[guardian-dev] [tor-talk] orplug, an Android firewall with per-app Tor circuit isolation

coderman coderman at gmail.com
Sat Feb 13 23:17:25 EST 2016


On 2/12/16, Rusty Bird <rustybird at openmailbox.org> wrote:
> ...
> In my layman's prejudices, the VPN approach's upsides are: no
> superuser privileges needed, and standardization across ROMs. And the
> downside (really unsure here): that some packets, from system
> processes or early in the boot process, could escape the filters?

with VPN approach you don't get to control traffic outside routed
range, or before VPN activates, or fail-safe if it drops
un-expectedly, or ...

it's better than nothing, for some less sensitive uses.


note that a tor enforcing gateway approach is preferable to
transparent proxy, security wise. e.g. corridor. i haven't seen this
applied to Android env, which might be interesting safety buffer
around Orweb&Orbot.


best regards,


More information about the guardian-dev mailing list