[guardian-dev] Orfox is the new Orweb

Nathan of Guardian nathan at guardianproject.info
Thu Dec 5 12:02:20 EST 2013 

Google has broken WebView for us again with Android 4.4, and there is no
easy out. We can't enable proxying by reflection, intent, or any of the
many other methods I have tried. It may still be possible via JNI to the
native libwebviewchromium.so, but I haven't quite got there yet.

In the meantime, I am much more excited about Mozilla's new effort to
make a reusable Android component out of Gecko, and we have a new
project based on that. It solves many other problems that
Orweb/Webview/Webkit had as well, and puts us on the path towards a full
Tor Browser equiv on Android.

There is still a great deal of testing to do, and little bit more UI
work, but I hope to have something out in alpha shortly for all the
Android 4.4 users without a solution (other than rooting/transproxy) for
Tor-based browsing right now.

***** Orfox project ****

This project was originally based upon the geckobrowser sample
(https://github.com/mfinkle/geckobrowser) and the Orweb browser project
from Guardian Project. It is basically feature complete (and MORE) with
Orweb, but without any preference screen yet!

Project tracker: https://dev.guardianproject.info/projects/orweb
Nightly builds: https://guardianproject.info/builds/Orfox/

Here are the privacy-enhancing preferences that are on by default:

Match Tor Browser "generic" user-agent:

		setUserAgent("Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101
Firefox/17.0","en-us,en;q=0.5");

Turn on proxying to local Tor / Orbot proxying by default:

		PrefsHelper.setPref("network.proxy.type",1); //manual proxy settings

		PrefsHelper.setPref("network.proxy.http","localhost"); //manual proxy
settings
		PrefsHelper.setPref("network.proxy.http_port",8118); //manual proxy
settings

		PrefsHelper.setPref("network.proxy.socks","localhost"); //manual proxy
settings
		PrefsHelper.setPref("network.proxy.socks_port",9050); //manual proxy
settings
		PrefsHelper.setPref("network.proxy.socks_version",5); //manual proxy
settings

Disable dish cacheing:

                PrefsHelper.setPref("browser.cache.disk.enable",false);
                PrefsHelper.setPref("browser.cache.memory.enable",true);

                PrefsHelper.setPref("browser.cache.disk.capacity",0);

Ensure data is cleared on shutdown:

                PrefsHelper.setPref("privacy.clearOnShutdown.cache",true);
                PrefsHelper.setPref("privacy.clearOnShutdown.cookies",true);

PrefsHelper.setPref("privacy.clearOnShutdown.downloads",true);

PrefsHelper.setPref("privacy.clearOnShutdown.formdata",true);
                PrefsHelper.setPref("privacy.clearOnShutdown.history",true);

PrefsHelper.setPref("privacy.clearOnShutdown.offlineApps",true);

PrefsHelper.setPref("privacy.clearOnShutdown.passwords",true);

PrefsHelper.setPref("privacy.clearOnShutdown.sessions",true);

PrefsHelper.setPref("privacy.clearOnShutdown.siteSettings",true);

Do Not Track!


PrefsHelper.setPref("privacy.donottrackheader.enabled",false);
                PrefsHelper.setPref("privacy.donottrackheader.value",1);

Disable 3rd party cookies:
                PrefsHelper.setPref("network.cookie.cookieBehavior", 1);

Don't send a referrer:
                PrefsHelper.setPref("network.http.sendRefererHeader", 0);

Make sure certificates are up-to-date:
                PrefsHelper.setPref("security.OCSP.require", true);
                PrefsHelper.setPref("security.checkloaduri",true);

Don't display mixed content (i.e. not secure content on a secure page)


PrefsHelper.setPref("security.mixed_content.block_display_content", true);

Disable peer-to-peer WebRTC leak:

PrefsHelper.setPref("media.peerconnection.enabled",false); //webrtc disabled

Disable ciphersuites that are not safe:

                //disable rc4

PrefsHelper.setPref("security.ssl3.ecdh_ecdsa_rc4_128_sha",false);

PrefsHelper.setPref("security.ssl3.ecdh_rsa_rc4_128_sha",false);

PrefsHelper.setPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha",false);

PrefsHelper.setPref("security.ssl3.ecdhe_rsa_rc4_128_sha",false);
                PrefsHelper.setPref("security.ssl3.rsa_rc4_128_md5",false);
                PrefsHelper.setPref("security.ssl3.rsa_rc4_128_sha",false);

******
GeckoView assets and libraries from
[here](http://ftp.mozilla.org/pub/mozilla.org/mobile/nightly/latest-mozilla-central-android/).
You want the geckoview_library.zip and geckoview_assets.zip files.

More information about the Guardian-dev mailing list