Bypass proxy by default
Sune1337 opened this issue · 5 comments
It would be very nice if there was an option that made apps "bypass proxy by bypass" by default; and then the apps i select would be redirected through Orbot.
Right now i am about to bypass what seems like a list of hundreds of apps only to allow K-9 email to go through Orbot.
Hello,
nope, this won't happen: if you have that many apps bypassing orbot, this means orwall isn't the app you're looking for. Also, if, on the contrary, you have a lot of apps forced through orbot, same thing: probably not the app you're looking for
For the records, orwall main aim is to lock all apps out of network, and allow only some of them to go the the wild — as a first option forcing them through orbot.
More over, each checked app will create new rules in iptables, and this can become really heavy for the system.
If you want to force only K9 through tor while letting "hundreds of other apps" passing by, you might want to consider the orbot embedded firewall rules, as it allows to force only a few apps through orbot/tor, while letting the rest of the system free.
Same thing if you want to force the system itself through orbot/tor.
Cheers,
C.
Hi,
I am aware that Orbot allows me to check single apps to route through Orbot.
The downside with this is that Orbot does not add rules until it's connected; and also it removes the rules if it's disconnected.
There's also a chance that the app i want to route starts up before Orbot is connected and has added it's rules. Your app supported init.d startup which would decrease the chance of apps to connect to internet before Orbot. Orbot does not support this.
Just to clarify; the "hundreds of apps" is all default stuff on the phone.
I was hoping for a checkbox to invert the default main aim to "lock all apps out" to .. to not do that; and use the Orwall to select the apps i want to go through Orbot.
I guess i agree that this request will suite the Orbot app better; slighly modified :)
Thanks for your response.
you might want to check droidwall or afwall+, as they do implement init-script properly… though they aren't that easy to use in order to force apps through orbot/tor (this is the main reason I created orwall).
For information, on my phone running CM12, I have 16 checked apps (far less than the half proposed by the system), and among those 16, 8 have a bypass.
The bypass is due to either "speed does matter" (f-droid for example) or "no need to go through tor" (flock)… In "conflict situation", I may switch them back to forced, in order to prevent bad guys to know where my connections are going ;).
And in this condition, all is working just fine. Most of the pre-installed/system apps do not require network access. At all.
I forgot the fact that most apps don't require internet. This might be good enough for me; need to check that list again. Thanks.
You're welcome ;).