Hello,
I was thinking about a GSoC 2012 project I could propose, and I came to the question of why there's no Tor iOS (iPhone / iPad / iPod touch) application distributed on the official iTunes App Store?
There's this "test package" of Tor for iOS available [1], but it has to be installed via Cydia and not everyone's phone is jailbroken. Distributing an application via the App Store has some benefits of its own too (additional marketing and visibility, easier installation, to name a few).
So, what is the problem?
* Would it comply with the iOS Developer Program License Agreement? I'm no lawyer, but last I read the document there's nothing in it that would prevent distributing an app which would create a "local" HTTP proxy to be used by the other applications.
* Since the iPhone 3GS, the applications can retain running in the background, so I guess we're fine on the purely technical side too.
* There are US Export laws that require a so-called CCATS review and approval to be done with each application that employs strong encryption. I don't think that's a blocker though.
* Maybe that Tor iOS application wouldn't reach various "interesting" markets such as PRC (for example, a commercial yet pricy "Covert Browser" [2] is not available in China's App Store) because of the legal restrictions. Still, I would argue that it is worth having such an application.
Regards,
[1]: http://sid77.slackware.it/ios/ [2]: http://itunes.apple.com/us/app/covert-browser/id477438328?mt=8
On 3/18/12 2:42 PM, Linas Valiukas wrote:
Hello,
I was thinking about a GSoC 2012 project I could propose, and I came to the question of why there's no Tor iOS (iPhone / iPad / iPod touch) application distributed on the official iTunes App Store?
There's this "test package" of Tor for iOS available [1], but it has to be installed via Cydia and not everyone's phone is jailbroken. Distributing an application via the App Store has some benefits of its own too (additional marketing and visibility, easier installation, to name a few).
So, what is the problem?
Would it comply with the iOS Developer Program License Agreement? I'm no lawyer, but last I read the document there's nothing in it that would prevent distributing an app which would create a "local" HTTP proxy to be used by the other applications.
Since the iPhone 3GS, the applications can retain running in the background, so I guess we're fine on the purely technical side too.
There are US Export laws that require a so-called CCATS review and approval to be done with each application that employs strong encryption. I don't think that's a blocker though.
Maybe that Tor iOS application wouldn't reach various "interesting" markets such as PRC (for example, a commercial yet pricy "Covert Browser" [2] is not available in China's App Store) because of the legal restrictions. Still, I would argue that it is worth having such an application.
It would add that it would be interesting to provide Tor integration to all iPhone iOS applications.
While this could not be done by operating a SOCKS server locally because iPhone doesn't support to configure a Socks Server for iOS sockets.
But iPhone let configure VPN using PPTP and L2TP protocol.
Why not running within a Tor for iPhone also a local PPTP or L2TP daemon that's hooked to "SOCKSIFY" all connections of the Phone via Tor?
A sort of PPTP-to-SOCKS-to-Tor integrated, to provide trasparent secure browsing for iOS applications.
-naif
Afaik, there are no long running background processes available to run a standalone tor process. Covert Browser works because it is integrated in one app/process. Maybe the VPN service model would work though.
Otherwise, I agree something should be done, even if it is only an open-source version of Covert Browser. At Guardian Project, we have plenty of iOS experience but we just loath having to pay Apple $99 a year to have the privilege of developing with their closed source IDE only on MacOS.
One should also look at why VLC is not in the app store - there was a conflict with GPL I believe.
+n
"Fabio Pietrosanti (naif)" lists@infosecurity.ch wrote:
On 3/18/12 2:42 PM, Linas Valiukas wrote:
Hello,
I was thinking about a GSoC 2012 project I could propose, and I came to the question of why there's no Tor iOS (iPhone / iPad / iPod touch) application distributed on the official iTunes App Store?
There's this "test package" of Tor for iOS available [1], but it has to be installed via Cydia and not everyone's phone is jailbroken. Distributing an application via the App Store has some benefits of its own too (additional marketing and visibility, easier installation, to name a few).
So, what is the problem?
Would it comply with the iOS Developer Program License Agreement? I'm no lawyer, but last I read the document there's nothing in it that would prevent distributing an app which would create a "local" HTTP proxy to be used by the other applications.
Since the iPhone 3GS, the applications can retain running in the background, so I guess we're fine on the purely technical side too.
There are US Export laws that require a so-called CCATS review and approval to be done with each application that employs strong encryption. I don't think that's a blocker though.
Maybe that Tor iOS application wouldn't reach various "interesting" markets such as PRC (for example, a commercial yet pricy "Covert Browser" [2] is not available in China's App Store) because of the legal restrictions. Still, I would argue that it is worth having such an application.
It would add that it would be interesting to provide Tor integration to all iPhone iOS applications.
While this could not be done by operating a SOCKS server locally because iPhone doesn't support to configure a Socks Server for iOS sockets.
But iPhone let configure VPN using PPTP and L2TP protocol.
Why not running within a Tor for iPhone also a local PPTP or L2TP daemon that's hooked to "SOCKSIFY" all connections of the Phone via Tor?
A sort of PPTP-to-SOCKS-to-Tor integrated, to provide trasparent secure browsing for iOS applications.
-naif _____________________________________________
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On 3/18/12 3:17 PM, Nathan Freitas wrote:
Afaik, there are no long running background processes available to run a standalone tor process. Covert Browser works because it is integrated in one app/process.
That's also another nice option, that generally would mean more hacking on Tor to make it suitable/usable as a sort of "library" to let third party application provider bundle it within their application.
If it would be possible for third party application developer to add "anonymity" support to their application just by linking trough an "anonymity library" and taking care of using "anonymous sockets", we would see a lot of applications adding "anonymity" feature.
Maybe the VPN service model would work though.
Otherwise, I agree something should be done, even if it is only an open-source version of Covert Browser. At Guardian Project, we have plenty of iOS experience but we just loath having to pay Apple $99 a year to have the privilege of developing with their closed source IDE only on MacOS.
One should also look at why VLC is not in the app store - there was a conflict with GPL I believe.
Yeah, but Cover Browser can use Tor because Tor is BSD-licensed, so as long as we keep stuff in a BSD-licensed schema everything could work.
As a local PPTP server maybe it's possible to use directly the BSD-licensed apple support https://discussions.apple.com/thread/135631?start=0&tstart=0 ?
However between the VPN hack approach and the "tor as a usable library" approach i think it would be much better the second one.
So working on Tor to make it suitable for use by third party application.
-naif
On Sun, 18 Mar 2012 15:42:33 +0200 Linas Valiukas shirshegsm@gmail.com wrote:
I was thinking about a GSoC 2012 project I could propose, and I came to the question of why there's no Tor iOS (iPhone / iPad / iPod touch) application distributed on the official iTunes App Store?
People have tried in the past and been rejected for being a 'proxy/circumvention tool'.
On 3/19/12 1:24 AM, Andrew Lewman wrote:
On Sun, 18 Mar 2012 15:42:33 +0200 Linas Valiukas shirshegsm@gmail.com wrote:
I was thinking about a GSoC 2012 project I could propose, and I came to the question of why there's no Tor iOS (iPhone / iPad / iPod touch) application distributed on the official iTunes App Store?
People have tried in the past and been rejected for being a 'proxy/circumvention tool'.
But considering that CovertBrowser got into the apple store, it means that as long as "Tor" will be provided as "anonymity feature" of a Mobile application, where the Mobile Application is compliant with Apple Terms of Service, it should pass.
So while thinking about Tor and iOS we should probably think that Tor must represent, like for Covert Browser, a "pluggable/linkable" system to provided anonymity feature to an application.
Are there any chance to convince the Covert Browser developer to release it's code?
We may arrange a kickstarter project to "open" the result of his research, so he would earn some thousand USD in exchange for the opensourcing of the project.
What do you think?
-naif
I was thinking about a GSoC 2012 project I could propose, and I came to the question of why there's no Tor iOS (iPhone / iPad / iPod touch) application distributed on the official iTunes App Store?
People have tried in the past and been rejected for being a 'proxy/circumvention tool'.
A Mac game developer friend suggested two indirect methods to use the Apple market while avoiding market rejections, that might help:
1) Use Test Flight, with Tor Project as an enterprise, using this tool to deliver to their testers. https://testflightapp.com/tos/
2) Instead of general public market, use enterprise market, with Tor Project as an enterprise, with non-employee volunteer users. Supposedly, no rejections for enterprise-private apps. http://www.wired.com/wiredenterprise/2012/03/apple-configurator/
Both solutions would probably have to have Tor Project corp to setup an enterprise where mac users would be volunteers or testers, so zero anonynimity for obtaining the software. Instead of Tor, maybe EFF or another privacy-centered group could be enterprise, esp. if it has existing membership infrastructure.