Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:34:38Zhttps://gitlab.torproject.org/legacy/trac/-/issues/18854Orfox's UserAgent different than other TBB2020-06-15T23:34:38ZTracOrfox's UserAgent different than other TBBhttps://tor.stackexchange.com/questions/4890/tor-browser-user-agent-strings
Currently, TBB use Windows UA as a default.
(tested with latest TBB, if I'm a mistake correct me with latest data.)
Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko...https://tor.stackexchange.com/questions/4890/tor-browser-user-agent-strings
Currently, TBB use Windows UA as a default.
(tested with latest TBB, if I'm a mistake correct me with latest data.)
Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
However, Orfox use Android itself.
Mozilla/5.0 (Android; Mobile; rv:38.0) Gecko/38.0 Firefox/38.0
Even Orfox is for Android smartphone,
I think Orfox should use default TBB's UA for anti-fingerprint.
**Trac**:
**Username**: ikurua22Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/18858Orfox won't quit.2017-04-18T06:30:09ZTracOrfox won't quit.From about a few months ago.
1. Open Orfox.
2. Tap =.
3. Tap "Quit" from long menu,
4. Orfox never quit.
Android 4.x + Latest Orfox from FDroid.
Did you notice this bug?
**Trac**:
**Username**: ikurua22From about a few months ago.
1. Open Orfox.
2. Tap =.
3. Tap "Quit" from long menu,
4. Orfox never quit.
Android 4.x + Latest Orfox from FDroid.
Did you notice this bug?
**Trac**:
**Username**: ikurua22Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/18975Orbot connection bug2016-05-05T10:27:21ZTracOrbot connection bugWhen i start up Orbot it gets to 100% fine with vpn and bridge on but no browsers connect to the check connection webpage or any other pages. I have tried not using bridge and not using vpn but still cant access them. I also tried changi...When i start up Orbot it gets to 100% fine with vpn and bridge on but no browsers connect to the check connection webpage or any other pages. I have tried not using bridge and not using vpn but still cant access them. I also tried changing location to see if that would fix it but it didnt. I have also uninstalled Orbot and Orfox then reinstalled but still nothing. Not sure what else to try.
**Trac**:
**Username**: LemonlemonzNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/19928Orbot and Orfox slow update cicle2016-08-18T15:00:13ZTracOrbot and Orfox slow update cicleOrbot and Orfox have a very slow update cicle, maybe dormant?
it is harmfull to users
**Trac**:
**Username**: f451022Orbot and Orfox have a very slow update cicle, maybe dormant?
it is harmfull to users
**Trac**:
**Username**: f451022Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/21025Orbot Problem on Nexus 6P2017-07-16T07:12:26ZTracOrbot Problem on Nexus 6PSo when I try to connect to any of the prebuilt bridges in Orbot, for example meek amazon, I get this error:
Set background service to FOREGROUND
Orbot is starting…
Orbot is starting…
updating settings in Tor service
Using meek bri...So when I try to connect to any of the prebuilt bridges in Orbot, for example meek amazon, I get this error:
Set background service to FOREGROUND
Orbot is starting…
Orbot is starting…
updating settings in Tor service
Using meek bridges updating torrc custom configuration...
torrc.custom=ControlPortWriteToFile /data/data/org.torproject.android/app_bin/control.txt SOCKSPort 9050
SafeSocks 0
TestSocks 0
WarnUnsafeSocks 1
TransPort 9040
DNSPort 5400
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
DisableNetwork 0
Log debug syslog
Log info syslog
SafeLogging 0
UseBridges 1
ClientTransportPlugin meek_lite exec /data/data/org.torproject.android/app_bin/obfs4proxy
Bridge meek_lite 0.0.2.0:2 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com
GeoIPFile /data/data/org.torproject.android/app_bin/geoip
GeoIPv6File /data/data/org.torproject.android/app_bin/geoip6
StrictNodes 0
success.
Orbot is starting…
/data/data/org.torproject.android/app_bin/tor DataDirectory
/data/data/org.torproject.android/app_data --defaults-torrc
/data/data/org.torproject.android/app_bin/torrc -f /data/data/org.torproject.android/app_bin/torrc.custom
Waiting for control port...
Reading control port config file: /data/data/org.torproject.android/app_bin/control.txt
Connecting to control port: 47318
SUCCESS connected to Tor control port.
SUCCESS - authenticated to control port.
Starting Tor client… complete.
adding control port event handler
SUCCESS added control port event handler
Tor started; process id=14203
Starting polipo process
Polipo is running on port:8118
Polipo is running
WARN: The communication stream of managed proxy '/data/data/org.torproject.android/app_bin/obfs4proxy' is 'closed'. Most probably the managed proxy stopped running. This might be a bug of the managed proxy, a bug of Tor, or a misconfiguration. Please enable logging on your managed proxy and check the logs for errors.
Circuit (1) LAUNCHED: NOTICE:
Bootstrapped 5%: Connecting to directory server orConnStatus (0.0.2.0:2): LAUNCHED
WARN: We were supposed to connect to bridge '0.0.2.0:2' using pluggable transport 'meek_lite', but we can't find a pluggable transport proxy supporting 'meek_lite'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
WARN: Problem bootstrapping.
Stuck at 5%: Connecting to directory server. (Can't connect to bridge; PT_MISSING; count 1; recommendation warn; host 0000000000000000000000000000000000000000 at 0.0.2.0:2)
Circuit (1) FAILED: ONEHOP_TUNNEL > S_INTERNAL > EED_CAPACITY
I am currently using a Nexus 6p on android 7.1 and I can use the bridges given by bridges.torproject.org but still can't use the prebuilt meek, obfs4, or scramblesuit ones..
**Trac**:
**Username**: Orbot ProblemsNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/21083Socket exception in Android client2017-07-16T07:12:22ZTracSocket exception in Android clientDear All,
We are using Android client with Orbot to securely upload video to our server (Spring boot with Nginx), when user select the secure mode. When we are using normal mode the video get uploaded but in secure mode it...Dear All,
We are using Android client with Orbot to securely upload video to our server (Spring boot with Nginx), when user select the secure mode. When we are using normal mode the video get uploaded but in secure mode it uploaded the video but showing "Error while uploading". This only happens in case of orbot.
Thanks,
Om
**Trac**:
**Username**: omvermaNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/21400Samsung Note 10.12017-07-16T07:12:16ZTracSamsung Note 10.1I'm on a Samsung Note 10.1 and have downloaded the tor orbot application for this device. Im having an issue though where it keepsnstating that orbot has stopped working. Is there something I am missing?
I have the N8013 model with the ...I'm on a Samsung Note 10.1 and have downloaded the tor orbot application for this device. Im having an issue though where it keepsnstating that orbot has stopped working. Is there something I am missing?
I have the N8013 model with the 4.1.2 android os.
**Trac**:
**Username**: LunarWolfNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/21504work2017-02-20T16:15:11ZTracwork
**Trac**:
**Username**: skabr
**Trac**:
**Username**: skabrNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/22551F-Droid's Orfox APK file not updated to Tor Browser 7.0 yet2020-06-15T23:44:48ZcypherpunksF-Droid's Orfox APK file not updated to Tor Browser 7.0 yetThe rebranded Tor Browser, dubbed "Orfox", which is just TBB with some tiny patches against it for differences between Android's "Bionic" libc and the glibc that normal Tor Browser uses, is a year out of date.
Expected behaviour: when h...The rebranded Tor Browser, dubbed "Orfox", which is just TBB with some tiny patches against it for differences between Android's "Bionic" libc and the glibc that normal Tor Browser uses, is a year out of date.
Expected behaviour: when https://blog.torproject.org/blog/tor-browser-70-released was posted saying that Tor Browser for Android had been updated to disable RtspMediaResource (meaning https://trac.torproject.org/projects/tor/ticket/19078 was fixed), it should be possible to get the updated version.
Actual behaviour: it is not possible to get the update
Steps to reproduce: replace proprietary backdoored Google Play with F-Droid. See official Tor blog advertising an update for Android, with no way to get said update.
Many journalists and whistleblowers in third world countries can't afford a laptop and therefor must rely on Orfox. For their sake please try to at least release updates when critical zero day vulnerabilities come out. Your work is very appreciated, please keep at it.
There's no Orfox component to choose, presumably because it's almost exactly the same codebase as Tor Browser, so I'm putting this under Tor Browser.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/22935Disable SSL alert when visiting .onion HTTPS.2017-08-15T15:14:14ZcypherpunksDisable SSL alert when visiting .onion HTTPS."We are not sure that the connection is secure" < something like this message.
Can't you just add an option to disable HTTPS warnings while FQDN is .onion?
I'm using self-signed certificate for proprietary server on .onion."We are not sure that the connection is secure" < something like this message.
Can't you just add an option to disable HTTPS warnings while FQDN is .onion?
I'm using self-signed certificate for proprietary server on .onion.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/22949Add some IP-HOST pair for meek use2018-09-21T22:58:32ZcypherpunksAdd some IP-HOST pair for meek use1. I want to use meek.
2. My network is blocking DNS request.
Please consider adding some IP:PORT pair to Orbot itself.
Current behavior:
Orbot: "Hey DNS, resolve www.google.com(for domain fronting)"
DNS: "Reject!"
Orbot: "Hey user, y...1. I want to use meek.
2. My network is blocking DNS request.
Please consider adding some IP:PORT pair to Orbot itself.
Current behavior:
Orbot: "Hey DNS, resolve www.google.com(for domain fronting)"
DNS: "Reject!"
Orbot: "Hey user, you can't connect!!"
Expected behavior:
Orbot: "Hey DNS, resolve www.google.com(for domain fronting)"
DNS: "Reject!"
Orbot: "Then I'll try 120.130.140.150(www.google.com's IP addr.)"
Orbot: Trying to connect: 120.130.140.150:443 with "Host: google.com".
Orbot: Success. Fuck DNS :)
I'm not joking. By adding valid IP address into Orbot core, user
can access to Tor network even DNS is blocked.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/23051Orfox is dead. Insecure. Switch to Mozilla Firefox Android.2017-07-28T16:07:16ZcypherpunksOrfox is dead. Insecure. Switch to Mozilla Firefox Android.Mozilla/5.0 (Android; Mobile; rv:38.0) Gecko/38.0 Firefox/38.0
1. Too old.
2. Can identifiable via screen width and height.
3. 5 vulns.Mozilla/5.0 (Android; Mobile; rv:38.0) Gecko/38.0 Firefox/38.0
1. Too old.
2. Can identifiable via screen width and height.
3. 5 vulns.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/23144Orfox UserAgent is very old. Please upgrade to modern version (52 or above).2020-06-13T06:39:37ZcypherpunksOrfox UserAgent is very old. Please upgrade to modern version (52 or above).Version 38 is way old, and some websites are blocking Orfox because the UserAgent is old. Please consider updating Orfox with latest useragent.Version 38 is way old, and some websites are blocking Orfox because the UserAgent is old. Please consider updating Orfox with latest useragent.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/23145Orfox UserAgent is very old. Please upgrade to modern version (52 or above).2017-08-21T23:11:31ZcypherpunksOrfox UserAgent is very old. Please upgrade to modern version (52 or above).Version 38 is way old, and some websites are blocking Orfox because the UserAgent is old. Please consider updating Orfox with latest useragent.Version 38 is way old, and some websites are blocking Orfox because the UserAgent is old. Please consider updating Orfox with latest useragent.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/23274Rebase using Firefox Klar2017-08-21T14:48:56ZcypherpunksRebase using Firefox KlarWhen do you update old Orfox to 55 ESR or Klar?When do you update old Orfox to 55 ESR or Klar?Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/23289Improving HS reachability for Orbot/Android users2020-06-13T15:12:52ZNathan FreitasImproving HS reachability for Orbot/Android usersOrbot received a pull request here: https://github.com/n8fr8/orbot/pull/83 with proposed modifications to improve reachability of an HS running on the device. We asked Michael Rogers from the Briar Project to review this proposal, since ...Orbot received a pull request here: https://github.com/n8fr8/orbot/pull/83 with proposed modifications to improve reachability of an HS running on the device. We asked Michael Rogers from the Briar Project to review this proposal, since his team has done the most with HS on mobile. The PR details and his comments are inline below.
While these improvements seem worthwhile from a usability perspective, there are concerns about impact on anonymity, as always.
****
The issue at the moment is that while the device is sleeping for long
periods of time, it is possible for the HS to become unreachable as a
result of Tor detecting a clock jump of length greater than
`NUM_JUMPED_SECONDS_BEFORE_WARN` (100 seconds) upon waking up, which
then closes all circuits. Another issue is that if the device was woken
up by incoming network traffic, the device only stays awake for about a
second before going back to sleep, which isn't enough time for Tor to
rebuild the intro circuits, and thus the HS is no longer reachable until
Tor is able to rebuild the circuits.
I attempt to improve this situation in two ways:
1. Increase `NUM_JUMPED_SECONDS_BEFORE_WARN` from 100 seconds to 600
seconds to avoid triggering the clock-jumped-close-all-circuits code
every time the device wakes up from sleep.
2. Add a new command (`MARKCONNFORWAKELOCK`) and event (`WAKELOCK`) to
the control port to allow Tor to synchronously signal Orbot to hold wake
lock on behalf of Tor (since it isn't possible to hold a wake lock from
native code). A wake lock is acquired at the start of a event callback,
then released when libevent returns from its event loop when there are
no active events. This prevents the device from sleeping when Tor still
has work to do.
****
Comments from Michael@BriarProject:
Thanks for passing this on. I've also been looking into this problem
lately. Comments inline below.
On 11/08/17 12:00, Nathan of Guardian wrote:
1. Increase `NUM_JUMPED_SECONDS_BEFORE_WARN` from 100 seconds to 600
seconds to avoid triggering the clock-jumped-close-all-circuits code
every time the device wakes up from sleep.
Is there something that makes 600 seconds qualitatively better than 100
seconds, or is this just a workaround for short sleeps?
2. Add a new command (`MARKCONNFORWAKELOCK`) and event (`WAKELOCK`) to
the control port to allow Tor to synchronously signal Orbot to hold wake
lock on behalf of Tor (since it isn't possible to hold a wake lock from
native code). A wake lock is acquired at the start of a event callback,
then released when libevent returns from its event loop when there are
no active events. This prevents the device from sleeping when Tor still
has work to do.
I like the underlying idea here, but this way of implementing it seems
risky.
The problem is that Tor is driven by two kinds of events: incoming
network traffic and libevent timers. When the device is asleep, incoming
traffic will briefly wake it, so you can grab a wake lock until Tor
finishes its work. But if a libevent timer expires during sleep, the
device won't be woken. The timer will be handled next time the device
wakes for some other reason.
I think this is a potential risk to anonymity, because it will result in
externally visible behaviour, such as circuit teardowns, happening in
correlated bursts when the device wakes up. And those bursts can be
triggered by sending traffic to the device.
Tor expects timers to run at the scheduled time. That's why it panics
and tears everything down if the clock jumps by 100 seconds. Suppressing
that panic response seems like a bad idea. More generally, ignoring the
assumption behind the panic response seems like a bad idea.
What would be a better idea?
Briar holds a wake lock whenever Tor is connected to the network, but
that kills the battery, so we have to find another way.
If we could put Tor into some kind of "idle mode", where it would shut
down all circuit building and other timer-driven behaviour, then it
might be safe to let the device sleep until it was woken by incoming
traffic. We could ask the guard for keepalives, say once every five
minutes, to ensure that periodic tasks like fetching the consensus and
uploading HS descriptors would have a chance to run even if there was no
incoming traffic. But those tasks would still happen in bursts, so it
seems to me that there would still be a risk to anonymity.
We might be able to reduce the burstiness if Tor could tell the
controller the time of the next consensus fetch or descriptor upload,
and the controller could use an alarm to wake the device at that time,
regardless of network traffic. Doze mode adds some restrictions here -
whitelisted apps can set an alarm every nine minutes, which might be
enough. The alarm could also be used to check the time of the last
keepalive, to detect dead guard connections.
I think doing this right is going to require significant input from the
Tor devs, first of all to see what we can safely get away with in terms
of sleep, and then perhaps to implement an idle mode and supporting
controller commands if it looks like a good idea.Tor: unspecifiedNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/24211Update UserAgent string to 52!2017-12-13T19:25:07ZcypherpunksUpdate UserAgent string to 52!Component: ORFOX
From: FDRoid
I've upgraded my orfox and its UserAgent is still 38!
Some websites ask you to "upgrade your browser" because of this.
Please fix useragent string to rv:52.0 or something!!Component: ORFOX
From: FDRoid
I've upgraded my orfox and its UserAgent is still 38!
Some websites ask you to "upgrade your browser" because of this.
Please fix useragent string to rv:52.0 or something!!Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/24305Rebrand Orfox(TBB Android) with Firefox Klar2017-11-16T08:46:52ZcypherpunksRebrand Orfox(TBB Android) with Firefox Klar Many who-dont-know-Tor who-isnt-a-geek users on the internet blindly trust Chrome Android on their daily browsing.
Firefox Klar provide better privacy than Chrome. Unlike Firefox, it doesn't send telemetary(checkbox is off by default[1... Many who-dont-know-Tor who-isnt-a-geek users on the internet blindly trust Chrome Android on their daily browsing.
Firefox Klar provide better privacy than Chrome. Unlike Firefox, it doesn't send telemetary(checkbox is off by default[1]) and also doesn't download filter lists from the internet(included in APK).
Also, Firefox Klar is designed "incognito-by-default". User can clear the result/close the browser by just tap the menu.
We should rebrand Orfox with Klar codes to provide better UX to TBB users.
[1] So we should delete the telemetry code and hide the button.
Do not trust Firefox FOCUS. FOCUS send them by default and also send device info. Klar doesn't.
P.S. Component --- please add "Applications/Orfox".Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/24547[Orbot] Enhance build script2017-12-07T01:42:50ZIgor Oliveira[Orbot] Enhance build scriptCreate a build script to improve how newcomers compile the project.Create a build script to improve how newcomers compile the project.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/25257Orbot relay problem.2018-02-28T20:58:42ZTracOrbot relay problem.good afternoon
There is problem on newest version of orbot app. At the settings, relay port, i wrote 443 port. After I do it, The tor relay isn't start. I returnet previous port, and it goes normally. Please, solve this issue, because i ...good afternoon
There is problem on newest version of orbot app. At the settings, relay port, i wrote 443 port. After I do it, The tor relay isn't start. I returnet previous port, and it goes normally. Please, solve this issue, because i haven't opened port 9001 on my mobile data. I have opened port 443.
Thanks.
Translate on Polish.
Dzień dobry.
Mam problem z przekaźnikiem tora na telefonie z androidem w aplikacji orbot. Po zmianie portu w ustawieniach na 443 tor w ogóle się nie uruchamia. Cały czas widnieje napis: "Orbot is starting". Po przywróceniu domyślnego portu wszystko działa poprawnie. Proszę o rozwiązanie problemu, ponieważ na mobilnej sieci mam otwarty port 443 a częściej korzystam z mobilnego pakietu.
Dziękuję.
**Trac**:
**Username**: bogusNathan FreitasNathan Freitas