[tor-dev] reproducible builds for Android tor daemon
Hans-Christoph Steiner
hans at guardianproject.info
Fri Sep 13 07:51:13 UTC 2019
teor:
> Hi,
>
>> On 12 Sep 2019, at 20:50, Hans-Christoph Steiner <hans at guardianproject.info> wrote:
>>
>> Then that work
>> will hopefully be extended into sharing tor between apps, e.g. letting
>> Briar, Tor Browser, etc share the tor SOCKS proxy to other apps that
>> want to use it. That would happen via Android mechanisms like Intents to
>> manage the discovery of SOCKS ports.
>
> It's not always safe to have apps share Tor: a malicious website in one app
> can use various caches to discover activity in other apps. And there may
> be similar data leaks in other shared data structures or network
> connections.
>
> How do these data leaks affect your use cases?
Is there some documentation of these leaks somewhere so I can dive into
it? Like what kind of caches? Browser caches? We're mostly talking
about apps that are not browsers, like messaging, nextcloud, etc.
Currently, running multiple tor daemons is really a showstopper for most
mobile users in the world, both because of battery usage and bandwidth
costs. I guess there was some progress towards getting tor sleeping
more effectively as well as not consuming as much bandwidth in the
background. So the big question is: will it be feasible to have a
usable tor on mobile that aggressively sleeps to stop consuming any
battery and bandwidth when not directly in use? If so, then running
multiple tor daemons should be workable. If not, then we need to find a
way to share the tor daemon across all apps in the device.
With Orbot, all apps are already sharing one tor daemon, so this isn't a
new development.
.hc
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
More information about the tor-dev
mailing list