One confusing thing I found is that, when I typed in "onion browser" into my iPhone's App Store Search field, three results came back. I found myself not really know which one was truly yours (yours was actually #2 search result). It would have been helpful if, in the screenshots on this page, you showed the logo. The logo is shown in the App Store so that would've made it a slam dunk, easy decision.
Getting around this entirely would require obfsproxy which wouldn’t work on iOS the way I have it set up due to the inability to spawn sub processes. (Tor client, when configured to use obfsproxy bridges, has to spawn an obfsproxy process to handle the obfusctaed traffic.)
I had to install ccache before libssl would compile.
Make sure you build libssl before libevent.
In the icons folder is a install script to download the icons.
Otherwise compiles well. The anonymity of the .onion sites scares me. I have a very strong suspicion that one day SSL (i.e. symmetric encryption with no backdoor) will be illegal in many countries.
The content of a lot of .onion sites scares me. Definitely a higher concentration of crazy than I'm used to on the internet.
These corners of the internet aren't pretty but they play an important role within our society.
a) comparing child pornography to political criticism
b) saying that it "play[s] an important role within our society".
Can you elaborate?
It's not the child pornography that is important to society. It's the freedom of speech, and the security that speech has against regulation from the government. Tor is a place where a person can securely make any sort of criticism that they want, and that security is important.
An unfortunate (but unavoidable) side effect of that security is that child pornographers also receive the same security.
1) DNS query to YouTube cache server
2) GET request to Google's servers for /videoplayback
This seems isolated to the QuickTime player only. No other DNS queries or traffic appears to be visible. I suggest you warn users that video playback does not go through the tunnel.
Generally I don’t think this is (on the face) any worse than a regular third-party browser app: Other apps (games are a great example) are free to implement custom communication protocols and there are plenty of unsavory / underground / illicit websites on the regular internet. Tor has a lot of legitimate and illegitimate uses, but that can pretty much be said of web-based communication in general.
tar: Code/iOS-OnionBrowser/build/src: Not found in archive
I might have some dependencies that I’ve neglected to mention (since I use homebrew a ton) and I’m trying to nail down the build scripts to be a bit more portable.
Edit: Also, the app in question is under MIT and the used libraries under various permissive licences (https://github.com/mtigas/iOS-OnionBrowser/blob/master/LICEN...).
It supports bridges, and it will even let you run a relay and/or hidden service directly from your phone.
I've had this idea for a while now of building an SMS-like app that runs entirely over hidden services for users with Orbot installed. If I send you a message this way, nobody knows that you received one, that I sent one, or what the message contained, and it wouldn't require me to set up any server infrastructure as it would be entirely peer to peer over Tor.
If you are looking for a general approach to obscure your browsing from an employer's network, but don't need the whole feature set of Tor, you are better off setting up a proxy to a remote machine. If you truly need the greater anonymizing of Tor and are willing to take possible latency / speed impacts, do so. Just don't expect it to be optimal for the first case when doing general browsing.
It is great to see the Onion Browser available so readily/easily.
The raw bandwidth on the other hand is usually pretty good (not great, but it's not intended for large downloads anyway as they tax the network...).
TOR is meant for the cases when anonymity trumps convenience.
Again, I recognize that this is a fundamental consequence of onion routing and Tor is not intended to be used for everyday browsing. I simply wonder how it will handle a low-bandwidth, high-latency network.
Also, as a minor aside, are the mobile handsets themselves used as routing nodes? If not, what would be the consequence of adding a bunch of users to the system who don't participate in routing?
I’m trying to nail this down, but it’ll likely take me some time to find a real fix.
Let me know if that's not the case and I’ll double-check my settings in iTunes Connect.
they require a backdoor?
That's... interesting. I'm French and I had never really heard of that law applied.
 http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=LEGITE... (in French, obviously)
According to the FAQ on iTunes Connect you need French export forms only if the app contains:
- any encryption algorithm that is yet to be standardized by
international standard bodies such as IEEE, IETF, ISO, ITU,
ETSI, 3GPP, TIA, etc. or not otherwise published; or
- standard (e.g., AES, DES, 3DES, RSA) encryption algorithm(s)
instead of or in addition to accessing or using the encryption
in Apple OS