What about the status of the official TOR VPN?

PPiNizz-Va-J-J · 17 Feb

How is the development status?
And how can i stay updated?
I can't find anything about tor vpn when i google it.
But in this forum, i've red a couple of times, that the TOR developers are developing a TOR VPN App for smartphones.
As i found out Orbot is not from the TOR developers, i am interestet in the App of the official developers of the TOR team.

fid02 · 17 Feb

PiNizz-Va-J-J I can't find anything about tor vpn when i google it.

Good! It's experimental software and shouldn't be used by users before the Tor Project considers it ready. If it was easily accessible through Google and presented to users through a nice-looking website with a shiny download button, that would be concerning at this point.

The code is here and code development can be followed here: https://gitlab.torproject.org/tpo/applications/vpn

WARNING This is experimental software, do not rely on it for anything other than testing and development. It may leak information and should not be relied on for anything sensitive!

Xtreix · 17 Feb

PiNizz-Va-J-J I've tried it and it works pretty well, I've only had one disconnection.

You can test it here : https://gitlab.torproject.org/tpo/applications/vpn/-/packages

Of course, as written @fid02, Tor VPN isn't ready yet and the name may change in the future.

Rryrona · 17 Feb

The Tor Project explained what the VPN would be and what changes would be needed maybe 2-3 years ago or something like that. It involved an app, linked to above, but also changes to the Tor daemon and Tor protocol itself to support UDP traffic and hole-punching to make messaging apps able to support voice and video calls over the Tor VPN. My impression is that the Tor VPN work hasn't really got that much attention, and isn't really progressing much at all. At the very least, they never talked about it again after that. Most development resources seem to have been spend on other projects instead, such as the Rust rewrite of the Tor daemon.

FFartimoji · 2025-03-19T19:11:19+00:00

ryrona so you think it will not come?

Rryrona · 2025-03-20T08:41:16+00:00

Fartimoji I don't know. It just doesn't seem to be prioritized right now, but doesn't seem to be abandoned completely either.

Iignoramous · 2025-03-20T10:03:42+00:00

ryrona such as the Rust rewrite of the Tor daemon

Think after this (viz. Project Arti) is done, Tor VPN will pick up pace as it depends on it?

fid02 · 2025-03-20T12:39:51+00:00

Yes, it's going to use Arti: https://gitlab.torproject.org/tpo/applications/vpn/-/wikis/home

MMolasses · 2025-03-20T13:06:50+00:00

There are surely a lot of people waiting for TOR VPN to reach 1.0 status.

On the other hand, on GrapheneOS we will soon be able to launch specific apps like TOR Browser (or entire profiles) virtualized. That should cover a lot of the most important use cases already. Notably without the danger of running insecure Gecko/Firefox on bare metal Android.

FFartimoji · 2025-03-20T15:47:13+00:00

Molasses does this mean what I think it means?/which is that we will have the option tu run a virtual machine just like on PC? And browse the internet with for example the for browser, and if the user makes stupid clicks, or opens the wrong files, the device integrity stays in tact because the browser ran in a virtual machine? As grapheme or android in general is harder to exploit than almost any desktop environment that would mean that a virtual machine on grapheme would be "go to" option when surfing on the internet. Am I right?
When will it be available?
And which device is mendatory for this?
Pixel 8? Or does it need to be the 8Pro?

Dde0u · 2025-03-20T16:10:30+00:00

Fartimoji Somewhat recently there was an announcement about this: https://discuss.grapheneos.org/d/20647-user-facing-hardware-virtualization-support-in-our-next-os-release

MMolasses · 2025-03-20T17:25:09+00:00

Fartimoji

de0u kindly provided a link to the official announcement.

Running e.g Windows 11 fully like a desktop VM (Full Desktop Interface, Window Manager...) would be rather a unintended consequence and not something officially supported.

It's actually about running specific apps in the upcoming, overhauled AOSP desktop mode. With all the nice integration that comes with such efforts. It's about running Windows or Desktop Linux Apps right next to your native Android Apps in a Desktop interface.

Seems like Windows App support will need extra effort from the GrapheneOS Devs compared to Desktop Linux.

And yes, it will work with your Pixel 8 + a Dock/Hub + external Monitor + Mouse Keyboard etc.

Another thing would be, like I already said, running Android Apps virtualized. That includes Webbrowsers as well. Especially useful for TOR Browser, without the huge attack surface for the Host Device.

Nnewbie24689 · 2025-03-20T17:39:03+00:00

Fartimoji Dang! I hope you've got this right! :-)

I presently run Linux VMs dedicated to browsers on my aging QubesOS laptop, and confidently surf and retrieve mail with relative abandon. But it's coming time to replace that old laptop, and I would LOVE to instead add a keyboard and monitor to my GOS phone and browse/mail with Vanadium instances in VMs!

FFartimoji · 2025-03-20T18:06:09+00:00

de0u that's a bit high for me what I read in the link you provided. Would you mind explaining the content for halfnoobs like me?
What I read out there is that virtual machine support is an upcoming feature which in first will be without a graphical user interface (just command line) and later it'll be possible to run virtual machines even with a graphical user interface like a normal Desktop OS.
I understood from what I heared so far, that with (at least) a pixel 8 phone it will be possible to add a monitor to the phone with cable, so people can use grapheneos as a desktop solution.
Any operating system could be ran in the virtual machine is that right?
And the virtual machine feature is the feature which will be the first step in a GrapheneOS Desktop experience, which is one of the goals of GrapheneOS.
Did I get this all right?
Did i get something wrong?
Did I miss something?
And did especially get it right that at least a pixel 8 is needet for that feature?
If so: would it be better to have something newer? Or would the pixel 8 be enough?

Dde0u · 2025-03-20T19:13:00+00:00

Fartimoji Overall, detailed questions about exactly what will work once the feature ships for general use are premature, because the feature has not yet shipped for general use.

Virtualization works on 6 devices or newer, but an 8 or newer is required for driving an external display.

Iignoramous · 2025-03-20T23:42:50+00:00

Molasses running Android Apps virtualized... Especially useful for TOR Browser, without the huge attack surface for the Host Device

You mean, Host OS? The Device is the same hardware for both the Guest OS & the Host OS.

What pKVM has done is provide mutual distrust boundary between the Host and the Guest (which isn't usually the case, as the Host has near-total control over Guests), without needing a secure enclave (like ARM TrustZone at EL3 running Trusty Execution Environment) or elevated exception levels for sensitive code (like Hypervisors at EL2) or a secure element (which are way watered down & way less capable than APs in the kind of payloads it can run).

MMolasses · 2025-03-21T06:24:13+00:00

ignoramous

Indeed, I appreciate that.

FFartimoji · 2025-03-22T12:58:16+00:00

de0u do you mean pixel 6 devices and newer? Or do you mean it works on 6 devices in general?

Nnewbie24689 · 2025-03-22T16:32:17+00:00

ignoramous Nice (and intriguing) comments!
Thank You.

Dde0u · 2025-03-22T19:55:48+00:00

de0u Virtualization works on 6 devices or newer, but an 8 or newer is required for driving an external display.

Fartimoji do you mean pixel 6 devices and newer? Or do you mean it works on 6 devices in general?

I don't understand the question. But perhaps this announcement addresses it? https://discuss.grapheneos.org/d/20647-user-facing-hardware-virtualization-support-in-our-next-os-release