[guardian-dev] Orbot 1.0.4 RC for testing
Jacob Appelbaum
jacob at appelbaum.net
Tue Sep 21 03:27:03 EDT 2010
On 09/20/2010 09:33 PM, Nathan Freitas (GuardianProject) wrote:
>
> Thanks for the report.
>
Sure thing.
> On 9/20/10 11:48 PM, Jacob Appelbaum wrote:
>> with transparent proxying - when a device resets, Orbot does not
>> automatically launch on the subsequent boot. The end result is that
>
> It is definitely possible to start Orbot and transparenty proxying on
> boot. However, in order to do this, we need to request the "Read Phone
> State" permission. This is one of those overly broad Android permission
> bits that reads to some "Give this app permission to monitor all my
> calls", when in fact, all we need it for is to be able to get notified
> that the phone has booted up.
It's a bit weird that they don't have a "start at boot" permisson.
>
> There has been a desire to keep the core Orbot app required permissions
> to a minimum. At this point, we only require the "Access Internet"
> permission. The solution I have been considering is to create a second
> helper app that would be called OrbotOnboot or OrbotLauncher, and this
> would have the extra permissions needed for this configuration.
>
I think the transparent proxy stuff isn't safe without biting the bullet
and giving it the permissions that it needs...
> The other option would be to offer a Orbot-Lite and Orbot-full version,
> with lite always being the most paranoid configuration, and full
> offering all the rich, cool features we could think up.
>
I think if you're really paranoid, it's reasonable to build your own. I
mean, no amount of permissions keeps a phone safe. If you want to pop
root on a Linux box, you just need user code execution...
>> Is there a way to ensure that Orbot is started before any other services
>> and every time the phone starts?
>
> If we use this official method described above, I am not sure if you can
> control the order things startup.
That sounds like a potential for leaking. I wonder if this is true? I'll
do some digging.
>
> Since Transproxying requires root however, perhaps, I am thinking of
> this the wrong way.... if we have root permission, perhaps we can do
> something at the Linux level to solve this issue.
>
We can certainly muck with things... I fear the wrath of Android users
who end up with stuff that is hard to uninstall.
Sincerely,
Jake
More information about the Guardian-dev
mailing list