[guardian-dev] Tor Browser for Android

Hans-Christoph Steiner hans at guardianproject.info
Fri Aug 30 15:11:08 EDT 2013 

That is great that you are already taking this on!  We're definitely
interested in working with you.  Do you have any of this posted somewhere,
like a public source repo? Or a test build to try?  Nathan, who has done the
vast majority of the work on Orbot and Orweb, is currently out on paternity
leave, so he'll be slow to respond in the next months.

But I can help here and there to keep the momentum moving.  I think the first
thing to do is to get your code up in a public source repo where people can
check it out and contribute to it.

.hc

On 08/29/2013 12:21 PM, BM-2D8PEYnrD5WdZsZyUoM771P9m9puJLtZXW at bitmessage.ch wrote:
> Hi,
> 
> I saw the recent discussions about Orweb and wanted to contribute. I
> believe creating a Tor Browser Mobile (based on Firefox Mobile) is the
> only way to go. It would be really great.
> 
> Some months ago, I tried to create a Tor Browser for myself on Android.
> Firefox Mobile was just started being shipped with the Private Browsing
> mode. I spent a few weeks to make it look like an ordinary Tor Browser on
> a PC. I don't know programming but I can edit or copy simple codes. As a
> result, it had a very similar fingerprint behavior and lots of features
> from Tor Browser, except the patches made on Firefox (I only copied the
> codes to fake the timezone).
> 
> So here are the steps I did as I remember:
> 
> 1- Downloaded the https everywhere add-on version 2.2.3 and add the code
> (install.rdf file) to make it work for Firefox Mobile (Android).
> Naturally, it didn't have a GUI but it worked.
> 
> 2- I downloaded the latest development version (4.x) of https-everywhere
> and copied the rulesets from it to my modified add-on (2.2.3).
> 
> 3- I compared almost every single preference between my Firefox and the
> Tor Browser on PC. Copied lots of the prefs, modified some to fit for the
> Mobile Firefox. Since the Mobile version has also its own preferences, I
> tried to learn what each of them does and configured them for best
> protection (like disabling sensors, camera etc.).
> 
> 4- With the private browsing pref, even though the browser doesn't open
> the private browsing mode by default, it was acting like the Private mode
> in the normal mode too. No history was being logged.
> 
> 5- I couldn't find how to manually change the prefs for a Firefox Mobile
> installation. So I added my prefs to the defaults/preferences.js file of
> my modified add-on (https-everywhere). This way, even if the preferences
> change when you use Firefox, after restarting the browser the prefs will
> be set to default again.
> 
> 6- The results on the ip-check.info test was nearly identical except the
> time zone and screen size. Since it was easy to apply, I copied the
> timezone patch codes from Tor Browser to my modified add-on (to the
> /components/https-everywhere.js file) so it looked like UTC on the tests.
> Using a pref from Firefox Mobile, the width looks like 1000px on the test
> but there isn't (or I couldn't find) anything for height. So height was
> unique.
> 
> 7- There is a mobile version of noscript which is still alpha but it
> works. http://noscript.net/nsa/ Considering the screen size fingerprint
> issue, it's better to disable javascript by default on Noscript (the other
> javascript fingerprints are same as Tor Browser), but I found it a little
> time consuming and hard to enable scripts per-site using Noscript, there
> seems to be a new version of it since I used it. Maybe things got better.
> 
> 8- Now, everything was working functionally but when monitoring the
> network I found it was possibly leaking some DNS (I'm still not sure,
> Orbot was showing warnings and sometimes the monitoring app was catching
> requests, not always). So, as a workaround I used a good firewall for
> android and didn't allow Firefox to connect to internet at all (by
> blocking the direct use of cellular network or wifi) but since it was
> configured to go through Orbot it was working and it became very secure.
> Even if there were no leaks or we/you patched Firefox or found a pref to
> prevent any possible DNS or other leaks, using a firewall should still be
> strongly recommended.
> 
> 9- I also tried adblock plus extension (of course, not recommended for
> fingerprint issues). The GUI wasn't letting me edit the lists so I copied
> them (elemhide and patterns) from my PC and it worked well.
> 
> 10- Everything was great for my expectations, the main drawback is, since
> there were lots of rulesets in the development version of https-everywhere
> and the adblock plus had a huge list, completely starting of the browser
> was taking 15-20 seconds and it was using more RAM than regular Firefox
> Mobile. So it's better to have a powerful device with lots of RAM and a
> fast processor.
> 
> This was a quick post, not very detailed, you may ask any questions. I can
> help if you are considering to get TBB on Android. It would be great to
> have all the missing patches from Tor Browser too, which I cannot
> implement myself.
> 
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Guardian-dev mailing list