Re: [tor-dev] New Orbot, tor-android and AndroidPluggableTransport updates

2019-09-17 Thread Nathan Freitas 

On 9/13/19 6:25 AM, Georg Koppen wrote:
> Nathan Freitas:
>> A new Orbot is out, with a bug fix related to obfs4proxy installation,
>> and a new tor!
> Good stuff! Is it intended that I only see an x86_64, x86, and arm64-v8a
> version but no armv7 one available? It seems suddenly Orbot is not
> compatible anymore with my device (and I suspect a bunch of other users
> have a similar problem)

That was not intended, and not sure where you mean exactly.

Anyhow, we are definitely releasing armv7 (aka "armeabi-v7a") binaries
still, both for Orbot and the underlying tor-android-binary releases.

Release here:
https://github.com/guardianproject/orbot/releases/tag/16.1.2-RC-2-tor-0.4.1.5-rc

with this APK:
https://github.com/guardianproject/orbot/releases/download/16.1.2-RC-2-tor-0.4.1.5-rc/Orbot-16.1.2-RC-2-tor-0.4.1.5-rc-fullperm-armeabi-v7a-release.apk

+n
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] reproducible builds for Android tor daemon

2019-09-17 Thread Nathan Freitas 

On 9/13/19 3:51 AM, Hans-Christoph Steiner wrote:
>
> teor:
>>
>> It's not always safe to have apps share Tor: a malicious website in one app
>> can use various caches to discover activity in other apps. And there may
>> be similar data leaks in other shared data structures or network
>> connections.
>>
>> How do these data leaks affect your use cases?
> With Orbot, all apps are already sharing one tor daemon, so this isn't a
> new development.
>
> .hc
>
Most the use cases for Tor outside of Tor Browser and Briar tend to be
related to anti-censorship, reduction of passive surveillance, and
opportunistic access to onions (nytimes, DDG, facebook, etc).

Also has hc said, we are talking about non-browser type applications.

Since these are also applications you already have installed on your
phone, they already can know a heckuva a lot about you and your device.
Thus, with the threat model scope for this work, the app itself is not
our adversary, just the network.

+n






signature.asc
Description: OpenPGP digital signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev