Good news on the Orbot front

Jun 5, 2014 at 1:40 AM

So this is one of those good news/bad news situations.


The bad news is that I suck. :( Even though I've spent months writing Android code the majority of that time has been writing back end service code and dealing with AARs. I haven't done much of anything on the front end so I have very little experience with intents. Therefore when I read the Orbot code I read it WRONG.


The good news is that because I read the code wrong our situation with Orbot is much better than I thought. It turns out first of all that when you ask to open a hidden service port it will return the address of the port in a response intent. So yeah! It also turns out that Orbot does support hosting multiple different hidden services but on separate ports. That still creates a situation where potentially a badly behaved service could snatch our port but that is a DOS attack and won't divulge much data since we still run SSL on top using a separate key. So it's o.k. for now.


The Orbot folks themselves said that other efforts like Briar (https://briarproject.org/) actually just embed the Tor bits that Orbot prepares right in their app. That is what we will certainly want to do eventually. But I think we can survive our demos just using Orbot as is. The Orbot folks also said they are thinking hard about wrapping up the Tor bits in Orbot in a stand alone project to make it easier for folks like Briar and us to take them directly.


So things look much better than they did before on the Android Tor front!


Thanks,


Yaron