[tor-talk] Firefox with Tor on Android?

Jens Lechtenboerger tortalk at informationelle-selbstbestimmung-im-internet.de
Wed May 20 19:44:30 UTC 2015 

Hi Nathan,

many thanks for your quick reply!

On 2015-05-19, Nathan Freitas wrote:

> On Tue, May 19, 2015, at 04:33 PM, Jens Lechtenboerger wrote:
>> the usage instructions for Tor on Android at
>> https://www.torproject.org/docs/android.html.en
>> are unsafe for Firefox users.
>
>> Firefox on Android downloads favicons without respecting proxy
>> preferences.  See here:
>> https://bugzilla.mozilla.org/show_bug.cgi?id=507641#c12
>
> Yes, that page is very out of date and needs to be updated. It wasn't a
> bug originally, but when Mozilla started moving more code over to
> Android/Java domain, they introduced it. I am making it a priority to
> make sure it is accurate. We have also removed the Proxy Mobile add-on
> from the Mozilla Add-on store awhile ago, when the favicon leak issue
> was discovered.

Some big warning signs might be a good idea.  In particular, on
pages like this:
https://guardianproject.info/apps/firefoxprivacy

> Hmm... "Tor Everything" should work if you have a rooted Android device
> with a kernel that supports iptables properly. Also, if you haven't seen
> Mike Perry's post on Android hardening/tuning, please read it:
> https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy

Great post, many thanks for the reminder!

> Which Android OS are you running, and which version of Orbot?

Android 4.2.2.  I tried Orbot 15.0.0-RC-3 and 14.1.4-PIE.

> Have you tried the latest "Apps VPN" feature that tunnels all
> device traffic through Tor without root?

Initially, I didn’t because the warning said that “it should NOT be
used for anonymity.”

I just tried that with 15.0.0-RC-3, but failed to get VPN working.
If I klick “Apps” first, and start Tor afterwards, no circuit gets
built.  In the log I repeatedly see “The connection to the SOCKS5
proxy server at 127.0.0.1:10720 just failed.”

If I start Tor first, and klick Apps afterwards, I cannot open any
web page.  (Very little data transfer is shown for OrbotVPN, some
packets for each web attempt.  The Orbot logs show some circuits but
“Tried for 120 seconds to get a connection to [scrubbed]...”)

I guess that I need “Request Root Access.”  Other options?
Firefox without proxy configuration?

> Finally, if you use Orweb (super basic) or Lightning Browser (most
> features you want), there is no favicon or other leakage.

I’m surprised that you recommend Orweb.  There is a big red warning
at: https://guardianproject.info/apps/orweb/

I’ll check out Lightning Browser at some later point in time.

Best wishes
Jens

More information about the tor-talk mailing list