Update - Please read my followup post for some additional information and updated steps on building and installing
tor on Firefox OS.
Please read the disclaimer at the end of this article. This is a proof of concept. It’s a manual process and you shouldn’t depend on it. Make sure you understand what you are doing.
I’m a fan of Tor. The Tor site explains what it does:
Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
I make my personal website available as a Tor hidden service accessible from mh7mkfvezts5j6yu.onion. I try to make other sites I’m involved with also have a presence over Tor. I do a fair amount of my browsing over the Tor network for no reason other than I can and it limits the opportunity for people snooping on my data.
I want to be able to use Tor from Firefox OS. In particular I want it embedded as low level as possible so I have the option of all traffic going over Tor. I don’t want to have to configure socks proxies.
Firefox OS doesn’t allow native applications. The low level underlying system however is based on Linux and Android and can run native binaries. Starting with a rooted Firefox OS install I built Tor and used
iptables to reroute all network traffic to work over it. This is a first step and is what this article demonstrates how to get going so power users can try it out. My next step would be to investigate integrating it into the build system of Firefox OS and providing ways to start/stop it from the OS interface.
The first stage of building is to have an Android standalone toolchain installed. I describe how to do this in my Wasp Lisp on Android post or you can use a Nix package I created for use with the Nix package manager.
Tor requires libevent to build. I’m using static libraries to make creating a standalone
tor binary easier. The following will build
libevent given the standalone toolchain on your path:
$ cd $HOME $ mkdir build $ cd build $ wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz $ tar xvf libevent-2.0.21-stable.tar.gz $ cd libevent-2.0.21-stable $ ./configure --host=arm-linux-androideabi \ --prefix=$HOME/build/install \ --enable-static --disable-shared $ make $ make install
$ cd $HOME/build $ wget http://zlib.net/zlib-1.2.8.tar.gz $ tar xvf zlib-1.2.8.tar.gz $ cd zlib-1.2.8 $ CC=arm-linux-androideabi-gcc ./configure --prefix=$HOME/build/install --static $ make $ make install
$ cd $HOME/build $ wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz $ tar xvf openssl-1.0.1h.tar.gz $ cd openssl-1.0.1h $ CC=arm-linux-androideabi-gcc ./Configure android no-shared --prefix=$HOME/build/install $ make $ make install
$ cd $HOME/build $ wget https://www.torproject.org/dist/tor-0.2.4.22.tar.gz $ cd tor-0.2.4.22 $ ./configure --host=arm-linux-androideabi \ --prefix=$HOME/build/install \ --enable-static-libevent $ make $ make install
Packaging Tor for the device
To run on the Firefox OS device I just installed the
tor binary and a configuration file that enables transaparent proxing as per the Tor documentation on the subject. I put these in a directory that I push to an easily accessible place on the device:
$ mkdir $HOME/build/device $ cd $HOME/build/device $ cp $HOME/build/install/bin/tor . $ cat >torrc ...contents of configuration file... $ adb push $HOME/build/device /data/local/tor
The configuration file is:
DataDirectory /data/local/tor Log notice file /data/local/tor/tor.log RunAsDaemon 1 SOCKSPort 127.0.0.1:9050 IsolateDestAddr SOCKSPort 127.0.0.1:9063 VirtualAddrNetwork 10.192.0.0/10 AutomapHostsOnResolve 1 TransPort 9040 DNSPort 9053
I haven’t integrated
tor into the device at all so for this proof of concept I
adb shell into it to run it and configure the
iptables to redirect traffic:
$ adb shell # cd /data/local/tor # ./tor -f torrc & # iptables -t nat -A OUTPUT ! -o lo -p udp --dport 53 -j REDIRECT --to-ports 9053 # iptables -t nat -A OUTPUT ! -o lo -p tcp -j REDIRECT --to-ports 9040
The device should now be sending traffic over Tor. You can test by visiting sites like whatismyip.com or icanhazip.com to see if it reports a different IP address and location to what you normally have. You can also try out hidden services like mh7mkfvezts5j6yu.onion which should show this site.
Killing the Tor process and removing the
iptables entries will set the network back to normal:
$ adb shell ps|grep tor $ adb shell # kill ...process id of tor... # iptables -t nat -F
You can optionally delete the
/data/local/tor directory to remove all tor files:
$ adb shell rm -r /data/local/tor
This is just a proof of concept. Don’t depend on this. You need to restart Tor and the
iptables commands on reboot. I’m not sure how well interaction with switching to/from WiFi and GSM works. Ideally Tor would be integrated with Firefox OS so that you can start and stop it as a service and maybe whitelist or blacklist sites that should and shouldn’t use Tor. I hope to do some of this over time or hope someone else gets excited enough to work on it too.
Another privacy aspect I’d like to investigate is whether TextSecure (or a similar service) could be integrated in the way it’s done in CyanogenMod:
“The result is a system where a CyanogenMod user can choose to use any SMS app they’d like, and their communication with other CyanogenMod or TextSecure users will be transparently encrypted end-to-end over the data channel without requiring them to modify their work flow at all.”
Ideally my end goal would be to have something close to that described in the hardening Android post on the Tor Project blog.
I’m not sure how possible that is though. But Firefox OS is open source, easy to build and hack on, and runs on a lot of devices, including multi booting on some. Adding things like this to build your own custom phone OS that runs web applications is one of the great things the project enables. Users should feel like they can dive in and try things rather than wait for an OS release to support it (in my opinion of course).
A tar file containing a precompiled
tor and the
torrc is available at b2g_tor.tar.gz.
All files and modifications described and provided here are at your own risk. Don’t tinker on devices you depend on and don’t want to risk losing data. These changes are not an official Mozilla project and do not represent any future plans for Mozilla projects.