EnGarde! The Guardian Project Podcast: Episode 1

EnGarde! is our first attempt at creating a regular podcast, providing updates right from the mouth of the Guardian Project team.

In today’s inaugural episode, @n8fr8 (Guardian Project Director, Nathan Freitas) provides an update on the Orfox->Tor Browser transition, latest release of Orbot, the new work on orbotmini, Matrix, and a few other exciting new efforts.

EnGarde! Episode 1

NetCipher update: global, SOCKS, and TLSv1.2

NetCipher has been relatively quiet in recent years, because it kept on working, doing it was doing. Now, we have had some recent discoveries about the guts of Android that mean NetCipher is a lot easier to use on recent Android versions. On top of that, TLSv1.2 now reigns supreme and is basically everywhere, so it is time to turn TLSv1.0 and TLSv1.1 entirely off. A single method to enable proxying for the whole app As of Android 8. [Read More]

Orbot: Over 20 Million Served, Ready for the Next Billion

We recently published the latest release of Orbot (16.0.2!), and as usual, we make it available via Google Play, as well F-Droid, and through direct download on our website. Whether we like it or not, Google keeps tracks of things like total installs and active installs (i.e. not uninstalled), and reports on that for us through their dashboard. While publishing this release, we noticed a milestone that made us a bit proud… so pardon this humblebrag. [Read More]

Orbot v16: a whole new look, and easier to use!

Orbot: Tor for Android has a new release (tag and changelog), with a major update to the user experience and interface. This is the 16th major release of Orbot, since it was launched in late 2009. The main screen of the app now looks quite different, with all the major features and functions exposed for easy access. We have also added a new onboarding setup wizard for first time users, that assists with configuring connections to the Tor network for users in places where Tor itself is blocked. [Read More]

Automatic, private distribution of our test builds

One thing we are very lucky to have is a good community of people willing to test out unfinished builds of our software. That is a very valuable contribution to the process of developing usable, secure apps. So we want to make this process as easy as possible while keeping it as secure and private as possible. To that end, we have set up an FDroid repository of apps generated from the test builds that our build server generates automatically every time we publish new code. [Read More]

Orweb Security Advisory: Possible IP leakage with HTML5 video/audio

The Orweb browser app is vulnerable to leak the actual IP of the device it is on, if it loads a page with HTML5 video or audio tags on them, and those tags are set to auto-start or display a poster frame. On some versions of Android, the video and audio player start/load events happen without the user requesting anything, and the request to the URL for the media src or through image poster is made outside of the proxy settings. [Read More]
orbot  orweb  tor 

The Only Way to Visit Strongbox on a Phone

The New Yorker magazine just launched Strongbox, a whistleblower submission system that’s hosted on a hidden website. There’s only one way to access the hidden site on a phone or tablet, and that’s with our Orweb app. Here’s a simple breakdown of how to do securely and anonymously blow the whistle, explained in an interactive tutorial: Visit guardianproject.info/howto/strongbox for an interactive tutorial on using Strongbox on your phone. The website exists as a hidden site on what is widely known as the darknet, since you are going there hidden or “in the dark. [Read More]

Voice over Tor?

Voice calls over Tor are supposed to be impossible. It seems this may no longer be the case. Without being able to do voice over IP (VOIP) conversations over the Tor network, people are prevented from being able to route calls outside of censored networks. People ask us if there is any way they can route voice traffic through Tor to avoid blocks. To our surprise, we tested Skype and found that it can work acceptably over Orbot. [Read More]
orbot  tor  voice  voip 

Sometimes the best solution is a library, not an app

Our general approach to software development starts with surveying existing solutions that are available and in use, to see if there is already enough of an ecosystem or whether we need to seed that. When there is already an adundance of tools and apps out there, we work to find the good ones, provide feedback and auditing, and then build apps and tools to fill in any gaps. For example, this was our approach in the Open Secure Telephony Network. [Read More]

Orbot Update: New Setup Wizard at Startup

We’ve been working away at the 0.0.9 release of Orbot over the last few months, and have put a decent amount of effort into usability. Specifically, we hoped to better communicate to users what it means to run Tor on your Android phone. In addition, we wanted to clearly lay out how the various configuration options help to improve your mobile web anonymity and ability to circumvent web filters and tracking by your mobile service provider. [Read More]

Ultimate Droid and Orbot

The InsecureSystem blog has a nice write-up on how to get Orbot running on your Droid: I’ve always been a supporter of net privacy and Tor in particular, and a friend of mine got me interested in the guardian project, so I grabbed the beta version of Orbot just to try it out.. sweet, tor from my phone. Unfortunately the Smoked Glass Rom I was using didn’t support the Iptables modules necessary for the transparent proxy method orbot used for tunnelling apps through privoxy/tor. [Read More]
droid  orbot 

Orbot main screen redesign

Here’s a few screenshots of the new “ACTIVATE ORBOT!” user interface. Just polishing up some of the features and doing a last few days of diligent testing before we release to the wider public. Overall, we want Tor on Android to be a one touch type experience, while still offering all the necessary options for configuration of bridges, rate limiting, etc. The coolest Android-only feature, which unfortunately requires your device to be rooted, is the ability to choose which apps on your device will be “Torified” automatically and transparently. [Read More]