This project forked from amoghbl1/tor-browser
UPDATE: Orfox is being replaced by Tor Browser for Android. All future work and comments will be handled by Tor Project.
Home Page: https://blog.torproject.org/new-alpha-release-tor-browser-android
License: Other
export MOZCONFIG="tor-browser/.mozconfig-android"
./mach configure
./mach build
./mach package
Whenever a tab has finished loading, I see a clearnet DNS resolve of
the URL bar domain. Which I block, so I don't know what would be
requested next. The websites still load fine, and check.tpo shows
success.
Distribution should check if file is null before passing it to be read (crash reported from Google Play)
java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.io.File.exists()' on a null object reference
at org.mozilla.gecko.util.FileUtils.readStringFromFile(FileUtils.java:126)
at org.mozilla.gecko.distribution.Distribution$1.run(Distribution.java:232)
at android.os.Handler.handleCallback(Handler.java:739)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:145)
at org.mozilla.gecko.util.GeckoBackgroundThread.run(GeckoBackgroundThread.java:43)
Orfox-Fennec is infested with Google-Trackers/Backdoors. I checked the apk-files of Orfox-1.5.x-Fennec from offical Guardian download: https://guardianproject.info/releases/
You can verify this with eg. ClassyShark3xodus from f-droid: https://f-droid.org/de/packages/com.oF2pks.classyshark3xodus/ (see screenshot)
All versions contains 4 different trackers:
Adjust
Google Ads
Google Doubleclick
Google Firebase Analytics
It's an absolute no-go! Each Orfox user gets an unique identifier and is no longer anonymous with such builtin spyware.
You should remove infested files from download area until this bugs are fixed.
NoScript settings page is just blank except for its name, description and a couple of buttons at the bottom of the screen -> [Disable] & [Uninstall].
9669dbf#diff-dd3eea706fde129319f5afb896ae34bf
According to real Android Firefox, it should be:
Mozilla/5.0 (Android 7.1.1; Mobile; rv:52.0) Gecko/52.0 Firefox/52.0
When selecting text the current page scrolls too.
This bug is similar to https://github.com/mozilla-mobile/focus-android/issues/2194
and is VERY annoying.
Presumeably this is because the receiver hasn't been loaded or init'd yet. We should catch the exception, and log it.
java.lang.IllegalArgumentException:
at android.app.LoadedApk.forgetReceiverDispatcher (LoadedApk.java:781)
at android.app.ContextImpl.unregisterReceiver (ContextImpl.java:1207)
at android.content.ContextWrapper.unregisterReceiver (ContextWrapper.java:582)
at org.mozilla.gecko.BrowserApp.onPause (BrowserApp.java:1158)
at android.app.Activity.performPause (Activity.java:6363)
at android.app.Instrumentation.callActivityOnPause (Instrumentation.java:1312)
at android.app.ActivityThread.performPauseActivity (ActivityThread.java:3411)
at android.app.ActivityThread.performPauseActivity (ActivityThread.java:3384)
at android.app.ActivityThread.handlePauseActivity (ActivityThread.java:3359)
at android.app.ActivityThread.-wrap13 (ActivityThread.java)
at android.app.ActivityThread$H.handleMessage (ActivityThread.java:1374)
at android.os.Handler.dispatchMessage (Handler.java:102)
at android.os.Looper.loop (Looper.java:148)
at android.app.ActivityThread.main (ActivityThread.java:5466)
at java.lang.reflect.Method.invoke (Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run (ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:616)
Same leak for the domain firefox.settings.services.mozilla.com, but
loaded automatically.
We removed permissions to load an account, but we don't check if the permission exists in the code.
java.lang.SecurityException: caller uid 10001 lacks any of android.permission.GET_ACCOUNTS
at android.os.Parcel.readException(Parcel.java:1465)
at android.os.Parcel.readException(Parcel.java:1419)
at android.accounts.IAccountManager$Stub$Proxy.getAccountsAsUser(IAccountManager.java:647)
at android.accounts.AccountManager.getAccountsByTypeAsUser(AccountManager.java:447)
at android.accounts.AccountManager.getAccountsByType(AccountManager.java:441)
at org.mozilla.gecko.fxa.FirefoxAccounts.getFirefoxAccounts(FirefoxAccounts.java:54)
at org.mozilla.gecko.fxa.FirefoxAccounts.firefoxAccountsExist(FirefoxAccounts.java:37)
at org.mozilla.gecko.widget.ActivityChooserModel.hasOtherSyncClients(ActivityChooserModel.java:1312)
at org.mozilla.gecko.widget.ActivityChooserModel.loadActivitiesIfNeeded(ActivityChooserModel.java:784)
at org.mozilla.gecko.widget.ActivityChooserModel.ensureConsistentState(ActivityChooserModel.java:722)
at org.mozilla.gecko.widget.ActivityChooserModel.setIntent(ActivityChooserModel.java:413)
at org.mozilla.gecko.widget.GeckoActionProvider.setIntent(GeckoActionProvider.java:200)
at org.mozilla.gecko.BrowserApp.onPrepareOptionsMenu(BrowserApp.java:3589)
Android version: 6.0.1
Orfox version: 1.5.2-RC1 or any previous version
One can not download any image file using standard browser Save dialog.
Even though new addons is shown to be installed after installing, there are not enabled when browsing. The hamburger menu with addons subsection doesn't show the new installed addons.
Android version number 10.5.5 (91.2.0).
- I also see (attempted) outgoing packets related to the Internet
Group Management Protocol [1] and the Simple Service Discovery
Protocol [2]. These can be avoided by changing
browser.casting.enabled [3] to false. orplug [4] log:
NoScript, OrfoxSettings XPI auto-install on first page load. HTTPS Everywhere requires quit/exit and restart to show up.
I aprreciate the efforts put in this browser and it makes for a real privacy browser. But every time a HTTP request is sent we will be leaking the browser identity.
It needs a user agent switcher which is on by default to randomise the agent so that users are not tracked.
It now shows up as CONTACTS in the UI: https://stackoverflow.com/questions/33124930/android-6-0-permission-get-accounts
Permission is here:
https://stackoverflow.com/questions/33124930/android-6-0-permission-get-accounts
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.