In association with heise online

15 September 2009, 15:25

Anonymous browsing on Android - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

University of Cambridge A group of developers at the Digital Technology Group (DTG), formerly the Laboratory for Communication Engineering (LCE), at the University of Cambridge have released two Android applications that allow users to browse the web anonymously using The Onion Router. The Onion Router, commonly referred to as Tor, is free software designed to provide internet anonymity to users while browsing online. It does this by bouncing the communications around a distributed network of relays run by volunteers from all around the world, preventing visited sites from learning a users physical location.

The software is the result of a DTG summer project and consists of two parts, TorProxy and Shadow. TorProxy is the Tor client that can be used by various Android applications to communicate with the Tor Network. As the included Android browser can't be configured to work directly with TorProxy, Shadow takes its place, allowing users to browse the Web anonymously from their mobile device. Shadow also lets users protect their browsing history by managing cookies sent to it from visited Websites.

More details about the software, including download and installation information, is available on the DTG TorProxy and Shadow web page. TorProxy and Shadow are released under version 2 of the GNU General Public License (GPLv2).

Update - Jacob Appelbaum of the Tor Project told The H's German associates at heise Security that he had doubts about the reliability of TorProxy and believes the programs are "not ready for prime time use". The Onion Coffee Project, which Appelbaum says is wrapped by TorProxy's code, was a research project and has not been maintained for some time. He believes that some significant errors of the Onion Coffee code have been inherited by TorProxy.

The issues are not trivial to fix, he says, as "writing a Tor client is quite an undertaking to do in a secure manner". Although the Android project was a "nice demo" it is also "a half baked Tor client", says Appelbaum, and as such it poses a serious threat to anonymity. According to the security expert, a more promising approach is a direct port of the C based Tor client.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit