Accessing the Tor network on a mobile device is, for the most part, quite simple – but it’s a question I see a lot. There’s more than one way to do it, but it partially depends on which device you have (surprise, surprise!).
For Android devices, one of the standard apps that you can use is Orbot, a proxy app that essentially brings the functionality of the Tor browser to the Android phone. It’s available from Google Play here: Orbot: Proxy with Tor. It’s also available from The Guardian Project: Orbot – Tor for Android
Like the desktop version of the Tor browser, it encrypts your Internet traffic and then bounces your communications through a network of other Tor users across the world. Orbot contains both Tor and libevent, which provides a method “to execute a callback function when a specific event occurs on a file descriptor or after a timeout has been reached.” This may occasionally solve the problem of onion sites that consistently don’t load, but not in every instance. For those curious about the code itself, here’s libevent’s official repository on GitHub: GitHub – libevent: A public libevent repository
However, Orbot does not work with apps that don’t have proxy options. For this reason, it’s good to also have an app like orWall (which we’ll discuss in a later post, perhaps.)
The standard web browser that you would use with Orbot is Orweb, which is more or less like the Tor browser available for desktops.
One of its downsides (in my experience, at least) is that it seems to have difficulty connecting to a lot of the .onion sites, but this is a problem with Tor in general, so it may not be exclusive to Orweb – often, the issue is with the onion sites themselves.
Another downside (and this is quite a bit more important), is that Orweb, unfortunately, has the potential to de-anonymize you easily, which would defeat the purpose of using it in the first place.
According to xordern.net: Why you really shouldn’t use Orweb anymore, “Anyone who has access to the raw html traffic (especially website owners and, at least for unprotected connections…the operator of the exit node and the people inbetween) could modify the server response in order to get the real ip of the user.” See the link for more details.
Security flaws aside, it’s still quite functional, and for the most part, provides an easy user experience.
Orfox, being built from the same source code as the original Tor browser, is intended to be as close to its desktop equivalent as possible.
It does seem to load pages a bit more quickly than Orweb does, and it also allows users to bookmark sites. Plus, it includes a “Request Mobile Site” option, which allows you to switch from the standard Tor browser user-agent to an Android device-specific one (which can definitely prove useful).
A few major differences that might prove worrisome are that in its current version, Orfox does not include the mobile versions of such extensions as HTTPS Everywhere, NoScript, and Torbutton (which handles application-level security and privacy issues in Firefox). According to Guardian Project Open Dev: Orfox vs. Tor Browser, these extensions will be added shortly.
Guardian Project also explains that it includes “patches at the Android Java code layer… to [allow] proxying of all Java network HTTP communications through the local Orbot HTTP proxy.”
All in all, both of these browsers do have their security flaws and drawbacks, but I would be more inclined to use Orfox, because of its improved functionality and (in theory) better security. On the downside, it seems that currently, none of these browsers are without their loopholes. No onion routing app is perfect, although if you follow the given guidelines with each, you’re much less likely to reveal your static IP address.
In the future, I hope to give an update with some other options – I haven’t yet tried out the iOS versions of Tor (such as Onion Browser). And of course, if anyone has some better recommendations, feel free to suggest them in the comments!