[tor-talk] Firefox with Tor on Android?
Nathan Freitas
nathan at freitas.net
Tue May 19 21:11:38 UTC 2015
On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote:
> the usage instructions for Tor on Android at
> https://www.torproject.org/docs/android.html.en
> are unsafe for Firefox users.
> Firefox on Android downloads favicons without respecting proxy
> preferences. See here:
> https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12
Yes, that page is very out of date and needs to be updated. It wasn't a
bug originally, but when Mozilla started moving more code over to
Android/Java domain, they introduced it. I am making it a priority to
make sure it is accurate. We have also removed the Proxy Mobile add-on
from the Mozilla Add-on store awhile ago, when the favicon leak issue
was discovered.
We have also had a variety of issues with successful proxying of
third-party web browser / engines on Android, including various bugs
with WebView/WebKit proxying depending upon the Android OS version or
device type you are running.
> (I tried different configurations of Orbot and Firefox. Also “Tor
> Everything” fails, both with HTTP proxy at port 8118 and SOCKS proxy
> at 9050.)
Hmm... "Tor Everything" should work if you have a rooted Android device
with a kernel that supports iptables properly. Also, if you haven't seen
Mike Perry's post on Android hardening/tuning, please read it:
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
Which Android OS are you running, and which version of Orbot? Have you
tried the latest "Apps VPN" feature that tunnels all device traffic
through Tor without root?
> My current attempt for Firefox with Orbot is to configure localhost,
> port 8118 as system HTTP proxy (long press Wi-Fi connection ->
> Modify network -> Show advances options). Then, in Firefox verify
> via about:config that network.proxy.type is set to 5, which should
> be the default and lets Firefox use the system proxy, which is also
> used to fetch favicons.
Yes, for Wifi connections this will work reliably.
> Probably, there are more pitfalls. Any suggestions?
I think running CyanogenMOD or a similar rom, and using transparent
proxying, either by app or all, on boot, and optionally with Mike's
extra hardening, is the most complete solution.
If you don't want to go that far, then the Apps VPN feature feature
should do, or manually setting the wifi proxy as you have.
Finally, if you use Orweb (super basic) or Lightning Browser (most
features you want), there is no favicon or other leakage.
+n
More information about the tor-talk
mailing list