On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote: > the usage instructions for Tor on Android at > https://www.torproject.org/docs/android.html.en > are unsafe for Firefox users.
> Firefox on Android downloads favicons without respecting proxy > preferences. See here: > https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12 Yes, that page is very out of date and needs to be updated. It wasn't a bug originally, but when Mozilla started moving more code over to Android/Java domain, they introduced it. I am making it a priority to make sure it is accurate. We have also removed the Proxy Mobile add-on from the Mozilla Add-on store awhile ago, when the favicon leak issue was discovered. We have also had a variety of issues with successful proxying of third-party web browser / engines on Android, including various bugs with WebView/WebKit proxying depending upon the Android OS version or device type you are running. > (I tried different configurations of Orbot and Firefox. Also “Tor > Everything” fails, both with HTTP proxy at port 8118 and SOCKS proxy > at 9050.) Hmm... "Tor Everything" should work if you have a rooted Android device with a kernel that supports iptables properly. Also, if you haven't seen Mike Perry's post on Android hardening/tuning, please read it: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy Which Android OS are you running, and which version of Orbot? Have you tried the latest "Apps VPN" feature that tunnels all device traffic through Tor without root? > My current attempt for Firefox with Orbot is to configure localhost, > port 8118 as system HTTP proxy (long press Wi-Fi connection -> > Modify network -> Show advances options). Then, in Firefox verify > via about:config that network.proxy.type is set to 5, which should > be the default and lets Firefox use the system proxy, which is also > used to fetch favicons. Yes, for Wifi connections this will work reliably. > Probably, there are more pitfalls. Any suggestions? I think running CyanogenMOD or a similar rom, and using transparent proxying, either by app or all, on boot, and optionally with Mike's extra hardening, is the most complete solution. If you don't want to go that far, then the Apps VPN feature feature should do, or manually setting the wifi proxy as you have. Finally, if you use Orweb (super basic) or Lightning Browser (most features you want), there is no favicon or other leakage. +n -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
