[guardian-dev] Orbot v15 alpha 4

Hans-Christoph Steiner hans at guardianproject.info
Tue Feb 24 11:08:36 EST 2015 


Nathan of Guardian:
> 
> 
> On Tue, Feb 24, 2015, at 05:08 AM, Hans-Christoph Steiner wrote: 
>> Looks like lots of interesting stuff in there.  I think you also left out
>> that
>> there is a basic browser included now in Orbot.
> 
> Ah yes, that is true. This is based on the confusion of users about
> needing to download a separate app to browser through Tor, if they
> aren't using the VPN mode.
> 
> The idea was also to have a very simple baseline browser in the app, and
> then to release Orfox (Tor Browser for Android) as our new full browser
> app to replace the existing Orweb app. Perhaps then the embedded Orweb
> is not useful, and we should either tell users to 1) use VPN mode or 2)
> use Orfox.
> 
>   I'm wondering what the,
>> security ramifications of that might be.  I don't really know much about
>> the
>> Android WebView, but I've looked into heartbleed issues quite a bit, and
>> one
>> related thing that I learned from GnuPG v2.1 and gpgme is that key pieces
>> of
>> security infrastructure should be well separated from everything else. 
>> In
>> gpgme, it is a library that wraps the GnuPG command line tools, so that
>> the
>> app using gpgme does not share the same memory space as the GnuPG command
>> line
>> tools, which are working directly with the private key material.
> 
> Tor runs as a separate binary, in a separate process.
> 
> Also, locking down WebView as much as possible, disabling javascript,
> plugins, etc would be my goal. Again, very simple, not for interactive
> apps, just for searching, reading, etc.
>
>> So extrapolating from that and thinking about Orbot with embedded
>> WebView, are
>> there attacks made possible by embedding WebView into the same app as
>> Tor?  Is
>> there a good way to fully isolate the embedded WebView?  My guess is that
>> there are attacks made possible by this architecture, and that it would
>> be
>> difficult to keep the WebView stuff separate from the code that controls
>> Tor.
> 
> The TorService portion of Orbot does have access to the Control Port of
> the running Tor process, and the necessary read access to the
> authorization cookie/file in order to access it.
> 
> Currently, TorService runs in the same process as the OrbotMainActivity
> and BrowserActivity... we could put it into its own separate process, so
> then the only interface would be through the Intent startService()
> commands.
> 
> Thanks for thinking about this, _hc!
> 
> +n

Yeah, I was thinking about the code that controls the Tor binary, and has the
ability to read all the status information.  That's the part I was thinking
that should be isolated. Does moving that stuff to a separate process actually
isolate functionality from the BrowserActivity, or would it just isolate the
direct interface to the Tor daemon?  If malware just had to use the internal
Orbot Java API to TorService rather than the Tor daemon itself and get the
same result, I don't think the isolation would really provide much benefit.

.hc


> 
>>
>> .hc
>>
>> Nathan of Guardian:
>>>
>>> More progress on better bridge support and "full device" VPN mode... and
>>> a bit of a UI update, too!
>>>
>>> APK: https://guardianproject.info/releases/Orbot-v15.0.0-ALPHA-4.apk
>>> ASC: https://guardianproject.info/releases/Orbot-v15.0.0-ALPHA-4.apk.asc
>>>
>>> On the bridge front, we now support QR code scanning, since the
>>> https://bridges.torproject.org/ site now displays bridge info as QR
>>> codes optionally. You can also display your current bridge config as a
>>> QR code, so that your friends can easily scan/set it up for themselves.
>>>
>>> To use the "Meek" bridge, you just turn on bridges w/o having any config
>>> (press the new [BRIDGE] button on the main screen), and it will use the
>>> Meek Azure bridge by default. If you set the config info to 1 you can
>>> use the Google Cloud bridge, 2 = Azure and 3 = Amazon AWS. If you want
>>> to learn more about why you would send your Tor traffic through Google,
>>> Microsoft or Amazon, read here:
>>> https://trac.torproject.org/projects/tor/wiki/doc/meek
>>>
>>> Finally, the VPN mode is working well, but you can't use bridges with
>>> VPN mode together yet... still trying to make that work smoothly.
>>>
>>> *****
>>>
>>> * Better Bridge Support
>>> fb9a6c9 support for sharing/display bridge config as QR code this is
>>> needed for sharing of bridge data between people in the same phy
>>> 068cd05 more bridge and proxy configuration clean up
>>> 31053ad add support for scanning QR codes for bridges
>>> f22978e update pluto
>>> bff6d0f add support for meek PT
>>> 266c297 update to latest pluto for meek-client
>>> 22e75a3 update pluto to latest
>>> 431dff5 remove integrated pluto code
>>>
>>> * Full Device VPN Mode
>>> dd09c6b tuning boot code to work with VPN
>>> b2ec768 more work to get bridge VPN mode to work
>>> f2490d9 handle all exceptions in socks proxy
>>> 9c77526 move HTTP VPN bypass proxy to 9998
>>> 096eae7 implementing http server for meek-client VPN bypass
>>> 1e5651e improve VPN clean-up code
>>> a2662c3 improve VPN activation
>>> c220ec9 re-enable DNS settings after you start Tor
>>> 6832363 use IP instead of "localhost" name
>>> 7f42265 launch the internal or system browser depending upon VPN mode
>>> 1852cde enable local DNS listen on 10.0.0.1 for VPN service also add
>>> support for stopping VPNBuilder instance
>>> ec4350e update VPN to toggle button
>>> 9467d7d clean VPN proxy settings before startup
>>> d63d10d massive cleanup of merged code from Ony fork removal/comment out
>>> of LoggerFactory log system
>>> a78e458 Merge branch 'ony-dev' into v15-dev
>>> 5c80572 Merge branch 'master' of https://github.com/SuppSandroB/Ony into
>>> ony-dev
>>> 4c49822 clarify vpnprotect code and add basic debug log
>>> 1464901 added badvpn as local folder
>>> 72a0173 delete as it should not be as subproject
>>> 90db557 clone of badvpn for dns fix
>>> 1472b4e some missing files added to git repo
>>> 08c220f clean up VPNBuilder setup code
>>> 91a72ef add in basic debug output
>>> fb3e27b more clean-up of VPN service code
>>>
>>> * Integrated Orweb simple browser
>>> 5a8aa88 add new gitmodules for orweb and pluto support
>>> 40b8f48 set to lib_orweb branch
>>>
>>
>> -- 
>> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
>> _______________________________________________
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> 
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81

More information about the guardian-dev mailing list