Signal-android: Proxy Settings for Data Connection

This is a good idea for outgoing messages (REST/https), but will this work with incoming messages? The latter go over Google Cloud Messaging (GCM), whose connection is initiated by Android, not the app.

i really don't know but why would anything go over google? after all, this textsecure is now part of the CyanogenMod system itself. and if it did, wouldn't a local proxy just be facing google?

@merge
Currently GCM is the only free push network that allows messengers and other apps to instantly send messages without having to "pull" every x minutes and ask a server if there are new messages. This has two major advantages: The messages are received nearly instantly and the battery drain is minimal.

With the later versions of Android you only need to have the play store installed, but not registered.

You are right that Google would only see the TOR exit node, but they already have your google ID to identify you, if they wanted.
Which is connected to all the other information you store with them and the device to which they basically have root access. You would only be rather anonymous if you registered with an anonymous number, preferrably from an online service over TOR and _never_ connected with the same account/device to GCM without going trough TOR, which is basically impossible.

The whole situation will get a lot better after websockets are implemented (#127).

When I'll use CM11,not the app, will I need to install gapps to the system, in order to use TextSecure's data messages and be fully compatible with App-users? sorry to abuse the thread for that.

@merge Yes, WhisperPush also needs GCM (which in turn needs the play store).
There is a solution with websockets underway, but it's currently only implemented in the server and not the client. If you want to know more details, take a look at #127

Any updates this Issue? Are there any plans to allow users to set a proxy connection in TextSecure so that it can route through Tor via Orbot?

Once TextSecure becomes Signal, I wish we could choose what to send through Orbot. I want my messages to get sent through Orbot, but not my voice chats.

What would be your usecase for this differentiation? The core developers
have a policy of not adding features which require additional settings.
This is an effort to keep TS/Signal as straight forward and easy to use
as possible. If there aren't significant and very obvious advantages for
your proposal, chances are slim that something like this will ever get
into the official TS/Signal apps.

One of the very few exceptions to this policy is the new (and currently
hidden) interface to administrate multiple devices/identifiers
(Phone/Tablet and Browser).

On 05.07.2015 23:01, Thunderpig72 wrote:

Once TextSecure becomes Signal, I wish we could choose what to send through Orbot. I want my messages to get sent through Orbot, but not my voice chats.

---

Reply to this email directly or view it on GitHub:
https://github.com/WhisperSystems/TextSecure/issues/1187#issuecomment-118667472

For starters I want to point out that I don't really need Orbot. I use it mostly for fun, for some extra security. I don't mind at all if we don't get Orbot support.

My logic behind only tunneling my messages goes like this:
Messages are small, really small. Sending them is quick and the delay caused by Orbot is negligible.
Voice chats on the other hand are different. Calling someone requires a stable, fast connection and I doubt the Tor Network can deliver that.

Having the option to use Tor for all data connections (except for direct calls? would be ok) would be quite some improvement and (I think) _really_ easy to implement. Why should people tell their ISP they are using Signal after all? And this would fix #5679 too.

I personally would add a "proxy settings" menu; It's really common and a lot if not most the the free software apps I use have it. It simply allows to use Tor without rooting the device. BUT:

Here's one proposal how it could be done without adding a "proxy settings" menu: On first startup (just before registration, which is the same thing), check whether Orbot is installed and just ask whether to use it. (The "Lightning" Browser https://github.com/anthonycr/Lightning-Browser does exactly this already, for example). Then, check whether Orbot is installed (at every startup?) in order to be able to (showing a short temporary notification) switch to direct connection in case it got uninstalled. AND again, ask whether to use it if it got re-installed.

Thoughts?

@merge Using Signal with Orbot's Apps VPN Mode as a workaround until this feature is available?

I don't want to spam too much; In principal, yes. But things are way more reliable when Signal itself has proxy settings (exposed to the user or not). It would guarantie no direct connection is established by the App, no matter if Orbot is actually running or active or has an open circuit and so on. As long as it's _installed_, and I have enabled it during Signal startup (in my proposal), people would be quite safe.

And furthermore, you say "until this feature is available", but I have the impression it's not yet decided at all _how_ support for Orbot would have to be implemented. Hence my proposal for a way without a new settings menu.

Telegram for alll platforms (Desktop, iOS, Android) now support SOCKS5 proxy from really beginning of application start. I.e. it may be used with the TOR. I think it will be a best practice if priority for this ticket will be upped, if possible.

"We kill people based on metadata" - The Honorable General Michael Hayden
https://youtu.be/3gJvABEi3wQ?t=59

"Use Signal, use Tor."
"That seems like great advice! So I'm assuming that on first startup of the Signal App, just before registration, there's a popup that checks whether Orbot is installed and asks you whether to proxy your Signal traffic over Tor then."
"No, that doesn't happen."
"But shitty old Lighting Browser has that! Well I assume that there is at least a "proxy settings" option in the Signal App that lets you route your Signal traffic over Tor without needing to root your device then, is that right?"
"No. You're going to have to troll https://github.com/WhisperSystems/Signal-Android/issues/1187 some more before you'll see anything like that in Signal."
"I'm on it!"

@herbsmn Please read the contributing guidelines before posting here again.

Can not using signal anymore, can not access signal server.

GitHub Issue Cleanup:
See #7598 for more information.