[guardian-dev] Orfox design and development questions

str4d str4d at i2pmail.org
Wed Jul 15 00:35:28 EDT 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello guardian-dev!

In stock Fennec (Firefox for Android), the only way to configure a
proxy is via about:config (or the now-deprecated ProxyMob plugin).
Currently in Orfox, Orbot's SOCKS proxy is set by default in
about:config, and Orbot's HTTP proxy is hard-coded into the Java
settings. I have been poking around at Amogh's Orfox branch, and have
made a patch set that collect together the various places that the
HTTP proxy is hard-coded into a single location [0] (yet to be pulled).

(My eventual goal is to help add I2P support to Orfox. Having
hard-coded Tor dependencies scattered through the codebase doesn't
help me :P )

Amogh pointed me to the existing ProxySelector code [1] and asked that
I integrate my patches into this. However, when I looked into it
further, I discovered that the ProxySelector code's purpose is that
when "use system proxy settings" is selected, Firefox picks up the
system proxy configuration from Android's APN or WiFi settings [2].
This got me thinking more broadly about how Orfox will be used.

Ideally, we could set the proxy settings in a single place, and they
would propagate everywhere. Amogh tells me that it is possible to have
the Java layer listen to the Gecko layer. IMHO this should be default
behavior and is probably a patch that needs to be sent upstream to
Mozilla.

But assuming that we _do_ get Orfox to this point, the next issue is
how we select the proxy settings, or present them to the user. Do we:

- - force Orbot-only (the status quo)?
- - leave users to delve around in about:config?
- - listen to the system proxy settings?
- - support multiple proxies (e.g. .i2p through I2P, .* through Tor)?
- - bundle the NetCipher and/or I2P Android client libraries?

How development progresses IMHO depends on both of these points. (See
the appendix for a braindump on development pathways.)

So, my question is: what is Guardian Project's design goal for Orfox?
How do you envisage people using it, and how do you envisage them
configuring it?

str4d

[0] https://github.com/str4d/privacy-browser
[1]
https://dxr.mozilla.org/mozilla-central/source/mobile/android/base/util/
ProxySelector.java
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=749352


Appendix:

If Orfox is going to only support explicit hard-coded proxies, then
the status quo is "sufficient", but hard to maintain. The trivial hack
to get the proxy settings right throughout (while keeping them all
being set in one place) is to configure "use system proxy settings"
via Firefox settings, and modify ProxySelector to reply with the
hard-coded proxy settings. That would make building Orfox for use with
other proxies or networks easier.

If Orfox will be usable as a general privacy-oriented browser that can
be used with any anonymity network or proxy (or potentially neither),
then extra UI and backend code will be required. I have a feeling that
it might be possible to bundle all of this into ProxySelector, but
that would mean maintaining separate proxy settings, and explicitly
ignoring the Gecko ones (and potentially modifying the C code).
Alternatively, the new UI code could set the Gecko proxy settings, but
this would necessitate additional code to support multiple proxies at
once (or an add-on, but with ProxyMob deprecated it's probably better
to have the modifications built-in).
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVpeMBAAoJEBO17ljAn7PgAp0P/17BmsibjHrrak8FLlVzrzkI
IuV4GXd/hziByYrib+ZdZ4HEi5dC8UCmQG7d8lgNfmiHYmPmsys57aucbA2y4zaE
7+LUze8RWje58JUcWVLuO8VsvjiF7+MjsgOIf65fWNdw3JEGONiXFIHtcKJ62iOx
eiCSfOM1AUphugvmkiFkpW4GJDNmehI6AP8CV8BP/PZjaVNlXc4e1uCKG0j90xWK
p4w3fA/hTfyMatWxyPSzZ6Io70aBS2FRvMHoRfWcqb1nzxpV8LHuhMxS6GVM1Ld/
BemhjYUUBkZHxIZWGEMwG2rVjsijwFS1w4UnaT6ppYCbEfuOGyGgCiBcqa3hR/SL
27p4By9ebNgtbRPTzTyWRF9y0l8s151nDWKrXWEDRUqc+Il06o5MkNQZHlniJNrl
AaNy3ZndiEUqCn6aD0xFPTZSDwvomQUpO9LwOMw752NR2mYIHvLTQolncf8JpMmq
9Dmd5VuHud08T3L+3N6AJwrlWBf7kuAwFQq/+jjU1fo5m3F6BZttNCRBHfV9xjKg
ZbtX6s3sYxal/rBUHekVZ9iiN7I6pDlono3Wt1Wg/2YKMR5RG5nZarmP8z32g0fO
eGyrygdj/VL6jm+h4akEGKhoErrk4tm48uSu/Tam0M9swc5th7cvyZVaSvvLuHYE
+oBL5mHYqR5MDZq93KUk
=YW0o
-----END PGP SIGNATURE-----

More information about the guardian-dev mailing list