[tor-talk] Fwd: [guardian-dev] Orfox is the new Orweb

Nathan Freitas nathan at freitas.net
Thu Dec 5 17:04:25 UTC 2013



-------- Original Message --------
Subject: [guardian-dev] Orfox is the new Orweb
Date: Thu, 05 Dec 2013 12:02:20 -0500
From: Nathan of Guardian <nathan at guardianproject.info>
To: Guardian Dev <guardian-dev at lists.mayfirst.org>


Google has broken WebView for us again with Android 4.4, and there is no
easy out. We can't enable proxying by reflection, intent, or any of the
many other methods I have tried. It may still be possible via JNI to the
native libwebviewchromium.so, but I haven't quite got there yet.

In the meantime, I am much more excited about Mozilla's new effort to
make a reusable Android component out of Gecko, and we have a new
project based on that. It solves many other problems that
Orweb/Webview/Webkit had as well, and puts us on the path towards a full
Tor Browser equiv on Android.

There is still a great deal of testing to do, and little bit more UI
work, but I hope to have something out in alpha shortly for all the
Android 4.4 users without a solution (other than rooting/transproxy) for
Tor-based browsing right now.

***** Orfox project ****

This project was originally based upon the geckobrowser sample
(https://github.com/mfinkle/geckobrowser) and the Orweb browser project
from Guardian Project. It is basically feature complete (and MORE) with
Orweb, but without any preference screen yet!

Project tracker: https://dev.guardianproject.info/projects/orweb
Nightly builds: https://guardianproject.info/builds/Orfox/

Here are the privacy-enhancing preferences that are on by default:

Match Tor Browser "generic" user-agent:

		setUserAgent("Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101
Firefox/17.0","en-us,en;q=0.5");

Turn on proxying to local Tor / Orbot proxying by default:

		PrefsHelper.setPref("network.proxy.type",1); //manual proxy settings

		PrefsHelper.setPref("network.proxy.http","localhost"); //manual proxy
settings
		PrefsHelper.setPref("network.proxy.http_port",8118); //manual proxy
settings

		PrefsHelper.setPref("network.proxy.socks","localhost"); //manual proxy
settings
		PrefsHelper.setPref("network.proxy.socks_port",9050); //manual proxy
settings
		PrefsHelper.setPref("network.proxy.socks_version",5); //manual proxy
settings

Disable dish cacheing:

                PrefsHelper.setPref("browser.cache.disk.enable",false);
                PrefsHelper.setPref("browser.cache.memory.enable",true);

                PrefsHelper.setPref("browser.cache.disk.capacity",0);

Ensure data is cleared on shutdown:

                PrefsHelper.setPref("privacy.clearOnShutdown.cache",true);
                PrefsHelper.setPref("privacy.clearOnShutdown.cookies",true);

PrefsHelper.setPref("privacy.clearOnShutdown.downloads",true);

PrefsHelper.setPref("privacy.clearOnShutdown.formdata",true);
                PrefsHelper.setPref("privacy.clearOnShutdown.history",true);

PrefsHelper.setPref("privacy.clearOnShutdown.offlineApps",true);

PrefsHelper.setPref("privacy.clearOnShutdown.passwords",true);

PrefsHelper.setPref("privacy.clearOnShutdown.sessions",true);

PrefsHelper.setPref("privacy.clearOnShutdown.siteSettings",true);

Do Not Track!


PrefsHelper.setPref("privacy.donottrackheader.enabled",false);
                PrefsHelper.setPref("privacy.donottrackheader.value",1);

Disable 3rd party cookies:
                PrefsHelper.setPref("network.cookie.cookieBehavior", 1);

Don't send a referrer:
                PrefsHelper.setPref("network.http.sendRefererHeader", 0);

Make sure certificates are up-to-date:
                PrefsHelper.setPref("security.OCSP.require", true);
                PrefsHelper.setPref("security.checkloaduri",true);

Don't display mixed content (i.e. not secure content on a secure page)


PrefsHelper.setPref("security.mixed_content.block_display_content", true);

Disable peer-to-peer WebRTC leak:

PrefsHelper.setPref("media.peerconnection.enabled",false); //webrtc disabled

Disable ciphersuites that are not safe:

                //disable rc4

PrefsHelper.setPref("security.ssl3.ecdh_ecdsa_rc4_128_sha",false);

PrefsHelper.setPref("security.ssl3.ecdh_rsa_rc4_128_sha",false);

PrefsHelper.setPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha",false);

PrefsHelper.setPref("security.ssl3.ecdhe_rsa_rc4_128_sha",false);
                PrefsHelper.setPref("security.ssl3.rsa_rc4_128_md5",false);
                PrefsHelper.setPref("security.ssl3.rsa_rc4_128_sha",false);

******
GeckoView assets and libraries from
[here](http://ftp.mozilla.org/pub/mozilla.org/mobile/nightly/latest-mozilla-central-android/).
You want the geckoview_library.zip and geckoview_assets.zip files.
_______________________________________________
Guardian-dev mailing list

Post: Guardian-dev at lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev

To Unsubscribe
        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
        Or visit:
https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info

You are subscribed as: nathan at guardianproject.info




More information about the tor-talk mailing list