Tor on Mobile =============

Date: 12/10 2017. Session hosts: Nathan + Mike Tigas

## Introduction to the current state of Tor on Android

Nathan starts out by introducing the current state of Android development and the future of it. The focus have been on Tor as a client, and how the Tor fits into the whole mobile ecosystem.

It all historically started out as Tor could run on Android as a cross-compiled binary. Based upon that a "Tor Service" was build (background service in Android).

The Android architecture is currently as following:

+-----------+ | Netcipher | <- Is orbot running? Is Tor running? On which port? +-----------+

+---[ Process ]-------------------------------+ | | - HTTP port 8118. | +----------------+ +-------------+ | - Socks Port 9050. | | Orbot Activity | -> | VPN Builder | | | +----------------+ +-------------+ | | | | | v | | +---------------------+ | | | Tor Android Service | | | +---------------------+ | | | | +------------+--------------------------------+

| | /data/foo, execute tor with a torrc via Android. | v

+-------+ socks +-------------------+ | Tor | <-------> | Polipo HTTP Proxy | +-------+ +-------------------+

| v

+---------+ | obfs4 | +---------+

VPN Builder is used together with a VPN service via tuntap/tun + socks to the Tor binary. Only TCP because Tor only does TCP.

## State of Mobile Tor on Apple iOS

Mike Tigas gives an introduction to Tor on iOS.

On iOS you cannot fork() into a subprocess.

+---------------------+ +-------------------------+ | Onion Browser | | | Tor.framework (Objective C framework for using Tor). | | | | iCepa (VPN provider for the platform as a "wrapper"). | | | UIWebKit for browser UI | +-----+-------+ | | | | Tor | obfs4 | | | | +-----+---------------+ +-------------------------+

This gives us the problem that Onion Browser cannot kill Tor itself because it would kill itself, which yields bad user-experience. Mike gives examples on other troubles this embedding-tor architecture gives.

Onion Browser includes an older version of WebKit, because it needs access to the network access which newer WebKit doesn't provide. The WebKit version is the one provided by the platform so security patches are provided by Apple via the platform updater.

There was a question on whether there is a pod-file available for Tor.framework; that is currently not available, so one have to point to the Github repository.

There exists a system called iObfs, which is a wrapper around obfs for iOS.

Nathan moves us into talking about the future instead of "how things are currently".

## The Future

Onboarding + Bridge Discovery + Network Awareness

Nathan mentions that we want to have more users in countries with cheaper (100 USD) Android devices, with limited data plans. Being able to discover "which country you are in" to show you suggestions of what you should use to connect to the network. Brazil is a good example of this when more used applications are filtered by, for example, the state.

Mike Tigas shows a demo on an iOS device with a more friendly approach to the startup phase. "How do you use a bridge to connect to Tor?" and being able to detect different situations that we are aware of based of IP address, language on the device, or other information about the user. The general idea is to make it more friendly.

+----------------+ | | v |

+---------+ +-------------+ +--------------+ +---+-----+ +--------------+ | Hi! :-) | -> | What is it? | -> | Bridge Setup | -> | Connect | -> | Success! :-) | +---------+ +-------------+ +--------------+ +---------+ +--------------+

This is currently available on iOS, but is unavailable on Android. That we want to change.

"POE" is the "Pluto Onboarding Extension".

It would be useful to have a Tor Services that works like other network services on the platforms. On Android it would be an out of process service (remote service) that is available on the phone where other applications can integrate with it. On iOS it would be a network extension such that Onion Browser (and other applications) can use instead of statically linking in Tor.

AIDL Intents

| | v v

+--------------+ <- Remote Service (Android) | Tor Services | +--+-----------+ <- Network Extension (iOS)

| v

+--------+ | libTor | <- HTTP handling. +--------+



| v

+-------------+ | PT services | +-------------+

The discussion moves over to different issues in the mobile world.

Orfox today is 30-40 MB because of Firefox, so being able to upgrade the Tor service *without* updating all of Orfox would save a lot of MB over the wire per update.

Apple might in the future allow us to ship network extensions via the App Store.

Nathan goes over the VPN interface that uses tun and presents itself as a network interface and routes traffic to "libTor" framework.

From an anti-censorship and anti-traffic fingerprinting point of view where apps are either blocked or monitored by different actors the VPN solution is very useful.

Will Orbot be the default provider by all of this? By default, yes, but other apps can hide the Tor part entirely.

Alex asks if there is a security issues with multiple apps that can control a single Tor instance and how it behave around isolation, control port, etc.

Could we isolate circuits per "app" on the platform?

There is memory limits on iOS with stacks which is a problem for embedding Go binaries. Go have the problem with the big runtime; less of a problem with Rust. More flexibility in general on Android than on iOS.

There is work going on to implement meek to Swift for iOS.

A good example of an app that took of because of iOS was Signal.

The work for IPv6 is important for mobile. T-mobile experimented with a IPv6 only network where IPv6 is suddenly very important to Tor.

Nathan explains that web browsing over Tor have the painful experience with Tor that latency is very noticable.

Orfox -> Tor Browser Android OB2 ----------------------------

Courier -> RSS News (async updates in the background) Pandora -> Music fetching in the background.

Chatsecure (XMPP + Omemo) -> Tor. Conversations supports the same. Zom

Chatsecure was available in the app store in China, but was recently removed because of the push for removal of VPN apps (and therefore Tor).

OpenArchive (Uploader to via Tor.

There's funding on its way to people who are in bad situations who want to be able to upload videos of these situations over Tor over slow connectivity even when the connection was terminated before the upload was finished.

Alex asks where C Tor could be better?

Nathan and Mike mentions that the following things is/could be useful:

  • Shared library of Tor.
  • Error reporting from Tor (especially bootstrapping + PT): where is the failure at?
  • consdiff might help: LZMA is no problem CPU-wise.
  • Making the consensus documents smaller helps.
  • ARM features: crypto acceleration.

Being able to detect if battery is low means we should maybe not sync things? How much storage do we take up? No using Doze right now.

Android does a lot of things to try to avoid having people run things in background. You have to make it explicitly open to the user (via UI) that you are running in the background. There's a mode where we allow ourself to get killed with the idea that the platform will restart us when there is a need for it.

It is problematic that we use terms like "obfs" to the user part. Do they even know what a "bridge" is?

There is #tor-mobile on OFTC where everyone interested in onions on mobile is welcome. There's a weekly scrum session at either 14 or 15 every Thursday in the IRC channel.

The most urgent thing to fix is the hanging issue on iOS where we are blocking a release.

Running .onion's on phones is getting more and more popular. Multiple apps are being worked on that uses this.

Librem mobilephone might be an interesting platform to run Tor on. IoT is getting more popular.


OONI is working on a nicer UI that looks more fresh and clean for the user. With buttons for different test suites like "test for chat censorship" to make it more friendly to non-technical users. All the tests are currently over HTTPS and not over Tor. In the future there will be some Tor integration.

## Finishing the session

Nathan talks about whether untapped processing time on mobile devices could be used to something useful: a mobile that is charging at home could be a brigde? How do we find it? Apple TV + Android TV?

We discussed Apple's view on applications that they might "not" like and how they remove applications or block them.

Last modified 3 months ago Last modified on Oct 14, 2017, 10:33:18 PM