Support app-specific Tor settings



  • @rnauber - it works, thank you very much for the patch! 🍰



  • Hi,
    i updated the binaries once more:
    https://github.com/rnauber/davdroid/releases/tag/v0.7.1_tor

    I would love to have this patch going upstream, what is necessary to make that happen?

    See you,
    Richard


  • developer

    I don’t see why this is necessary. I have tried this successfully with Android 4.4:

    1. Install Orbot
    2. For WiFi, set HTTP proxy localhost:8118.
    3. For mobile data, set HTTP proxy localhost:8118 (Mobile networks / Access Points Names (APN) / <your access point> / proxy: localhost, port: 8118).
    4. All apps which take the system HTTP proxy settings into account, including DAVdroid, connect via Orbot und thus TOR.

    Because all HTTP requests are sent via Orbot, domain resolving is not an issue and .onion etc. work. The only thing that won’t work are SRV records with .onion domains.

    What do you think? What exactly is the patch needed for?


  • developer



  • Hi,
    the use-cases I would like to have supported are (in order of importance):

    1. using .onion urls in davdroid without affecting the whole system (“why is my internet so slow?”) or rooting the phone
    2. mixing tor and non-tor servers in davdroid, while using their respective connections

    The patch meets both requirements and works without further configuration for the default orbot settings. But an per-app configuration of the proxy settings in davdroid would fine with me too…

    Btw., thanks for creating this great tool!
    Richard


  • developer

    Ok, this sounds like a very specific thing. Basically, DAVdroid is supporting Tor. Do you use Tor only to overcome NAT issues? Maybe IPv6 or VPN would be a better solution.



  • Same as @rnauber:

    • many users don’t want to root their phones. In some countries it is even illegal
    • enabling proxying globally will impact every network use, including web browsing
    • also, the user has to configure the proxy manually on every new wifi network

  • developer

    many users don’t want to root their phones. In some countries it is even illegal

    Why root the phone?

    enabling proxying globally will impact every network use, including web browsing

    Isn’t that the reason why you want to use Tor, to hide your traces, regardless of which app you use?

    also, the user has to configure the proxy manually on every new wifi network

    Makes sense.



  • Let me try to answer that:

    Why root the phone?

    With a rooted phone you can just use the orbot transparent proxy feature to route selected apps (e.g. davdroid) through tor.

    enabling proxying globally will impact every network use, including web browsing

    Isn’t that the reason why you want to use Tor, to hide your traces, regardless of which app you use?

    Yes, but there are gradations in privacy demands of different users e.g.:

    • using tor just as DNS replacement where ipv6 is unavailable and you want to have an easy self-hosted server for davdroid. All other apps use clearnet access.

    • using tor for davdroid and all apps, except youtube, because it lags otherwise

    • using tor for everything, changing the circuit every minute

    also, the user has to configure the proxy manually on every new wifi network

    Makes sense.

    Yes, this one is a big hurdle for a hassle free setup…


  • developer

    If you really want to use Tor because you transmit “dangerous” content, you probably won’t use Youtube and don’t connect to many WiFi networks.

    But I see that this is an enhancement request for very special cases, while DAVdroid basically supports Tor and hidden services.



  • If you really want to use Tor because you transmit “dangerous” content, you probably won’t use Youtube and don’t connect to many WiFi networks.

    I agree with the former but not necessarily with the latter and think Tor should be used for non-“dangerous” content as well. And to broaden its user base, tor-hosted servers/apps have to be really simple to set up (ideally, even simpler than the non-privacy-conserving alternatives, e.g. dyndns).

    So the consensus is to have a http-proxy option in the DavDroid settings, right?
    I suggest to have the standard orbot values (localhost:8118) set as default.

    So, how to proceed on this? If none else volunteers, I could try to write a patch that adds the UI. But it will probably take me a while…

    See you,
    Richard

    PS: I updated the binary artefact of this patch once more, to have an intermediate solution…
    https://github.com/rnauber/davdroid/releases/download/v0.8.0_tor/davdroid_v8.0_tor.apk.zip



  • Hi,
    I started to click together a proxy-settings UI for Davdroid supporting HTTP-proxies. But the HTTP proxy of Orbot does not support the HTTP requests we use (http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/manual/POST-and-PUT.html), therefore only HTTPS DAV servers will work, no HTTP ones!
    So it would be nice, if you could state that in the FAQ:
    https://davdroid.bitfire.at/faq/entry/using-with-tor

    But I think the usecase
    DavDroid --> TOR --> http://davserver_xyz.onion
    is very much worth supporting, because of the extremely easy set up of a self-hosted server (there is no need to generate certificates, end-to-end encryption is seamlessly provided by tor…).

    So I think we have three options here:

    1. Add a SOCKS proxy configuration option to DavDroid
    2. Add a HTTP proxy configuration to DavDroid that supports the CONNECT tunnelling
      (But this is a very indirect approach, it would be much nicer to go for 1) instead)
    3. drop this usecase entirely

    I am very much in favour of 1) but what do you think (especially @rfc2822 )?

    See you,
    Richard


Log in to reply
 

Similar topics

  • 1
  • 24
  • 9