[tor-talk] Orbot and firewall?

tor at lists.grepular.com tor at lists.grepular.com
Wed Mar 21 09:41:10 UTC 2012

On 21/03/12 05:11, Number Six wrote:

>> > Here's the app on the google market:
>> >
>> > [...etc...]
>> >
>> For someone who "isn't affiliated" with this piece of closed-source
>> software (thus, questionable credentials as far as people's privacy is
>> concerned) you seem pretty determined to shove it down everyone's
>> throat quite intensely!
> Careful, troll.

Funnily enough, I wouldn't have seen the above message had you not
replied to it. The troll found his way into my kill file after a
previous rant.

> I'm actually curious if the implementation in LBE is better tolerant to
> app failure than what Cyanogenmod has. The Cyanogenmod implementation
> causes apps to get exceptions thrown at them when the code that needs
> the permission tries to execute. Some apps catch these exceptions and
> move on. Some simply die.
> It is possible that what Mike means by "not nearly is good" is that
> LBE's "state of the art hooking techniques" actually have a more elegant
> solution to the exception problem (such as causing all APIs that require
> the permission to silently fail without throwing exceptions).

As I understand it, the LBE implementation supplies fake data, instead
of causing exceptions to be thrown. Eg, it will return a fake IMEI, or
an empty contact list etc. I've not had it crash any apps for me.

> It's also possible he has other entirely reasonable reasons for
> preferring LBE.
> Either way, I'd like to hear them.

The reasons are mainly down to usability. When you install an app
through normal channels, LBE Privacy Guard sets sane defaults. Eg, it
will set access to location to be "Ask", so the first time the app
attempts to access my location a message will be popped up giving me the
option of allowing/blocking and remembering (or not) that decision.

It also lets you block access to the network per app, and it lets you
set permissions depending on wifi or 3g per app. This is important as it
is a lot easier for end services which are regularly polled to track
your location and behaviour if you're constantly popping on and off
different wifi networks (work/home/coffee shop etc). If you only connect
via 3g, then they're able to determine much less about you. Of course,
if you're using Orbot, that's even better.

The user interface is extremely well polished for an app like this too.
It is easy to see all of the apps that have permission to send SMS for
example at a quick glance, and whether or not LBE is blocking them. It
even displays how much bandwidth each individual app has used over wifi
and over 3g separately, with graphs. I can see how many times each app
has attempted to access some data, eg my call logs, and how many times
it has been blocked from doing so.

I completely understand why some people may not feel comfortable using
it though. Thoughts about the software being evil *have* crossed my
mind. I would be much happier if the source code was available. Even
happier if stock Android or Cyanogenmod had these capabilities built in.

I will stop, "shoving it down everyone's throat quite intensely," now.

Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120321/6ad10330/attachment.pgp>

More information about the tor-talk mailing list