Add Orbot Support

[cm157]

I am not familiar with Github and how it works forgive me if this is out of place.

I would like to make humble request that if possible the developers consider adding support for Orbot (proxy-support) or direct Tor integration into the app.

This would be advantageous for a range of reasons including allowing IP separation for Molly traffic without forcing users to push all traffic over Tor (Orbot VPN mode).

It would limit voice call functionality but that may be acceptable to many people who use Signal primarily for its messaging functions.

Again, thank you for this app.

[cm157]

FYI: Signal now supports TCP only networks for calls. I have tested successfully receiving and making calls to signal users behind Orbot.

I have not tested this for case when both users are behind Tor. Only when one is.

[valldrac]

Thanks. I didn't know that. This will be the next feature to work on.

How do you think it should be the integration? Manual proxy configuration, Orbot auto-detection, or embedded Tor client?

Do you know any open-source app that already has this kind of integration?

[cm157]

Thanks. I didn't know that. This will be the next feature to work on.

How do you think it should be the integration? Manual proxy configuration, Orbot auto-detection, or embedded Tor client?

Do you know any open-source app that already has this kind of integration?

In my opinion manual proxy configuration with socks5 support is the most versatile and simplest option. Many open source apps have proxy support built in - Fdroid App, Telegram, Conversations, Auora Store, Privacy Browser, etc. those are just what I can recall off the top of my head I can search and compile a more thorough list if you need?

[valldrac]

Thanks for you comment. The manual configuration seems to be the best option for me too. I was just asking for reference implementations in case of the other two options, so don't worry.

[valldrac]

@cm157 I see that Orbot has a VPN mode where individual apps can be selected for tunneling. It's not a real VPN, but a way to route any app through Tor with help of the Android VPN interface.

What is the difference between this mode and manual proxy configuration? The documentation says that it only enables Tor for selected applications, and not for all of them.

[kalekad]

Hello. First of all, thank you for your work.

Manual proxy configuration can also be used by a VPN provider with proxy support. A well-implemented proxy in the application is the best universal solution for censorship circumvention and can also serve to ensure anonymity. The local VPN in Orbot is used for censorship circumvention and unfortunately Android without ROOT does not allow the use of multiple VPN applications (non-root firewall).

I have been using Orbot for several years and I must say that the VPN mode in Orbot is not reliable for everyday use.

I have also been using Briar messenger for several years, it is P2P, open-source and has an integrated Tor.

[cm157]

@cm157 I see that Orbot has a VPN mode where individual apps can be selected for tunneling. It's not a real VPN, but a way to route any app through Tor with help of the Android VPN interface.

What is the difference between this mode and manual proxy configuration? The documentation says that it only enables Tor for selected applications, and not for all of them.

Huge difference. VPN mode means you must accept all app traffic to go over Tor (tick) or be blocked (no tick). So you can't just isolate Molly/Signal. Check your PayPal? Maybe you want to do some online shopping? Have a google account? You either a) accept limitation you can't use these services b) take risk of being blocked or your account locked or c) enable/disable Tor as needed and risk potential leak of real IP if you say accidentally activate Molly and neglect to enable Tor. Second, VPN mode does not enforce proper circuit isolation. Some rudimentary workaround it can isolate based on destination but this has risks. When you use Tor, you don't want to share circuits between different contextual purposes. If I am using Molly and Telegram and they are separate like Molly is "work" circle and Telegram is "family" the way Tor works best is that they use different circuits. This requires using socks port. The VPN does not handle circuit isolation well it's not ideal for other reasons I mentioned it's really not even practical from security or privacy POV unless you accept Tor for all your traffic.

I hope I explained that well.

[n8fr8]

Orbot can let you choose which apps go over the VPN, so the issue with Paypal, shopping, etc going over Tor is not a problem. However, having to remember to enable the VPN, and potentially forgetting is the greater concern, as well as not being able to have your own "isolated" tor circuit.

The easiest way to integrate support using our small NetCipher library... this will help 1) detect if Orbot is installed 2) request to start and 3) find out what SOCKS/HTTP port the proxy is available at. https://github.com/guardianproject/netcipher

The OrbotHelper class in particular makes this easy: https://github.com/guardianproject/NetCipher/blob/master/libnetcipher/src/info/guardianproject/netcipher/proxy/OrbotHelper.java

Otherwise, there are options for directly integrated Tor into your app/APK, that can be discussed, but will increase the size of your app 3-5MB.

[05nelsonm]

This is exactly why I built TorOnionProxyLibrary-Android

[cm157]

This is exactly why I built TorOnionProxyLibrary-Android

This is great. I do think though the simple proxy:port support for integration with Orbot provides best option here. I say that because might be users who are running different apps like Telegram, Keybase, Conversations ... with Orbot it's better to integrate than have multiple Tor instances running. Also, proxy:port provides support for people who simply want to bypass censorship or use other services for IP separation like perhaps i2p, JohnDo, and many other proxy services. Perhaps in future a Chinese user wants to add shadow socks support etc to circumvent gfw it's better option. Also, for people who already run Orbot in a always on vpn mode and simply want to benefit from proper IP separation this provides that option otherwise user is forced into a Tor over Tor situation.

[valldrac]

Seems I have to fork ringrtc to configure the proxy in WebRTC. And then add the proper CI workflow to build and publish the package. Not a easy task all together.

I am unsure to add support for HTTP proxy, SOCKS proxy, or both. The app uses OkHttp3 client exclusively, but apparently OkHttp3 does not support SOCKS. I opened an issue about this in the NetCipher project (@n8fr8).

[cm157]

Is anything I can do to help?

Is it possible to completely disable all calling features and just offer the option using Molly as messages only? In that scenario would it be easier to integrate support for protocol like Tor?

[valldrac]

Just merged the Tor and proxy support into master. I added some comments about the implementation in the linked commit. I would really appreciate your feedback.

This new feature will be available in the next stable release. There is also a release candidate APK ready for testing, downloadable from GitHub Releases.

[n8fr8]

Great work!

[cm157]

Amazing!

I am testing now. When I select Orbot option I get error message saying Orbot is not installed. I will test just manually setting socks5

[valldrac]

I am testing now. When I select Orbot option I get error message saying Orbot is not installed.

@cm157 Are you running a custom build of Orbot? The app gets the fingerprint of the Orbot package and verifies if it matches one of the following:

// Tor Project signing key
hashes.add("A4:54:B8:7A:18:47:A8:9E:D7:F5:E7:0F:BA:6B:BA:96:F3:EF:29:C2:6E:09:81:20:4F:E3:47:BF:23:1D:FD:5B");
// f-droid.org signing key
hashes.add("A7:02:07:92:4F:61:FF:09:37:1D:54:84:14:5C:4B:EE:77:2C:55:C1:9E:EE:23:2F:57:70:E1:82:71:F7:CB:AE");

It could be the fingerprints are outdated. If you want to tell me where you downloaded Orbot from, I will check it out.

[valldrac]

I'm sorry, but I had to remove the Orbot integration in the final version. I only released the SOCKS5 proxy option. The removed code is in an experimental branch for now.

Basically there were stability issues with Orbot, and the netcipher project doesn't seem very active.

Also, I would like to provide some kind of advice to the user about the risks of using the Tor network. For example, with a section in the (not yet available) Molly's user manual. I don't feel comfortable with any Tor integration that can lead unaware users to connect to the network without assessing the risks.

I feel it is just a matter of time before Orbot becomes more stable. I already fixed some netcipher issues, and I plan to release a user manual anytime soon. So I will consider bringing it back in future releases.

[cm157]

I don't see the distinction between providing Orbot support and socks5 proxy. They both achieve the same thing?

[valldrac]

I don't see the distinction between providing Orbot support and socks5 proxy. They both achieve the same thing?

Yes, but with Orbot support the Tor network connection can be auto started on-demand.

[n8fr8]

Hmm, sorry to hear that @valldrac - have you reported the stability issues on the Orbot project? We do have a new release in beta with the latest tor core improvements and many other fixes.

NetCipher is active as it needs to be - nothing has changed really, and it does what it is supposed to do. Again, please point to specific issues if there is something we can work on.

[n8fr8]

(by the way, I've been promoting and sharing Molly's Orbot support, so it would be great to get back in)

[n8fr8]

Latest RC here and in beta on Google Play: https://github.com/guardianproject/orbot/releases/tag/16.4.0-RC-1-tor-0.4.4.6

[cm157]

I don't see the distinction between providing Orbot support and socks5 proxy. They both achieve the same thing?

Yes, but with Orbot support the Tor network connection can be auto started on-demand.

I must also admit I am somewhat perplexed by the rationale for dropping Orbot support. In particular the idea we should be concerned that users may inadvertently connect to the Tor network without understanding what the implications might be. I don't think we have suggested or you have carried out any effort to integrate Tor in Molly as a stand alone product. We have merely suggested (and for very good reason) the value some users may gain in being able to support integration between Orbot and Molly. Anyone who installs Orbot obviously accepts the implications of Tor connectivity. It is out of scope for Molly to be concerned with that users preferences. Also, Orbot is highly configurable and if that user wished auto started background connections can be initiated.

A very strong use case exists for providing users with Tor support and the benefit of IP separation for Molly related network activity. One may be a soft form of compartmentalization of social graph and activity. If I am attending a protest and join a coordinating group chat for very good reason I may want to compartmentalize my normal life social graph and PII. In many circumstances physical may not be the best for some threat models.

The other metadata protection. An adversary may leverage the correlation of IP network activity that a targets real identity is known to be connected to and use that information to connect the real life identity of a person to the compartmentalized identity they maintain within Molly.

This is just an example threat. We all remember many years ago when Moxie proudly published the response from DOJ subpoena for metadata. That example which was very well publicized as proof of how much little metadata Signal collects (and ignoring the obvious fact that when it comes to the issue of metadata what is transmitted is equally important as to what is recorded).

Ask a VPN provider or the provider of a "no log" privacy email service why circa 2012 the number of subpoenas issued dropped to almost nill. They serve the host provider not the service itself. Signal may not collect metadata, but you can be assured Amazon does. It's the same reason why your fancy VPN provider "no-logs" policy is irrelevant.

I can think of a lot of very good reasons why a user of Molly requires both the benefit and protection of application level encryption and the privacy protection and IP separation the Tor network can provide the value integrating this support will provide to a large number of Molly users.

[valldrac]

Hi @n8fr8, thanks for your comments.

please point to specific issues if there is something we can work on.

I opened one issue and commented another issue in GitLab, but got no reply yet. I already closed other issue I created months ago.

Maybe I reported them in the wrong place. I don't know. GitHub seems to be the home for Orbot, but issues cannot be created in GitHub for NetCipher, so I went to GitLab instead.

Let me add also that in https://guardianproject.info/apps/org.torproject.android/ and https://www.torproject.org/docs/android.html the links to fdroid are broken. They are the 2nd and 3rd results in Google for "orbot".

I guess it is because Orbot is not built by the fdroid team anymore, but distributed in a custom repo. Then the documentation is outdated, and the links embedded in NetCipher should be changed accordingly. Otherwise, it's quite confusing for the user that tries to get the app, specially for devices without Google Play.

This commit could be interesting too.

Latest RC here and in beta on Google Play: https://github.com/guardianproject/orbot/releases/tag/16.4.0-RC-1-tor-0.4.4.6

I did my tests with 16.3.3-RC-1-tor-0.4.3.6. Basically, the problem was that Orbot stop responding to status broadcasts, and the only way to recover was to force kill it. I also received similar reports from 2 users in IRC.

I was in a rush to release Molly so didn't have time to troubleshoot the issue. I cannot give more details about it. Next time I will try to dig into it :+1:

(by the way, I've been promoting and sharing Molly's Orbot support, so it would be great to get back in)

I really appreciate that :heart: I hope we can work this out.

[valldrac]

Just released Molly v5.3.12-1 and re-enabled the Orbot support.

I have imported the NetCipher library as a source dependency and fixed the issues. This is a temporary workaround while the upstream project get fixed.