[tor-dev] Tor on iOS 9

Conrad Kramer ckrames1234 at gmail.com
Sun Sep 27 05:09:51 UTC 2015

Hi all!

I'm new to the list, my name is Conrad.

As some of you may or may not have heard, Apple's latest version of iOS
functionality that allows for a system-wide Tor client. A few people in the
community, myself included, started working on a project to get this client
into the App Store. I wrote up a small document (attached) that explains the
project in detail, so that you can learn about it if you're interested!

I'm very excited to get Tor into the hands of many more users.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150927/9a5faf7e/attachment.html>
-------------- next part --------------
Tor on iOS 9

Using Tor on an iPhone or iPad is currently very limited. Because it is not
possible to start a daemon on iOS, developers that want to use Tor have to
compile a copy of Tor into their app and run it when their app runs. A few apps
do this, most notably Mike Tigas' Onion Browser. However, because Tor needs to
be embedded explicitly, most apps are incompatible (email clients, social
networking clients, news readers, etc.).

In iOS 9, Apple introduced an API that allows developers to write custom
network extensions. An extension on iOS is an on demand daemon bundled inside
of an app that can be activated by the system. The API that Apple introduced
allows for an extension to tunnel or proxy system network traffic. With this
API we can build a transparent proxy that would allow users to use any app on
their iOS device with Tor, similar to how Orbot works on Android in
"transparent proxy" mode.

The project to build this is currently 5 people – myself (ex-jailbreaker),
Chris Ballinger (of ChatSecure), Frederic Jacobs (of Signal/Open Whisper
Systems), Mike Tigas (of OnionBrowser) and Claudiu-Vlad Ursache (creator of
CPAProxy). The project is using the working name iCepa (Onion in italian is
cipolla), and the published code (so far) can be found here:

There are three main components to the project: The Tor control port client,
the system-wide proxy component, and the user interface. Currently, I am
working on the proxy component. I would love to get everyone's feedback on the
implementation at the meeting, and brainstorm on some of the difficult
problems. One of these problems is determining what traffic should and should
not go through Tor, because the extension is not able to see where any of the
traffic is coming from. Some connections could be from the foreground app,
whereas others could be from a background refresh of another app (invisible to
the user), causing a leak of user information.

Also on the roadmap is to implement pluggable transports, and an API for apps
to host hidden services (bypassing carrier-grade NAT!). Right now, obfs2/3/4
all can be compiled for iOS (via obfsclient and cgo).

When the app is working and ready for public use, we can distribute it through
the App Store, which is a huge boon for usability (at the cost of some
verifiability/reproducibility[1]). We have not determined who will distribute
it on the App Store, or how it will be branded, but those can be figured out
closer to completion.

Distributing the app through the App Store could have some interesting effects.
For example, the iPhone is the fastest growing smartphone in China, Tor (with
the right transport) can be used to bypass firewalls, and the Chinese
government doesn't have the ability to censor the App Store. Perhaps putting
those pieces together, the Chinese government recently shut down a similar

If you have any questions or would like to help out, feel free to reach out to
any one of us or respond to this email. Personally, I’m reachable at this email
address (ckrames1234 at gmail.com) and on IRC as conradev.

[1] https://github.com/WhisperSystems/Signal-iOS/issues/641
[2] http://web.archive.org/web/20150822042959/https://github.com/shadowsocks/shadowsocks-iOS/issues/124#issuecomment-133630294

More information about the tor-dev mailing list