mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-04-19 06:56:04 -04:00
update!: Move Orbot to Alternative Networks page (#2993)
Signed-off-by: Jonah Aragon <jonah@privacyguides.org> Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
redoomed1
Daniel Gray
parent
db8d212880
commit
1292b0be18
@ -34,6 +34,8 @@ The recommended way to access the Tor network is via the official Tor Browser, w
|
||||
|
||||
[Tor Browser Info :material-arrow-right-drop-circle:](tor.md){ .md-button .md-button--primary } [Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md){ .md-button }
|
||||
|
||||
You can access the Tor network using other tools; making this determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
|
||||
|
||||
<div class="admonition example" markdown>
|
||||
<p class="admonition-title">Try it out!</p>
|
||||
|
||||
@ -41,12 +43,50 @@ You can try connecting to *Privacy Guides* via Tor at [xoe4vn5uwdztif6goazfbmogh
|
||||
|
||||
</div>
|
||||
|
||||
#### Orbot
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Orbot** is a mobile application which routes traffic from any app on your device through the Tor network.
|
||||
|
||||
[:octicons-home-16: Homepage](https://orbot.app){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://orbot.app/faqs){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://orbot.app/donate){ .card-link title="Contribute" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1609461599)
|
||||
- [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases)
|
||||
- [:simple-fdroid: F-Droid](https://guardianproject.info/fdroid)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
We previously recommended enabling the *Isolate Destination Address* preference in Orbot settings. While this setting can theoretically improve privacy by enforcing the use of a different circuit for each IP address you connect to, it doesn't provide a practical advantage for most applications (especially web browsing), can come with a significant performance penalty, and increases the load on the Tor network. We no longer recommend adjusting this setting from its default value unless you know you need to.[^1]
|
||||
|
||||
=== "Android"
|
||||
|
||||
Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
|
||||
|
||||
Orbot is often outdated on Google Play and the Guardian Project's F-Droid repository, so consider downloading directly from the GitHub repository instead. All versions are signed using the same signature, so they should be compatible with each other.
|
||||
|
||||
=== "iOS"
|
||||
|
||||
On iOS, Orbot has some limitations that could potentially cause crashes or leaks: iOS does not have an effective OS-level feature to block connections without a VPN like Android does, and iOS has an artificial memory limit for network extensions that makes it challenging to run Tor in Orbot without crashes. Currently, it is always safer to use Tor on a desktop computer compared to a mobile device.
|
||||
|
||||
#### Snowflake
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
|
||||
|
||||
@ -109,4 +149,5 @@ Also, unlike Tor, every I2P node will relay traffic for other users by default,
|
||||
|
||||
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
|
||||
|
||||
[^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403) and [Whonix's Stream Isolation documentation](https://whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people.
|
||||
Tor is likely to be more resistant to censorship, due to their robust network of bridges and varying [pluggable transports](https://tb-manual.torproject.org/circumvention). On the other hand, I2P uses directory servers for the initial connection which are varying/untrusted and run by volunteers, compared to the hard-coded/trusted ones Tor uses which are likely easier to block.
|
||||
|
||||
@ -50,7 +50,7 @@ Ideally, when choosing a custom Android distribution, you should make sure that
|
||||
|
||||
[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition, meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the attack surface of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses.
|
||||
|
||||
Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking, we suggest encrypted [DNS](../dns.md) or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy enhancing services such as [Orbot](../tor.md#orbot) or a [real VPN provider](../vpn.md).
|
||||
Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (like AdAway) and firewalls which require root access persistently (like AFWall+) are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking, we suggest encrypted [DNS](../dns.md) or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy-enhancing services such as [Orbot](../alternative-networks.md#orbot) or a [real VPN provider](../vpn.md).
|
||||
|
||||
AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations.
|
||||
|
||||
|
||||
@ -187,4 +187,4 @@ It is important to note that Auditor can only effectively detect changes **after
|
||||
|
||||
No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
|
||||
|
||||
If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service.
|
||||
If your [threat model](basics/threat-modeling.md) requires hiding your IP address from the attestation service, you could consider using [Orbot](alternative-networks.md#orbot) or a [VPN](vpn.md).
|
||||
|
||||
@ -114,7 +114,6 @@ For more details about each project, why they were chosen, and additional tips o
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji loading=lazy } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
|
||||
- { .twemoji loading=lazy } [Onion Browser (Tor for iOS)](tor.md#onion-browser-ios)
|
||||
|
||||
</div>
|
||||
@ -720,9 +719,10 @@ These tools may provide utility for certain individuals. They provide functional
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji loading=lazy } { .twemoji loading=lazy } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
|
||||
- { .twemoji loading=lazy } [Tor](alternative-networks.md#tor)
|
||||
- { .twemoji loading=lazy }{ .twemoji loading=lazy } [Snowflake](alternative-networks.md#snowflake)
|
||||
- { .twemoji loading=lazy } { .twemoji loading=lazy } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
|
||||
- { .twemoji loading=lazy } [Tor](alternative-networks.md#tor)
|
||||
- { .twemoji loading=lazy } [Orbot (Mobile Tor Proxy)](alternative-networks.md#orbot)
|
||||
- { .twemoji loading=lazy }{ .twemoji loading=lazy } [Snowflake](alternative-networks.md#snowflake)
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
44
docs/tor.md
44
docs/tor.md
@ -42,7 +42,7 @@ Before connecting to Tor, please ensure you've read our [overview](advanced/tor-
|
||||
|
||||
There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for [:material-incognito: anonymous](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } browsing for desktop computers and Android.
|
||||
|
||||
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
|
||||
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using mobile browser apps like [Onion Browser](#onion-browser-ios) to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
|
||||
|
||||
If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
|
||||
|
||||
@ -84,46 +84,6 @@ The Tor Browser is designed to prevent fingerprinting, or identifying you based
|
||||
|
||||
In addition to installing Tor Browser on your computer directly, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser alone.
|
||||
|
||||
## Orbot
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Orbot** is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network.
|
||||
|
||||
[:octicons-home-16: Homepage](https://orbot.app){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1609461599)
|
||||
- [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
We previously recommended enabling the *Isolate Destination Address* preference in Orbot settings. While this setting can theoretically improve privacy by enforcing the use of a different circuit for each IP address you connect to, it doesn't provide a practical advantage for most applications (especially web browsing), can come with a significant performance penalty, and increases the load on the Tor network. We no longer recommend adjusting this setting from its default value unless you know you need to.[^1]
|
||||
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tips for Android</p>
|
||||
|
||||
Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
|
||||
|
||||
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
|
||||
|
||||
All versions are signed using the same signature, so they should be compatible with each other.
|
||||
|
||||
</div>
|
||||
|
||||
On iOS, Orbot has some limitations that could potentially cause crashes or leaks: iOS does not have an effective OS-level feature to block connections without a VPN like Android does, and iOS has an artificial memory limit for network extensions that makes it challenging to run Tor in Orbot without crashes. Currently, it is always safer to use Tor on a desktop computer compared to a mobile device.
|
||||
|
||||
## Onion Browser (iOS)
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
@ -149,6 +109,6 @@ On iOS, Orbot has some limitations that could potentially cause crashes or leaks
|
||||
|
||||
Onion Browser does not provide the same levels of privacy protections as Tor Browser does on desktop platforms. For casual use it is a perfectly fine way to access hidden services, but if you're concerned about being traced or monitored by advanced adversaries you should not rely on this as an anonymity tool.
|
||||
|
||||
[Notably](https://github.com/privacyguides/privacyguides.org/issues/2929), Onion Browser does not *guarantee* all requests go through Tor. When using the built-in version of Tor, [your real IP **will** be leaked via WebRTC and audio/video streams](https://onionbrowser.com/faqs) due to limitations of WebKit. It is *safer* to use Onion Browser alongside Orbot, but this still comes with some limitations on iOS (noted in the Orbot section above).
|
||||
[Notably](https://github.com/privacyguides/privacyguides.org/issues/2929), Onion Browser does not *guarantee* all requests go through Tor. When using the built-in version of Tor, [your real IP **will** be leaked via WebRTC and audio/video streams](https://onionbrowser.com/faqs) due to limitations of WebKit. It is *safer* to use Onion Browser alongside [Orbot](alternative-networks.md#orbot), but this still comes with some limitations on iOS.
|
||||
|
||||
[^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403.html) and [Whonix's Stream Isolation documentation](https://whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people.
|
||||
|
||||
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 7.7 KiB After Width: | Height: | Size: 7.7 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 7.7 KiB After Width: | Height: | Size: 7.7 KiB |
Loading…
x
Reference in New Issue
Block a user