I've been running Orbot's Kindness mode on Android TV since a week - Doubts

It’s been a week since I started running a Snowflake proxy through Orbot on my Android TV.

I’ve been using the Snowflake extension on my browser for a long time to help others fight censorship. However, it suddenly stopped working. I suspect it might be because I recently configured my Windows firewall settings be stricter, but I’m not entirely sure.

So, I decided to run the Snowflake proxy on my Android TV in the living room instead since it’s almost always on and stays in the house.

As Orbot isn’t available on the Play Store for Android TV, I had to sideload the APK from APKMirror. I have a Bluetooth wireless mouse connected to the TV, which made it easier to navigate through the “Kindness” tab and toggle it on. It’s been running for a week now, and I can see that many people have connected.

I sideloaded Orbot specifically to help others fight censorship using the Kindness mode. I’m not using it to route my own traffic through the Tor network.

I have a few questions:

Is this safe?
For me and for those connecting to the proxy?
Should I keep running it? I don’t have any issues so far. Everyone in my house has been using the TV normally, and everything works fine. Even if I turn the TV off completely (disconnecting it from the power source), the Kindness mode automatically enables itself when the TV turns back on. It’s pretty much a “set it and forget it” setup for me.

Compatibility with RethinkDNS
I’m running RethinkDNS (which I also sideloaded from APKMirror) as a VPN to block ads in some OTT apps using the Mullvad DNS provider.

I’ve whitelisted/excluded the Orbot app in RethinkDNS. Is there any additional configuration I need to ensure it works properly?


Updates
Since I sideloaded Orbot, I don’t have a native way to receive updates.
Is it okay to let the app run on the same version without updates? Or is it critical to regularly update it to keep me and those connecting to the proxy safe?

1 Like

First of all imho you need a reputable source for the apks in use. Why not use the official suggested one? See Orbot - Tor for Mobile (or even use F-Droid)

Your second one (RethinkDNS) also seems to be available on F-Droid. If it is safe to use, depends on the app. If it leaves alone Orbot like configured, everything should be fine.

How to get it: Get F-Droid | F-Droid - Free and Open Source Android App Repository

What it is: F-Droid - Wikipedia

Guess F-Droid might also solve your update issue… Update Processing | F-Droid - Free and Open Source Android App Repository

Ok, sounds like an F-Droid advertisement now :wink:

But I’m not affiliated or even using it, so I know only second hand. Maybe others can second this way or suggest others and better ones.

In the end I like your setup, a very good idea to support the network. :heart: : Would just put it on solid ground and use safer sources for the software. :onion:

Thank you for the reply, atari!
I am aware F-Droid and use it daily on my Android mobile. I almost forgot I could sideload F-Droid the same way I sided Orbot or RethinkDNS. Thanks for the idea!

However, the reason I prefer APKMirror is that it provides of the APK, such as file hashes, which help ensure app is not tampered with during download. The APKs on APKMirror have the certificate signature of the developer from Play Store, while the APKs on Froid have the signature of F-Droid, not the developers. I do not see this as a major issue, but the problem is that F-Droid does provide any APK signatures. While it a Pretty Good Privacy key, it is beyond my scope, and I am not technologically proficient enough to verify the PGP they provide. I do not know how to verify it.

I plan to switch to F-droid on my Android TV tomorrow. Could you provide with an article or instructions on how to verify the signature of the F-droid.apk I will be sideloading to the Android TV? I have an Android mobile and a Windows computer btw.

You are welcome, sibling!

For Windows you might use Gpg4win - they also provide instructions how to verify their downloads properly: https://wiki.gnupg.org/Gpg4win/CheckIntegrity

Afterward it should be possible to follow the usual instruction: Verifying downloaded F-Droid.apk

Yes. See Snowflake abuse - #3 by WofWca.
But I’d probably work on automatic updates. AFAIK vulnerabilities in Snowflake proxies have never been discovered, but just in case.

Yes, after Snowflake they use Tor the standard way. Snowflake is just about censorship circumvention and so much about privacy.

Judging by the fact that you do get Snowflake clients, there is no need to do anything else.

Probably not “critical”, but you never know.

1 Like

Thank you so much for the reply! It’s wonderful to know that everyone including are safe. @atari was able to help me with the app updates so I don’t have any worries now!

2 Likes

Thank you so much, Atari, for letting me know about Gpg4win!

Tho I was getting this error

Anyways, I was able to use another method, I came to know F-droid is also on Apkmirror and I was able to get up the Signature certificate from there

then I download the f-droid apk from their official F-droid website and was able to verify it with the signature certificate on apkmirror website with the one I downloaded from the official website! and they matched up!
I sideloaded it on my tv and everything worked fine!
I was able to add up the Guardian Project Official App Repository on F-droid and seems like the signature of apps in the repo is same as the signature of the playstore version (which I sideloaded from apkmirror) so I don’t even have to uninstall the app reinstall again!

Also, I was able to download another useful app from F-Droid on tv, which I now use daily on my phone. lol
Thank you atari <3

2 Likes

You are very welcome. :heart: In case you are interested why the gpg-step failed you might add -v or -vv (verbose) as an argument for the failing command to see more details.

Also I spot you probably installed a bunch of things from the gpg4win package which are not needed. At least Kleopatra is loitering around in your task bar now :wink:

:male_detective: And OpSec hint: Your screenshot was leaking a time zone… In case you care^^

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.