TorProxy and Shadow

Users give up a certain level of anonymity when they browse the web. Not only do things like cookies make them less anonymous, server logs also keep a record of which IP addresses connected to them, and ISPs, companies, and others may record the destination of outbound traffic. Unlike cookies, though, there is nothing a user can do to prevent their address from being captured by endpoints or intervening routers—except by using some kind of proxy. Using Tor, for example, allows users to proxy their request through an anonymizing network so that there is no direct connection between their address and the server they are contacting. Now, through the work of Connell Gauld, Android users can also browse through Tor using TorProxy and Shadow.

There are any number of reasons that someone might want to disguise their web requests: repressive governments, potential embarrassment, hiding illegal activities, and so forth. Tor routes each request that it gets through several, randomly-chosen nodes within its network. The request eventually emerges at an exit node—which, importantly, sees the traffic in the clear—where it is handed off to the destination server.

Essentially, the only information available is that the source node connected to a Tor node, and some time later a different Tor node connected to the destination. With enough monitoring, traffic analysis might be used to determine the correspondence between those two things, but it raises the bar by quite a bit. Cookies and user logins on destination sites can also potentially pierce a user's anonymity, but those are able to be controlled by users.

TorProxy and Shadow are two free software programs for Android mobile phones that give users access to the Tor network. Both can be installed from the Android Market application. As the name implies, TorProxy is the proxy agent that sits between applications that want to anonymously use the network and the network itself, routing the traffic through Tor. Shadow uses the Android browser classes to implement a browser, but routes its requests through TorProxy.

There are some questions (see the update) about the code that underlies TorProxy, so it may not, yet, be suitable for "operational" use. But, the code is free, and there have been successful efforts to get the C version of the Tor client running on Android, so it would seem likely that a secure version of TorProxy will come along.

Once installed, TorProxy can be configured to maintain a Tor connection at all times, or only on demand from applications that specifically request it, such as Shadow. Shadow has a bit of a different look from the standard Android browser, at least on startup, but it functions more or less the same. But, much like desktop Tor usage, it suffers from fairly serious delays.

When first connecting, TorProxy takes roughly 30 seconds to initiate a connection. An onion logo—Tor is sometimes known as "The Onion Router"—with a countdown appears in the Android status bar. Once the connection is established, one can then surf the web. It is something of a nostalgic experience, reminding one of those halcyon days of accessing the net via 9600bps (or worse) modems.

Unfortunately, any serious attempt to anonymize traffic is going to be somewhat slow. Each hop along the way is going to add some time to the process, but each will add a bit more unpredictability as well. For those that need the anonymity that Tor can provide, however, the wait is likely worth it—the wait in a gulag or prison will likely be much longer.