We’re Upping Our Support to Mobile Browsing

 

The Tor Project has always fought for freedom of speech and open access to the internet. To do so, it’s essential for us to reach people in areas in the world with heavy online surveillance and censorship, especially those in the Global South. 

Most people in these regions only use smartphones to access the internet, and we want to better support these users. So we developed a strategy to do better for folks who have low-bandwidth connections, limited data plans, or who can only connect to the internet through low-end devices.

Eleven percent of smartphone usage around the world in 2014 was mobile browsing, so we knew giving better support to a mobile browser would be critical to this strategy.

Around a year ago, folks from the Tor Project and the Guardian Project met to discuss the future of Tor Browser on mobile devices. The discussion began with Orfox, a Google Summer of Code (GSoC) project for mobile browsing over the Tor network. Since then, we have been working towards Orfox having similar functionality and security guarantees as Tor Browser for desktop. 

How we’re bringing Orfox on par with Tor Browser 

Our first improvement was to port the Security Slider from Tor Browser desktop to Orfox. To adapt this feature from a desktop application into a mobile application, we had to change how the UI works for the mobile screen. 

Orfox Security Slider Settings

The Security Slider lets you customize your browsing experience according to the security level you want to have when accessing sites. The higher the level, the more things Tor blocks to give you more security. This also changes your experience of the site. For instance, the site might not show “new posts” notifications on Twitter’s timeline because it has blocked javascript. It also may not load and play a video because some of the required scripts could be used by a skilled adversary to reveal identifying information about you. 

The UX Team and the Guardian Project collaborated on this effort iterating on mockups and reviewing UI copies, until there was a version everyone felt was good enough to be build. Once it was up and running as a beta, the UX Team ran a validation test to see if this interface and copy made sense to users. With the help of Amogh, an Orfox developer, we tested our UI with 12 users in India and 3 others in the U.S. We used this feedback to improve our copy and iterate on the slider UI.

This was the first time Tor did a full development cycle following UX best practices, such as being involved with the conceptualization of the UI and performing user testing to validate our hypothesis. Since we don’t collect data on user behavior, we had to build a testing methodology so our community could help us perform these tests with our users. We are now applying UX best practices to all of our development cycles.

Try Out the New Slider 

The newest version of Orfox is available from the Google Play store or download the apk installation file from our git repo or get it at F-Droid store. If you use Android, download it or update your current app to check it out. To see what we discussed here, open the settings menu and scroll down to  the ‘Orfox Settings’ option. 

Access Orfox Settings

As always, we want your feedback! You can use the comments below.

There’s more to come 

Mobile is becoming a core part of our development thinking at Tor. We will continue to work with Orfox, and when the Tor Browser Team comes up with a new feature, we’ll be thinking how we can make it work on mobile as well. We’ll keep publishing updates like this about our efforts to improve mobile experience, especially for those in the Global South. 

A big thank you for the folks who worked on this project: Amogh Pradeep, Thomas Rientjes, Linda Lee, Nathan Freitas and Georg Koppen. o/

Anonymous

September 05, 2017

Permalink

gk said back then that they were working on Tor Browser builds for android later this year; can we have any rough idea on when this will be available and whether the Orfox branding will be dropped then? Thank you team o/

Yes, we still have this plan. We hope to start this soon - we are currently hiring for some positions related to this project:
https://www.torproject.org/about/jobs-osdeveloperandroid.html.en
https://www.torproject.org/about/jobs-developerandroid.html.en

We hope to have it done in one year timeframe and once that is complete the rebranding will take place.

Anonymous

September 05, 2017

Permalink

How can we get OrFox outside of the Play store. Will guardian project still release it from their f-droid repo. Currently this is outdated

Anonymous

September 05, 2017

Permalink

How can we gt Orfox outside of the play store. Will guardian project still release this from their fdroid repo? Is there eta for their repo to updated, it is verly old version

Anonymous

September 05, 2017

Permalink

A big thank you for the folks who worked on this project: Amogh Pradeep, Thomas Rientjes, Linda Lee, Nathan Freitas and Georg Koppen. o/

Is Thomas Rientjes the same person behind the awesome Decentraleyes addon?

Anonymous

September 05, 2017

Permalink

I get iPhones are not really low-end market and a lot less popular in southern hemisphere compared to Android, also having a closed source OS... but is Orfox or an official TBB for iOS considered by the team?

Great work btw guys!

Anonymous

September 05, 2017

Permalink

When will you update the F-Droid version? We need it fast, don't want to use insecure outdated software, but also not crappy Google Play.

Anonymous

September 06, 2017

Permalink

Great, as I have been eagerly awaiting simpler security settings! Before, I had to manually tweak site specific NoScript preferences to get some particular pages to work. This helps a lot, and it's working very well for me. It's also nice to read that there are more improvements in the works.

Which is the latest recommended version? I'm seeing five versions including Orfox-1.2.1 (12/2/16) and Orfox-1.4-RC3 (11/4/16). Why is the newest version number not also the newest release date? (I've been going by date and still using 1.2.1)

Also huge thank you for giving attention to android! I know you guys are busy with more important things but it just seems orfox has been a little neglected in the past year or so. Glad to hear that's about to change!

Okay I can see 1.4-RC-3 has the highest version number, but 1.2.1 was released 29 days later. I guess it could be that 1.4 is still an experimental branch, and 1.2.1 is a stable branch that received backports almost a month later, but then I still don't know which one is recommended.

Anonymous

September 07, 2017

Permalink

i cant download the orbot application from the repo in fdroid atm, but orfox downloads just fine, am i the onlyone with this?

Anonymous

September 07, 2017

Permalink

small feedback to the latest Orfox version:

- the slider is a good idea, but not really usable the way it is implemented right now. if it was the same way as on desktop TBB, for example that the middle setting only deactivates Javascript on non-https sites, that would be fine. If even the middle security setting completely disables Javascript (not even letting it enable via NoScript), there's pretty much not a single site in the internet that will work like that. Should be able to enable Javascript for a given site even with the slider not on low.

- Android language setting is leaking into HTTP_ACCEPT header (try on panopticlick.eff.org). Test it for yourself: change Android OS language to anything other than EN_US and it will show. On non-English desktop TBB, the user is specificall asked if they want the site to know their language setting.

- the slider is a good idea, but not really usable the way it is implemented right now. if it was the same way as on desktop TBB, for example that the middle setting only deactivates Javascript on non-https sites, that would be fine. If even the middle security setting completely disables Javascript (not even letting it enable via NoScript), there's pretty much not a single site in the internet that will work like that. Should be able to enable Javascript for a given site even with the slider not on low.

Yes, we know the experience is still not the best. We are actually thinking about this problem right now on the desktop browser: https://trac.torproject.org/projects/tor/ticket/23150

We have been talking about this for a bit now and we got some good ideas that might help solve this problem. Of course, whatever we do, we know we will have to figure out how to make it work on mobile as well :)

- Android language setting is leaking into HTTP_ACCEPT header (try on panopticlick.eff.org). Test it for yourself: change Android OS language to anything other than EN_US and it will show. On non-English desktop TBB, the user is specificall asked if they want the site to know their language setting.

Thanks for reporting this. I fwd to the team.

Anonymous

September 08, 2017

Permalink

This is an essential and long-awaited development. Many thanks to the Tor and Guardian Projects for this critically important collaboration!

Anonymous

September 13, 2017

Permalink

Easy to use with slider i.e safe /safest .

Cool feature.

just now i downloaded tor browser from playapk.org , may be it is available in other play stores . In some countries these apps are locked .

Anonymous

September 18, 2017

Permalink

I'm trying to break away from android, apple, and windows phones and tablets, any suggestions. Also does anyone know if Ubuntu will still work on a Nexus 7 tablet? Thank you

Anonymous

September 24, 2017

Permalink

Is there any plan to obscure the IMEI and IMSI numbers? If not, do they present a big threat to keeping your location disguised? A journalist I know gets around this by using a tablet with no SIM card (no IMEI/IMSI to transmit) and a mobile wifi (mifi) hotspot in emergencies or when there is no wifi (as mobile connectivity is better - and presumably the hotspot has an IMSI and IMEI),

Unfortunately the lovely people at Google have implemented massive identity leakage so that through any given network connection, the device is constantly phoning-home to Google's servers. Even on, in my limited experience, Cyanogenmod without Google Play Services... Which is far from OK. Or private. What TOR can do is anonymise you partially through the 'pipe' from your browser to a given point on the internet so that harvesting data and tracking at THAT end is harder to do. Unfortunately Google still sees a data connection coming from your device through whatever network (VPN included) and logs it. So your journalist friend is only halfway there. She needs a device that simply doesn't phone home at all. Or at least without permission. I.e. something like a MAC-spoofed Linux laptop, hardened for security (TAILS leaves traces on a USB stick, even after wiping and formating it - little-known fact, honeypot shortlist fans - may as well use a fast, tiny disposable one that can be broken under the heel with one blow and flushed/burnt in an instant and do these exist on the market? )... and running through TOR and a VPN etc. I'm no expert. Privacy just gets to be a mission in and of itself!

Anonymous

January 14, 2018

Permalink

Hey so im trying to use Orfox but every... Lets say month or so it goes from working fine to just not loading any pages whatsoever. I get this "browser has timed out" related message and nothing ever loads more than 1/4th of the way according to the orange load status bar at the top under the address bar.
I also cannot select the "Orfox settings" tab in the dropdown menu. It immediately goes to "the address wasnt understood"

What can i do to fix this besides continually uninstaling and re installing which doesnt always work.

My phone is lg v20 h918 adb rollback 1 and android ver 7.0
Lmk if i need to include anymore info or what i can do to help fix this

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

4 + 12 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.