Open cketti opened 8 years ago
Add option to configure SOCKS proxy before setting up the first account
One approach to this would be similar to the twitter app, which has an overflow menu on the account creation screen to that links to proxy settings.
In proxy settings it'd be nice to have 2 sliders: Enable Tor and Enable proxy like OpenKeychain has. Orbots library allows other apps to start orbot aswell.
(It's also probably a better Idea to route all traffic through the proxy/tor, This way you can deny internet access to k9mail in your firewall app which prevents exploits from leaking your real ip)
When #1181 and #1182 get merged it will mean that WebDAV should support using a proxy for a secure connection.
I would like to propose that the proxy can be set on a per server basis. Let's say we keep the global preference as it is and in each "Incoming server" and "Outgoing server" preferences we add a checkbox: "Use global proxy settings" that is checked by default. If the checkbox is unchecked a user can enter the hostname and port for that specific incoming or outgoing server.
Use proxy when downloading remote content displayed in WebView
Use proxy when downloading remote images (long-press in WebView)
According to various questions on Stack Overflow (such as this), WebView does not support setting a proxy. Maybe it'd be better to switch to GeckoView which does? It may say not suitable for production use, but it should be fine for email content.
I think we'd be better off using https://guardianproject.info/code/netcipher/ with the added bonus that the library will play well with Orbot. It includes a WebViewProxy, OrbotHelper etc.
That'd definitely be a much better choice since most would probably be using it with Orbot rather than another proxy.
What are the current roadblocks stopping adoption/development?
There's been multiple implementation of this - the latest being #2571
It needs rebasing, again ( :/ ) and then merging.
There's no roadblock. It mainly needs someone to implement the functionality mentioned in the first post. But it's a lot of work and needs to be done carefully because of the privacy implications when people start using the feature with Orbot.
But it's not a very important feature to many people and hence not a priority.
If someone wants to work on this feature please make sure to read this comment first: https://github.com/k9mail/k-9/pull/2571#issuecomment-336675308
On the contrary @cketti , this is a VERY important privacy feature. But there is another easier way that this could work, without implementing network proxies inside k9mail.
Firstly, to use k9-mail through orbot you need to use AFwall. Its a must. why? because you can force all connections to go through VPN tap adaptor in AFWall settings.
Then you have to configure orbot to be used as a VPN -> switch to VPN-Mode. Then you need to allow the apps you want to pass through orbot, in this case k9-mail. Once you connect orbot to the network, AFwall forces all connections through to orbot VPN.
Now the only thing that SHOULD be implemented in k9-mail, is account-related VPN toggle switches. Which means that, say for example you have set up an email account. You want to long press the account and see a setting called Switch VPN adapter. Choose from which VPN this account will pass through permanently so that there are never any leaks (even though AFWall protects against leaks anyway). This switch would have 3 options. Choose Orbot VPN, Choose OpenVPN Connect and OFF(to use normal traffic)
Basically this switch would read from the same options thats inside the android settings > VPN (under lineageOS atleast) thats where it shows Orbot VPN & OpenVPN Connect(if you have it).
I think account-separated VPN toggle switch would insure that your email account passes through the correct tap adapter.
Can anyone concur?
One more usecase : gmail usually blocks access for me when retrieving mail from new country - this is quite annoying when travelling. I solve this on desktop by proxying through my server and it would be awesome to have same soluiton on android. So for this usecase only support for POP/IMAP/SMTP connections is required. Maybe this is easier milestone to reach.
Check my commit.
SOCKS proxy support added
The pull request was rejected, so now what?
Is there still a plan to implement proxy support in K-9 Mail, or should this issue be closed?
@JJohnGreenSr that PR has the major issue of not using the proxy for loading HTML content in messages. If you're using Orbot, you can enable VPN mode for K9.
However, there's now an official way for an app to override the proxy used by WebView: https://developer.android.com/reference/androidx/webkit/ProxyController That should work on API >= 14 (Android 4.0.1). I'm no longer using K9, but I'll try to take a look at that sometime in the next few weeks.
google servers will detect unusual activity on your account, because dozens of Gmail accounts are accessed on the same IP, it's useless using Orbot, it's better to insert the proxy code in k9 so that it can be set for each account, proxy settings will be automatically retrieved from the parser txt proxy list, 1st line for 1st account, 2nd line for 2nd account etc. and there is a proxy checking feature is active or not. as I found on this nekoX.
google servers will detect unusual activity on your account, because dozens of Gmail accounts are accessed on the same IP, it's useless using Orbot, it's better to insert the proxy code in k9 so that it can be set for each account
Not everyone uses Google as they're provider. Many other email servers are tor friendly, some even offer .onion support.
It would be great to have this feature for interoperability with new TorServices app and allow saving VPN slot for other needs
Any progress on this one?
I always route all my email clients to Tor (localhost:portnumber), tried to do the same on the phone with K-9 and didn't find custom proxy setting. :-/
See this issue is very old, from 2015, and is still pending progress Is there any hope to see it in K-9 in the near future?
I don't know why the torproject hasn't designed it. The time I spent to finally reach this road was educational and informative. It wasn't a waste of time. Scientists figured out that firing one amount of U-235 at another vaporizes everything 36 miles in all directions and haven't figured out this android problem. "Hope dies in the hands of believers who seek truth in the liars eyes" RIP HOPE: THE BIG BANG - 1 of May 1776
I promise a reward of ₿.015 to those who implement it and pass PR, finally...
See also https://code.google.com/p/k9mail/issues/detail?id=2834