Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Feature Request: Firewall & TOR Support #163
Comments
ghost
changed the title from
Firewall & TOR Support
to
Feature Request: Firewall & TOR Support
Feb 4, 2016
thestinger
added
the
Type: enhancement
label
Feb 4, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
thestinger
Feb 4, 2016
Contributor
AFWall+ isn't going to be bundled. It depends on root (and su implementations exposed to applications are a major security hole) and isn't written in a security-conscious way. Firewall functionality needs to be built into the OS rather than being provided by a bundled third party application. The plan is to start with a basic network permission toggle (#128) and go from there. There's already a firewall, it's just not exposed to users. So requests need to be for specific user-facing firewall features.
Bundling Tor at some point is planned, but it can't simply be done by bundling Orbot as-is. It needs to avoid starting the service automatically before a user requests that and it needs to be moved to an OS API for transparent proxying rather than relying on root access as it does right now. It's planned already: #130.
This kind of stuff isn't going to happen for quite some time without any contributors though.
|
AFWall+ isn't going to be bundled. It depends on root (and su implementations exposed to applications are a major security hole) and isn't written in a security-conscious way. Firewall functionality needs to be built into the OS rather than being provided by a bundled third party application. The plan is to start with a basic network permission toggle (#128) and go from there. There's already a firewall, it's just not exposed to users. So requests need to be for specific user-facing firewall features. Bundling Tor at some point is planned, but it can't simply be done by bundling Orbot as-is. It needs to avoid starting the service automatically before a user requests that and it needs to be moved to an OS API for transparent proxying rather than relying on root access as it does right now. It's planned already: #130. This kind of stuff isn't going to happen for quite some time without any contributors though. |
thestinger
closed this
Feb 4, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
ghost
Feb 4, 2016
Great to hear you have this kind of stuff already on your List! Sorry for not looking through the Requests and planned Features.
ghost
commented
Feb 4, 2016
|
Great to hear you have this kind of stuff already on your List! Sorry for not looking through the Requests and planned Features. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
thestinger
Feb 4, 2016
Contributor
No worries. Happy that there's interest in the OS. I'm going to be proactive about closing any issues that aren't actionable because I'd like to keep the bug tracker minimal. So it's fine to brainstorm stuff but the only issues I'll keep open are ones about specific planned features (i.e. stuff that's already essentially designed, just not implemented).
|
No worries. Happy that there's interest in the OS. I'm going to be proactive about closing any issues that aren't actionable because I'd like to keep the bug tracker minimal. So it's fine to brainstorm stuff but the only issues I'll keep open are ones about specific planned features (i.e. stuff that's already essentially designed, just not implemented). |
ghost commentedFeb 4, 2016
I want to suggest to add a Firewall to your ROM to have a complete Overview and Control over the Network Access of your Apps. You could use the Open Source AFWall+ for it.
Additionaly I think it would be a great improvement to add TOR Support to it, like you could with the Open Source Orbot.
AFWall+:
https://github.com/ukanth/afwall/
Orbot:
https://github.com/guardianproject/Orbot