On Mon, Jul 20, 2015, at 01:12 PM, Amogh Pradeep wrote:
On Jul 20, 2015, at 12:15 PM, Georg Koppen gk@torproject.org wrote:
Nathan Freitas:
Amogh and I are trying to figure out the shortest path to getting TorButton ported to Android, such that we can have the essential privacy features without having to say, port all the XUl/user interface components.
Our plan is to remove all XUL components (for now) since those would need to be written for the mobile specific XUL on Android, and they seem to be helpful but not absolutely required.
I don't think this is true. "New Identity" comes to mind which does not work if you just remove all XUL related things. Window resizing/Screen size spoofing is another feature. And there are probably a bunch of others as well.
The “New Identity” feature can be replaced for mobile, since Orbot handles all the tor connections, I think it would be possible to add this functionality through NetCipher’s OrbotHelper class[0].
Agreed. For now, Orbot does this, and we don't need to expose it inside of Orfox for now.
From there, hopefully all the code here:
https://gitweb.torproject.org/torbutton.git/tree/src/components
should work in the mobile context. However, there could be problems based on not all of the JS/DOM API being the same. Since we also don't run our own instance of Tor within Orfox, none of the control port specific JS is relevant.
If anyone on this list can help us prioritize the JS components to required vs nice to have, that would be helpful.
See the "Bug 1506 PX" comments where the "X" is in the range of 0-5 (0 = low prio, 5 = high prio) which got included a while a ago. This is, however, missing the latest Torbutton improvements. But it might be a good start and we could use the momentum to categorize the newer code accordingly as well.
Much of the extra control port JS could be modified to talk to the Java layer which communicates with Orbot which in turn handles these connections. This is a lot of work though, might be a good idea but.
We must decide which functionality is required or just nice to have. Screen size spoofing is complicated because mobile screens are radically different and change quite a bit, and inherently you want the screen to work with the display, else users will be annoyed. This may be an area where we just can't match Tor Browser's anti-fingerprinting features.
Otherwise, Amogh and I will work through the Bug 1506 comments.
Thanks!