unneeded external dirs for making tor 3d729fc switch to using tor-android binary in TorService 6f364de use the new tor-android gradle dependency https://github.com/n8fr8/tor-android c7f834b moving binary files, use tor-android gradle 3b5e27e removing external depends, moving to tor-android gradle 898f64a Merge pull request #99 from goapunk/update-BUILD-instructions e14d647 update BUILD fce5bde add autopoint to dependencies 72c7e04 Merge pull request #97 from SpotComms/padding 8cf412a Merge pull request #98 from
[tor-talk] Fwd: [guardian-dev] Orbot v16.0.0 alpha 1 is up
Forwarded Message Subject: [guardian-dev] Orbot v16.0.0 alpha 1 is up Date: Wed, 13 Dec 2017 16:01:21 -0500 From: Nathan of GuardianOrganization: Guardian Project To: guardian-...@lists.mayfirst.org Greetings from the Mozilla All-Hands dev meeting in Austin, TX. I always enjoy coming to these because it makes me focus on Orbot and Orfox for a few days, thus the updates to Orfox and now Orbot I am posting. I've tagged and posted an early build of the next big Orbot update: https://github.com/n8fr8/orbot/releases/tag/16.0.0-ALPHA-1 The focus on the v16 update is to make using the VPN feature easier and more obvious, as well as helping people use and discover bridges. We will be incorporating work from the new Onion Browser v2 onboarding experience, and trying to incorporate best practices from popular VPN apps, as well. Other than the new UI, the big difference is that Orbot now incorporate the tor binaries through a Gradle dependency. This build is updated to the latest Tor 0.3.1.9 release. https://github.com/n8fr8/tor-android repositories { maven { url "https://raw.githubusercontent.com/guardianproject/gpmaven/master; } } and then add the dependency, setting it to the latest version (or any version) we have made available, as a release: dependencies { compile 'org.torproject:tor-android-binary:0.3.1.9' } Thanks for any help or feedback! +n ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Orfox 1.4.1 RC 1 (TB 52.2 / 7.0)
We have a new small update of Orfox out, that fixes two minor, but annoying issues: * 0dd2ea0 Don't remove referer (Tor Browser doesn't) #23273 tor trac https://trac.torproject.org/projects/tor/ticket/23273 * 9669dbf update user-agent to 52 Mozilla/5.0 (Android; Mobile; rv:52.0) Gecko/20100101 Firefox/52.0 Release for testing is here: https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.0-1%2FOrfox-1.4.1-RC-1 signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Re: [guardian-dev] No more “Root” features in Orbot… use Orfox & VPN instead!
FYI... Forwarded Message Subject: Re: [guardian-dev] No more “Root” features in Orbot… use Orfox & VPN instead! Date: Fri, 27 Oct 2017 13:16:34 -0400 From: Nathan of GuardianOrganization: Guardian Project To: guardian-...@lists.mayfirst.org now in plaintext... (sorry new install of Thunderbird had HTML enabled) https://guardianproject.info/2017/10/27/no-more-root-features-in-orbot-use-orfox-vpn-instead/ Since I first announced the available of Orbot: Tor for Android about 8 years ago (wow!), myself and others have been working on various methods in which to make the capabilities of Tor available through the operating system. This post is to announce that as of the next, imminent release, Orbot v15.5, we will no longer be supporting the Root-required “Transproxy” method. This is due to many reasons. First, it turns out that allowing applications to get “root” access on your device seems like a good idea, it can also be seen as huge security hole. I am on the fence myself, but considering that the ability to access root features hasn’t been standardized as part of Android, which 8 years ago I hoped it would, it means there are a whole variety of ways that this capability is managed and safeguarded (or not, in most cases). At this point in time, given the sophistication we are seeing mobile malware and rootkits, it seems like a capability that we did not want to focus time and energy on promoting. Second, for those who do want to use root features, and know what they are doing, there are a bunch of other apps that do that job better than Orbot did. I admit, we let our code in that area degrade a bit, as the dev team themselves moved away from phones with root features. So, instead, if you really want to do cool things with iptables rules, you can use AFWall+, available on F-Droid and Google Play. In order to make AFWall+ work with Orbot, you can follow Mike Perry’s excellent “Mission Impossible Android” guide in which he provides “DroidWall Scripts” necessary to enable automatic Tor routing on boot. You can also check out the sadly no longer maintained, but useful, Orwall app which was meant to take on all the root features of Orbot. Third, we really, really think it is a bad idea to just send all of the traffic of your device through the Tor network. While it sounds like a great idea in theory, much like many “magical” Tor router kickstarter projects, it turns out that unless you can be assured an app is using TLS properly, then there is a chance that bad things could happen to your traffic as it exits the Tor network. Rather than promote some kind of auto-magical “enable Tor for my whole device”, we want to focus on ways to enable specific apps to go through Tor, in a way we can ensure is as safe as possible. For instance, we now have an excellent browser app, Orfox, that is based on Tor Browser, and works perfectly with Orbot. If you just want to access the web and onion services, like the new New York Times onion at https://www.nytimes3xbfgragh.onion/, then just use Orfox. There is no need for any fancy rooting or transproxying. There are also many others that supporting routing through Orbot directly, such as Conversations.im, Facebook for Android, DuckDuckGo, F-Droid, OpenArchive and many more to come! If you are interested in enabling your app to work with Orbot, check out our NetCipher SDK, which makes it easy to do just that. Fourth, Orbot has for some time supported use of Android’s VPN features as a way to tunnel traffic through Tor. You just open the left-side menu, and tap “Apps VPN Mode” or tap on “Apps…” on the main screen. Choose the apps you want to run through Tor, press the back button, and then the VPN will start up, rerouting outbound traffic back through the local Tor port. This method is 100% support by Android, and requires no vulnerabilities or exploits of your device to gain root access. Orbot Apps VPN view, home screen with Apps… button, and VPN sidebar I know that even with all of these justifications, some users will be disappointed with the fact we have removed root features from Orbot. Perhaps that will motivate some to reignite development of Orwall, or maybe help us make the VPN features in Orbot work even better. Another route is to support the Tor’s Android phone prototype or perhaps integrate Tor “root” features directly into a community Android OS project like Copperhead or Legacy. We would be happy to see all of these happen. For us, though, removing root means we can focus on making Orbot more streamlined, more stable, and more compatible with Android, for our 2 million+ active users, who are mostly focused on finding an easy solution for unblocking sites and apps, and allowing them to communicate and browse freely without fear of reprisal. ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email:
[tor-talk] ANN: Orbot v15.5 RC 1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A new release of Orbot has been tagged: https://gitweb.torproject.org/orbot.git/tag/?h=15.5.0-RC-1-multi-SDK16 CHANGELOG is here: https://gitweb.torproject.org/orbot.git/tree/CHANGELOG?h=15.5.0-RC-1-multi-SDK16 Highlights * Update to Tor 0.3.1.8 * Removed support for Root / Transproxy functions as they had become unreliable and untested * IMPROVED support for VPN transparent proxying and new "Apps" app selection user interface * Address Obfs4proxy license info inclusion issue * Update to latest Tor support Meek bridge locations *** You can find APKs posted on the Github release page: https://github.com/n8fr8/orbot/releases/tag/15.5.0-RC-1-multi-SDK16 and here: Android 4 / 5: https://guardianproject.info/releases/Orbot-15.5.0-RC-1-multi-SDK16.apk (.asc) Android 6+: https://guardianproject.info/releases/Orbot-15.5.0-RC-1-multi-SDK23.apk (.asc) Expect these builds up in our FDroid repo shortly as well. *** Here is the changelog through the 15.4.4 beta (which became 15.5 RC 1): ** v15.4.4 / 28 Oct 2017 / 032321656999543ab160f9739ca175d790bbd974 **/ 0323216 update to 15.4.4-BETA-2-multi-SDK16 e1ba02a improve the layout! a685bf1 remove unsupported preferences 0910374 clean up variables and improve how tor process is launched d24aab8 update to Tor 0.3.1.8-openssl1.0.2k 165e95a update layout to present "Apps..." option on the main screen dc7aee1 update tor to 0.3.1.8 440290e show warning about removal of transproxy support - also make app selection more streamlining 9140ba6 we no longer ship xtables, so don't try to install it f09508d remove unused permission e6003f6 update tor constants to 0.3.1.7-openssl1.0.2k d86ace6 update version to 15.4.4-BETA-1 update gradle depends 90975fb update Makefile for tor compression options 25425a6 remove xtables and iptables (no more root support) b0b6b68 tor-0.3.1.7 update dceea11 update version 1543 aka 15.4.3-RC-1-multi-SDK16 b98a0ff simplify bridge selection screen 1e2074c update main activity to clean up intents a5015dc update about layout to show obfs4proxy b322e53 make sure receiver unregisters when destroyed 2bd5614 update to latest meek amazon bridge: https://trac.torproject.org/projects/tor/ticket/21918 01176b1 big refactor for multiple reasons - implement LICENSE display in About dialog - remove root transproxy features - general crufty stuff cle anup 70693bf update to 4.9 NDK biuld c4867ba update Makefile to target NDK 4.9 6ca89b3 remove old manifest cc3c451 update license for better Obfs4proxy display 632824b remove RootCommands library as we don't need it now d190f3a add license asset for display in the app ebc362c add copyright notice from Obfs4 in the LICENSE file 5b255df update target SDK to 23 so we don't have perm downgrade issues -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJZ8LXhAAoJEKgBGD5ps3qpKcMP/3YIBLJ8PMevrJFGjrjMz6eW 23+AVROG1gf2W7rMGB8adMskxVD/CSvkNFJ3OApdAEe3BiXNKBcnImaTP9KrVV+m xfpJ+Wehb5lj/7sZnXH+mgwfnOOIljVMI+2AjteFM1QgJJoaYc/OAPt3RMZUn4XQ lbR1QwvJx/eQpGexUbW+HMUNRXz/dnvVxqUkDdPcs5FOGOaIUz7WmHpm61nxCov5 OBNZHU/RvQN74PfKqdHjZpb4shL1Ir+KhykI/4Ez8JJvhPy2xVUSRTuPSt6i2u4w vLZDviEC1ECdq9nLxMcxm4BHufQw2vpKYhe8xEDg5YbEajgFf6cJP1TYr3ekmQfo AQ+WMSpkOHqXzMeRSU1r4MjZ9CS4RXDkdwXdOYFerSanu0tpvXE9EJir5+Uv5kjd Iq4kwbvbPl0BuOkPrl3ip24MVRHQ/0QKyyBnz5L7zEt8Jld4b5samLexYEbgJgqt JanyCKcrwOnI46SNTfRe8Nj8fWjS3u46AZKWEdksP+cWklSGUxtpY78Z14ary7Oi 2QmmrLMkTVBjM7wRW++Q11JDouZTpkXe+wMeAMDmidMJ9y/nHffBi3KgYkEgpdcn I7mNEfEu8RUu4+dj+Do45c+WNXPdHJiYLzqGX4AkxkpG6Lfcpocn0IcX1gyAAO4z YAm7olsymgGfLAE/OrGX =cCQr -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Orfox v1.4 RC 2 "For Bassel"
- Original message - From: Nathan of GuardianTo: guardian-...@lists.mayfirst.org Subject: Orfox v1.4 RC 2 "For Bassel" Date: Thu, 03 Aug 2017 16:02:07 -0400 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Orfox v1.4 RC 2 "For Bassel" - - Update based on Firefox ESR 52.2 and Tor Browser 7.0.x releases - - NEW: Includes new "Orfox Settings" security slider to easily configure advanced privacy settings - - ADD-ONS: Updated to latest HTTPS Everywhere and NoScript; IMPORTANT: To auto-install add-ons, please do a fresh/clean install of this release - - All permissions disabled except for "Storage" access to enable browser to save files to external storage, and to allow the user to upload files from storage APK and sigs here: https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.0-1%2FOrfox-1.4-RC-2 and here: https://guardianproject.info/releases/Orfox-v1.4-RC-2.apk (.asc) *** This release is for Bassel: https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.0-1%2FOrfox-1.4-RC-2-FOR-BASSEL @n8fr8 n8fr8 tagged this a minute ago http://freebassel.org/campaign/statements/2017/08/03/death-of-bassel-khartabil/ The following is a statement from the #FREEBASSEL campaign regarding the death of Bassel Khartabil, an award-winning Palestinian Syrian open-source software developer. He was 34. “We are heartbroken to share the news that Bassel Khartabil was executed by the Syrian government some time after his disappearance in October 2015 in Damascus, Syria. “Bassel Khartabil, also known as Bassel Safadi, was born in Damascus, Syria on May 22, 1981. He grew up to pursue an education and career in computer engineering. He was the co-founder of the collaborative research company Aiki Lab, and the CTO of the publisher Al-Aous. He served as the first project lead and public affiliate for Creative Commons Syria, and contributed to numerous Internet projects, such as Mozilla Firefox and Wikipedia - -- Nathan of Guardian nat...@guardianproject.info -BEGIN PGP SIGNATURE- Version: Mailvelope v1.8.1 Comment: https://www.mailvelope.com wsFcBAEBCAAQBQJZg4EwCRCoARg+abN6qQAAx78P/R6RTVPyQfBYf/MFIbzB JdRhS9GyrHUM7y2hDPC/XqV4UzNax2D0llSh3QEOa8PjSod5NFvW9UBGfzSe q13gXbzHUlglWQe+WNE6KaegXQTbGFaOTWhIOw4ZZ3RW7TY7ZQeic0YnT7tW hV4DgP/uHhdKLMZ4k2/5Zba1CdK3vzERQen8bdUkXnJVgGbUATF2aFLM28JH sYhnkn0sZc9u9kKINkSwQ3eDzFsTf40+FPoqTeazM1vHinjEdJYg3IQKc+QM x/aOnjWfSiDpX1hru+68r56ihaM3cOsXAmNKbExYGqvLHadAeKvSIpw+aEdq 8Jp836ADQ5AMW46CUbf8gg7CeAnvw1aTZbnQ0SNUeGUxokoX6BOp4dcvF+RD 9aSCPzTF2Y5RLypQBYJj0+9/xjsfZqfYGbr9G9B50y1npVJ+ehpwfUOGuOy5 Iif6FB6wtUEO6BycIoN3hvLos+FgRieVjsZTlSeyU36HPd5KNqPVu9qT5LoM rCf6z/AoCSDz/SMqHNlbfDcJ/3ma8nMc9hEl2zv4hvzzjZnWagUgMyq81sQW sFP4I/8qHN4L5Peix2AbwsZiNgQpI889PQNNIX6tssWKy4wYKJ50zEVh4K6M IWDNk0Mjc8dVMsmQMuFvah1IU5TjCxomR5Fh4rcllt/knfp6KZQtxKOQUItb tuaH =fmvV -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: Orfox v1.4 Beta (based onTor Browser 7.5) is out
We found some new Android/Java leaks in the last build, and have produced a new beta for testing. The APK for Orfox v1.4 beta 3 is posted here: https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.5-1%2FOrfox-1.4-beta3 If you are interested in helping test, the "Grey Shirts" provide some great tools for packet capture and network monitoring, that make it easy to discover leaks: https://play.google.com/store/apps/developer?id=Grey+Shirts Unfortunately, they are not open-source. On Fri, Jul 21, 2017, at 11:37 PM, Nathan Freitas wrote: > - Original message - > From: Nathan of Guardian <nat...@guardianproject.info> > To: guardian-...@lists.mayfirst.org > Subject: Orfox v1.4 Beta (based onTor Browser 7.5) is out > Date: Fri, 21 Jul 2017 23:36:54 -0400 > > A new beta build of Orfox 1.4 is now up with an updated version of the > new Orfox Setsings (aka Tor Browser Settings) add-on. You must do a > fresh install of the app to get the automatic installation of HTTPS > Everywhere, NoScript and Orfox Settings. > > WARNING: We are still fully auditing this build and reviewing new > functionality and code available in Firefox/Fennec ESR52 to ensure there > are no network leaks or other privacy decreasing features. > > We expect to ship a release candidate around August 1st. > > *** > > You can find the APKs for download here: > https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.5-1%2FOrfox-1.4-beta2 > and here: > https://guardianproject.info/releases/Orfox-v1.4-beta-2.apk (.asc) > > You can see all the work we do on top of Tor Browser for the desktop > here: > https://github.com/guardianproject/tor-browser/commits/orfox-tor-browser-52.2.0esr-7.5-2 > > 4db3583 update to latest from TB browser.js prefs file > 47439da show only the "restricted" onboarding first time screens > 43ec4c9 update mobile js prefs based on latest TB > d990101 set default to 'true' to clear all data > 8ee94f4 add in custom distributio for xpi bundling > 5b4bdb6 clear on exit is now true by default > 3bdc2e4 add support for a distribution directory (for bundling add-ons) > 908ca3b disable building of bouncer.apk so we can bundle in orfox see: > https://bugzilla.mozilla.org/show_bug.cgi?id=1258372 > 8903a4c change defaults for Orfox > da750a3 add distribution directory and options settings > 94abc5b fix #17 from https://github.com/amoghbl1/tor-browser/issues > don't restore tabs by default > 674bd83 fix #11 from https://github.com/amoghbl1/tor-browser/issues > disable mic and QR code reader by default > 4c2e34e set default browser to DuckDuckGo modify DDG URL to the > non-javascript site > e466052 fix crash with registerReceiver for Orbot status > c413a64 Orfox: Strings fix, probably a WONTAPPLY ESR59. > 13a683a Orfox: Adding GCM sender ID. > 0ee17ab Orfox: Disabling search widget. > 8363071 Orfox: Update orfox branding and icon > 21b3d9e Orfox: hook up default panic trigger to "quit and clear" > 629f231 Orfox: disable screenshots and prevent page from being in > "recent apps" > d6bcd79 Orfox: remove Tab:Load event queuing and only use Intent queuing > cc77e66 Orfox: receive Tor status in thread so they arrive when event > sync blocks > 9cb33d5 Orfox: queue URL Intents and Tab:Load events when Orbot is not > yet started > 69ccad9 Orfox: add BroadcastReceiver to receive Tor status from Orbot > 863f4ca Orfox: Centralized proxy applied to CrashReporter, > SuggestClient, Distribution, AbstractCommunicator and BaseResources. > faa1f5e Orfox: NetCipher enabled, checks if orbot is installed > 2281bcb Orfox: quit button added, functionality changed to bring it up > to date with current GeckoApp.java class, earlier version seemed to have > problems with quitting > c298b1b Orfox: Removed sync option from preferences > 1e2e8a9 Orfox: Fix #1 - Improve build instructions > 2e9ff72 Orfox: top sites changed, used bookmarks icon temporarily. > ee11c5f Orfox: removed contacts permission > 7a795e3 Orfox: Added tbb prefs to mobile.js Bug #5404 - We need a mobile > friendly user-agent. Moving back to the default user-agent used by the > esr38 build > ccbad61 Orfox: confvars changes to disable screen casting > 3bcfac6 Orfox: Add mozconfig for Orfox and pertinent branding files. > > > -- > Nathan of Guardian > nat...@guardianproject.info > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Orfox v1.4 Beta (based onTor Browser 7.5) is out
- Original message - From: Nathan of GuardianTo: guardian-...@lists.mayfirst.org Subject: Orfox v1.4 Beta (based onTor Browser 7.5) is out Date: Fri, 21 Jul 2017 23:36:54 -0400 A new beta build of Orfox 1.4 is now up with an updated version of the new Orfox Setsings (aka Tor Browser Settings) add-on. You must do a fresh install of the app to get the automatic installation of HTTPS Everywhere, NoScript and Orfox Settings. WARNING: We are still fully auditing this build and reviewing new functionality and code available in Firefox/Fennec ESR52 to ensure there are no network leaks or other privacy decreasing features. We expect to ship a release candidate around August 1st. *** You can find the APKs for download here: https://github.com/guardianproject/Orfox/releases/tag/Fennec-52.2.0esr%2FTorBrowser-7.5-1%2FOrfox-1.4-beta2 and here: https://guardianproject.info/releases/Orfox-v1.4-beta-2.apk (.asc) You can see all the work we do on top of Tor Browser for the desktop here: https://github.com/guardianproject/tor-browser/commits/orfox-tor-browser-52.2.0esr-7.5-2 4db3583 update to latest from TB browser.js prefs file 47439da show only the "restricted" onboarding first time screens 43ec4c9 update mobile js prefs based on latest TB d990101 set default to 'true' to clear all data 8ee94f4 add in custom distributio for xpi bundling 5b4bdb6 clear on exit is now true by default 3bdc2e4 add support for a distribution directory (for bundling add-ons) 908ca3b disable building of bouncer.apk so we can bundle in orfox see: https://bugzilla.mozilla.org/show_bug.cgi?id=1258372 8903a4c change defaults for Orfox da750a3 add distribution directory and options settings 94abc5b fix #17 from https://github.com/amoghbl1/tor-browser/issues don't restore tabs by default 674bd83 fix #11 from https://github.com/amoghbl1/tor-browser/issues disable mic and QR code reader by default 4c2e34e set default browser to DuckDuckGo modify DDG URL to the non-javascript site e466052 fix crash with registerReceiver for Orbot status c413a64 Orfox: Strings fix, probably a WONTAPPLY ESR59. 13a683a Orfox: Adding GCM sender ID. 0ee17ab Orfox: Disabling search widget. 8363071 Orfox: Update orfox branding and icon 21b3d9e Orfox: hook up default panic trigger to "quit and clear" 629f231 Orfox: disable screenshots and prevent page from being in "recent apps" d6bcd79 Orfox: remove Tab:Load event queuing and only use Intent queuing cc77e66 Orfox: receive Tor status in thread so they arrive when event sync blocks 9cb33d5 Orfox: queue URL Intents and Tab:Load events when Orbot is not yet started 69ccad9 Orfox: add BroadcastReceiver to receive Tor status from Orbot 863f4ca Orfox: Centralized proxy applied to CrashReporter, SuggestClient, Distribution, AbstractCommunicator and BaseResources. faa1f5e Orfox: NetCipher enabled, checks if orbot is installed 2281bcb Orfox: quit button added, functionality changed to bring it up to date with current GeckoApp.java class, earlier version seemed to have problems with quitting c298b1b Orfox: Removed sync option from preferences 1e2e8a9 Orfox: Fix #1 - Improve build instructions 2e9ff72 Orfox: top sites changed, used bookmarks icon temporarily. ee11c5f Orfox: removed contacts permission 7a795e3 Orfox: Added tbb prefs to mobile.js Bug #5404 - We need a mobile friendly user-agent. Moving back to the default user-agent used by the esr38 build ccbad61 Orfox: confvars changes to disable screen casting 3bcfac6 Orfox: Add mozconfig for Orfox and pertinent branding files. -- Nathan of Guardian nat...@guardianproject.info -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Beware of insecure mobile Tor apps such as Orion/Torion
On Wed, Jul 19, 2017, at 01:44 AM, Roger Dingledine wrote: > On Tue, Jul 18, 2017 at 11:30:44AM -0400, InterN0T wrote: > > The developer basically took Mike Tigas' iOS app and introduced several > > vulnerabilities to it that could be used to track users > > To be clear, right now there are no ios apps that are on par with the > protections that Tor Browser provides. > > You can read more about the general issue at > https://blog.torproject.org/blog/tor-heart-onion-browser-and-more-ios-tor > > tl;dr you should assume that there are proxy bypass flaws in every > single ios app that aims to be a Tor Browser replacement. Yes, but there is a big difference between malicious, intentional flaws, and ones that are the result of the limitation of the Apple platform and policies. We can't lump Mike's Onion Browser effort in with the former. Onion Browser 2 (now in beta) is NOT Tor browser for iPhone. However, it is a fantastic privacy-enhancing browser for iOS, that includes Tor, HTTPS Everywhere, and other security and privacy oriented features unavailable in most browsers for iPhones. It does not track you. More on the new beta here: https://www.patreon.com/posts/quick-onion-2-0-12054247 +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Orbot 15.4.1-RC-1 is out (with Tor 0.3.x!)
- Original message - From: Nathan of GuardianTo: guardian-...@lists.mayfirst.org Subject: Orbot 15.4.1-RC-1 is out (with Tor 0.3.x!) Date: Thu, 01 Jun 2017 00:41:35 -0400 A new RC update of Orbot is out with the latest stable Tor included! Tagged: https://github.com/n8fr8/orbot/releases/tag/15.4.1-RC-1-multi https://gitweb.torproject.org/orbot.git/tag/?id=15.4.1-RC-1-multi Binary is posted here: https://github.com/n8fr8/orbot/releases/tag/15.4.1-RC-1-multi and here: https://guardianproject.info/releases/Orbot-v15.4.1-RC-1-MULTI.apk (.asc) We'll be rolling this out to FDroid and Play over the coming days... -- Nathan of Guardian nat...@guardianproject.info -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Orbot 15.4.0 beta-2 multi (arm,x86)
Orbot 15.4.0 beta-2 multi (arm,x86) is tagged and signed APKs posted here: https://github.com/n8fr8/orbot/releases/tag/15.4.0-beta-2-multi (and tagged here: https://gitweb.torproject.org/orbot.git/tag/?id=15.4.0-beta-2-multi) Highlights include: - update to Tor 0.2.9.9 (testing of Tor 0.3.x code on mobile still underway) - updated all built-in obfs4 and meek bridges - improved randomized selection of built-in bridges - from beta 1, the new "Hidden Services" configuration menu and screens! -- Nathan of Guardian nat...@guardianproject.info -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Setting up own meek servers
On Wed, Mar 8, 2017, at 10:20 AM, Jonathan Marquardt wrote: > So, when meek-google was suspended, one of the recommendations for people > was > to set up their own apps in AppEngine as meek servers. > > https://lists.torproject.org/pipermail/tor-talk/2016-June/041699.html > > Wouldn't it be a good idea to encourage people to do so, but in a way > that > everyone and not just themselfes can benefit from that? Perhaps they > could > make them public or these things make themselfes public just like with > any > other bridge? Has this idea been discussed before? > > Individual supporters running these reflectors could also cut down on > costs. > And in the case of Google AppEngine, these bridge adresses could perhaps > be > distributed using bridges.torproject.org and GetTor, so Google doesn't > instantly notice them. > I completely agree with this. There should be a push for community hosting of all Meek cloud services type, and not just Google. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Javascript exploit
On Thu, Dec 1, 2016, at 01:27 PM, Nathan Freitas wrote: > On Wed, Nov 30, 2016, at 11:39 AM, Roger Dingledine wrote: > > On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote: > > > * The blog post about the 6.0.7 Tor Browser update will go up any > > > moment. I see that the Tor Browser team has already put the packages in > > > https://dist.torproject.org/torbrowser/6.0.7/ > > > > And there it is: > > https://blog.torproject.org/blog/tor-browser-607-released > > ... and Orfox 1.2.1 is tagged and ready for testing. Signed release > APKs here: > > https://github.com/guardianproject/Orfox/releases/tag/Fennec-45.5.1esr%2FTorBrowser-6.5-1%2FOrfox-1.2.1 ... and now fully released: https://guardianproject.info/2016/12/02/orfox-1-2-1-released/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Javascript exploit
On Wed, Nov 30, 2016, at 11:39 AM, Roger Dingledine wrote: > On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote: > > * The blog post about the 6.0.7 Tor Browser update will go up any > > moment. I see that the Tor Browser team has already put the packages in > > https://dist.torproject.org/torbrowser/6.0.7/ > > And there it is: > https://blog.torproject.org/blog/tor-browser-607-released ... and Orfox 1.2.1 is tagged and ready for testing. Signed release APKs here: https://github.com/guardianproject/Orfox/releases/tag/Fennec-45.5.1esr%2FTorBrowser-6.5-1%2FOrfox-1.2.1 +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] is it compulsory to enable bridges or apps VPN mode on orbot
Thanks for the community support help, Jonathan! I will just add that you should really install Orfox browser to get the Tor-only, most private web access setup. Otherwise, VPN mode is great for other apps that don't know about Tor. Finally, make sure you upgrade to the final Orbot v15.2.1 RC 8 release: APK: https://guardianproject.info/releases/Orbot-v15.2.0-RC-8-multi.apk SIG: https://guardianproject.info/releases/Orbot-v15.2.0-RC-8-multi.apk.asc (or available on Google Play) On Tue, Nov 15, 2016, at 07:35 AM, Jonathan Marquardt wrote: > On Tue, Nov 15, 2016 at 10:33:53AM +0530, krihsna wrote: > > orbot version: 15.2.0-rc7 > > os: android asop 5.1 > > > > recently i have downloaded & installed orbot on my device. > > > > i have a few questions about the app: > > > > [q] is it absolutely necessary to enable bridges or apps VPN mode ? > > > Bridges are for circumvention of Tor censoring networks/firewalls. If you > are > able to connect to the Tor network, there's no need for you to configure > one. > More info about bridges: https://www.torproject.org/docs/bridges > > > [q] the app says, it is connected to tor network. do i need to configure > > each app separately ? > > > Yes, unless you enable VPN mode. > > > [q] is there any way to configure to divert all network traffic through tor > > network ? > > > Yes, enable VPN mode. Keep in mind that the VPN feature is still > experimental > and you should not assume to be anonymous when using this mode. > > > thank you for your time & patience. > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Cyberoam is again blocking Meek
On Mon, Aug 1, 2016, at 09:31 AM, Justin wrote: > I’ve been conducting some more tests against a Cyberoam with Meek, and > over the past two weeks, they have managed to completely block the > default front domains of Meek. Meek-Azure gets blocked at 10% of Tor > bootstrapping, so it’s probably being fingerprinted on the Firefox 45.2.0 > ESR TLS signature. Meek-Amazon gets stopped at 25% of bootstrapping, and > I’m not sure what Cyberoam is fingerprinting. Any ideas? Can you test with Orbot with Meek Bridges enabled and see if there are any different outcomes? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] 2 hop mode for people that only want to use Tor for censorship circumvention to conserve bandwidth and decrease latency?
On Mon, Jun 13, 2016, at 04:34 PM, Ivan Markin wrote: > Greg Norcie: > > Even if we drastically increase the number of nodes in the network, > > it's hard to imagine Tor (with 3 hops) will be able to have less > > latency than a single hop VPN. > > Of course VPNs will have lower latency than Tor anyways. The point is > that there should be the moment when the lantency advance doesn't matter > anymore (the difference is negligible). When this will happen there is > no reason to use VPN for general user. We definetely can get there using > faster crypto on faster crypto-accelerated/parallell hardware. New users of Orfox (Tor Browser on Android) say that it feels faster than the normal web. This is true, on mobile especially, because by default, we block all javascript with no-script. This indeed makes the loading of a web page faster, if you have a reasonably well performing circuit. In addition, many mobile apps use an asynchronous data fetch model, that removes all connection between the user experience and the network stack - Facebook, for instance, being one of these. If you enable the Orbot routing feature in Facebook on Android, you hardly can feel any difference, since the time it takes to sync new data into your timeline is hidden from the user. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] 2 hop mode for people that only want to use Tor for censorship circumvention to conserve bandwidth and decrease latency?
On Mon, Jun 13, 2016, at 08:55 AM, Greg Norcie wrote: > If your main concern is merely circumvention (and you're not worried > about > retaliation for circumventing), you might be better off using a VPN. > > Unlike Tor, there is no globally published list of all VPN services, so > you > could probably find one that isn't blocked by your country. Most services > take Bitcoin if payment is an issue... I'd look askance at any "free" > VPN. I know you weren't saying this, Greg, but I do often feel that we are too quick to push people who only want circumvention, and not anonymity, away from using Tor. Also, increasingly with DPI / traffic fingerprinting, we are seeing VPN protocols being blocked in places like China, and thus the VPNs are adopting traffic obfuscation methods like Meek and ObfsProxy as part of their software. From Ars, a great thorough assessment of all the downsides to a VPN: "The impossible task of creating a “Best VPNs” list today: Our writer set out to make a list of reliable VPNs; turns out the task is complicated." http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-in-2016/ Best, Nathan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] meek-google suspended for terms of service violations
On Wed, Jun 1, 2016, at 09:32 PM, David Fifield wrote: > In the meantime, you can use meek-amazon or meek-azure. If you set up > your own CDN instance and point it to the origin domain > https://meek.bamsoftware.com/, it will be faster than the default meek > bridges that come in Tor Browser. (The default ones are rate-limited and > shared among many users.) > https://trac.torproject.org/projects/tor/wiki/doc/meek#AmazonCloudFront > https://trac.torproject.org/projects/tor/wiki/doc/meek#MicrosoftAzure I think is time for Tor Project to do an official community push to get people to run their own Meek instances (as well as Obfs4 of course), and allow them to be contributed to a pool we can build into Tor Browser and Orbot. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Could Tor be used for health informatics?
On Mon, May 30, 2016, at 09:08 PM, Seth David Schoen wrote: > Paul Templeton writes: > > > Where Tor may fit... > > > > The Tor network would provide the secure transport - each site would create > > an onion address. Central servers would keep tab of address and public keys > > for each site and practitioner. > > I'm not convinced this is a good tradeoff for this application. The > crypto in the current version of hidden services is weaker in several > respects than what you would get from an ordinary HTTPS connection. > These users probably don't need (or want?) location anonymity for either > side of the connection and may not appreciate the extra latency and > possible occasional reachability problems associated with the hidden > service connection. > I think the benefit of being able to run Onion services deep within a firewalled network without exposing public Internet IPs is an operational security value that outweighs the strength of the crypto. If you add in the extra hidden service authentication feature, it also means the Onion service is not even reachable unless you have been given the extra special secret cookie/token through another channel. It is these aspects of Onion services that have drawn me to them for use in IoT applications, and I think they are relevant to the exchange of sensitive health data, as well. Some of what I've been thinking about our outlined in these slides: https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20Onion%20Things.pdf +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot
On Tue, Mar 22, 2016, at 01:10 PM, libertyinpe...@riseup.net wrote: > Guardian Project does not seem to be supporting Orbot. Sent two emails > to Support which were ignored. I'm sorry your emails were lost in the mix. You sent them when we were all at the last Tor Developer meeting, and then I (who respond to most of the Orbot support emails), got quite sick for the next week. Otherwise, making statements like "does not seem to be supporting Orbot" are never really helpful. Regardless, I will do what I can to help you here. > After several factory resets, however, > was finally able to download Orbot from the Guardian Project to the RCA > tablet via direct download. When you click on Browser, a window appears > instructing the user Orfox is not installed and would the user wish to > install it? If you click No, the Tor page comes up saying “This is not > Tor” and the IP is not changeable. If you click Yes, Orfox does not > download. Nothing happens. It seems like your RCA tablet has general issues with installing software. I am not sure what the factory resets were for, or why you are downloading the APKs directly, but I assume you don't have Google Play installed or are not using it? That's fine, but at least you should use F-Droid, a free decentralized open-source app store system, which will help you get the right software. You can get it here https://f-droid.org/ and if you open the menu, you will see a repositories menu where you can enable the Guardian Project official releases repo. Refresh the apps, and you can find Orbot and Orfox in there. Otherwise, direct download is fine, but then you have to remember to upgrade the apps manually yourself. You can find the APK here: https://guardianproject.info/fdroid/repo/fennec-38.0.en-US.android-arm.apk or > If you click VPN, Tor does properly start. If you swipe the onion, the > IP changes. When you check the IP, the Tor page comes up with > contradictory messages. On the top of the page it says, > “Congratulations. This browser is configured to use Tor.” On the > bottom of the very same page it says, “However, it does not appear to be > Tor Browser.” Right. Your traffic is routing through the Tor network, but you are using it with the standard browser on your Android device. They are not contradictory statements. Your IP is being protected at the network level, but the browser could be exploited through Javascript, plugins or other attacks if someone was targeting you. We offer the VPN mode for enabling apps that don't know about Tor to be able to get through firewalls and filters on the network. If you want to browse the web through Tor, please use Orfox. > generic browser on the droid actually doing the browsing and then > calling home to Google? -- You cannot uninstall the generic browser. > Just disable it. You can uninstall Chrome and I have done so. The answer is use Orfox. Don't use the system browser. > Have subsequently uninstalled as many of the droid apps as the machine > would allow. Since the droid does provide a guest user function, > however, how can I be sure that even with all the apps uninstalled > and/or disabled on owner mode of operation, the tablet is still not > “calling home?” This is an issue beyond what we can offer. What we support here is using Tor on Android, not securing the entire operating system. >Does Orfox need to be installed and operational for > Orbot to properly work? If so, how do I get the droid tablet to > properly download it instead of ignoring the request when the Yes icon > is clicked? I think I have covered this above. You can also install apps like DuckDuckGo, Courier, ChatSecure, Lightning Browser and many others that support the use of Orbot or other proxy servers directly as part of their options. > So far, this tablet is no more than a paper weight. Cannot be trusted > for anything other than downloads of news sites and other URLs that do > not require log in. None of the droid user groups seems to be current. > Are several years old and not currently operational. Worse, have not > been able to find any truly comprehensive guide online regarding the > droid operating system. Intend to continue working on these issues. > Thanks for taking the time to read this. Libertyinperil. To be honest, you seem to have bought a tablet that is cheap but not very popular. If you want to run a device with a more secure version of Android, then you should either get a Nexus 7 and follow this post: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy or get a Nexus 5, 5x or 6P and install Copperhead on it: https://copperhead.co/android/ The Nexus devices are easy to modify and widely used. For further questions on Orbot, Orfox and other Tor on Mobile issues, please email supp...@guardianproject.info and we'll work to answer your questions as best as we can. Best, Nathan -- tor-talk mailing list -
Re: [tor-talk] Fwd: Orbot v15.1.2 released
On Sun, Mar 13, 2016, at 04:30 PM, Dash Four wrote: > I was finally able to test the newest version (below) with my set up (I > use customised firewall/transproxy settings and a vpn - all outside > orbot). > The good news is that version now works with no major problems, though I > still found a couple of issues: Glad to hear. > 1. Why is it that the app upgrade wipes out the entire app_bin directory? We hadn't considered that people would put their own files into that directory. When we upgrade, we like to ensure it is in a clean state. We can consider instead deleting files one by one. > up-to-date geoip files (not the ones provided with orbot). Could you provide these in a pull request or via a safe download link so we can upgrade Orbot for everyone? > 2. My custom settings had a separate GeoIP statements which were added by > orbot. That's wrong. Either leave my torrc.custom file alone and don't > mess with it, > or properly replace the statements used in that file. Right. We didn't consider people would use the torrc to modify values that Orbot itself manages. Are you writing your own torrc.custom on disk, or adding your configuration to the field in Orbot settings? > 3. How can I compile, or at least obtain a tor binary independently of > the orbot installation? The reason I ask this is because the tor binary > provided with the > latest version is 0.2.7.5 which is not even the latest stable, let alone > the one I wish to use (0.2.8.0-alpha). It takes time for us to test tor binaries on Android to ensure there are no unintended issues with performance, battery life, memory usage, etc. It isn't automatic. That said, you are free to compile it yourself. All of the information is on the code repo: https://gitweb.torproject.org/orbot.git/tree/BUILD https://gitweb.torproject.org/orbot.git/tree/external/Makefile That said, we should be getting to the latest tor RC/stable soon. > 4. Minor nitpick - the notification icon provided with orbot is bloody > hideous! It looks like a circled blob and you hardly notice the arrows > when orbot is > used. Can you not provide something like the onion on torproject.org, but > with two vertical arrows (similar to the wifi notification icon)? Bloody hideous? It is just a small version of the larger icon we use on the app screen and the icon. If you shrink down any of the various "onion" graphics, none of them look very good. We'll see if we can recruit an icon designer to come up with something better, but always happy again to have a pull request. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Not able to download Tor to droid
On Wed, Feb 24, 2016, at 05:03 PM, Nathaniel Suchy wrote: > If you stop Tor (Orbot) and then start it again the issue should be > fixed. > On a side note why isn't Tor built into Orfox on Android? We chose not to do this, because you can use Orbot standalone for many other apps. You don't want every app on your phone that wants to use Tor to have to run their own instance, as it would eat up battery and network. We are seeing more and more apps, like Facebook, DuckDuckGo, OpenKeychain, Conversations, ChatSecure, etc support proxying through Tor with Orbot. In addition, Android provides a very good inter-app communication/coordination mechanism through intents and remote services, that isn't really possible in a cross-platform way on desktops. On iPhone there > is an open source project OnionBrowser where the Tor Binary is built in. > I am curious why the Orbot/Orfox team hasn't done the same. Onion Browser has to build in Tor because iOS doesn't allow for background services generally. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thoughts on Tor router hardware
On Wed, Feb 24, 2016, at 03:04 PM, some_guy...@safe-mail.net wrote: > > My conclusions are that running Tor on the router can enhance both > > security and usability. > > You are dead wrong on that. (Semi-) transparent proxying is bad for quite > a few reasons. > Unless you know what you are doing, a lot of your traffic will run over > the same circuit (something that TBB tries to avoid) and can potentially > be correlated. Some of your traffic will likely contain unique > identifiers that can be tied back to you. He specifically points out that very issue with transparent proxying in the post, and actually recommends the TorSocks mode, which blocks all traffic that isn't specifically using the Tor SOCKS port. His premise is sound that by physically isolating the Tor runtime process away from the average person's insecure laptop, smartphone or tablet, you are decreasing the likelihood that Tor can be tampered with. I think we all need to stop thinking that "Tor on a hardware device" automatically means Transparent Proxying of all traffic. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thoughts on Tor router hardware
On Tue, Feb 23, 2016, at 03:46 PM, Rob van der Hoeven wrote: > My conclusions are that running Tor on the router can enhance both > security and usability. It further opens new possibilities for expanding > the Tor-network and can provide a stable source of income for the > Tor-project. > Wrote an article about this on my blog: > https://hoevenstein.nl/thoughts-on-tor-router-hardware Thanks for the sober, thoughtful post. There are definitely advantages to the hardware-isolated TorSocks mode for sure, which I think have been lost with some of the poor implementations out there and focus on the Transparent proxy type setup. These kind of trade offs are also something we struggle with on Android with Orbot, and we are looking at configuration choices like these to both help the novice user get connected, without unintentionally leaking data. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Orbot v15.1.2 released
We are now using obfs4proxy to support both obfs4 and meek connectivity using the new "meek_lite" feature provided by Yawning. It is working great, and Bridges+VPN support now works back to Android 4.1. This is also reduced the distribution binary size of Orbot from 14MB to 11MB. - Original message - From: Nathan of GuardianTo: guardian-...@lists.mayfirst.org Subject: Orbot v15.1.2 released Date: Wed, 24 Feb 2016 10:13:12 -0500 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 /** 15.1.2 / 24-February-2016 / 204733a245d6c06fa73301134e2f107c0c4564b8 **/ APK: https://guardianproject.info/releases/Orbot-v15.1.2.apk SIG: https://guardianproject.info/releases/Orbot-v15.1.2.apk.asc ... and up on FDroid, Play, etc shortly 5785593 move to using meek_lite mode from obfs4client and update/improve proxying code 66a5b7a remove meek-client and use obfs4 meek_lite mode instead f9f33a1 set this to Android 16 SDK for PIE executable We'll use a different build for non-PIE < Android-16 e9d28a4 handle NPE better for dev.gp.info #6686 in some cases the connection becomes null while you are interacting with it 9a8e4dd update to orbot ant build version 80e8c47 peg to last ant compat release 5eb628b bridges dedicated to GeorgeTorwell c8584f6 update superuser commands library 3cc2439 update license to include badvpn 9c82aa8 fix escaping of apostro eba95b2 update strings and descs from transifex (somehow french got left out before!) 8047ec6 update the log - - -- Nathan of Guardian nat...@guardianproject.info -BEGIN PGP SIGNATURE- Version: Mailvelope v1.3.6 Comment: https://www.mailvelope.com wsFcBAEBCAAQBQJWzch8CRCoARg+abN6qQAAMdkP/1gD7imknTnBJqUQz+oV a+a3DuFqTeTWSj+ZM5Cc6v25iDj0pOy/dobWi6MibNpWDF4Zr8ZWeSNnImz6 QrS+eBKkhRnL4DZmkCGo6FxSaxEEisCYcTyXHk34Ti7+3fslMZ/SuvbIrOyD ZFIvBK31Tmf/uj/34kJaYG3hT+qceSCtrjyPEz+Bvb7MTl4mSREGeRiG6gvR j68Wua/ERXIN+kEhJNrPPrP5eohaeU9/c3YuTJ3QKwU/Dbc0Zzrz1HNFd9wM D1xDs+Dgz6rihqKN1ybzDsC7qezI2ALkSq6WKUQ6PMmF+BGMJcgW2B25FSGN KT/ywmcQn24EhyknaZFmMze3oB4Mc+NDAAJHmOiF5sgi6oIdqvJzO06SwUfH ApbWZ4aaLPzjBptPTUl4oWulbRlhtHBfDE+8+447VP5Ejrgkzxnk4NLGRsXx vSE9jd5t23OXro5rEizJBplPqQCKUriS7RY3HYKaMkf/mU8u6Mo/XWMk5S9P dxh++RXhsVV8UtmP5iSywiQdsFxUaCXQ8u5OhauxAhFgZu3cFDgU/Z7f5Yv/ guV/6sGQM4k3fSnjsRh7fDFn0DV+vWoe5gPy3fPrbB+MuHkYZNwBq4XovU6E MF/ugs2Itu9uVjUhSiObzr0gixT0ALtQPujHRfow/srd1V1/IDkV1/kgUL7M N5nR =fPac -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Default to meek based on location?
On Mon, Feb 15, 2016, at 04:38 AM, rizzo wrote: > In some big censored countries, meek pluggable transports are the only > option to connect to the Tor network without manually obtaining > bridges, a process which I believe many people don't understand enough > to figure it out on their own. Has there been any discussion on > whether meek could be made the default or at least recommended option > when configuring Tor for the first time from certain locations? Could > we detect the local time zone and then recommend a way to connect > based on location? I think the recent Tor Browser releases have done a better job of walking people through the process of enabling bridges on setup. Adding some additional logic based on time zone, language setting, etc, would be a useful idea to gently nudge people towards using bridges by default. In addition, I think better error handling of failed Tor connection would be useful ("It looks like you are having a problem connecting to Tor, and that Tor may be blocked. Can we try an alternate approach?"). I am working through these ideas right now with Orbot, because the amount of support emails I receive that basically say "Tor is stuck at 10%" is a bit overwhelming. Often telling them to enable bridges of some sort, solves the issue. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] orplug, an Android firewall with per-app Tor circuit isolation
Neat and thanks! Perhaps we can think about building this into Orbot, since we already have a very basic VPN. On Fri, Feb 12, 2016, at 08:31 AM, Rusty Bird wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi, > > Maybe someone else will find this useful? > https://github.com/rustybird/orplug > > Rusty > > > > orplug, an Android firewall with per-app Tor circuit isolation > > Not affiliated with the Tor Project. > > > Short intro > > - - No GUI, please write one ;) > - - Default deny pretty much everything. Combinable access policies for > individual apps, whole Android user accounts, etc.: transparent > torification (circuit-isolated per app), fenced off access to Socks/ > Polipo, LAN access, clearnet access > - - Multi user account support > - - Doesn't leak IPv6 traffic > - - Clean DNS, but requires ANDROID_DNS_MODE=local ROM patch > - - Logs blocked DNS queries and blocked other packets > - - Input firewall allows sshd by default > - - Should work with enforcing SELinux > - - Includes the "--state INVALID" transproxy leak fix[1] > - - Tested on CyanogenMod 13 (Android 6.0.1 Marshmallow) > > > Longer intro > > Really no GUI, unfortunately I don't have any talent for that. There's a > simple plain text configuration format[2] though, and the command line > "orplug-reconf" script could work as a backend to a graphical app. (It > accepts stdin as well as files for configuration.) > > Unconfigured processes may only communicate with localhost and the > loopback interface. You can configure an individual app, a Unix user/ > group, or an Android account: > > - to be transparently torified, with circuit isolation per rule > - to be allowed access to local TCP ports 9050/8118 for native Orbot > support > - to be allowed LAN access (except DNS) > - to be allowed full clearnet access > > All of the above can be combined: Transparently torify a VoIP app as > far as possible, but allow clearnet access for the remainder (UDP voice > packets). Or, for a home media streaming app: transparent torification > with LAN access. > > Rules can apply to the primary Android device user account or to other > accounts. > > For incoming traffic, every port is blocked to the outside by default. > But a hook loads files with raw ip(6)tables-restore rulesets, and one > such ruleset allows TCP port 22 (sshd). > > The init script uses "su -c", which seems to set up everything properly > SELinux-wise on CM13. I'm not really sure because I don't have a device > that's able to run in enforcing mode. > > > The DNS mess > > Android 4.3+ mixes DNS requests of all apps together by default[3]; when > a request finally appears in Netfilter, it's unknown where it came from. > orplug takes a strict approach and blocks this sludge, so it needs a ROM > patched[4] to export the environment variable ANDROID_DNS_MODE=local > during early boot. > > Unfortunately, ANDROID_DNS_MODE=local makes Android send DNS requests to > 127.0.0.1, instead of the value of the net.dns1 property. Until this is > somehow fixed, a rule has been added to redirect allowed clearnet IPv4 > DNS traffic to $ClearnetDNS (defaults to Google's 8.8.8.8). > > orplug blocks disallowed DNS requests by sending them to a local dnsmasq > instance that only logs queries (logcat | grep dnsmasq), but doesn't > forward them. This is how I noticed that CM13 with "everything disabled" > nevertheless attempts to connect to the hosts stats.cyanogenmod.org, > account.cyngn.com, and shopvac.cyngn.com. (Via UID 1000, in this case > the Settings package.) > > > Captive portals > > Enable clearnet access for either UID 1000 (beware of the random stuff > apparently floating around there), or for a dedicated browser (and run > "settings put global captive_portal_detection_enabled 0" as root). > > > Installation > > 0. Set up some independent way to check for leaks, e.g. corridor[5]. >You've been warned... > 1. Copy the orplug subdirectory to /data/local/ on your Android device. >"chmod 755" 00-orplug, orplug-start, and orplug-reconf (all in >/data/local/orplug/bin/). > 2. Add the line ". /data/local/orplug/bin/00-orplug" (note the dot) to >/data/local/userinit.sh and run "chmod 755 userinit.sh". > 3. Copy the contents of /data/local/orplug/torrc-custom-config.txt into >the clipboard, e.g. using File Manager. This file contains directives >for tor to open 99 different TransPort and DNSPort ports. > 4. In Orbot's settings, paste the clipboard contents into "Torrc Custom >Config", disable "Transparent Proxying", disable "Request Root >Access", and choose "Proxy None" in "Select Apps" (that last one only >applies to current prereleases of Orbot). > 5. Reboot your device. > 6. Check that orplug has brought the firewall up: The output of >"getprop orplug.up" is supposed to say "true". Log files are in >/data/local/orplug/debug/ in case it didn't work. > 7. Configure your apps by
[tor-talk] Internet of Onion Things and the OnionCam
I have been working on some ideas about using Tor to improve the state of inter-connectivity, authentication, confidentiality of so-called "Internet of Things" devices. The link below is to a rough draft of a presentation I gave yesterday to start hashing out these ideas in a more public way. It also includes instructions on how, using Orbot and any Android device with a camera, you can build your very own private hidden service-based "OnionCam" setup. It works surprisingly well. https://github.com/n8fr8/onionthings/blob/master/docs/Internet%20of%20Onion%20Things.pdf My hope is that we can promote Tor as a very real answer to the need to connect all these things in a safe and secure way, that doesn't rely on exposing ports via NAT or depend on syncing data to a cloud. For a related topic, see Yawnbox's "Create an anonymous document drop with any Android" post: https://yawnbox.com/index.php/2015/12/02/create-an-anonymous-document-drop-with-any-android/ +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] meek-azure was blocked in China for about 4 days
On Mon, Feb 8, 2016, at 06:02 PM, David Fifield wrote: > For about four days (January 29 to February 1, 2016), meek-azure was > blocked in China. The blocking may not have been intended for > meek-azure, and may not have been deliberate blocking, but it had the > effect of blocking the service. It is unblocked again since February 2. > > The nature of the event seems to be dropping of HTTPS connections to a > specific Azure CDN edge server, cs3.wpc.v0cdn.net, which at the time had > an IP address of 68.232.45.200. Plain HTTP connections were not > affected. The blocking was not DNS blocking of a specific domain name, > nor was it TLS SNI (Server Name Indication) filtering: all domain names > we tried for the IP address failed equally. Was it port 443 only? What if HTTPS was also made available on port 8443? Would that still allow the domain fronting to work? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Not able to download Tor to droid]
On Fri, Feb 5, 2016, at 03:11 PM, libertyinpe...@ruggedinbox.com wrote: > ... Kindly be advised, I did get rid of all the google and other > commercial apps on the tablet earlier after Tor would not properly > download. Every one I could find. Are any of these apps required by the > droid to download Orbot? -- Will not download from the google store since > they demand registration and do track. The ISP does not appear to be a You should use the free, open-source app store F-Droid, available here: https://f-droid.org/ Once you install, enable the Guardian Project repository in the Repository menu, and resync. You should be able to find the latest Orbot and other apps, and it will notify you of updates. More information at https://guardianproject.info/fdroid -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
On Tue, Jan 12, 2016, at 11:12 PM, Nathan Freitas wrote: > Stay tuned for our next beta update. Here's Orbot b15.1 Beta 2 (https://gitweb.torproject.org/orbot.git/commit/?id=a0b092856146e49b9c5056fc6f6adb070d76e0ef), which addresses a number of issues that you referenced, Dash. Please let me know how it works with your configuration. This also fixes a problem we had with scanning QR Codes from the bridges.torproject.org site. APK: https://guardianproject.info/releases/Orbot-v15.1.0-BETA-2.apk Sig: https://guardianproject.info/releases/Orbot-v15.1.0-BETA-2.apk.asc 8f7165c fixes for settings processing and QRCode scanning of bridges - support new JSON array form bridges.torproject.org Thanks! +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
On Tue, Jan 12, 2016, at 04:42 PM, Dash Four wrote: > Nathan Freitas wrote: > > I really don't understand how Orbot or Droidwalls iptables rules are > > co-existing with Android VPN. This is really a new one for me. I will > > make sure transproxy is working on Android 5.1 though, so that at least > > we can be sure we didn't break anything. > I have completely re-defined the "transproxy" feature using iptables > rules in the nat table. Transproxy in orbot is completely de-activated (I > don't use it at > all). Didn't trust the Orbot transproxy feature as: > > 1. It was returning icmp codes instead of dropping the packets silently > (standard practice in firewalling); > 2. Allows full net access to selected applications (I need to have the > ability to specify which application should be allowed to transproxy > which > protocols/ports, not just proxying everything with no control over > anything). That's great, and yeah, we should probably improve our transproxy feature, though with things like Orwall and Droidwall, as well as our VPN feature, it has become less of a focus recently. I've made changes in Orbot now so that if you don't have the transproxy feature enabled, it won't write any related settings. This means you can override it with your own now more easily. > >> 3. Orbot simply ignores what I have specified as Socks, Transproxy and > >> DNSPorts to be used. Example: in my configuration I specify the interface > >> to be used > >> explicitly, i.e. "127.0.0.1:5400" as DNS port (this was the only way I > >> could get it to work in the "latest" stable Orbot version). I tried > >> variations of that > >> configuration (i.e. specify just the port number), but that didn't work > >> either. > > > > That is strange. It shouldn't ignore that. This is configured in the > > Orbot individual settings values, or through torrc entries? > Through the GUI settings. Can't use "DNSPort" because of "DNSPort auto" > definitions and the fact that tor chokes on it (see below). DNSPort is also now not specified unless you have Orbot's transproxy enabled. This means you can override it. > > > > >> 4. No matter what I configure in my settings, Orbot (both versions) > >> always generates torrc file that contains "SocksPort auto", "DNSPort > >> auto" and "TransPort > >> auto". Why? I know that it closes the old (auto-generated) ports and > >> re-opens different ones (as per my custom torrc) later, but that should > >> not be the case and > >> it should honour what I have specified in my configuration. There may have been some bugs in the last build that were causing this. Again, it now won't set DNSPort or TransPort if you don't have transproxy enabled, and you can manual set them in the "Torrc Custom Config" field, or even modify the default torrc file on disk. I have also made some changes related to using the Orbot settings properly, if you do have transproxy enabled in the app, but that shouldn't matter for you now. > >> 5. There is no GeoIP database supplied with any Orbot version, which > >> makes all GeoIP-related commands I issued in my custom torrc completely > >> useless. I had to > >> copy these files from my desktop tor version in order to make this work > >> (Orbot is supposed to "come with tor", but apparently not everything is > >> included). > > > > There is GeoIP but it only unpacks it from the APK if you specify rules > > in Orbot settings that need it. > It should, in my view, always unpack these files. What happens if I don't > use any options at the point of installation, but include these in my > custom torrc > file at some late point. What then? Okay, this is now changed, as well. Since we now show an easy exit country selector option, it is more likely these files are needed anyhow. > > Thanks for the very detailed notes. I will try to reproduce what you are > > seeing. > No worries - let me know if you need any information from me. > > I have been running the old (stable) Orbot for nearly a week now without > any issues. Pleasantly surprised how it adjusts to changing IP addresses > when my VPN > connects/disconnects (by the way, I do not use the VPN which comes with > the stock android - I use the VPN apk which comes from the guardian > project and the > FDroid repo!). Agreed that Tor's ability to deal with network changes is quite admirable, and one of the many reasons why it makes sense on mobile networks and devices. Stay tuned for our next beta update. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: Orbot v15.1.0 Alpha 1
On Sun, Jan 10, 2016, at 09:03 AM, Dash Four wrote: > I am having all kind of problems with this, but before I go into the > details, a bit of background. Thanks for the report, Dash, and sorry you are having issues. It does seem your setup is pretty complex (Droidwall plus transproxy AND a VPN?!), but if it worked before it should now. > Currently, I am running (quite happily) the "latest" Orbot, which uses > tor 2.6(.10?) with no issues to report. We didn't radically change anything with how the Tor ports are setup between the Orbot v15.0.x branch and this one, but I will take another look to see if something subtle was modified. > 1. Orbot uses ports outside the "common" list of ports, which are, > obviously, DROPped by the firewall. For example, the 15.1.0 version uses > random ports on the > loopback interface in both directions (say, src port 51117, dest port > 53123). The previous Orbot version sticks with source or destination > ports that are > pre-defined (i.e. 9040, 9050, 9051 and 5400, as well as ports that are > advertised in the tor config file). Orbot still uses 9050, 9051 and 5400. Not sure why you aren't seeing those as the defaults. > 2. Even if I allow Orbot to have a free reign (allow all packets going > out by Orbot), the transproxy/dns doesn't work. Basically, nothing can > get proxied at > all. I don't have any packets that are dropped on the VPN or anywhere > else. I really don't understand how Orbot or Droidwalls iptables rules are co-existing with Android VPN. This is really a new one for me. I will make sure transproxy is working on Android 5.1 though, so that at least we can be sure we didn't break anything. > 3. Orbot simply ignores what I have specified as Socks, Transproxy and > DNSPorts to be used. Example: in my configuration I specify the interface > to be used > explicitly, i.e. "127.0.0.1:5400" as DNS port (this was the only way I > could get it to work in the "latest" stable Orbot version). I tried > variations of that > configuration (i.e. specify just the port number), but that didn't work > either. That is strange. It shouldn't ignore that. This is configured in the Orbot individual settings values, or through torrc entries? > 4. No matter what I configure in my settings, Orbot (both versions) > always generates torrc file that contains "SocksPort auto", "DNSPort > auto" and "TransPort > auto". Why? I know that it closes the old (auto-generated) ports and > re-opens different ones (as per my custom torrc) later, but that should > not be the case and > it should honour what I have specified in my configuration. Can you just clarify what you mean my your configuration? Is that via Orbot settings, or a torrc file somewhere? >This maybe > related to the previous issue I described above. As a result of this, I > cannot have, say, > "DNSPort" in my custom torrc as tor refuses to run (duplicate DNSPort > definitions). Ridiculous! I need to have control of all torrc settings > and not have Orbot > "assume" things. Modifying the torrc file in Orbot's data directory can > alter some torrc settings, but not all and some are always included (like > the example > I've given above) no matter what. Point taken. > 5. There is no GeoIP database supplied with any Orbot version, which > makes all GeoIP-related commands I issued in my custom torrc completely > useless. I had to > copy these files from my desktop tor version in order to make this work > (Orbot is supposed to "come with tor", but apparently not everything is > included). There is GeoIP but it only unpacks it from the APK if you specify rules in Orbot settings that need it. Again, you are hand modifying the torrc file which isn't our expected method of use. We are trying to save space, and made an assumption. If you enter any value in Orbot's exit nodes field, it will notice that and unpack our bundled GeoIP files. > I think that pretty much covers it. I managed to grab the tor executable > supplied with v15.1.0-ALPHA and dump it in place with the old "stable" > Orbot version > and it works OK from what I can see, though both Tor versions suffer from > bug #9972 I submitted nearly 3 years ago, which is still open. This is not an Orbot specific issue though, right? > Another axe to grind with tor is its inability to specify binding > interface for the various ports it uses. It currently requires an IP > address > (:). That format can't be used when I have VPN running > or have an interface that has a dynamic IP address for example. I'd like > to be able to > specify, say, "DNSListenAddress tun0:7253" for example. Again, Tor and not Orbot, but yes, that would be useful! Thanks for the very
Re: [tor-talk] Torified Mobile Experience
On Fri, Jan 1, 2016, at 07:22 PM, Spencer wrote: > About a year ago, a discussion touched on what could be TorPhone, or > PhOnion, or whatever. > > Following up with this, I find Mike Perry's original post is still > alive: > > https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy > > But it has been upgraded to a formal project: > > https://github.com/mission-impossible-android/mission-impossible-android I would call that an unofficial formal project, but yes, really happy that project is happening. I think it is the right approach. > TOMY seems to be back burnered, which is fine given the growth of the > Guardian Project F-Droid repo over the past year: > > https://dev.guardianproject.info/projects/libro/wiki/Tomy_Detachable_Secure_Mobile_System Most of our energy got taken up with Orfox / Tor Browser and Pluggable Transport porting, as well as work on the secure camera project, and our new effort on mobile developer infrastructure, deterministic/reproduceability and so on. All of this ultimately contributes to projects like TOMY and MIA, but for now the idea of booting a TAILS-like experience from an SD or USB drive is still not widely practical. > I inquired about the state of this and the briefly lived GuardianROM and > was redirected to Mike Perry's original post. > > Since then, there seems to be some development that could be of interest > to followers of this topic: > > NetHunter > https://www.kali.org/kali-linux-nethunter/ > > AOSParadox > http://www.xda-developers.com/aosparadox-a-new-rom-for-the-oneplus-one-with-a-fresh-perspective/ > https://github.com/AOSParadox > > Both of these seem like easy targets; others would know better. A few more related, interesting ideas: https://copperhead.co/android/ https://people.torproject.org/~ioerror/skunkworks/moto_e/ > > Thoughts on this or the status of similar things? Is anybody doing this > or something different? I feel like there is an OS guarded secretly > under development :) No secrets, just many smart people chipping away at a very big problem. I think some of us have also been thinking about whether Android is the best solution to build upon, or if we should look towards booting TAILS on Windows Mobile hardware, or an Ubuntu mobile type solution (Qubes Mobile?), or even maybe something based on Pi Zero or Project CHIP device. https://www.kickstarter.com/projects/1598272670/chip-the-worlds-first-9-computer Thanks for keeping hope alive, and keeping the interest going. I think MIA on a Moto, Nexus or 1+1 is the best turnkey option right now. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Orbot v15.1.0 Alpha 1
- Original message - From: Nathan of GuardianTo: guardian-...@lists.mayfirst.org Subject: Orbot v15.1.0 Alpha 1 Date: Mon, 04 Jan 2016 02:04:44 -0500 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Happy 2016... and here's an update for Orbot to test APK: https://guardianproject.info/releases/Orbot-v15.1.0-ALPHA-1-1-gf441736.apk ASC: https://guardianproject.info/releases/Orbot-v15.1.0-ALPHA-1-1-gf441736.apk.asc Primary updates are - - Update to Tor 0.2.7.6 and OpenSSL 1.0.1q - - Fixes for DNS leak in VPN mode (using PDNSD daemon for TCP-DNS over Tor thanks to SocksDroid!) - - Overall stability improvements to VPN mode with easy ability to toggle on and off without Orbot restart - - A pretty major update to the graphics/branding with a new icon from DrSlash.com CHANGELOG f441736 update OpenSSL string to show 1.0.1q 4098e8e update to 15.1.0-ALPHA-1 f1fcec3 add support for PDNSD DNS Daemon for VPN DNS resolution Tor's DNS port doesn't work well with the VPN mode, so we will use PD 8d8fe0c updates to improve VPN support 699b60d add linancillary for badvpn tun2socks update for DNS 9b2cc52 update badvpn binaries 6dc8cf6 update makefile for new pluto builds 0261236 change this to "browser button" 3462cbd small updates to icon and strings bb7 update installer to get PLUTO binaries from assets 7d213e2 delete pluggable transport binaries here; build with Makefile use the external/pluto project 6cf1201 update makefile to support PLUTO builds 871701e add link for new icon 51205b8 update for Orfox 6fb4f0c update binaries 317405d update external versions of Tor 0.2.7.6 and OpenSSL 1.0.1q 0a5dd08 use a browser constant here, with the new constant being Orfox c54ab18 deleted these graphics 534c2fb update style, icons and graphics - -- Nathan of Guardian nat...@guardianproject.info - -- Nathan of Guardian nat...@guardianproject.info -BEGIN PGP SIGNATURE- Version: Mailvelope v1.3.2 Comment: https://www.mailvelope.com wsFcBAEBCAAQBQJWihloCRCoARg+abN6qQAAWPcP/jxHlCNFqRu2mQaZ+VcA 1WhZVyEWZZHx7Yn7TRs0FtKhpjBgy+UDGF9J+jZSNr+M9qI+TNEXTV7/qAD9 4fO2AQVSFmO0EqjciaqEng9QhPxQ8tkIktadskTeZYE8ZQsS3A7oixXMVCPo +TvsCdcRRJOw0cWnxOj31vMr2Ubh/odTdSPlRxQzFMVEP2lk3lBWFoH1L99w qtGdCLRZ8k0sGb4E4gtGeA75EOdsPqoiwRocJ9DomOeq5JznHEba1lOqx4G4 C2rbVfKzgLzFMDIGMusCAQPuj6Pjw5v0fIy1Che+r+rUklhhMSOUEWnfWZQC ylnNLMkpL8Ipmv8wcR5ycqR29Qp50/HCuzxvQoasSqkLRP/umKnB9PbYVSZQ TWOQWxLrQHeforBUcXzPLUw7QyBBRzbDHgsqRHUIz7JAJM6vZuD8k4XMUags JiO7eViP7eQIJp6W59weKOtasYFrJxR9tBOK0c6mrQp27722J0OK920MAIiC 4/SASCXAy1gSappUoeawp5sTL0Zkx1XOiX8vlwK22jsQIFEZnWUaWHwrWkBL LB2aRUal4kb9MIYYVMfh4W0GKn6UV9Ez0I+MmiFYi+iuCUdHp3bo6JC98GfL eUWOu9oV79zCXbB19scVkWzZ2TPx7pe0ZWPuqcRb2NhSqF7L3pmhXU63V8BE dMO8 =mm7R -END PGP SIGNATURE- -- Nathan of Guardian nat...@guardianproject.info -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Internet failure without orbot
On Fri, Nov 6, 2015, at 06:23 AM, Metal Heart wrote: > Thanks a lot! > But now I have bootstrapped 25% without progression. Im not sure, but > with WiFi I havent problems alike this. Please try enabling the "Tunnel through Google" or "Tunnel through Azure" options under the "Bridges" button on the main screen. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Internet failure without orbot
On Fri, Nov 6, 2015, at 11:27 AM, Metal Heart wrote: > Thank you, but its not helpful. With azure or google i have 25%, without > them 50% bootstrapped. Okay. Well be patient - the first bootstrap takes the longest, but if it is slowly increasing, then it will eventually get to 100%. Otherwise, if you have more questions, please email supp...@guardianproject.info for help with Orbot -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Internet failure without orbot
On Thu, Nov 5, 2015, at 03:29 PM, Metal Heart wrote: > Hi, have you any idea about failure on my android after > turning off orbot app? My internet is not work till i turn on > orbot. > -- Please disable all root and transproxy features. Also try "Transproxy FORCE REMOVE" feature in Orbot settings. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!
On Mon, Sep 28, 2015, at 10:44 AM, Alexis Wattel wrote: > The User-Agent and Accept headers gave me a unique fingerprint on > https://panopticlick.eff org/. Yes, they are unique for Orfox users. > They should be set to the same as the Tor Browser. There's no point in > identifying the client as a mobile user if you seek anonymity; and the > User-Agent is the one most basic way to track browsers besides IP > addresses. We made a conscious choice to not use the same user-agent as Tor Browser, since there are other things like screen-size, for instance, that we cannot make the same. Our goal is to have the same user-agent as Firefox for Android, which we do, and which has tens of millions of users. > The Accept headers are plain and simple leaked from the device. What do you mean leaked? Are you saying the Accept headers are unique for your device, or just for Orfox/Firefox for Android? I think it is the latter, and it is not a leak. > Could easily pass as a honest mistake if this issue had not already been > reported 2 years ago about Orweb. Trust me when I say that the work we have done here is way beyond Orweb in many ways. Orweb didn't allow us to change the user-agent and accept headers fully. With Orfox, we are using the fully compiled Gecko engine from Tor Browser source. The few areas that differ are ones like this, where we made a choice to have mobile web access be the default, based on this user-agent. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!
On Sun, Sep 27, 2015, at 05:26 PM, spencer...@openmailbox.org wrote: > What are the benefits to the permissions 'run at startup', 'download > files without notification', 'install shortcuts', and 'uninstall > shortcuts'? We are still working our way through all the permissions that Firefox has/expects to have and seeing what we can remove easily. If you compare to Firefox for Android, you can see we already have quite a few less. The above permissions are mostly related to the Firefox Marketplace "Apps" they offer which provide a way to run HTML5 apps directly from the Android launcher. We don't plan to support these in Orfox, so we likely remove these permissions. > What do 'connect and disconnect from Wi-Fi', 'view Wi-Fi connections', > and 'view network connections' do that 'full network access' doesn't? These again are related to some new enhanced wifi behavior that Firefox has been working on, that doesn't make sense for Orfox. These will likely go away before we reach RC. > And is the 'read your Web bookmarks and history' a requirement for the > 'New Private Tab' function, or does it provide other benefits? Still sorting that out, but I think that permissions is for importing old browser bookmarks into Firefox. I thought that one had been removed, actually, again because we don't support/promote this feature in Orfox. > I know I can learn about these permissions in general through the > appropriate documentation but I am asking in context to specific > experiences OrFox is facilitating. No problem. Mostly we are trying to modify Firefox for Android in a way we can easily maintain it, while still ensuring we disable all the permissions/features that don't make sense. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!
Thanks for testing! This is only a replacement for Orweb browser. It still requires Orbot for the Tor connectivity. (Sorry for the top post... On the go, on my phone!) On Fri, Sep 25, 2015, at 04:12 AM, Elrippo wrote: > Hy, > installed in cyanogenmod. When I hit "quit" it does not quit, I have to > kill the process manually > > Nice to have a replacement for orbot, nice work!!! > > Am 25. September 2015 00:33:08 MESZ, schrieb Nathan Freitas > <nat...@freitas.net>: > >Orfox Beta is out on our F-Droid repos and Google Play: > > > >https://play.google.com/store/apps/details?id=info.guardianproject.orfox > >https://guardianproject.info/fdroid/repo > > > >If you haven't heard about Orfox, you can read more about it here: > >https://guardianproject.info/2015/06/30/orfox-aspiring-to-bring-tor-browser-to-android/ > > > >- Original message - > >From: "Hans-Christoph Steiner" <h...@guardianproject.info> > >To: Guardian Dev <guardian-...@lists.mayfirst.org> > >Subject: [guardian-dev] first beta release Orfox! > >Date: Thu, 24 Sep 2015 09:35:44 +0200 > > > > > >At long last, we finally have the first beta release of Orfox! Orfox > >is > >our > >replacement for Orweb as the private browser for Android. It is based > >on a > >port of Tor Browser to mobile Firefox (aka Fennec). > > > >You can get it now from our F-Droid repository. In F-Droid, go to the > >Repositories, then flick on the "Guardian Project Official Releases" > >repository, and let it update the index. Then you can search for and > >install > >Orfox. If you don't already have F-Droid, get it here: > > > >https://f-droid.org > > > >Coming soon to Google Play also. > > > >.hc > > > >-- > >PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 > >https://pgp.mit.edu/pks/lookup?op=vindex=0x9F0FE587374BBE81 > > > >___ > >List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > >To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org > > > > > > > > > >-- > >tor-talk mailing list - tor-talk@lists.torproject.org > >To unsubscribe or change other settings go to > >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > -- > We don't bubble you, we don't spoof you ;) > Keep your data encrypted! > Log you soon, > your Admin > elri...@elrippoisland.net > > Encrypted messages are welcome. > 0x84DF1F7E6AE03644 > > -BEGIN PGP PUBLIC KEY BLOCK- > Version: GnuPG v1.4.11 (GNU/Linux) > > mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd > BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb > UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+ > B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5 > Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R > 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs > e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9 > jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h > q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z > +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI > KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB > tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs > cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL > BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7 > uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd > U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW > oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s > IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb > BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI > kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/ > axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM > XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi > dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ > qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU > 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY > s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz > f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc > ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich > O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVny
Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!
On Fri, Sep 25, 2015, at 04:42 AM, Elrippo wrote: > You are welcone. Of course I have orbot installed, I misspelled OrBot > with OrWeb Just making sure! > When I want to quit OrFox with "quit", it does not quit on CyanogenMod > 11, I have to kill OrFox manually. Yes, the "quit" function on Android remains complicated, and somewhat of a hack, since Android does not recommend it. Still, it should work, so we will track this issue and work on it for the next build. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: [guardian-dev] first beta release Orfox!
Orfox Beta is out on our F-Droid repos and Google Play: https://play.google.com/store/apps/details?id=info.guardianproject.orfox https://guardianproject.info/fdroid/repo If you haven't heard about Orfox, you can read more about it here: https://guardianproject.info/2015/06/30/orfox-aspiring-to-bring-tor-browser-to-android/ - Original message - From: "Hans-Christoph Steiner"To: Guardian Dev Subject: [guardian-dev] first beta release Orfox! Date: Thu, 24 Sep 2015 09:35:44 +0200 At long last, we finally have the first beta release of Orfox! Orfox is our replacement for Orweb as the private browser for Android. It is based on a port of Tor Browser to mobile Firefox (aka Fennec). You can get it now from our F-Droid repository. In F-Droid, go to the Repositories, then flick on the "Guardian Project Official Releases" repository, and let it update the index. Then you can search for and install Orfox. If you don't already have F-Droid, get it here: https://f-droid.org Coming soon to Google Play also. .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex=0x9F0FE587374BBE81 ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] HIDDEN SERVICE IN ANDROID TABLET
On Thu, Jul 16, 2015, at 03:30 AM, pmwinzi wrote: What is the best web server to host tor hidden service in android tablet? Orbot can easily be configured to start and host a hidden service on any port. Just enable the feature in Orbot's settings, and enter the port you wish for it to be available at. From there, you must run another app on your tablet that actual provides a service. There are a variety of server type apps available out there on F-Droid.org, Google Play or as source. Another option, is to use Lil'Debi[0], or some other Linux-on-Android type system, to install a full chroot environment, where you can apt-get install anything you want, including Tor, apache, and so on. In that setup, you could even run something like Globaleaks on the tablet. [0] https://guardianproject.info/code/lildebi/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: Orbot v15.0.3-RC-3 is out (with Tor 0.2.6.10)
- Original message - From: Nathan of Guardian nat...@guardianproject.info To: guardian-...@lists.mayfirst.org Subject: Orbot v15.0.3-RC-3 is out (with Tor 0.2.6.10) Date: Tue, 14 Jul 2015 17:36:08 -0400 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Orbot 15.0.1-RC-3 / 14-July-2015 APK: https://guardianproject.info/releases/Orbot-v15.0.1-RC-3.apk SIG: https://guardianproject.info/releases/Orbot-v15.0.1-RC-3.apk.asc Tag: https://gitweb.torproject.org/orbot.git/tag/?id=15.0.1-RC-3 * Updated to latest Tor 0.2.6.10 / OpenSSL 1.0.2a * Overall improvements to system and server stability * Improvements to Apps VPN mode support ** Android 5+ you can now select apps for using Apps VPN mode * Improved launch and hidden service API for third-party app interaction Full changelog and source available here: https://gitweb.torproject.org/orbot.git/tree/CHANGELOG We'll be doing an update to our F-Droid repos (https://guardianproject.info/fdroid) this week to include both the ChatSecure and the Orbot updates. - -- Nathan of Guardian nat...@guardianproject.info -BEGIN PGP SIGNATURE- Version: Mailvelope v0.13.1 Comment: https://www.mailvelope.com wsFcBAEBCAAQBQJVpYDBCRCoARg+abN6qQAA7fMP/1tFk/UyRwpVY8e+LnoF 3y2YgCjcf01Puzlo6aje4E2FlEZp8BTuvywuwDm2i7BkGo815SPnSOOLJ3xv Zvk5juLsDXII0l4ZEORlvV4VL/Cp9gsz9ljuHZEm7YsIfDuTx8OTlP2LOdlG X3tq2re8BGj+h+gQIXR+slAapfyKhn/1FHg9BuWarnPFEoBpoDqJLlfHC3M8 z8z2gmFB29ToYzLDv3Gz/kA8IlEXAqF70J8rDQvlWS8Jg7ZhLQqRdIn2bJjI NEjYElMVijfZx83iCG7Tfp6NgoK+VIfvnjRagH8w/Oe3ajuSZHVk5msoqhMW B7Ls21d1uwfYQsLMkbPABtgS3PBvJm+AbM4aU2dc84IBHweHsjY5vZzW8pAY RsG5BsORZZdAwLZHo71OKhTxHfppy6f2Bhda3AWTilsBeOqTag801+bNG0/I VZqm71o0lVAwShbPw5UldQGzXpv2f0nic5+Ub7L6DrsQR/iY/rSgVEyZkqBP keLl4Y5peRZoK8GvZUW+W0JFjMkX8zuLI02SLMWwp8HTjyXQMh9vWyzCdG2l wmyWtQAHM/BTW/WMLCBVkzaIW2jJCUBPrir4yb9QFiwJDs4f8BQhESOUt3Ei HzKrtqf8jaa/cNlhjjqCIbmG89BWjtW0IKQVt7vJNoaM+qMmesC8LOqigxS6 SOsg =qWou -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in background on iOS 9?
On Sat, Jul 11, 2015, at 07:25 PM, Ed Baskerville wrote: Long-time lurker, first-time poster. It looks like Apple is finally going to allow background-running network proxies on iOS, via app extensions. It's not obvious at a glance if you can do everything you need to do to run Tor, but it looks promising: From Chris Ballinger of ChatSecure, who has built Tor into it on iOS: Unfortunately, you need a special entitlements file from Apple in order to use the API. I've already requested one but haven't heard anything back yet. This is definitely the holy grail for running Tor on iOS. Sounds promising if you can navigate the usual Apple hoops. https://developer.apple.com/videos/wwdc/2015/?id=717 https://developer.apple.com/library/prerelease/ios/releasenotes/General/iOS90APIDiffs/frameworks/NetworkExtension.html Has anyone started working on something like Orbot for iOS 9 yet? Ed -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Circuits in Orbot
On Tue, Jun 23, 2015, at 04:27 PM, forc...@safe-mail.net wrote: I am using Orbot for Android and was surprised to see that circuits are up to 5 nodes. I remember having read that TOR would not be more secure (and even could be UNsecure) if it would use more than 3 nodes to build a circuit. When you say the circuits are up to 5 nodes, are you getting that information from the log or the notification area display? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Firefox with Tor on Android?
On Wed, May 20, 2015, at 03:44 PM, Jens Lechtenboerger wrote: Hi Nathan, many thanks for your quick reply! On 2015-05-19, Nathan Freitas wrote: On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote: the usage instructions for Tor on Android at https://www.torproject.org/docs/android.html.en are unsafe for Firefox users. Firefox on Android downloads favicons without respecting proxy preferences. See here: https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12 Yes, that page is very out of date and needs to be updated. It wasn't a bug originally, but when Mozilla started moving more code over to Android/Java domain, they introduced it. I am making it a priority to make sure it is accurate. We have also removed the Proxy Mobile add-on from the Mozilla Add-on store awhile ago, when the favicon leak issue was discovered. Some big warning signs might be a good idea. In particular, on pages like this: https://guardianproject.info/apps/firefoxprivacy Yes, we are actually in a dev sprint right now to do a few things: 1) Remove all traces of broken or no longer recommended solutions 2) Add more clear documentation about when WebView/WebKit apps like Orweb or Lightning are safe to use (on Android 4.3 and higher, etc) Hmm... Tor Everything should work if you have a rooted Android device with a kernel that supports iptables properly. Also, if you haven't seen Mike Perry's post on Android hardening/tuning, please read it: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy Great post, many thanks for the reminder! Which Android OS are you running, and which version of Orbot? Android 4.2.2. I tried Orbot 15.0.0-RC-3 and 14.1.4-PIE. Have you tried the latest Apps VPN feature that tunnels all device traffic through Tor without root? Initially, I didn’t because the warning said that “it should NOT be used for anonymity.” I just tried that with 15.0.0-RC-3, but failed to get VPN working. If I klick “Apps” first, and start Tor afterwards, no circuit gets built. In the log I repeatedly see “The connection to the SOCKS5 proxy server at 127.0.0.1:10720 just failed.” That is the way to do it (click Apps first, then start Tor). Make sure to disable all root, transparent proxying options, and also flush/remove all transproxy rules in the Debug section of Orbot settings. If I start Tor first, and klick Apps afterwards, I cannot open any web page. (Very little data transfer is shown for OrbotVPN, some packets for each web attempt. The Orbot logs show some circuits but “Tried for 120 seconds to get a connection to [scrubbed]...”) I guess that I need “Request Root Access.” Other options? No root is needed for this method. Firefox without proxy configuration? You don't need any proxy config, correct. Finally, if you use Orweb (super basic) or Lightning Browser (most features you want), there is no favicon or other leakage. I’m surprised that you recommend Orweb. There is a big red warning at: https://guardianproject.info/apps/orweb/ I’ll check out Lightning Browser at some later point in time. Again, that language is out of date. I really need a web / documentation person to help make sure we keep this content accurate. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Firefox with Tor on Android?
On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote: the usage instructions for Tor on Android at https://www.torproject.org/docs/android.html.en are unsafe for Firefox users. Firefox on Android downloads favicons without respecting proxy preferences. See here: https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12 Yes, that page is very out of date and needs to be updated. It wasn't a bug originally, but when Mozilla started moving more code over to Android/Java domain, they introduced it. I am making it a priority to make sure it is accurate. We have also removed the Proxy Mobile add-on from the Mozilla Add-on store awhile ago, when the favicon leak issue was discovered. We have also had a variety of issues with successful proxying of third-party web browser / engines on Android, including various bugs with WebView/WebKit proxying depending upon the Android OS version or device type you are running. (I tried different configurations of Orbot and Firefox. Also “Tor Everything” fails, both with HTTP proxy at port 8118 and SOCKS proxy at 9050.) Hmm... Tor Everything should work if you have a rooted Android device with a kernel that supports iptables properly. Also, if you haven't seen Mike Perry's post on Android hardening/tuning, please read it: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy Which Android OS are you running, and which version of Orbot? Have you tried the latest Apps VPN feature that tunnels all device traffic through Tor without root? My current attempt for Firefox with Orbot is to configure localhost, port 8118 as system HTTP proxy (long press Wi-Fi connection - Modify network - Show advances options). Then, in Firefox verify via about:config that network.proxy.type is set to 5, which should be the default and lets Firefox use the system proxy, which is also used to fetch favicons. Yes, for Wifi connections this will work reliably. Probably, there are more pitfalls. Any suggestions? I think running CyanogenMOD or a similar rom, and using transparent proxying, either by app or all, on boot, and optionally with Mike's extra hardening, is the most complete solution. If you don't want to go that far, then the Apps VPN feature feature should do, or manually setting the wifi proxy as you have. Finally, if you use Orweb (super basic) or Lightning Browser (most features you want), there is no favicon or other leakage. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] obfsproxy for Android
On Mon, Apr 27, 2015, at 09:05 AM, Mohsen Khahani wrote: I am developing an anti censorship application for Android. Is there a way technically to use *obfsproxy *client in my app since it's been written in Python? Any advice? I am working on a library named PLUTO to help promote the use of pluggable transports/obfsproxy in other apps. You can find the current information on it here: https://github.com/guardianproject/pluto While it is focused on more typical Java-based Android apps, the way that PT's work are just simple command line binary executables. Obfs4 is currently written in Go, but in the PLUTO project, you can find information on cross-compiling it, as well as pre-built binaries. To execute and manage a PT instance, you just need to set the proper environmental variables, which you can read about here: https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt#n246 Hope that helps! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: [guardian-dev] Orbot v15 beta 1
- Original message - From: Nathan of Guardian nat...@guardianproject.info To: guardian-...@lists.mayfirst.org Subject: [guardian-dev] Orbot v15 beta 1 Date: Fri, 03 Apr 2015 13:13:51 -0400 Orbot v15 beta 1 is functionality complete. Beyond the new purple background, the Apps VPN mode and Bridges setup support directly available on the main screen are the main obvious changes. Underneath, there is the latest Tor 0.2.6 release, along with Meek and Obfs4 pluggable transports. The main area for testing is using the Apps VPN mode while switching networks and/or in bad coverage, as well as using it in combination with Meek or Obfs4, for example. Also, the implementation is bit different between Android 4.x and 5.x, so please report any difference you might see there. APK: https://guardianproject.info/releases/Orbot-v15.0.0-BETA-1.apk SIG: https://guardianproject.info/releases/Orbot-v15.0.0-BETA-1.apk.asc SRC: https://gitweb.torproject.org/orbot.git/tag/?id=v15-beta-1 /** 15.0.0 Beta 1 / 3-Apr-2015 / 989d43aca7d999c413ba23ae4ebdcac72fb0f9c5 **/ 6fd6a5a tune first-time experience (No more wizard!) b318e6b update tun2socks binaries cd303bd commit to latest dev head a2e84b8 fix JNI build info 398ff17 remove browser view handlers in manifest 75426bb Improve VPN service support - fix network switching handling We now refresh the VPN and tun2socks interfaces when the network d14dabb update tun2socks shared libraries 6d15a46 update jni build documents ab8f8f1 update build path for tun2socks 7774ca3 remove old embedded badvpn_dns 2724551 tag badvpn to latest 39ce7f1 improved clean-up, shutdown of Tun2Socks and VPN service b1d46e2 use getbridge email instead of web, as it makes more sense for users in censored/filtered locations to send an email than to a 9d83a5b update app vpn warning 26aeb67 updating string resources / localizations 7dd4949 update jsocks with reduced debug output 8493259 new helper activities for Apps and Bridge setup 150488d fixes for onboot logic and handling 8c5b38e more UI clean-up, removing old wizard code 7b830a0 remove HTTP proxy for VPN - not needed anymore! 6a7c593 a little bit of code re-org and new package for wizard 1a66924 update ant build for new external jsocks 9393928 add jsocks external modules and project e30c78b remove jsocks from main code and move to external/jsocks 784c1c1 peg external to jsocks commit More here: https://gitweb.torproject.org/orbot.git/tree/CHANGELOG -- Nathan of Guardian nat...@guardianproject.info ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Onion Proxy Library
On Wed, Feb 18, 2015, at 08:17 PM, Yaron Goland wrote: I just updated the Tor Onion Proxy Library [1]. The library will set up a Tor Onion Proxy and help you connect to it as well as use it to host a hidden service. It provides an AAR for Android and a JAR for Linux, OS/X and Windows. Thanks for updating us and reminding me of this important effort. We are looking at breaking up Orbot to be more modular itself, and may utilize your work to do so, along with our PLUTO effort for pluggable transports. The updates are: Re-wrote the readme to provide some sample code Changed build process to simplify it Updated binaries for Android, Linux, OS/X and Windows to Tor 2.5.10 Updated Android project to work with SDK 21 Updated Android binary to use PIE so it will work on Lollipop Thanks, Yaron [1] https://github.com/thaliproject/Tor_Onion_Proxy_Library/releases/tag/v0.0.2 From: Yaron Goland Sent: Thursday, July 24, 2014 6:32 PM To: tor-talk@lists.torproject.org Subject: Tor Onion Proxy Library I work on the Thali project [1] which depends on being able to host hidden services on Android, Linux, Mac and Windows. We wrote an open source library to help us host a Tor OP that that we thought would be useful to the general community - https://github.com/thaliproject/Tor_Onion_Proxy_Library The library produces an AAR (Android) and a JAR (Linux, Mac Windows) that contain the Guardian/Tor Project's Onion Proxy binaries. The code handles running the binary, configuring it, managing it, starting a hidden service, etc. The Tor_Onion_Proxy_Library started off with the Briar code for Android that Michael Rogers was kind enough to let us use [2]. We then expanded it to handle running on Linux, Mac and Windows. The code is just a wrapper around Briar's fork of jtorctl (originally from Guardian I believe) and the latest binaries from Guardian and the Tor Project. This is an alpha release, version 0.0.0 so please treat accordingly. I hope y'all find it useful. Thanks, Yaron [1] http://www.thaliproject.org/mediawiki/index.php?title=Main_Page [2] Specifically he dual licensed the code under Apache 2 so we could use it. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Facebook Onion Site: Impending Works
On Wed, Feb 4, 2015, at 06:23 AM, Alec Muffett wrote: Specifically, we will be testing some experimental code to support both “www-” and “m-site” onion addresses, which will bring to Tor the “mobile” Facebook website as described in the original announcement: Just tried this today from Android, and was indeed redirected to the mobile site at https://m.facebookcorewwwi.onion/ Great work! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor on the iPhone?
On Thu, Jan 15, 2015, at 09:59 AM, Jeff Burdges wrote: On 15 Jan 2015, at 21:54, Nathan Freitas nat...@freitas.net wrote: On a related note, the latest ChatSecure on iOS includes Tor, as well, for XMPP connections. I thought it needed an external Tor applicaiton, specifically the one by Mike mentioned? No, ChatSecure iOS has Tor built into it now, and we will be keeping it up-to-date with RC/final releases and other critical updates. iOS doesn't allow external background proxies in the way that Android does. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor on the iPhone?
On Thu, Jan 15, 2015, at 09:18 AM, blo...@openmailbox.org wrote: Is this a valid app for using Tor on the iPhone? https://mike.tig.as/onionbrowser/ Leaving aside the issues of iOS and the Apple Store, non-verifiable binaries, etc, it is definitely a valid project and app. If you trust using an iPhone, then Onion Browser is the best possible way to use Tor for web access you can get. This is primarily because Mike has shown he is committed to maintaining his open-source project over two-years, including publishing security audit results, etc. On a related note, the latest ChatSecure on iOS includes Tor, as well, for XMPP connections. All the best, Nathan -- Nathan of Guardian nat...@guardianproject.info -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: [guardian-dev] Orbot Orweb updates for Android L/5.x
- Original message - From: Nathan of Guardian nat...@guardianproject.info To: guardian-...@lists.mayfirst.org Subject: [guardian-dev] Orbot Orweb updates for Android L/5.x Date: Thu, 13 Nov 2014 15:20:02 -0500 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Orbot v14.1.0-PIE (for 4.1/JB and up): APK: https://guardianproject.info/releases/Orbot-v14.1.0-PIE.apk SIG: https://guardianproject.info/releases/Orbot-v14.1.0-PIE.apk.asc Orweb v0.7 update for all (but with L/5.x fixes thx to Team Psiphon!): APK: https://guardianproject.info/releases/Orweb-release-0.7.apk SIG: https://guardianproject.info/releases/Orweb-release-0.7.apk.asc NetCipher library has also been updated with the WebKit proxy fix: https://github.com/guardianproject/NetCipher/commit/98f830938a26e798d993e7b5d086fc57da7d3ec7 *** Orbot CHANGELOG: /** 14.1 / 13-Nov-2015 / 5917e63693141dc08a99f8670ff3e274306a8c05 **/ * Updates to support Android 5.0 Lollipop 5917e63 updates for Android L and PIE binary support 5f49597 updates to appcompat v12 for Android L 7f50f79 update Makefile to support PIE arguments make PIEFLAGS=-fPIE -pie NDK_PLATFORM_LEVEL=16 f6ad0ff initial modifications for PIE support * Stability fixes f9e340b goodbye AIDL file... no longer using bound services c9bb1c2 remove bind service and use localbroadcast instead this should fix problems with the service being killed on unbind * Experimental (not enabled) VPN support for non-root whole device mode ff86774 let's not build vpn support for now 3ef94e0 more fixes for VPN but not quite ready yet aeb15e8 add sl4j jar dependecies for socks proxying 97ca6fb set MTU back to 1500 default 284a539 update badvpn commit 1b44dcb remove unused routes a964bef moves VPN service to background Service so it doesn't die (and other important fixes) 6a53ddb adding in new jni build files 2d98a29 temporarily use udpgw-client to make DNS and UDP tunneling to work 6877aaf update to gp fork of badvpn e459918 first commit of new OrbotVPN integration into Orbot - -- Nathan of Guardian nat...@guardianproject.info -BEGIN PGP SIGNATURE- Version: OpenPGP.js v0.7.2 Comment: http://openpgpjs.org wsFcBAEBCAAQBQJUZRJICRCoARg+abN6qQAA1/oP/RKqdQRnTj9xT0GGkJOw ZVhHnmpbpdsSx3eXB+cVmEWlmIPSUYfZo3n1jNzeRLgDg54If+jes/JldClV H2ugSXxQ1BGe/aIus0kyxNG1Zb5XrKSYFTO50tZ1dD/pj+sWn44+Wd7k74Lm 3FudmIyZPwi8J2F53ATCbTa2QdjliFVl5wPeWe6mjRX5Lk3MJysFGNlMiO+P JywIbWCg2YlkpnieBLukWGTYjC465uR1tm1NSPoWggyTnLYZ8AgW2abeRq1c MrqJyiz2te1kruoU1DihMR+zfCNSmrmy5V+klsX1Fbw2XfkqsrE3loZAjMPB g/fBhGFOJe0PQFDjNn+VlMkDWuoPn4zqy+ksbY8QSQc49QU5t//o+5ByZTgQ Hk9Pft/ssUI/z0BZaGZuzURLeaI8FMgCb8oPCqqHRSmlzeRsBgq39SNZOMgD OWli53sW7wmnKzregHBGKfIthHUmkAB0cC4zh8W0uX9ZPsVbSomB3OPRLY1Y /iySoGs9a5rvfNBXSgrpxAZKZuJLMWuEt2hDrYmCgQpaGPjDClhHOzDUs0BY np/VQWL0BxQXUCeFQu7708B9gOzQcPYHWmUtE93i5VpAiLz2QqjJhb5sGJ8M +JUMIn+hPjsK56UDoPNGae1McSdcQXigkhnKfIaw4tbO711CayL4cOOe3yUi opet =FB0r -END PGP SIGNATURE- ___ Guardian-dev mailing list Post: guardian-...@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: guardian-dev-unsubscr...@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info You are subscribed as: nat...@guardianproject.info -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] ChatSecure Problem?
Yeah best to email me direct for support or supp...@guardianproject.info On Thu, Nov 13, 2014, at 04:43 PM, Alec Muffett wrote: Hi Nathan! I am running CS 14.0.7-beta-2 on a Nexus 5 running 4.4.4. I can sign into Google Chat and open a connection to Runa over it. But: no padlock icon, can’t manually start OTR, nothing happens. Checking the Google Chat logs online, I seem not even to be issuing an OTR challenge, even in response to Runa trying at her end. Am I missing something fundamental, please? Thanks! - alec -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hidden Services vs Onion services
On Wed, Nov 12, 2014, at 11:38 PM, Virgil Griffith wrote: I'll start trying onion service and just see if it catches on. Since these things are mostly used for websites, why not call them onion sites or onionsites? Typical users don't talk about web services, they talk about web sites or pages. Perhaps they say online service but that usually means an ISP or something larger than just a site, imo. Turn your website into an onionsite Access the onionsite in the same way you access a website +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Orbot/Tor talk at MIT tomorrow
http://kb.mit.edu/confluence/pages/viewpage.action?pageId=152575577 Anonymity on the Go: The Possibilities and Problems of Tor on Mobile Devices This talk discusses what possibilities exist for communicating more freely on a mobile device. How can we stop telcos, ISPs, and our governments from tracking the apps we use, the sites we visit, and the people we communicate with, all tagged with our location data? How can we ensure that we have open and unthrottled access to the services we need, no matter where we are? While not a panacea, Tor is one project working to address these questions, and for five years, has been supporting mobile devices, as well. Speaker: Nathan Freitas is the lead developer of Orbot, Tor for Android, and the Orweb and Orfox privacy enhanced mobile web browsers. He also founded the Guardian Project, a five year old effort that creates easy-to-use open source apps, mobile OS security enhancements, and customized mobile devices for people around the world to help them communicate more freely, and protect themselves from intrusion and monitoring. Thursday, October 23, 12pm - 1:30pm, 37-252 (Marlar Lounge), RSVP required (email myea...@mit.edu) to attend and receive a free lunch. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: [guardian-dev] Progress on OrbotVPN
The work below would remove the root/transproxy feature from Orbot, and replace it with using a Android VPN/tuntap interface capability routed through Tor's SOCKS via tun2socks. This means anyone can enable the send all apps through Tor feature even without needing root. When the VPN mode is on, we will also by default only allow secure ports (443, etc) through in the torrc configuration, as well. For users wanting to have root/transproxy capabilities (including app by app proxying options), they will be able to still use Orwall. Feedback is welcome, especially from anyone with experience using Tor and tun2socks. - Original message - From: Nathan of Guardian nat...@guardianproject.info To: guardian-...@lists.mayfirst.org Subject: [guardian-dev] Progress on OrbotVPN Date: Tue, 21 Oct 2014 13:09:00 -0400 I have successfully gotten the Psiphon version of tun2socks working with Orbot. You can see the code here: https://github.com/n8fr8/orbot/tree/dev_orbotvpn The trick with Android VPNService is that you have to mark sockets protected in order to not have them be sent through the VPN. Tor opens a ton of sockets all the time to many remote servers, so it is hard to track those at the Android/Java level, since those are happening in the Tor native process. Instead, I set Tor to use a mini outbound SOCKS proxy I am running in the TorService class, and then I mark all the sockets outbound from that proxy I mark protected. Seems to work without much performance issue. Aside from UI integration, the main outstanding issue is getting DNS to work. When you create an Android VPNServer instance, you can only set the DNS host 127.0.0.1 but not the port. Since Tor's DNS service is running on 127.0.0.1:5400 I somehow need to get DNS packets to go there, and drop the rest of the UDP. My idea is to use the udpgw_client feature of tun2socks, and then run the udpgw daemon on the device. I have already modified the tun2socks code to change all DNS packets to use 5400 port, before they get sent through udpgw. I did also have the idea for a bit of setting up a ton of remote udpgw servers that Orbot users could randomly connect through, because that would allow for UDP to work over Tor... I really don't like running/managing servers however, but maybe Tor exit providers could start running udpgw instances? More on badvpn-tun2socks and udpgw here: https://code.google.com/p/badvpn/wiki/tun2socks https://github.com/guardianproject/badvpn +n -- Nathan of Guardian nat...@guardianproject.info ___ Guardian-dev mailing list Post: guardian-...@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: guardian-dev-unsubscr...@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info You are subscribed as: nat...@guardianproject.info -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] orWall 1.0.0 released!
On Fri, Oct 3, 2014, at 03:37 AM, CJ wrote: just a small update regarding orWall: it's released 1.0.0! There's still *one* annoying issue regarding the tethering, but it should be OK next week. Just have to take some time in order to debug this for good. I just want to say how gratifying it is to have another person in the Tor community really dedicating and dev cycles to mobile. It is great to see Orwall get to 1.0. orWall provides now a brand new UI in order to be easier to handle. There's also an integrated help (as a first-start wizard we might call later on). My main critique right now is that the UI is quite complicated, and has way too much text. I know your starting point was to automate the instructions from Mike's blog post, and you have achieved that. However, if we want to reach my goal (remove all root/transproxy features from Orbot), we need to still support the one or two-tap capability that Orbot now provides. Perhaps you could add a default easy mode which starts with this, and then hide the current UI under an advanced mode? There are many new features and improvements, like: These are all great, and go way beyond anything we have in Orbot! all the best! +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] orWall 1.0.0 released!
On Fri, Oct 3, 2014, at 03:37 AM, CJ wrote: just a small update regarding orWall: it's released 1.0.0! There's still *one* annoying issue regarding the tethering, but it should be OK next week. Just have to take some time in order to debug this for good. Congratulations. Will definitely do testing this week! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Anonymity of RSS readers
On Sun, Sep 21, 2014, at 07:49 AM, Christian Stadelmann wrote: b) using Tor This is a bad idea too since I regularly fetch some hundred RSS/Atom files, some of them via unencrypted HTTP. This would clearly undermine all anonymity provided by tor. This problem gets even worse when the RSS reader loads content (e.g. images, JavaScript, ...) when displaying the feeds. What can I do? What about configuring Tor to use separate circuits for different remote IPs: In the SOCKSPort config, you can enable IsolateDestAddr. If your RSS app uses SOCKS, then this should work. [1]https://www.torproject.org/docs/tor-manual.html.en References 1. https://www.torproject.org/docs/tor-manual.html.en -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: [guardian-dev] Orbot v14.0.8.1 (now with Tor 0.2.5.x)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks for all the hard work, little t Tor devs. We are really excited about moving to 0.2.5.x for Orbot. - Forwarded Message Subject: [guardian-dev] Orbot v14.0.8.1 (now with Tor 0.2.5.x) Date: Mon, 15 Sep 2014 09:45:05 -0400 From: Nathan of Guardian nat...@guardianproject.info Organization: The Guardian Project To: guardian-dev guardian-...@lists.mayfirst.org Pushed to Google Play, should be on FDroid.org, and any moment now on the GP Fdroid repos... APK: https://guardianproject.info/releases/Orbot-v14.0.8.1.apk GPG SIG: https://guardianproject.info/releases/Orbot-v14.0.8.1.apk.asc TAG: https://gitweb.torproject.org/orbot.git/tag/refs/tags/14.0.8.1 CHANGELOG: https://gitweb.torproject.org/orbot.git/blob/HEAD:/CHANGELOG Highlights from the release: * Update to Tor 0.2.5.7-RC: https://blog.torproject.org/blog/tor-0257-rc-out which has some fixes for the airplane mode feature we use to save battery life. This also means we can now support the Scramblesuit obfuscated transport, which required 0.2.5.x. * Multiple fixes for transparent proxying, including a bug (not all shell commands were being executed), a performance win (root shell is shared across all setup/teardown commands which speeds things up and makes it less memory intensive), and anti-leak improvement feature (all DNS is transproxied in app-by-app mode since DNS is sometimes resolved from a central service, and not the app) Thanks, and Happy Monday! +n ___ Guardian-dev mailing list Post: guardian-...@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: guardian-dev-unsubscr...@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info You are subscribed as: nat...@guardianproject.info -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUFu4nAAoJEKgBGD5ps3qpBDQP/3/ik1IVLHAV8JegeTWoUrgC 3ZWzgpI/jXlvqpTfA6KO+P4RSOuaTF8/PDP05SklgIetJfu6ZoWLX7Z/TmNwYTbH 6DBA+5okveOgm1jZEgdMcHTkayzrvVIBWvC1lAO70KASEp8doW8KN9M6x5uLvLf2 HwDRfYt4VSvIVyWIWG2cUeIu1p4OEuKi/iIOemL0gtF8QDTyKK8xBnY5TNNWG+/j yfidk3lcvlGT6Qn7xbybB94VVTYh4eT5m7GjYnfvB/jWuhI6RAWNbP/nc+mJc1lA Oe94+k8yIjWssoRIO8hW3yzXS5O1rnYzkKnJ6StxBBfvQzV9YMnolEaY5YrL/Tz8 EqJghmZ6ZGB1qoQpUdYr1yXwokQPHMkHhSlG/XCNkL+DDBo6tmzJBxtkD9jVOxpA /N5QggLRO7KxLTdA2q6+UaoW1ZJJzis+U8ZjAzXbNEbRKEPwA7T1FckYorCLbRSo T1YV/z47rujRjH846QJuGqACg4hx1PXkMKXHw5MWcdM7vbh7siZY5Np4SsciUBg/ utVhaZMYeX5sgQn6gx8G+vFvPqkGnxsZ6mv/9WqZaJUSBD/5xEHSu7jnnPrDgTPf pgdZE0d1pxxaVqCg/zto6lp9bxz5NTNerL2pxgtnZwytv8J1QW40k14K3+CYiaCN 8jy9vtkpgbVnYbh0IvC2 =lbTZ -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hidden service on Android device through Orbot
On September 8, 2014 12:55:13 PM EDT, Dimitar Milkov m...@programings.eu wrote: How i can set hidden service on my rooted Android phone through Orbot? From the Orbot interface, i requested root access and successfully granted the application with it. I have kWS server running locally, and i can access what server streams on 127.0.0.1 from my web browser. So, next i just set the server port in Orbot options, and as far as i understand, the hostname should be generated and be accessible in .Onion hostname field, but in my case it's not. The field is blank. I can't find the .onion hostname for my service in order to access it. What is wrong? Sounds like you have done everything right. Did you restart Orbot? You should see a notification about the hidden service being activated. Then it should display the value in the .Onion hostname field. Root is not required BTW for hidden services. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Better testing through filternets
I am working on improving our ability to do more thorough and standardized testing of Orbot, etc. As part of this, I am trying to come up with a simple filternet configuration based on OpenWRT, running on a TP Link MR3020. Currently, I have this working: - Use Dnsmasq to block high profile target domains (torproject.org, google, facebook, twitter, whatsapp, etc) - Block all HTTPS traffic (port 443) This simulates most of the common DNS poisoning and port blocking types attacks, though Tor can still easily connect at this point. I would like the ability to simulate a more severe environment, where for instance, Tor itself is targeted, and bridges are required. Any thoughts or experience doing this? - Block IPs/domains for known Tor Authority nodes - block based on Tor protocol characteristics: ssl certs, common ports, etc Thanks for any feedback, pointers, links, etc. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] (FWD) ISC Update: StoryMaker
On 08/02/2014 01:22 AM, Roger Dingledine wrote: An interesting-sounding success story of Tor in action -- and so well integrated that people barely even mention Tor. :) It is all my fault! I think every app would love to have a standard, easy way to include a powered by Tor or works with Tor graphic on it, or standard way to mention it. Perhaps this is part of a branding/outreach effort that can be done, so that all the amazing work that Tor does to allow apps like StoryMaker to build on it, is appreciated and touted. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Android app: Torrific (renamed to orWall)
On 07/28/2014 12:41 AM, CJ wrote: So, orWall. So be it. Welcome, little one:). orBot welcomes you! Just returning from an offline vacation and happy to see this thread and news. I would be more than happy to direct Orbot users who want this functionality to your app, once its stabilizes, and as long as we can assure a fairly streamlined user experience. In other words, I doesn't need to be all-in-one-app, but it should feel as close to it as we can make it. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: [guardian-dev] Orbot 14.0.5 Release Candidate 1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Forwarded Message Subject: [guardian-dev] Orbot 14.0.5 Release Candidate 1 Date: Mon, 28 Jul 2014 22:06:13 -0400 From: Nathan of Guardian nat...@guardianproject.info Organization: The Guardian Project To: guardian-...@lists.mayfirst.org The latest Orbot RC is here, now with Tor 0.2.4.23 hot off the presses. This update includes improved management of the background processes, the ability to easily change the local SOCKS port (to avoid conflicts on some Samsung Galaxy and Note devices), and the fancy new notification dialog, showing your current exit IPs and country. APK: https://guardianproject.info/releases/Orbot-v14.0.5-RC1.apk Sig: https://guardianproject.info/releases/Orbot-v14.0.5-RC1.apk.asc 543c887 update to latest tor and obfsclient 023ef2d boot receive does not need HOME category cbf4e99 handle CONNECTING state properly 6ed7ab0 onBoot perm should default to true 816d7d7 new icons for martus 6574312 new tips for app download 29a0641 make sure start on boot works properly 54a39f2 only show notifications if we have data 9d541d8 added mobile martus to rec'd apps 4d6c32a support dynamic SOCKS ip in polipo configuration 1cd0dcf fix proguard path for new sdk c4cf845 handle NPE in case service disconnects 1e6ff35 updating ant build shell permissions 498f647 remove external storage perm (debug log written internally) need to add ability to share internal file after marking it globa e1ec776 re-arch status callbacks and improve notification c7409b7 update commit pegs for external f2f076c fixes for layout and notification data be sure to only get the IP of the last hop (that is the exit) a6da4bf small cleanup of asynctask and error handling 181b922 make the notification larger for more display room! a82d2e4 remove unnecessary jar file 3bc8760 Merge branch 'new_notification_expanded' of github.com:amoghbl1/orbot-1 into amoghbl1-new_notification_expanded 41064d8 add persistent flag b4079f4 update transifex config 8a934c9 don't close socket, and use HALT for shutdown f9b38e6 if service is null, please start it a447bbf update strings -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJT1wLkAAoJEKgBGD5ps3qp//kP/1nRRuk+9dhsUOlXwMxg5cph isiwM2UHpjzU1i6eiMQW6BtV8MyPIchV5wik4BcICCEoJftCF81h/C3B0Rwee9j0 2a/8/OvG6URJJ3kV/dnVY85yiFTb8YeuYVG+WokL8aAKARzVxfP52PTRCvpX6DsP zea0oLO3yWGxdRDe5qCXhLknoFILhrfiYBgbcbVTJP/sFxUIVVHtDQghlLySs2UE 1BzBYbjvcUOWrQv0D7MOEQ/VCqK0Lrd5tsyJodREeIAyIyhsMzd+ZflcVWxhRBCD BKlaHlLGCMSKB8CV9YWOPlYZg4YQR/MBFy29TDr6y/1UEk4kFiY60DjgS9O3SuDS UQCQEpQlftQPBtd4nEKoTaw7FNfgYJd2/PpwWd/+AcvP9v5bj/vsMpItrLa6sovg vAW5/tRM/i12Zh6l8yn+a3W00mo0tLlZvUVq0tDJTcfQAyrVQZNympjdrZpJEwKu njMsHtOXMy0T0BtnO4p3TgB7t88qu+sLlX5IR3uaIPxlrOtgEzWkGMJsUSHm25Im hnK2QlIXZvYNcNgQyal/13kUSqbYJw8f2Bqxn2YdFP1sCZe1jm1DRR9IwAjZSFDl dnIXWvOWc8VbbCEBJMT4+oXxopMjuix+DaUI6QtGhwmKrbK2Ds3BOLbgl8ncFJES Z+u4kkPVC0p7JWauk3NY =XyCO -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha
On 05/04/2014 05:18 AM, George Kadianakis wrote: Nathan Freitas nat...@freitas.net writes: On May 3, 2014 4:18:28 PM EDT, George Kadianakis desnac...@riseup.net wrote: George Kadianakis desnac...@riseup.net writes: Nathan Freitas nat...@freitas.net writes: On May 3, 2014 6:10:58 AM EDT, George Kadianakis desnac...@riseup.net wrote: Nathan Freitas nat...@freitas.net writes: Orbot now supports Obfs3 and Scramblesuit, thanks to Yawning's help. Great news! Thanks! BTW, how are obfs3 bridges supposed to be used? This is the string I use for scramblesuit, copied directly from the bridges.tp.o page: scramblesuit xxx.xxx.xxx.xxx:x fingerprintxxx password=sharedsecretxxx I installed Orbot-v14.0.0-ALPHA-2a.apk and checked the Preferences menu. There used to be an option called 'Obfuscated Bridges' that it's not there anymore. I assumed that I just have to specify a bridge, and then prefix it with the transport name, like you do in the torrc. Yes. So I clicked on 'Bridges' and then inserted 'obfs3 ip:port' (with my own ip and port) and started up Orbot. Unfortunately, I think that it didn't work very well. In the logs I got: Adding bridge: obfs3 ip:port Hmm Add a fingerprint perhaps? Hm, I just tried that bridge again (without adding a fingerprint), and now I'm getting the usual PT error: We were supposed to connect to bridge 'ip:port' using pluggable transport 'obfs3', but we can't find a pluggable transport proxy supporting 'obfs2'. ... I'm not sure why I'm getting this today instead of the error I was getting yesterday [0]. I don't remember rebooting or changing anything. In any case, this new message usually means that obfsproxy crashed early: before being configured to be a Pluggable Transport. The same should be true for obfsclient too. Could it be a permission issue? We played a bit with Yawning on this. Are we sure that the ClientTransportPlugin is even set at all? Because looking at https://gitweb.torproject.org/orbot.git/blob/HEAD:/src/org/torproject/android/service/TorService.java#l1713 it seems that it depends on the boolean PREF_BRIDGES_OBFUSCATED which apparently is never set since commit 147b57af4. This seems to agree with my experience since I'm getting the log message Using standard bridges which is on the 'else' codepath. Or maybe we are missing something. Wow, I just realized that I removed that preference UI, but on my test device it was already set to TRUE, since I did not do a clean install. Thanks for the testing, and will push a new release our in next 24 hours with that fixed. Thanks! BTW, I'd suggest to parse the Bridge lines to figure out if PTs are used and only then insert a ClientTransportPlugin line (in contrast, to always adding a ClientTransportPlugin line). That's to avoid issues like #11658. I am doing that now, by looking for a supported PT type in the bridge config lines You can check if a Bridge line uses PTs, by checking if its second element is a C-identifier as the pt-spec.txt suggests. An IP:PORT is not a C-identifier because of the colon. That sounds like a better way, especially since PTs could be run outside of Orbot as separate apps. Here's a new alpha-3 build that has been tested on a few devices, with both obfs3 and scramblesuit bridges: apk: https://guardianproject.info/releases/Orbot-v14.0.0-ALPHA-3.apk sig: https://guardianproject.info/releases/Orbot-v14.0.0-ALPHA-3.apk.asc 14.0.0 (ALPHA-2) 583c758 updated to 14.0.0-ALPHA-3 90848b0 reduce memory usage of app and make single process ba90f73 cleanup of notification and process kill code 76ec147 add some more externalized strings e80c3bf check if installed apps are enabled 60a822a updated to 14.0.0-ALPHA-2b 69614fb updated Tor version to 0.2.5.4-alpha heartbleed blacklists for non-updated tor nodes 53673da fix bridge/PT enable code based on bridge types 9096f8c update 14.0.0-ALPHA-2a for some testers (samsung) 42d8ca1 for some devices, the process-id is listed first fd51281 make sure the unbind intent is not null b814019 improvement for network state checking code 648b10c updated changelog for v14 ea919c5 add the basic proguard support 147b57a remove unused preference 0dc50cc add log max size feature b9f14b3 ensure setConft on control port works consistently b056e7f remove debug waiter -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha
On May 3, 2014 6:10:58 AM EDT, George Kadianakis desnac...@riseup.net wrote: Nathan Freitas nat...@freitas.net writes: Orbot now supports Obfs3 and Scramblesuit, thanks to Yawning's help. Great news! Thanks! BTW, how are obfs3 bridges supposed to be used? This is the string I use for scramblesuit, copied directly from the bridges.tp.o page: scramblesuit xxx.xxx.xxx.xxx:x fingerprintxxx password=sharedsecretxxx I installed Orbot-v14.0.0-ALPHA-2a.apk and checked the Preferences menu. There used to be an option called 'Obfuscated Bridges' that it's not there anymore. I assumed that I just have to specify a bridge, and then prefix it with the transport name, like you do in the torrc. Yes. So I clicked on 'Bridges' and then inserted 'obfs3 ip:port' (with my own ip and port) and started up Orbot. Unfortunately, I think that it didn't work very well. In the logs I got: Adding bridge: obfs3 ip:port Hmm Add a fingerprint perhaps? Setting conf: SOCKSPort=127.0.0.1:9050 snip WARN: Controller gave us config lines that didn't validate: If you setUseBridges, you must specify at least one bridge. snip Starting polipo process and then Orbot bootstrapped directly, without using my bridge :/ Yes... Bridges are applied via the control port, and Tor will still bootstrap if the config settings fail. Maybe we should not do that on further thought. I'm not sure exactly why my bridge was not set in Tor. Maybe I'm not supposed to specify my obfsbridge using the 'Bridges' dialog? Will do more testing with obfs3. Cheers! PS: I think the move from the 'Obfuscated Bridges' box is a good idea. IIRC, the 'Obfuscated Bridges' box assumed that the bridge is obfs2, without even mentioning it to the user, which is not good now that we have more pluggable transport around. Yes this is a better design. We will be working on more ways to simplify bridge setup including qrcode scanning, NFC tapping and more. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha
On May 3, 2014 4:18:28 PM EDT, George Kadianakis desnac...@riseup.net wrote: George Kadianakis desnac...@riseup.net writes: Nathan Freitas nat...@freitas.net writes: On May 3, 2014 6:10:58 AM EDT, George Kadianakis desnac...@riseup.net wrote: Nathan Freitas nat...@freitas.net writes: Orbot now supports Obfs3 and Scramblesuit, thanks to Yawning's help. Great news! Thanks! BTW, how are obfs3 bridges supposed to be used? This is the string I use for scramblesuit, copied directly from the bridges.tp.o page: scramblesuit xxx.xxx.xxx.xxx:x fingerprintxxx password=sharedsecretxxx I installed Orbot-v14.0.0-ALPHA-2a.apk and checked the Preferences menu. There used to be an option called 'Obfuscated Bridges' that it's not there anymore. I assumed that I just have to specify a bridge, and then prefix it with the transport name, like you do in the torrc. Yes. So I clicked on 'Bridges' and then inserted 'obfs3 ip:port' (with my own ip and port) and started up Orbot. Unfortunately, I think that it didn't work very well. In the logs I got: Adding bridge: obfs3 ip:port Hmm Add a fingerprint perhaps? Hm, I just tried that bridge again (without adding a fingerprint), and now I'm getting the usual PT error: We were supposed to connect to bridge 'ip:port' using pluggable transport 'obfs3', but we can't find a pluggable transport proxy supporting 'obfs2'. ... I'm not sure why I'm getting this today instead of the error I was getting yesterday [0]. I don't remember rebooting or changing anything. In any case, this new message usually means that obfsproxy crashed early: before being configured to be a Pluggable Transport. The same should be true for obfsclient too. Could it be a permission issue? We played a bit with Yawning on this. Are we sure that the ClientTransportPlugin is even set at all? Because looking at https://gitweb.torproject.org/orbot.git/blob/HEAD:/src/org/torproject/android/service/TorService.java#l1713 it seems that it depends on the boolean PREF_BRIDGES_OBFUSCATED which apparently is never set since commit 147b57af4. This seems to agree with my experience since I'm getting the log message Using standard bridges which is on the 'else' codepath. Or maybe we are missing something. Wow, I just realized that I removed that preference UI, but on my test device it was already set to TRUE, since I did not do a clean install. Thanks for the testing, and will push a new release our in next 24 hours with that fixed. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha
Orbot now supports Obfs3 and Scramblesuit, thanks to Yawning's help. We are also experimenting with a switch to Polipo (https://github.com/jech/polipo.git) from Privoxy. Original Message Subject:Re: [guardian-dev] Friday Full of Updates Date: Fri, 02 May 2014 15:40:47 -0400 From: Nathan of Guardian nat...@guardianproject.info To: Guardian Dev guardian-...@lists.mayfirst.org On 05/02/2014 03:14 PM, Nathan of Guardian wrote: - Orbot has been updated to 14.0.0-ALPHA-2a, with amazing new support for Obfsclient pluggable transports like obfs3 and scramblesuit. There have also been many fixes related to solving the remaining problems on various Samsung Galaxy devices, as well. Actually, here is a release build of Orbot for testing: apk: https://guardianproject.info/releases/Orbot-v14.0.0-ALPHA-2a.apk sig: https://guardianproject.info/releases/Orbot-v14.0.0-ALPHA-2a.apk 14.0.0 (ALPHA-2) ea919c5 add the basic proguard support 147b57a remove unused preference 0dc50cc add log max size feature b9f14b3 ensure setConft on control port works consistently b056e7f remove debug waiter b2d4bb3 updated to v14-alpha-2 cbbc5e4 improve how we start/stop Tor, Polipo to find process id, do ps of all, then filter (most compat) use async service for Tor s t b31c11f updated icons with dark background 2b6ff4e update manifest for v14-alpha-1 05b6553 add binary stripping to makefile 21c1cad update binaries and torrc for obfs/PT work 144460b fixes for preference handling in multi process context 38700f9 updated to 0.2.5.3 for scramblesuit/obfs support d3865c0 fix settings handling and add more debug output also make SOCKS a runtime config d529334 clean up wizard context use 0178d3e add new binaries and configs for polipo and others 40546c9 change from privoxy to polipo for http proxy a4d8669 fix variable name to obfsclient 2f7a9dd update to new obfsclient repo 000cf57 update jtorctrl jar f485015 install obfsclient binary d003826 update binaries 4d3754b remove obfsproxy, update obfsclient 7af85b5 small updates to Makefile for NDK 2c2d094 Integrate obfsclient/liballium into the build process 43c259a Update the obfsclient submodule to include Android fixes a6af878 liballium/obfsclient should be sourced from tp.o repos signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha
On May 2, 2014 6:34:25 PM EDT, intrigeri intrig...@boum.org wrote: Hi, Nathan Freitas wrote (02 May 2014 19:44:35 GMT) : We are also experimenting with a switch to Polipo (https://github.com/jech/polipo.git) from Privoxy. Jacob was strongly advocating that we do the exact opposite change in Tails, so I'm curious why. Yes, it seems that when Polipo was removed from TBB (since it was no longer needed for Firefox proxying), that around the same time (2011?) there were some serious security bugs discovered, and development on Polipo was dormant. This led to Tor switching back to recommending Privoxy as the HTTP proxy for those that need one. However, Polipo is being actively maintained again, and the known issues addressed. I wanted to explore its use with Orbot because it does seem to use less memory than Privoxy, and is a bit faster as well. It is also cleaner to integrate due to the project being available as a git repo. If there is conclusive evidence or a community decision that Polipo must not be used, I am willing to follow that, but for now, we are experimenting in alpha-ville. +n -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot and ChatSecure not working on CyanogenMod
On 04/19/2014 02:24 PM, Elrippo wrote: Since the last update, regarding the occurence of the heartbleed bug, from Orbot I can not use ChatSecure with Orbot. You should grab the latest Orbot 13.0.7-BETA-1 (which is actually now tagged as 13.0.7 since it is stable). It is in our repo, and available directly here: https://guardianproject.info/releases/Orbot-v13.0.7-BETA-1.apk (and gpg sig: https://guardianproject.info/releases/Orbot-v13.0.7-BETA-1.apk.asc) We had a few very unstable beta/RC's but things seem sorted now. Thanks and please get in touch with me directly if you have further problems. +n signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot v13.0.6-BETA-7 vs. heartbleed
The about string is wrong and has been corrected in our latest RC release. Sorry for the confusion. On April 15, 2014 4:45:27 PM EDT, Nusenu bm-2d8wmevggvy76je1wxnpfo8srpzt5yg...@bitmessage.ch wrote: Hi Nathan, from the changelog of v13.0.6-BETA-3 CHANGELOG for v13.0.6-BETA-3 [...] 7229c52 updated to openssl 1.0.1g The About in Orbot v13.0.6-BETA-7 still says: 3rd-Party-Software: [...] OpenSSL v1.0.1e: http://www.openssl.org which would be a version that is vulnerable to HB. Is the About or the changelog wrong here? thanks! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Fwd: [guardian-dev] Orbot v13.0.6-RC-3 released
Original Message Subject: [guardian-dev] Orbot v13.0.6-RC-3 released Date: Tue, 15 Apr 2014 23:23:59 -0400 From: Nathan of Guardian nat...@guardianproject.info To: Guardian Dev guardian-...@lists.mayfirst.org, guardian-annou...@lists.people-link.net Aside from a linger startup issue with random Samsung Galaxy S3/4/5 devices, this RC-3 is looking very good, and will likely be final, so we can move on to v14-alphas! The big improvements in this build are a fix for the disconnected UI/activity (Tor is on, but UI shows off), and improvements to the transparent proxying iptables scripts. There were problems related to resolution of onion addresses (AutomapHostsOnResolve has been disabled in torrc), and in some cases DNS leaks were occurring in the previous beta's, RC's. If you do have root+transproxy enabled, please test your browser against https://www.dnsleaktest.com/ and http://ipleak.net/ and let me know if you see any issues. Also, if it has not been made clear, this v13.0.6 update does include OpenSSL 1.0.1g for #heartbleed's sake. APK: https://guardianproject.info/releases/Orbot-v13.0.6-RC-3.apk SIG: https://guardianproject.info/releases/Orbot-v13.0.6-RC-3.apk.asc 13.0.6 89fc2e6 updated to 13.0.6-RC-3 b9eeb37 ensure Service has foreground priority so it is not killed (and improve onBind() calls to reset state if it is killed) 3824bc5 improving control port connection code adding additional logging for problems with Samsungs fa6c101 bump version to 13.0.6-RC-2 cc020f5 small tweaks to Tor binary startup code 16799ef add automapresolve to ensure .onion address are handled 06d5a6f improve process lookup code cd8b7e4 connect to localhost instead of 127.0.0.1 4673f04 update UI on rebind of service c68ce2c fixes for transproxy to fix DNS leaks in some cases latest RC was leaking DNS due to updates iptables/xtables binary and need 915ff8a updated to 13.0.6-RC-1 3413b34 fixes for getting process id of Tor process e9d0fea updates resources and tx config for tagalog 10938ed update string resources from transifex 5326d2b updated string values for components 8d73be6 bump to 13.0.6-BETA-8 af95098 remove persistant flag, as its only for system apps 831a52a improved logging and exit code reporting for transproxy f853271 fix Service init/bind logic also remove updates for background drawing to save memory 8445f2e ensure appmgr doesn't fail on loading apps also don't load icons to improve memory usage 227253d updates to optimize resource memory usage ed76f8b update to 13.0.6-BETA-7 60a79a2 more updates to install clean-up process f885059 fix problem with UI rotation and screen update efb9a8c update to 13.0.6-BETA-6 bf8a92c use AbsolutePath instead of Canonical; fix kill code e1b1ca0 add constants for folder names e8116f4 ensure existing files are deleted before upgrade 25f4ac8 adding new small icon 981123f update to 13.0.6-BETA-5 b6a9b48 ensure existing binaries are removed before install problems may be caused by soft links or old bins ef14ac5 fix large icon incorrect display in alert dialogs bab67b7 small fixes for the wizard with new UI 3d1f391 updates for icons, backgrounds and improved drawing code to solve issues related to outofmemory 9d1311c updated to dark icon b329920 update to BETA-4 for Permission changes c9bf8d2 fix Shell calls so that we close() shell when done e78486a update to support specific permissions for Service this is an attempted fix for Samsung S3/Note3 issues 7990644 update version to 13.0.6-BETA-3 917ea6e fix for mikeperry transproxy leak bug find https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html fc0554f fix for binary version upgrade support 4ed6ea1 updated pre-built binaries 7229c52 updated to openssl 1.0.1g 6bce7d5 fix ant build script and target e5b70ba improve shell command, root and permissions handling b734c6c add new library for superuser/shell commands dda5633 updated to 13.0.6-BETA-1 298f73c update Tor version code 75d3ecb update language wizard display to be more clear fe44c29 add binaries (for non NDK developers) 05bf5b7 add/update translations from transifex 344e914 add transifex tx config 8140b32 a little bit of cleanup of new binary installs e25dc08 fixes the menus for appcompat library cc8d3e1 update to return to binaries as ZIPd res/raw stop using the libs/armeabi hack method b59bd1a remove binary apps/libs 445f63f updates ant build for new actionbarcompat 765a3bf updated graphic 8c20759 removed ABS depdency in favor of AppCompat d0d7880 Signed-off-by: Nathan Freitas nat...@freitas.net 75a0d34 Signed-off-by: Nathan Freitas nat...@freitas.net e5fdf28 updated binaries from new build script 57ef1c3 Fix building of openssl on newer systems b5a043a updated Makefile to not build libevent TESTS dab37b5 setting to 4.6 for compat 1a346cf updated makefile 02c389c updated obfsclient external 06b46f1 updated to only build tor binary and not tests, etc d311f71 13.0.6 minor UI updates, Tor version update a24eacd add hi