September 2018 Update!
Since 2015, Orfox has been the only mobile app recommended by the Tor Project to utilize the privacy protections of Tor on Android. The Tor Project has launched an official browser, Tor Browser for Android, now in its alpha release. Orfox will be sunsetted by early 2019 when the stable Tor Browser for Android comes out. To experience real private browsing without tracking, surveillance, or censorship, download Tor Browser for Android from Google Play here: https://play.google.com/store/apps/details?id=org.torproject.torbrowser_alpha.
You will still be able to use Orbot to route the traffic of all your other apps on Android over Tor.
Orfox is built from the same source code as Tor Browser (which is built upon Firefox), but with a few minor modifications to the privacy enhancing features to make them compatible with Firefox for Android and the Android operating system.
In as many ways as possible, we adhere to the design goals of Tor Browser (https://www.torproject.org/projects/torbrowser/design/), by supporting as much of their actual code as possible, and extending their work into the additional Android components of Firefox for Android.
The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
Where can I find all the relevant Orfox project pieces?
- The Orfox project tracker roadmap is here: https://dev.guardianproject.info/projects/orfox-private-browser/roadmap
- The Orfox branch of the Tor Browser repository is here: http://github.com/guardianproject/tor-browser
- The Orfox build project is here: https://github.com/guardianproject/orfoxfennec
- The primary Tor Browser repository is here: https://gitweb.torproject.org/tor-browser.git/
- Automated debug builds of Orfox alpha are available via F-Droid here (install F-Droid on your phone, then copy/paste or open the link to add the repo):https://dev.guardianproject.info/debug/info.guardianproject.orfox/fdroid/repo
How is Orfox different than Tor Browser for desktop?
Orfox is built from the same source code as Tor Browser (which is built upon Firefox), but with a few minor modifications to the privacy enhancing features to make them compatible with Firefox for Android and the Android operating system. In as many ways as possible, we will adhere to the design goals of Tor Browser (https://www.torproject.org/projects/torbrowser/design/), by supporting as much of their actual code as possible, and extending their work into the additional AF-Droid appndroid components of Firefox for Android.
- The Orfox code repository is at https://github.com/guardianproject/tor-browser and the Tor Browser repository is here:https://gitweb.torproject.org/tor-browser.git/. The Orfox repository is a fork of the Tor Browser repository with the necessary modification and Android-specific code as patches on top of the Tor Browser work. We will keep our repository in sync with updates and release of Tor Browser.
- Orfox is built from the Tor Browser repo based on ESR38 (https://dev.guardianproject.info/issues/5146https://dev.guardianproject.info/news/221) and has only two modified patches that were not relevant or necessary for Android
- Orfox does not currently include the mobile versions of HTTPS Everywhere, No Script and the Tor Browser Button, but these we will be added shortly, now that we have discovered how to properly support automatic installation of extensions on Android (https://dev.guardianproject.info/issues/5360)
- Orfox includes a “Request Mobile Site” option that allows you to change the user-agent from the standard Tor Browser agent to a modified Android specific one: “Mozilla/5.0 (Android; Mobile; rv:31.0) Gecko/20100101 Firefox/31.0”. (https://dev.guardianproject.info/issues/5404). This is useful for being able to see the mobile version of a website, but does reduce the amount your browser blends in with other browsers.
- Orfox currently allows for users to bookmark sites, and may have additional data written to disk beyond what the core gecko browser component does. We are still auditing all disk write code, and determining how to appropriately disable or harden it. (https://dev.guardianproject.info/issues/5437)
- Orfox cannot yet be built deterministically, but based on work with the FDroid project, we are aiming for this to be possible in the next year (https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds)
How is Orfox different than Firefox for Android?
Beyond the core Tor Browser components, Orfox also must ensure all Android-specific code is properly routed through the Tor proxy, and otherwise hardened to protect against data and privacy leaks.
- Orfox adds patches at the Android Java code layer to enable proxying of all Java network HTTP communications through the local Orbot HTTP proxy (HTTP localhost:8118 for now, but moving to SOCKS). (https://dev.guardianproject.info/issues/5235 https://dev.guardianproject.info/issues/5317)
- Orfox removes the Android permissions for Contacts, Camera, Microphone, Location and NFC (https://dev.guardianproject.info/issues/3822) since the capability of using these features are not in line with the spirit of Tor Browser
- Orfox removes features like WebRTC and support for interaction with Chromecasts or Roku devices, since this type of communication is not compatibility with proxying communication through a TCP-based network like Tor (https://dev.guardianproject.info/issues/5358https://dev.guardianproject.info/issues/5357)
How is Orfox different than Orweb?
- Orweb is our current default browser for Orbot/Tor mobile users (https://guardianproject.info/apps/orweb) that has been downloaded over 2 million times. It is VERY VERY SIMPLE, as it only has one tab, no bookmark capability, and an extremely minimal user experience.
- Orweb is built upon the bundled WebView (Webkit) browser component inside of the Android operating system. This has proven to be problematic because we cannot control the version of that component, and cannot upgrade it directly when bugs are found. In addition, Google has made it very difficult to effectively control the network proxy settings of all aspects of this component, making it difficult to guarantee that traffic will not leak on all devices and OS versions.
- Orweb also only provides a very limited amount of capability of Tor Browser, primarily related to reducing browser fingerprinting, minimizing disk writes, and cookie and history management. It trys to mimic some of the settings of Tor Browser, but doesn’t actually use any of the actual code written for Tor Browser security hardening.
- Orweb does have an advantage which is that it less than 2MB while Orfox is in the 25-30MB range. This is primarily because Orweb relies on many components built into Android, so it does not need to bundle them. Orfox contains the full stack of code necessary for a complete browser, and thus is more secure and dependable, but also larger. The Mozilla Mobile team is working on reducing the size of their binaries, and the Orfox team is focused on this, as well, since we are disabling some of the components that have contributed the browser bloat.