Onion Browser

Home | Help/Support | Security | by Mike Tigas

Enhance your web privacy

Onion Browser is a minimal web browser that encrypts and tunnels web traffic through the Tor onion router network and provides other tools to help browse the internet while maintaining privacy. See more features & benefits.

• Security note: Research into Onion Browser suggests that browser content — including cookies — may be retained, depending on how an app is closed or if the app crashed. Users are encouraged to press the "New Identity" button before closing the app, as this will ensure that all session data in Onion Browser is wiped from the device.

• November 11, 2014, Current Version: It's a two release week! Onion Browser 1.5.10 is a minor release which fixes some issues with configuring bridges, the display of the progress bar (which was not appearing in iOS 8), and adds a TLS "padlock" icon to show if a connection is entirely over TLS or if it contains insecure content. More details can be found in the CHANGES.txt file in GitHub. Details on security updates can be found in the Security page. Users are encouraged to update via App Store.

• November 9, 2014, Previous Version: Onion Browser 1.5.9 fixed a crash on the DuckDuckGo .onion site over SSL — and other websites where the "Cannot Verify Website Identity" prompt appears. Further, SSLv3 was disabled to improve security and bypass the POODLE attack. Tor was updated to 0.2.5.10 and OpenSSL updated to 1.0.1j. More details can be found in the CHANGES.txt file in GitHub.

• May 14, 2014 - SECURITY AUDIT RESULTS. Onion Browser received a security audit by the Cure53 security firm. This audit was funded by the Radio Free Asia Open Technology Fund. Onion Browser 1.5 fixes several major issues uncovered by this audit. Details on the results can be found on the Security page. The full audit report can be read here: onion-browser-cure53-security-audit-201404.pdf (PGP sig) or at Cure53's website. Onion Browser versions older than 1.5 are considered unsafe. Forks of Onion Browser which have not updated since May 14, 2014, should be considered unsafe.

• Recommended by Tactical Technology Collective and ProPublica’s Guide to Safer Communication.
• Featured as App of the Week on Salon.
• Featured in The New York Times, TechCrunch, Boing Boing, Gizmodo, Lifehacker, The Guardian, Cult of Mac, and others.
• Ranked as high as the #1 Paid iPhone Utility app and the #2 Paid iPad Utility app in the U.S. App Store.
• Read the launch day introductory blog post

Simulated screenshots:
iPhone 4/4S, iPhone 5/5C/5S, iPad 3; on iOS 5.1 and iOS 7.0.
Onion Browser supports most devices using iOS 5.1 or newer.

Download

This app (the "official fork") is being sold for $0.99 in the Apple App Store. Click here to download.

Note: The app is currently unavailable in France due to import regulations on encryption software. The app is unavailable and does not work in China and Iran due to these nations blocking access to the Tor network.[‡]

‡: The obfsproxy transport tool allows Tor to bypass these methods, but cannot be integrated into Onion Browser due to the limited iOS App "single process" architecture.

Copies of Onion Browser downloaded outside the App Store — via "jailbreak" app directories like Cydia — are built and released by third parties and are not supported by the developer. These copies may have modifications added by the packager, which may interfere with your privacy or security. For the best security, you should purchase the app; in situations where App Store payment is difficult due to security precautions (i.e. using an alias in the App Store that is not listed on a credit card), you may e-mail the developer to request an App Store download code. For best security in non-App Store circumstances, you should build your own copy of the app.

Support Online Privacy and Free Speech

The developer recommends that users interested in supporting the ideals of Onion Browser should donate to the upstream Tor Project and consider operating a relay server to help improve access to Tor. Other great organizations to support are Freedom of the Press Foundation (creators of SecureDrop), the Electronic Frontier Foundation.

Each organization is registered as a 501(c)(3) charity in the United States:

• Donate to Tor Project — Public records: GuideStar, Nonprofit Explorer
• Donate to Freedom of the Press — Public records: GuideStar, Charity Navigator
• Donate to EFF — Public records: GuideStar, Charity Navigator, Nonprofit Explorer

Source Code

The project is open source and you may freely access the source code on GitHub.

• mtigas/iOS-OnionBrowser on GitHub
• Download source tarball

Features & Benefits

• Internet access is tunneled through the Tor network[1][2]
  • Websites do not see your real IP address.
  • ISPs and insecure wireless networks cannot see your browsing.
  • Access websites, even behind some types of internet filters and censors.
  • View .onion websites: the "dark net" of hidden sites only accessible using Tor.
• Fight online tracking: use a new IP address and clear your cookies/history/cache by pressing one button.
• Block third party cookies or all cookies.
• Ability to change cookie storage policy (Allow All / Block Third Party / Block All)
• Disable scripts and multimedia content that can be used to track you.
• Can send the "Do Not Track" HTTP header (DNT: 1) to websites.

Technical folks should view the README file in the GitHub repository for implementation details and other technical notes.

Bugs, Caveats, Side Notes

See the Github project for a current list of known issues.

Using Onion Browser does not inherently guarantee security or privacy. It simply provides a set of features that may enhance privacy and anonymity while browsing the web. For more information: The Tor Project maintains a small section about staying anonymous over Tor, as do several threads on Reddit and other messageboard sites.

• Disclaimer: Onion Browser only tunnels traffic within the Onion Browser app. You are still using a smartphone, and in extremely sensitive circumstances you should be aware that iOS or your cellular provider may continue to leak non-Onion Browser traffic and other information.
• Video note: Websites using HTML5 <video> tags may leak <video>-related DNS queries and data transfer outside of Tor. This includes YouTube, Vimeo, and any website using iOS-compatible HTML5 video. This is due to behavior of the embedded QuickTime player and a comprehensive workaround has not yet been developed.
• JavaScript blocking: The "Active Content Blocking" feature is experimental. If ACB is turned off, JavaScript techniques can identify your device even if User-Agent Spoofing is enabled.
• Geolocation blocking: Websites may use the HTML5 Geolocation API unless the "Active Content Blocking" feature is set to "Block All". Users should remain vigilant for any pop-ups asking for permission to access location data.
• Common Sense: If you log into websites in Onion Browser that you normally log into outside of the Tor network, they will a) still know who you are, and b) know that you use Tor. In certain circumstances (i.e. political dissent in repressive nations), this may be incriminating information in itself.

Disclaimers, notices, etc.

"Onion Browser" is a trademark of Mike Tigas. Forks of this project must not use the "Onion Browser" name when distributing binary forms of this application.

The "Onion Browser" icon is a trademark of Mike Tigas. Icon image under the Creative Commons CC-BY-SA 3.0 license. Forks of this project should not use the "Onion Browser" icon when distributing binary forms of this application.

Mike Tigas and OnionBrowser are not affiliated with nor endorsed by the Tor Project. Onion Browser carries no guarantee from The Tor Project about quality, suitability or anything else. ("Tor" is a registered trademark of The Tor Project, Inc.)

Onion Browser is © 2012-2015 Mike Tigas, all rights reserved. Source code available freely under the MIT License.

See the LICENSE file for more information.

This software uses strong cryptography and may it fall under certain export/import and/or use restrictions in some other parts of the world. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org for more information.

If you are a developer and plan on redistributing this app in source or binary form, please see read “ENCRYPTION NOTICE / APP DISTRIBUTION NOTES” in the LICENSE file for more detailed disclaimers.