June 18 2020 GM

From TCU Wiki
Glitter Meetups

Community Updates

  • China is really a problem and Apple is collaborating with them to keep the market. There's an online event about that next June 22, Monday: https://wwdaacc20.com

Topic of Discussion: The Onion Browser

  • The topic of discussion for this Glitter Meetup is The Onion Browser, and we talk with Benjamin - @tla and Fabiola - @fabb (this is how you can find them on the IFF Mattermost).
  • The Onion Browser is an iOS browser that connects you to Tor. The new and improved version of the Onion Browser works very similar to any other browser and looks similar to, to make it easier for non-technical users to navigate the web anonymously. You can get it from the Apple store, it is a free and open source tool available in 30 languages.
  • The Tor network is a collection of servers run by volunteers, that allows users to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy.
  • Unfortunately, they can't become an official part of Tor, as Tor doesn't want to support iOS so long as there are certain security issues with that platform. They basically know who you are and what are your activities online, Tor is run by volunteers all over the world.
  • There are some limitations when talking about iOS apps: Apple requires all web browser apps to use the same core web rendering engine. Due to this limitation, the Onion Browser is unable to compile and include its own web engine, based on Firefox Gecko, as with Tor Browser for desktop and Android. Onion Browser actually bundles the Tor onion routing runtime with Apple's Safari browser engine (the only one allowed on iOS) and a nice UX.
  • When we talk about the benefits of using the Onion Browser instead of VPNs on our phones, we keep in mind that VPNs are usually private companies which have their own servers where they store all their user transactions. There's certain limitations on the iOS platform:
  1. Apple only allows the Safari rendering engine to be used. (aka. WebKit). The Onion Browser is also not allowed to compile our own version or anything, but use the system provided APIs for that. It seems like Apple does that to keep control of battery drain. Browsers can be real vampires, when it comes to that. Unfortunately, the shortcuts they took to create a rendering engine, which is friendly to the battery opens up some loopholes.
  2. The main loophole is that the video and audio are treated differently on the platform. It runs through a completely different software stack than the web rendering engine. Deep down to the network stack. That makes it impossible to grab that traffic and tunnel it through Tor instead of the main network connection.
  3. There's a new technology, which tries to remedy that, called "Network Extensions". That's a neat API for VPN type applications. A Network Extension is allowed to run in the background always and catches all network traffic. However, there's a very severe memory limit of 15 MByte. Until today the Onion Browser hasn’t been able to manage to keep Tor and some additional networking code to run inside this limit constantly.
  4. Another drawback comes into play then: Network Extensions fail open, so as soon as it gets stopped because of too much memory usage or because of an accidental crash, requests are sent over the normal network connection.
  • For Android there's the Orbot (another Guardian Project tool) option, which is Tor as a "VPN" service. So you can actually tunnel the whole device.
  • The main implications for the user is therefore: You are not as safe on iOS as on a desktop or Android platform when you browse via Tor. Still it's better to be as safe as possible than not having access to the Tor network at all. Or worse, yet, only having shady options.
  • Despite the limitations of iOS, The Onion Browser is trying to keep iOS users as protected as possible, considering these issues.

Resources and Links

Ways to help The Onion Browser