[Noisebridge-discuss] Develop for Privacy Challenge

Jacob Appelbaum jacob at appelbaum.net
Tue Feb 8 20:51:47 UTC 2011


On 02/08/2011 11:51 AM, Micah Lee wrote:
> On 02/07/2011 08:11 PM, Moxie Marlinspike wrote:
>> Right now there's no way to use it in the mobile environment (it's a
>> firefox addon), but it'd be sweet if someone had the time to drop the
>> Android webkit component into an Activity that did the GoogleSharing
>> magic as well.  Bundle that up with https-upgrade logic (just a bunch of
>> regexps), a socks proxy interface for Tor, and the torbutton logic, and
>> you've got a nice little privacy-enhancing browser.
> 
> It seems like writing a custom mobile browser that has HTTPS Everywhere,
> GoogleSharing, TorButton, and AdBlock would be pretty amazing, but would
> also be really hard to do well in our spare time in a couple months.

You could easily take Fennec and merge in the latest Torbutton alpha -
we did some basic tests and found that the hardest issue was that the UI
was mostly gone. However, if the entire thing was configured in the
"safe" way for Android, a lot of that wouldn't matter. If you did a
custom build of that - it would be pretty great - it would also be a
good start for adding in other stuff like HTTPS Everywhere.

That's a project that the Tor Project would really like to see get off
the ground but it's item ten thousand or so on our TODO list.

> 
>>>> I also like the idea of gathering as much info that systems give us
>>>> (like the phone OS, or the facebook API if you're logged in, etc) and
>>>> displaying it to the user so they know how much info they're leaking.
>>>
>>> I really love this idea, because it's scary to see the amount of data
>>> you really put out there.  It could shock a lot of people, in a good
>>> way, and lead them to be more mindful.  The question there is how to
>>> pull it off...
>>
>> The problem you're going to run into is that it's not really possible to
>> get in the middle of any of this communication on non-rooted devices.
> 
> If we write a web browser we've already MITM'd them, but I'm not sure
> how realistic that is.
> 

If you ship an entire browser, you can easily use a proxy like Tor that
ships in Orbot. You control the entire stack and that's a hell of an
awesome application.

All the best,
Jake



More information about the Noisebridge-discuss mailing list