So you must do twice like this :
Thanks @rfc2822 for your work!
I don’t see why this is necessary. I have tried this successfully with Android 4.4:
Because all HTTP requests are sent via Orbot, domain resolving is not an issue and .onion etc. work. The only thing that won’t work are SRV records with .onion domains.
What do you think? What exactly is the patch needed for?
Please also have a look at https://davdroid.bitfire.at/faq/entry/using-with-tor
Hi,
the use-cases I would like to have supported are (in order of importance):
The patch meets both requirements and works without further configuration for the default orbot settings. But an per-app configuration of the proxy settings in davdroid would fine with me too…
Btw., thanks for creating this great tool!
Richard
Ok, this sounds like a very specific thing. Basically, DAVdroid is supporting Tor. Do you use Tor only to overcome NAT issues? Maybe IPv6 or VPN would be a better solution.
Same as @rnauber:
many users don’t want to root their phones. In some countries it is even illegal
Why root the phone?
enabling proxying globally will impact every network use, including web browsing
Isn’t that the reason why you want to use Tor, to hide your traces, regardless of which app you use?
also, the user has to configure the proxy manually on every new wifi network
Makes sense.
Let me try to answer that:
Why root the phone?
With a rooted phone you can just use the orbot transparent proxy feature to route selected apps (e.g. davdroid) through tor.
enabling proxying globally will impact every network use, including web browsing
Isn’t that the reason why you want to use Tor, to hide your traces, regardless of which app you use?
Yes, but there are gradations in privacy demands of different users e.g.:
using tor just as DNS replacement where ipv6 is unavailable and you want to have an easy self-hosted server for davdroid. All other apps use clearnet access.
using tor for davdroid and all apps, except youtube, because it lags otherwise
using tor for everything, changing the circuit every minute
also, the user has to configure the proxy manually on every new wifi network
Makes sense.
Yes, this one is a big hurdle for a hassle free setup…
If you really want to use Tor because you transmit “dangerous” content, you probably won’t use Youtube and don’t connect to many WiFi networks.
But I see that this is an enhancement request for very special cases, while DAVdroid basically supports Tor and hidden services.
If you really want to use Tor because you transmit “dangerous” content, you probably won’t use Youtube and don’t connect to many WiFi networks.
I agree with the former but not necessarily with the latter and think Tor should be used for non-“dangerous” content as well. And to broaden its user base, tor-hosted servers/apps have to be really simple to set up (ideally, even simpler than the non-privacy-conserving alternatives, e.g. dyndns).
So the consensus is to have a http-proxy option in the DavDroid settings, right?
I suggest to have the standard orbot values (localhost:8118) set as default.
So, how to proceed on this? If none else volunteers, I could try to write a patch that adds the UI. But it will probably take me a while…
See you,
Richard
PS: I updated the binary artefact of this patch once more, to have an intermediate solution…
https://github.com/rnauber/davdroid/releases/download/v0.8.0_tor/davdroid_v8.0_tor.apk.zip
Hi,
I started to click together a proxy-settings UI for Davdroid supporting HTTP-proxies. But the HTTP proxy of Orbot does not support the HTTP requests we use (http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/manual/POST-and-PUT.html), therefore only HTTPS DAV servers will work, no HTTP ones!
So it would be nice, if you could state that in the FAQ:
https://davdroid.bitfire.at/faq/entry/using-with-tor
But I think the usecase
DavDroid --> TOR --> http://davserver_xyz.onion
is very much worth supporting, because of the extremely easy set up of a self-hosted server (there is no need to generate certificates, end-to-end encryption is seamlessly provided by tor…).
So I think we have three options here:
I am very much in favour of 1) but what do you think (especially @rfc2822 )?
See you,
Richard