[tor-talk] Fwd: [guardian-dev] Orfox is the new Orweb
Nathan Freitas
nathan at freitas.net
Thu Dec 5 17:04:25 UTC 2013
-------- Original Message --------
Subject: [guardian-dev] Orfox is the new Orweb
Date: Thu, 05 Dec 2013 12:02:20 -0500
From: Nathan of Guardian <nathan at guardianproject.info>
To: Guardian Dev <guardian-dev at lists.mayfirst.org>
Google has broken WebView for us again with Android 4.4, and there is no
easy out. We can't enable proxying by reflection, intent, or any of the
many other methods I have tried. It may still be possible via JNI to the
native libwebviewchromium.so, but I haven't quite got there yet.
In the meantime, I am much more excited about Mozilla's new effort to
make a reusable Android component out of Gecko, and we have a new
project based on that. It solves many other problems that
Orweb/Webview/Webkit had as well, and puts us on the path towards a full
Tor Browser equiv on Android.
There is still a great deal of testing to do, and little bit more UI
work, but I hope to have something out in alpha shortly for all the
Android 4.4 users without a solution (other than rooting/transproxy) for
Tor-based browsing right now.
***** Orfox project ****
This project was originally based upon the geckobrowser sample
(https://github.com/mfinkle/geckobrowser) and the Orweb browser project
from Guardian Project. It is basically feature complete (and MORE) with
Orweb, but without any preference screen yet!
Project tracker: https://dev.guardianproject.info/projects/orweb
Nightly builds: https://guardianproject.info/builds/Orfox/
Here are the privacy-enhancing preferences that are on by default:
Match Tor Browser "generic" user-agent:
setUserAgent("Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101
Firefox/17.0","en-us,en;q=0.5");
Turn on proxying to local Tor / Orbot proxying by default:
PrefsHelper.setPref("network.proxy.type",1); //manual proxy settings
PrefsHelper.setPref("network.proxy.http","localhost"); //manual proxy
settings
PrefsHelper.setPref("network.proxy.http_port",8118); //manual proxy
settings
PrefsHelper.setPref("network.proxy.socks","localhost"); //manual proxy
settings
PrefsHelper.setPref("network.proxy.socks_port",9050); //manual proxy
settings
PrefsHelper.setPref("network.proxy.socks_version",5); //manual proxy
settings
Disable dish cacheing:
PrefsHelper.setPref("browser.cache.disk.enable",false);
PrefsHelper.setPref("browser.cache.memory.enable",true);
PrefsHelper.setPref("browser.cache.disk.capacity",0);
Ensure data is cleared on shutdown:
PrefsHelper.setPref("privacy.clearOnShutdown.cache",true);
PrefsHelper.setPref("privacy.clearOnShutdown.cookies",true);
PrefsHelper.setPref("privacy.clearOnShutdown.downloads",true);
PrefsHelper.setPref("privacy.clearOnShutdown.formdata",true);
PrefsHelper.setPref("privacy.clearOnShutdown.history",true);
PrefsHelper.setPref("privacy.clearOnShutdown.offlineApps",true);
PrefsHelper.setPref("privacy.clearOnShutdown.passwords",true);
PrefsHelper.setPref("privacy.clearOnShutdown.sessions",true);
PrefsHelper.setPref("privacy.clearOnShutdown.siteSettings",true);
Do Not Track!
PrefsHelper.setPref("privacy.donottrackheader.enabled",false);
PrefsHelper.setPref("privacy.donottrackheader.value",1);
Disable 3rd party cookies:
PrefsHelper.setPref("network.cookie.cookieBehavior", 1);
Don't send a referrer:
PrefsHelper.setPref("network.http.sendRefererHeader", 0);
Make sure certificates are up-to-date:
PrefsHelper.setPref("security.OCSP.require", true);
PrefsHelper.setPref("security.checkloaduri",true);
Don't display mixed content (i.e. not secure content on a secure page)
PrefsHelper.setPref("security.mixed_content.block_display_content", true);
Disable peer-to-peer WebRTC leak:
PrefsHelper.setPref("media.peerconnection.enabled",false); //webrtc disabled
Disable ciphersuites that are not safe:
//disable rc4
PrefsHelper.setPref("security.ssl3.ecdh_ecdsa_rc4_128_sha",false);
PrefsHelper.setPref("security.ssl3.ecdh_rsa_rc4_128_sha",false);
PrefsHelper.setPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha",false);
PrefsHelper.setPref("security.ssl3.ecdhe_rsa_rc4_128_sha",false);
PrefsHelper.setPref("security.ssl3.rsa_rc4_128_md5",false);
PrefsHelper.setPref("security.ssl3.rsa_rc4_128_sha",false);
******
GeckoView assets and libraries from
[here](http://ftp.mozilla.org/pub/mozilla.org/mobile/nightly/latest-mozilla-central-android/).
You want the geckoview_library.zip and geckoview_assets.zip files.
_______________________________________________
Guardian-dev mailing list
Post: Guardian-dev at lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To Unsubscribe
Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
Or visit:
https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info
You are subscribed as: nathan at guardianproject.info
More information about the tor-talk
mailing list