Open Radar

 
We’re working on Onion Browser, a FOSS browser containing Tor.
Currently, Tor runs as a thread inside the app process and uses UIWebView’s SOCKS proxy to route traffic through Tor.

Now we are forced to move to WKWebView, which will need a Network Extension to actually be able to proxy the traffic.

Seems fine for us, if we get the benefit of fixing real IP leakage with this, too, which we currently have with WebRTC and video.

However, Tor uses a SOCKS or HTTP interface, Network Extension uses a tun device. This burdens us with writing a stable piece of software which translates between these.
We have a PoC implementation, but it is unstable and will require a lot of work to get it stable.

Unfortunately, memory constraints on NEs are harsh for this use case and a major problem is the fail-open behaviour. As per our experience, if the running Network Extension crashes, requests are immediately retransmitted through the normal network interface. This could lead do dangerous leakages: Consider a dissident in a civil-rights-suppressing country triggers a country’s firewall alert. Police coming after them because of looking at wrong website.

We would be very happy if we could just use the HTTP or SOCKS interface as we could do with UIWebView.

Would this be possible for the next iOS release?


Onion Browser in app store: https://apps.apple.com/us/app/onion-browser/id519296448
Onion Browser project: http://github.com/OnionBrowser/OnionBrowser/
iCepa project: https://github.com/icepa
unstable tun2tor wrapper: https://github.com/iCepa/tun2tor