Orbot Your Twitter!

In some ways, Twitter is the perfect application to run over the Tor network. It works with small bits of data, it is asynchronous, works naturally in a “store and forward” queue model, and in general, has a decent amount of default security built-in through HTTP/S support and OAuth. Compared to the problem-child of the open web, which often involves large websites, streaming video, flash embeds, and malicious javascript, Twitter is a nearly perfect candidate for use over a secure, anonymous (but sometimes high latency) network. Add to the fact that Twitter is often blocked or monitored in many countrieswho do not care for free speech and human rights, and it becomes almost a necessity that you use it with a service like Tor.

WARNING AND DISCLAIMER: Twitter for Android is proprietary, closed-source software. Details of the implementation of proxy support have not been publicly disclosed or audited by a third-party at this time. In particular, resolution of hostnames via DNS may not be properly routed through Tor (this is a common issue with proxied software). In addition, through other permissions that Twitter for Android may have you on your device, there may be a strong ability to correlate identity between your registered Google Account and your activities on Twitter.

Until recently, in order to run Twitter for Android through Tor for Android, aka Orbot, you would need to root your device, or deal with complex proxy settings. However, as of last week, Twitter became one of the first and only major apps (aka 100M+ installs!) to add direct proxy support into their app, in a very easy to find and activate way.

UPDATE June 13, 2012: After a recent audit, we now recommend turning off the “Sync Data” option through Twitter’s Settings menu, under your registered Twitter account. This will stop push notifications from being sent, which are currently not handled by Orbot/Tor.

  1. Install and activate Orbot, open Twitter, tap the gear icon on the home screen.
  2. Check the “proxy” box, enter ‘localhost’ and ‘8118’.
  3. Open your account settings, and disable the “Sync Data” option to stop push notifications which cannot be proxied through Orbot/Tor.

See the screenshots below for a full walkthrough, and please spread the word to those in need.

 

Learn more and install apps

73 comments for “Orbot Your Twitter!

  1. 2012/05/03 at 4:39 am

    Whilst all the above is good and true, people shouldn’t make the mistake of thinking this means that they can access their anonymous Twitter account this way.

    Has it been tested to make sure it doesn’t leak DNS and doesn’t fall back to non-proxy activity under any circumstances? Has the protocol been sniffed to make sure there is no information sent over the communication channel such as the users location or IP address, or the phones IMEI or phone number etc?

    • n8fr8
      2012/05/03 at 8:09 am

      Thanks for the rightful concern, Mike. I think the excitement of Twitter adding this feature is beginning to be mitigated by the lack of clarity around how it was done. We’ve added a disclaimer to the post. In addition, we are working on a more formal audit.

      One thing we have already discovered is that there is a push notification mechanism that utilizes the internal Google push mechanism for Android (non SMS), to notify of new Tweets. It is likely this is not proxied. In general, since most Android devices are entirely registered and tracked through a Google identity, if a user is looking for anonymity or some sort of identity protection, it is recommended to use a clean or separate Google account to power an Android device.

      We hope/expect that developers will follow the best practices we’ve laid out in our ORlib project sample code, with regards to how HTTP or SOCKS proxying is implemented, but even within that context, and Java itself, there is lack of clarity in how, for example, a hostname String in a java.net.* package class could be turned into an IP Address.

      An interesting thing to note, is that most Android devices have a statically configured DNS setting pointing at Google DNS (8.8.8.8 etc).

      • Anonymous
        2013/11/17 at 10:38 am

        thanks.

  2. 2012/12/15 at 11:29 am

    good

  3. 2013/03/01 at 7:50 pm

    I tested the instruction above in Twidere, the FOSS twitter an status.net client ad It worked like a charm. Thank you and please add a note that using Free software is recommended when there is security wonders.

  4. max
    2013/03/29 at 5:59 am

    As you noted one priblem is that most android devices are tracked by google. So why are the tor apps not availanle through Amazon? And why is orweb the only one that can’t be installed on a sd card? I was thinking that if we had an anonymous Amazon account used only for apps and digital priducts (you can use giftcards and prepaid debit cards) then loaded all the privacy apps on a sd card. All you would have to do when travelling and subject to search is take the card out. Reset the device without any tor or privacy apps in evidence.

  5. 2013/04/20 at 8:04 pm

    Aaa

  6. 2013/04/22 at 8:32 pm

    Tank you

  7. 2013/05/30 at 2:01 am

    جميل

    • Anonymous
      2014/09/06 at 5:51 am

      Y

  8. vitka55
    2013/10/05 at 1:40 am

    Running Android 2.1.1. Cannot open apk s on my Nook. Pls advise. Already use DuckDuckGo and no locating turned on. Email is my biggest other vulnerability .

    Vitka

  9. ali
    2013/10/16 at 8:15 pm

    hi tor

  10. elaine
    2013/10/26 at 3:29 am

    中国浙江

    • Anonymous
      2014/11/27 at 5:54 am

      سلام

  11. mack
    2013/10/31 at 10:09 am

    Can we use a third party twitter app like tweetcaster and use Tor?

    • n8fr8
      2013/10/31 at 1:29 pm

      Only Twidere supports proxy settings, as far as we know. It is an excellent open-source third party client!

  12. 2013/11/14 at 12:31 pm

    Its nice

  13. jesus
    2013/11/15 at 12:52 am

    Se ve interesante lo voy a usar

  14. 2013/11/15 at 1:05 am

    Bueno

  15. 2013/11/15 at 1:07 am

    Bueno lo voy a probar se ve genial

  16. 2013/11/16 at 10:49 am

    No Se cómo usarlos porqué sigo todas las instrucciones y no puedo navegar ,,me pueden dar un dato opcional .gracias

    • 2014/03/30 at 7:33 am

      Twittera girmek istiyorum

  17. Anonymous
    2013/11/17 at 10:46 am

    what seems to be the problem Jesus? mala suerte . lo siento ..

  18. 2013/12/13 at 6:35 pm

    Men this is good

  19. ahmed abo ali
    2013/12/19 at 12:52 pm

    Only Twidere supports proxy settings, as far as we know. It is an excellent open-source third party client!

    • n8fr8
      2013/12/23 at 10:32 am

      The official Twitter app supports proxy settings.

  20. 2014/01/08 at 7:40 pm

    So I changed the proxy settings but now it says that it can’t retrieve any tweets??

    • Hans-Christoph Steiner
      2014/01/09 at 12:07 pm

      Sounds like something isn’t quite right with your setup. First, make sure that Orbot is running and says that it is connected to the tor network. Second, double-check your proxy settings in the Twitter app.

  21. zorayda
    2014/02/16 at 5:19 pm

    Voy a probar

  22. mvgh
    2014/03/10 at 5:35 am

    Thanks

  23. majid
    2014/03/10 at 8:41 pm

    Like

  24. 2014/03/11 at 7:12 am

    Sexy

  25. Ejmin
    2014/03/15 at 2:49 pm

    Orbot my facebook and twitter

    • Hans-Christoph Steiner
      2014/03/18 at 7:46 pm

      If the Facebook app has proxy settings, then it should be more or less the same procedure.

  26. farid
    2014/03/18 at 9:50 am

    Thanks

  27. Asu Asu
    2014/03/21 at 4:39 am

    Kimse Allah’ın müsade ettigini yapmamıza engel olamaz!

  28. 2014/03/23 at 6:47 pm

    I WANT TO USE TWITTER!

  29. Angela Maria Silva Matos
    2014/03/24 at 6:22 pm

    Muito bom esse aplicativo

  30. 2014/03/25 at 12:34 pm

    Merhaba

  31. bnglshdmir
    2014/03/26 at 7:36 pm

    açılmıyor yada beceremiyorum ((s3 mini))

  32. 2014/03/27 at 11:23 am

    Kaya

  33. 2014/03/30 at 7:32 am

    Giriş.

  34. oguz
    2014/03/31 at 10:36 am

    Thanks

  35. Jani
    2014/03/31 at 5:21 pm

    Do I set up from my mobile Twitter app OR do I need to sign in and change proxy thru the web?
    I can easily change thru mobile Twitter BUT thru web I cannot see the capcha words to authenticate. Is it OK to use with my WI-FI? Lastly is there a way to be SURE I’ve set it up correctly? A test to do or place to look to see what is showing as IP address? Thank you!

  36. Jani
    2014/03/31 at 5:25 pm

    Last note, I’m on Android, latest version 4.2 or 4.3 on Samsung Galaxy S3 and Samsung Galaxy tablet 2. So far, THIS IS THE BEST I’VE SEEN AND EASY for a novice like me! Great product!

  37. H.Yousefi
    2014/04/01 at 4:58 am

    good.

    • Budi Tukang123
      2014/09/25 at 12:15 pm

      Bantuan orbot

  38. 2014/04/01 at 8:26 pm

    Very good

  39. Beanz23
    2014/04/15 at 4:28 am

    Need to learn all I can

  40. Federico
    2014/04/26 at 11:50 am

    Cada que entro a su pagina me dice que este sitio puede dañar mi dispocitivo, por que.

  41. Jonathan Bootland
    2014/05/10 at 7:15 pm

    Why does Orbot, once.installed, insist on ignoring the fact that I already have Duck Duck Go and Securechat installed as well? There’s no poiby if it won’t let me use the canned thing!

  42. Raja
    2014/05/16 at 3:50 pm

    Can I use “localhost” and “8118” in another app where such setting is allowed and will it work? E.g. A torrent client for android? Thanks.

    • Hans-Christoph Steiner
      2014/06/05 at 6:45 pm

      Yes, any app that supports an HTTP Proxy can use the localhost:8118 settings. If an app supports a SOCKS Proxy, that is even better! For SOCKS, use localhost:9050.

  43. 2014/07/06 at 12:00 am

    اسونترین راه برای دیدن فیلم زناشوی ازیوتیبه

  44. Ali
    2014/07/18 at 6:06 pm

    Very good

  45. 2014/07/21 at 3:38 pm

    Ahm ahm

  46. 2014/07/21 at 3:39 pm

    Sori yo good

  47. alireza.nadafi
    2014/07/23 at 5:27 pm

    like this 😉

  48. Nina
    2014/08/01 at 10:23 am

    Good

  49. 2014/08/19 at 3:45 pm

    I need you

  50. junaid
    2014/09/07 at 11:46 am

    thanks

  51. 2014/09/13 at 12:05 pm

    هلا

  52. m.m
    2014/09/29 at 8:49 am

    tnx

  53. 2014/10/03 at 4:02 pm

    Good

  54. jack
    2014/10/08 at 5:45 am

    Thank,so.that’s great

  55. محمدعلی
    2014/11/24 at 9:38 pm

    I’m fasbook love mi.problem,noting connection,is filtering

    • محمدعلی
      2014/11/24 at 9:46 pm

      میخوام فیسبوک یا یوتیوب رو بازکنم وببینم .فیلترشکن هم دانلود کردم ولی نمیشه که نمیشه.راهنمایی وکمک

      • داش مجید
        2016/04/04 at 4:22 am

        برو تو تنظیمات orbot حالتvpnرو فعال کن

  56. JustMe
    2015/02/24 at 9:39 am

    Hello.

    I got twitter notifications even if my Orbot is disabled. I have all sync disabled and twitter doesn’t work without TOR but the notifications make me concern. Is it safe to use it?

  57. 杨子慧
    2016/04/16 at 10:50 pm

    非常喜欢Twitter,希望在此能了解更多的信息,感谢它丰富我的生活,非常感谢thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *