In some ways, Twitter is the perfect application to run over the Tor network. It works with small bits of data, it is asynchronous, works naturally in a “store and forward” queue model, and in general, has a decent amount of default security built-in through HTTP/S support and OAuth. Compared to the problem-child of the open web, which often involves large websites, streaming video, flash embeds, and malicious javascript, Twitter is a nearly perfect candidate for use over a secure, anonymous (but sometimes high latency) network. Add to the fact that Twitter is often blocked or monitored in many countrieswho do not care for free speech and human rights, and it becomes almost a necessity that you use it with a service like Tor.
WARNING AND DISCLAIMER: Twitter for Android is proprietary, closed-source software. Details of the implementation of proxy support have not been publicly disclosed or audited by a third-party at this time. In particular, resolution of hostnames via DNS may not be properly routed through Tor (this is a common issue with proxied software). In addition, through other permissions that Twitter for Android may have you on your device, there may be a strong ability to correlate identity between your registered Google Account and your activities on Twitter.
Until recently, in order to run Twitter for Android through Tor for Android, aka Orbot, you would need to root your device, or deal with complex proxy settings. However, as of last week, Twitter became one of the first and only major apps (aka 100M+ installs!) to add direct proxy support into their app, in a very easy to find and activate way.
UPDATE June 13, 2012: After a recent audit, we now recommend turning off the “Sync Data” option through Twitter’s Settings menu, under your registered Twitter account. This will stop push notifications from being sent, which are currently not handled by Orbot/Tor.
- Install and activate Orbot, open Twitter, tap the gear icon on the home screen.
- Check the “proxy” box, enter ‘localhost’ and ‘8118’.
- Open your account settings, and disable the “Sync Data” option to stop push notifications which cannot be proxied through Orbot/Tor.
See the screenshots below for a full walkthrough, and please spread the word to those in need.
- Orbot and Twitter now work together easily, thanks to new simple proxy settings feature in Twitter for Android
- When you setup Orbot, your device does not need root or “superuser” access in order to work with Twitter, or with other apps like Gibberbot (Chat) or ORWeb (safe web access)
- Orbot by default provides an HTTP proxy server on “localhost” and port 8118
- In the Twitter app account sign in screen, click the small gear icon to open proxy settings
- Enable the proxy, set Proxy Host to ‘localhost’ and Proxy Port to ‘8118’
- You can also modify Proxy settings in the app via Menu->Settings
- You can use the app just the same as before, but now through Tor!
- With searches, you may need to try a few times for them to go through
- #OrbotYourTwitter!
Learn more and install apps
- Twitter for Android: Google Play
- Orbot: Tor for Android: Google Play or direct download via TorProject.org
- Learn more about how Tor works or just watch the video below!
Whilst all the above is good and true, people shouldn’t make the mistake of thinking this means that they can access their anonymous Twitter account this way.
Has it been tested to make sure it doesn’t leak DNS and doesn’t fall back to non-proxy activity under any circumstances? Has the protocol been sniffed to make sure there is no information sent over the communication channel such as the users location or IP address, or the phones IMEI or phone number etc?
Thanks for the rightful concern, Mike. I think the excitement of Twitter adding this feature is beginning to be mitigated by the lack of clarity around how it was done. We’ve added a disclaimer to the post. In addition, we are working on a more formal audit.
One thing we have already discovered is that there is a push notification mechanism that utilizes the internal Google push mechanism for Android (non SMS), to notify of new Tweets. It is likely this is not proxied. In general, since most Android devices are entirely registered and tracked through a Google identity, if a user is looking for anonymity or some sort of identity protection, it is recommended to use a clean or separate Google account to power an Android device.
We hope/expect that developers will follow the best practices we’ve laid out in our ORlib project sample code, with regards to how HTTP or SOCKS proxying is implemented, but even within that context, and Java itself, there is lack of clarity in how, for example, a hostname String in a java.net.* package class could be turned into an IP Address.
An interesting thing to note, is that most Android devices have a statically configured DNS setting pointing at Google DNS (8.8.8.8 etc).
thanks.
good
I tested the instruction above in Twidere, the FOSS twitter an status.net client ad It worked like a charm. Thank you and please add a note that using Free software is recommended when there is security wonders.
西方国家加班
As you noted one priblem is that most android devices are tracked by google. So why are the tor apps not availanle through Amazon? And why is orweb the only one that can’t be installed on a sd card? I was thinking that if we had an anonymous Amazon account used only for apps and digital priducts (you can use giftcards and prepaid debit cards) then loaded all the privacy apps on a sd card. All you would have to do when travelling and subject to search is take the card out. Reset the device without any tor or privacy apps in evidence.
You can download our apps directly as APKs via https here: https://guardianproject.info/releases
or using F-Droid. Learn more here: https://guardianproject.info/2012/03/15/our-new-f-droid-app-repository/
Not sure why Orweb can’t be installed on an SDCard. Will look into that in the next release.
We will look into using Amazon as a distribution option.
Aaa
Tank you
جميل
Y
Running Android 2.1.1. Cannot open apk s on my Nook. Pls advise. Already use DuckDuckGo and no locating turned on. Email is my biggest other vulnerability .
Vitka
hi tor
中国浙江
سلام
Can we use a third party twitter app like tweetcaster and use Tor?
Only Twidere supports proxy settings, as far as we know. It is an excellent open-source third party client!
Its nice
Se ve interesante lo voy a usar
Bueno
Bueno lo voy a probar se ve genial
No Se cómo usarlos porqué sigo todas las instrucciones y no puedo navegar ,,me pueden dar un dato opcional .gracias
Twittera girmek istiyorum
what seems to be the problem Jesus? mala suerte . lo siento ..
Men this is good
Only Twidere supports proxy settings, as far as we know. It is an excellent open-source third party client!
The official Twitter app supports proxy settings.
So I changed the proxy settings but now it says that it can’t retrieve any tweets??
Sounds like something isn’t quite right with your setup. First, make sure that Orbot is running and says that it is connected to the tor network. Second, double-check your proxy settings in the Twitter app.
Had the same problems as Julie I unticked http box next to proxi setting then reticked and now it runs fine is that the Wright way ? Running Twitter through the latest Android tor app 2018 Cheers
Voy a probar
Thanks
Like
Sexy
Orbot my facebook and twitter
If the Facebook app has proxy settings, then it should be more or less the same procedure.
Thanks
Kimse Allah’ın müsade ettigini yapmamıza engel olamaz!
I WANT TO USE TWITTER!
Muito bom esse aplicativo
Merhaba
açılmıyor yada beceremiyorum ((s3 mini))
Kaya
Giriş.
Thanks
Do I set up from my mobile Twitter app OR do I need to sign in and change proxy thru the web?
I can easily change thru mobile Twitter BUT thru web I cannot see the capcha words to authenticate. Is it OK to use with my WI-FI? Lastly is there a way to be SURE I’ve set it up correctly? A test to do or place to look to see what is showing as IP address? Thank you!
Last note, I’m on Android, latest version 4.2 or 4.3 on Samsung Galaxy S3 and Samsung Galaxy tablet 2. So far, THIS IS THE BEST I’VE SEEN AND EASY for a novice like me! Great product!
good.
Bantuan orbot
Very good
Need to learn all I can
Cada que entro a su pagina me dice que este sitio puede dañar mi dispocitivo, por que.
Why does Orbot, once.installed, insist on ignoring the fact that I already have Duck Duck Go and Securechat installed as well? There’s no poiby if it won’t let me use the canned thing!
Can I use “localhost” and “8118” in another app where such setting is allowed and will it work? E.g. A torrent client for android? Thanks.
Yes, any app that supports an HTTP Proxy can use the localhost:8118 settings. If an app supports a SOCKS Proxy, that is even better! For SOCKS, use localhost:9050.
اسونترین راه برای دیدن فیلم زناشوی ازیوتیبه
Very good
Ahm ahm
Sori yo good
like this 😉
Good
I need you
thanks
هلا
tnx
Good
Thank,so.that’s great
I’m fasbook love mi.problem,noting connection,is filtering
میخوام فیسبوک یا یوتیوب رو بازکنم وببینم .فیلترشکن هم دانلود کردم ولی نمیشه که نمیشه.راهنمایی وکمک
برو تو تنظیمات orbot حالتvpnرو فعال کن
Hello.
I got twitter notifications even if my Orbot is disabled. I have all sync disabled and twitter doesn’t work without TOR but the notifications make me concern. Is it safe to use it?
非常喜欢Twitter,希望在此能了解更多的信息,感谢它丰富我的生活,非常感谢thanks!
Russia troll army mission accomplished:
https://techcrunch.com/2015/03/02/twitter-tor-phone-verification
Why they just allow users to decide to see or hide anonymous users posts
Now you always have fear twitter and its stuff to has not became property of dictators club
Now you always have fear that twitter and its staff has became property of dictators club (or was from beginning). just make trouble and they will get your number