[guardian-dev] supporting manual hidden services in Orbot WAS: Hi, i' new

Hans-Christoph Steiner hans at guardianproject.info
Fri Nov 25 05:56:21 EST 2016

Greg Troxel:
> Hans-Christoph Steiner <hans at guardianproject.info> writes:
>>> I do see value here for medium to advanced users, that want to use Orbot
>>> with apps that do not support setting up hidden servers directly. This
>>> is mostly remote access to on device HTTP servers, SSH servers and so
>>> on. Today, we have many users who do this through the existing Orbot
>>> settings, where you can manually enter a port, and the onion service is
>>> generated. Arrase is just extending that behavior with a better user
>>> interface. I think it is a valid use of Orbot.
>> That's going to add a fair amount of complexity to Orbot, as well as the
>> requirement to save valuable state info (i.e. beyond the regular setup).
>>  Seems like we should have a strong use case for this before taking it
>> on.  People who want to run servers on their phone can always use
>> linuxdeploy, Lil' Debi, etc.
> Perhaps there could be a HS gateway app that allows users to configure a
> HS and connect it to something that is running on localhost.  That app
> could have all the UI and saving.  Then Orbot could be closer to
> stateless.

I think that approach makes a lot of sense: spin off the specialized
features out of Orbot into their own apps, like orWall for root/iptables
support.  Orbot needs to just be a really solid core service provider.
We really need to strip down Orbot as much as possible to keep it
maintainable, especially since this current update was a long time in

@arrase, your UI for manually managing Hidden Services is fine, but it
really does not belong in Orbot.  I know that some kind of feature like
was in Orbot before, but it was not really a supported feature, and I
think its clear that we cannot do a good job of maintaining precious
user data in Orbot.  Tor configs can be manually recreated, Hidden
Service keys cannot.

The migration path for moving manual Hidden Services out of Orbot should
be pretty straightforward, there could just be an "export" menu option
that puts up some UI to have the user choose which app to  export the
existing hidden services config to.


PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556

More information about the guardian-dev mailing list