[guardian-dev] NetCipher: How Do I Know That It Is Working?

Hans-Christoph Steiner hans at guardianproject.info
Tue Feb 16 05:13:17 EST 2016

Mark Murphy:
> On Sat, Feb 13, 2016, at 14:32, Nathan of Guardian wrote:
>> For apps that want to absolutely guarantee access via Tor, you can also
>> setup a .Onion hidden service. This would.not resolve if your request is
>> not being proxied.
> Unless I'm totally missing something in the world of Tor, an .onion
> hidden service is something that would be done on the server side. A
> client-side developer cannot unilaterally create an .onion hidden
> service, and even if it were done, that would only work for that
> particular service. So, for a developer creating an app for their own
> server, a hidden service is certainly conceivable.
> A developer creating an app for a user's chosen server, or even just
> some third-party server, can't go that route (again, unless I'm missing
> something). And while we can change the client code to temporarily hit
> something else (e.g., check.torproject.org)... that's a bit like the old
> joke about looking for one's lost car keys under the streetlamp, rather
> than where the keys might have been lost, because the light's better
> there. :-)

There are lots of existing, open onion addresses that can be used for
testing.  That's probably the easiest way to test right now.  For
example, try connecting to:


That one requires TLS, which makes it a bit harder to use. You can use
this Debian mirror's plain HTTP onion address:


Another way to test with non-onion addresses it to install orWall on a
rooted device (I guess it'll work on an emulator also).  Then configure
the app that you are testing by long-pressing it in the orWall Apps
listing.  Set that app to "Use application native capacity (Fenced
path)".  That will block all non-Tor connections, but not enable
transparent proxying.


PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556

More information about the guardian-dev mailing list