Delivery-Date: Sun, 27 Jul 2014 20:27:13 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id EF0431E02C2
	for <archiver@seul.org>; Sun, 27 Jul 2014 20:27:11 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1C745301CB;
	Mon, 28 Jul 2014 00:27:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9B7102E6A4
 for <tor-talk@lists.torproject.org>; Mon, 28 Jul 2014 00:14:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id XuADtZqZ3qpc for <tor-talk@lists.torproject.org>;
 Mon, 28 Jul 2014 00:14:06 +0000 (UTC)
Received: from patternsinthevoid.net (greyarea.patternsinthevoid.net
 [106.187.37.158])
 by eugeni.torproject.org (Postfix) with ESMTP id 208382FCAB
 for <tor-talk@lists.torproject.org>; Mon, 28 Jul 2014 00:14:06 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by patternsinthevoid.net (Postfix) with ESMTP id 774913A1414
 for <tor-talk@lists.torproject.org>; Mon, 28 Jul 2014 00:14:02 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at patternsinthevoid.net
Received: from patternsinthevoid.net ([127.0.0.1])
 by localhost (greyarea.patternsinthevoid.net [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id PexAJhPrckm0 for <tor-talk@lists.torproject.org>;
 Mon, 28 Jul 2014 00:13:57 +0000 (UTC)
Date: Mon, 28 Jul 2014 00:13:37 +0000
From: isis <isis@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140728001337.GF6056@patternsinthevoid.net>
References: <53D0A151.6030801@tengu.ch> <20140724093138.GC5476@loar>
 <53D0ECB9.7040205@451f.org> <53D0F5C9.6090509@tengu.ch>
 <53D1102B.4060806@451f.org> <53D12334.4080702@tengu.ch>
 <20140725072410.GM7899@patternsinthevoid.net>
MIME-Version: 1.0
In-Reply-To: <20140725072410.GM7899@patternsinthevoid.net>
X-GPG-Public-Key-URL: https://blog.patternsinthevoid.net/isis.txt
X-Louis-Lingg: In this hope do I say to you I despise you. I despise your
 order, your laws, your force-propped authority. Hang me for it!
Subject: Re: [tor-talk] Android app: Torrific
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0260406139127178674=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============0260406139127178674==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="/Zw+/jwnNHcBRYYu"
Content-Disposition: inline


--/Zw+/jwnNHcBRYYu
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

isis transcribed 4.9K bytes:
> CJ transcribed 2.5K bytes:
> >=20
> > On 07/24/2014 03:54 PM, u wrote:
> > > CJ:
> > >> On 07/24/2014 01:23 PM, u wrote:
> > >>> Lunar:
> > >>>> CJ:
> > >>>>> Just a small announce (not sure if this is the right ML, sorry).
> > >>>>> I'm developing an Android app allowing to block all IP traffic, a=
nd
> > >>>>> force only selected app through Orbot.
> > >>>>> This is done because neither Orbot nor AFWall (or other free, ope=
nsource
> > >>>>> Android iptables managment interface) seem to be able to do that=
=E2=80=A6
> > >>>> Orbot is free software. Isn't there a way to add the needed featur=
es
> > >>>> directly to it?
> > >>>>
> > >>>> Sorry if it's a naive question, I'm not very knowledgable regarding
> > >>>> Android. But I know that asking our users to install 3 different a=
pps or
> > >>>> even more is not friendly.
> > >>> AFAIK this works in Orbot if you have a rooted Android device.
> > >> Not the "block all other output" part in fact :)
> > > That said, I am also interested in your answer to Lunar's question :)
> > > Why not contribute to Orbot instead?
> > >
> > > Cheers!
> > It's possible I push some pull-request later, yes.
> > But, as said in some previous email, I'm not really sure it's Orbot job
> > to set up firewall=E2=80=A6 I rather prefer dedicated app for dedicated=
 task =E2=80=94
> > Orbot main task is, for me, connecting to Tor network=E2=80=A6 Basicall=
y, this
> > just doesn't involve the firewall at all.
> >=20
> > But yeah, I know, users like "all-in-one apps" =E2=80=94 who knows, once
> > torrific is ready (i.e. no more broken rules, no more bugs like "craps,
> > network's broken")=E2=80=A6 the devs may get some PR ;).
> > Torrific is also, for me, a way to play with android without annoying
> > other applications.
> >=20
> > To be honest, I'd rather contribute this function in AFWall than Orbot,
> > as it already is a firewall manager (and not a bad one).
> >=20
> > Cheers,
> >=20
> > C.
>=20
> I agree that this should be done outside Orbot, for several reasons that =
I'm
> not going to get dragged into again.

The simplest, least-"ragetastic" [0] reason for these functionalities to be
separated into different apps is the security concern of privilege separati=
on:
that the modifying a firewall requires root access, and as Orbot handles
controlling the underlying tor process and interacting with other apps such=
 as
the browser, the QRcode scanner, etc. the attack surface is greatly increas=
ed
by giving root to Orbot when (to my knowledge) it's only needed to control =
the
firewall. The app which handles all those other actions doesn't need root, =
and
therefore shouldn't have it.

[0]: https://trac.torproject.org/projects/tor/ticket/12411#comment:2

--=20
 =E2=99=A5=E2=92=B6 isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt

--/Zw+/jwnNHcBRYYu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQMhBAEBCgELBQJT1ZWxBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXRGQzYzQUE1Q0QxOTM4NjlDMzIzNzE0NUE1QzE3
Nzc2RTI3RjdFODRESxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
MEE2QTU4QTE0QjU5NDZBQkRFMThFMjA3QTNBREI2N0EyQ0RCOEIzNS4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJEFwXd24n9+hN
aR8P/jriA0h4tZ27I+4NRGWXt8HdKaK5npd8tB59ED1OT6KL9UY5pMJL0Dls7x46
I9XkqbX3b9zr84aEJaP9ZBgxpH7ea5OEIaHfcnDXJ4CTXuTzWVGi7YAd1FpjCTjS
beNvhzuFEf81PaKlI1mVad2JWRaLPQhRFs4ICSDBfKzHXqdlmcH/4kiCKw27eYh/
n6aRJNa+OZSUTuWOysbVG0Mmi7YY1OYILIRyY397Id0KnfvAGruoAdjPRxucLgy5
0+6jCJU+szFiYaldKeW4/hklv+kl2R/C5g3dwhH7/Knd8TKEMryqq+MaSrNosZay
EApe4tm4mRsm47+eePCvOKggJINSy10Q1701JTC6mWXCfuWvLxcsNxO2xJCqH/Vt
a0kzRseTc8fHv74UMwAW9PgFpeR5GBe3qyHGiKQwed/y0ramh58IXMlR6oIBDoFO
7k09gcKHQnktymFX/khiHAUuMZrIx7CrgJVpGHl86ChYdLOWbJByboaVrfhqlb8Z
bg4iSDGjGOmX9pG9AiDeOUJocAK9Ws7rMDQBPb2CwqH/MVmevLTUuOb2wOKbI+ia
ocI6az/B9xaec5/Ap1BLuiIhnqIdCKdO6EBCCPUs4B2yn9HGCu9fm5CicxLucC9Q
/IIEHk8679VjmlFy1W9O34qMP9fk1FYyWMK0KyY4VDEhCVrC
=94rN
-----END PGP SIGNATURE-----

--/Zw+/jwnNHcBRYYu--

--===============0260406139127178674==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0260406139127178674==--

