proxy.orb is not magic. It’s a simple, powerful convention: a local name for a local proxy that connects you to the global Tor network. If you value privacy, learn it. If you develop network tools, use it. And if you see it in your proxy settings without having started Orbot—treat it as a red flag.
Your data travels through tunnels. Make sure you’re holding the map.
This article is for educational purposes. Always comply with local laws regarding anonymity and circumvention tools. proxy .orb
A major pain point with custom local domains is HTTPS. OrbStack automatically generates wildcard SSL certificates for *.orb using its own Certificate Authority (CA).
When you use a proxy .orb configuration (like an upstream proxy or load balancer), you face a double encryption issue: This article is for educational purposes
If your proxy intercepts traffic, it replaces the server’s certificate with its own. The OrbStack VM will reject this because it trusts only the OrbStack CA.
Solution: Install the OrbStack CA certificate into your proxy’s trust store. A major pain point with custom local domains is HTTPS
Type http://proxy.orb into a regular browser outside of Orbot’s context, and it will fail to resolve. This is not a real domain—it’s a local alias. Some malicious apps try to trick users by creating fake “orb” domains. Always verify that proxy.orb only appears inside Orbot’s configuration or your system’s proxy settings after you’ve intentionally started Orbot.