Related
I'm just getting started with CM7 and the Nook Color, but I have some general security concerns that perhaps you could help me with?
1. Viruses. I understand that these are real in Android. I've temporarily disabled non-Market apps, but I believe viruses and/or spyware have shown up in Market Apps too. Are there decent AntiVirus apps and what do you recommend?
2. Firewall. What services are open by default? Are there good software firewalls available?
3. Adware. Is it always clear which Market apps are ad-supported? Have apps crossed the line into malicious or near-malicious spyware? (Taking over browsers, redirecting home pages or searches, infecting other apps, etc.)
4. Apparently Google does not require password-confirmation for Market purchases, and no real solution exists, since available apps complicate things and don't address the root issue. Do they have any plans to change that?
5. Where are application and web site passwords, WiFi keys, and the like stored, and are they encrypted?
6. Is there a multi-user / multi-profile facility to allow different users to log in to different desktops and/or applications? (Or is that best accomplished with dual booting.)
7. What major applications are known to "phone home" or otherwise divulge more information than might be expected? I was quite surprised that CM7 itself phones home to CyanogenMod by default, and even with that turned off the ROM Manager still reports usage statistics to Google?
8. Is anyone independently reviewing CyanogenMod itself for privacy and security implications? Right now many of us are relying on a hodgepodge of hacker contributions and the good will of those creating them. I'm sure that anything malicious would eventually come to light, but is anyone proactively checking out the release CM7 distribution, the GApps distribution, and the various installers and packagers? Right now the only verifiable "web of trust" that seems to exist is the good intentions of every contributor, and the general availability of the source code (which should make the review possible, if not particularly easy!).
9. Are there any "best practices" as a user? For example, I've set up a new GMail ID for use with the NC, and haven't yet linked any credit card or payment data. Meanwhile, for the B&N side I've had to submit a credit card number to get access to their market (even to get their "Free" offerings).
10. Any implications for configuring e-mail and/or contacts, etc.? Mass remailing trojans certainly exist on the Windows side.
11. Do the application specific permission settings compare favorably to those of the BlackBerry, and are they easily adjustable after you've already granted permissions to an app?
12. Is there any concept of sandboxing a new app to prevent it from possibly adversely affecting other applications or files?
13. Is there a best practice for how to manage files on both the eMMC and SD card storage, particularly when booting between the two? Can one be locked out from the other?
Okay, that's a baker's dozen. I'll stop now.
Thanks much for any input.
Really? Nobody has an opinion to share on this?
rooting /cm7 / and the purpose behind it may just not be for you. I don't think your going to get an answer your looking for. Also not trying to be rude, but you pretty much wrote a book in your first post. Just ask a question dude.
Thanks for the response, but I asked roughly 13 questions -- would you prefer I "just asked a question" by starting 13 different threads? I certainly wouldn't.
And your first sentence makes it sound as if there's no one here who gives a damn about their own data and that everyone views the Nook Color as a toy -- and I seriously doubt that.
xdabr said:
I'm just getting started with CM7 and the Nook Color, but I have some general security concerns that perhaps you could help me with?
1. Viruses. I understand that these are real in Android. I've temporarily disabled non-Market apps, but I believe viruses and/or spyware have shown up in Market Apps too. Are there decent AntiVirus apps and what do you recommend?
2. Firewall. What services are open by default? Are there good software firewalls available?
3. Adware. Is it always clear which Market apps are ad-supported? Have apps crossed the line into malicious or near-malicious spyware? (Taking over browsers, redirecting home pages or searches, infecting other apps, etc.)
4. Apparently Google does not require password-confirmation for Market purchases, and no real solution exists, since available apps complicate things and don't address the root issue. Do they have any plans to change that?
5. Where are application and web site passwords, WiFi keys, and the like stored, and are they encrypted?
6. Is there a multi-user / multi-profile facility to allow different users to log in to different desktops and/or applications? (Or is that best accomplished with dual booting.)
7. What major applications are known to "phone home" or otherwise divulge more information than might be expected? I was quite surprised that CM7 itself phones home to CyanogenMod by default, and even with that turned off the ROM Manager still reports usage statistics to Google?
8. Is anyone independently reviewing CyanogenMod itself for privacy and security implications? Right now many of us are relying on a hodgepodge of hacker contributions and the good will of those creating them. I'm sure that anything malicious would eventually come to light, but is anyone proactively checking out the release CM7 distribution, the GApps distribution, and the various installers and packagers? Right now the only verifiable "web of trust" that seems to exist is the good intentions of every contributor, and the general availability of the source code (which should make the review possible, if not particularly easy!).
9. Are there any "best practices" as a user? For example, I've set up a new GMail ID for use with the NC, and haven't yet linked any credit card or payment data. Meanwhile, for the B&N side I've had to submit a credit card number to get access to their market (even to get their "Free" offerings).
10. Any implications for configuring e-mail and/or contacts, etc.? Mass remailing trojans certainly exist on the Windows side.
11. Do the application specific permission settings compare favorably to those of the BlackBerry, and are they easily adjustable after you've already granted permissions to an app?
12. Is there any concept of sandboxing a new app to prevent it from possibly adversely affecting other applications or files?
13. Is there a best practice for how to manage files on both the eMMC and SD card storage, particularly when booting between the two? Can one be locked out from the other?
Okay, that's a baker's dozen. I'll stop now.
Thanks much for any input.
Click to expand...
Click to collapse
I have to admit, you come off as rather paranoid, and i am not sure why you are so.
Yes, there have been a couple of problem apps recently, but Google took care of them, and i would not worry. The best security you can have, is looking at what you are installing. The application cannot hide what permissions it needs, so if you have something asking for way more than you think it should need, take that as your first red flag.
Currently, Virus Scans on Android are a joke, and simply unneeded. Don't even waste you time. Firewalls are just about the same, and again, not worth the effort. One thing to keep in mind, that this is a linux system, and is not as prone to the Windows based attacks that you are used to. Things like email spam bots and such are not a problem.
As for Cyannogen - no code is added to the repository without being peer reviewed; and every code submission is available in public records. Frankly, they did not make it to CM7 by stealing people's data, nor is it simply a hodge podge of devs.
Frankly, I think right now more research is in order for ya. Most of what you ask is already discussed in many places, or is never discussed, because it simply isn't a worry...
Thank you, Divine_Madcat, for the advice and explanation. By hodgepodge I was more referring to the multiple installer methods and packages that newbies like me are relying upon to get everything installed easily. There are a lot of them, from a lot of nice people, from preconfigured SD card images to installation methods with modified boot loaders to interface and performance hacks. Even if Cyanogen itself is well maintained it would be pretty easy for someone to include a little trojan in one of those third-party "distributions".
It's not exactly paranoia, I've just seen this happen so often. Trojan horses are certainly not limited to Windows. Worms and other compromises have affected thousands of Unix and Linux machines in the past. Web sites and PHP and Perl scripts and databases and web frameworks regularly see vulnerabilities discovered and/or exploited. So since this device will be used in part by children with access to my credit card, I wanted to know what we're dealing with.
No, I was not familiar with Cyanogen's review practice (which is one reason I asked), so thanks for that reassurance! I will try to learn more as I go.
I do apologize for the length of the OP though -- I was trying to brainstorm and get everything down in one place that related to possible security concerns. It's not as if I'm worried sick about every little point.
One of the apps I install on all my installs is 'Lookout'. This app scans all my programs I install and update and I have heard very good reviews of it.
I did see that Eric Lundcrest did an article today:
http://web.eweek.com/t?r=2&c=38783&l=64&ctl=11B38843F5D4C728CF30E9F23F9E91BB51617&
You can check them out. I haven't tried them all myself and I noticed that he didn't include the app that I recommended above (and I use it on both my Nook and my HTC EVO)
You Should Also be Aware..
that one of the joys of Android (and of course Unix/Linux) is that everything is "sandboxed" unlike Windoze - there are not many apps that interfere with others - that's why it's so easy to install and uninstall from Android. Compare the uninstalling of even a large Android app with that of uninstalling from Windows.
I would not worry about interfering apps
Thanks, doc. I'm moderately familiar with the Unix security model, but not so much with Android. Is sandboxing really accurate? In Linux processes run with particular user rights, much as in Windows but more flexible -- that is, it's just much more common to have different daemons running as different users. Still, I don't think they're really isolated from one another as they might be with a "chroot jails" kind of function...
I don't think electronics are for you, I suggest books and a cabin in the woods.
No virus really exist yet, a few flaws in the code have been found but they are patched quick.
No real firewall, doesn't work quit that way with android.
Yes, it will say in the permissions of the app in the market.
You sign into the market when you first use it, making sure your devise has a lockscreen PW is how you keep it safe.
/data
no
Some apps phone home, check permissions before you install.
All CM code can be seen in the github, you can compile it yourself if you wish.
Use smart internet credit card practices such as only attaching a low limit card to accounts etc.
If the google email server was hacked maybe but all that stuff is stored encrypted on googles end.
Permissions need to be approved of by you if they change.
Android sandboxes all apps.
Dono, I have CM7 on internal and books etc stored on the SD card.
Nanan00, your actual answers were great, but "I don't think electronics are for you, I suggest books and a cabin in the woods." and the similar dismissive post above are exactly the kind of BS condescension that gives some open source communities a bad name. Stop it. Little by little it devalues the entire community and its projects.
Thanks for the substance of your response.
Truthfully... My parents practice pretty much all of the stuff you have said, they're very careful with credit cards and anything that could be used as personal information.
And yet... Someone got ahold of their credit card numbers and bought something for almost 3k last year...
I have no virus software or even firewall software on this computer, it has not received a virus in over 5 years (I know... it needs an upgrade) and I'm running Windows XP SP2.
If you're prone to viruses then go ahead and install some antivirus software. If you're scared about your kids + your credit card + the nook, then have them make all transactions on the computer.
The reason no one is taking this seriously is because Android is to new for there really to be anything worthwhile on the market. People are just now learning how to develop and code for it. So there aren't a bajillion(give or take one or two) viruses or trojans running around the google market.
On top of that, so long as your legally buying your apps from the google market, you have even less to worry about. As google has shown in the past that they'll go ahead and delete it the second they find it.
As far as permissions go, don't get to hung up on it. Everybody trust Pandora and yet it requires more permissions then some of googles own apps. =\
Thank you, Gin1212. I don't use an AntiVirus on my own Windows machines either -- it's more trouble than it's worth when you know what you're doing. (On Android I don't know what I'm doing, yet.)
And yeah, I already made sure to use a disposable credit card number ("ShopSafe") with a limit when setting up the Nook for the young'un. Google Market, thankfully, doesn't require a credit card unless you buy something, so I'll be checking out the free apps for a while (so that's part of why I asked about adware/spyware).
I was approaching the thing as I would any new (to me) full fledged operating system and computer, fully aware it's not the "safe" and dictatorially controlled little world of iOS or, to some extent, BlackBerry OS.
So thanks for the real world advice!
xdabr said:
Nanan00, your actual answers were great, but "I don't think electronics are for you, I suggest books and a cabin in the woods." and the similar dismissive post above are exactly the kind of BS condescension that gives some open source communities a bad name. Stop it. Little by little it devalues the entire community and its projects.
Thanks for the substance of your response.
Click to expand...
Click to collapse
Suffice it to say that Android's and Microsoft's, and even Linux's app model is vastly different. Google does not just act as a repository, as in Linux. From my understanding, Google is rather guarded about it's app market and if anything heretofor is found, the app is yanked from the market immediately.
I agree that website security is more an issue that needs to be looked at, but the lion's share of websites that have virii and adware are aimed at infecting windows machines, but your concerns are noted.
As to the intent of the Devs here, I think you need to understand that these roms, mods and apps are their children, and their passion of the moment. No one goes through all the crap they do just to foment adware. This is their meat and drink and trust me, if there were a dev whose morality came into question, they would police themselves and it would be all here for us to read. There are no secrets here. These aren't script kiddies looking to wreak havoc.
I agree that security is a good thing, but the twin natures of Android are openness and isolation. Each app, at least from my understanding is an island unto itself with rare exception. So I think that while your concerns in themselves are noble, they are unwarranted, and at some points even seem absurd. No offense intended here.
We aren't just drinking the kool-aid here, everyone knows the risks of adopting an unknown and untested ROM, everyone takes the responsibility to themselves when they violate their warranty in search of a better tablet experience. The average person who roots their nook is not your average idiot windows user. We are here because we want more and better than our legacy alientation by microsoft and those who can't think outside of their security model.
Well, there is my Android manifesto. Sorry for rambling.
migrax
No, I appreciate the manifesto -- thanks. Again, I tried to brainstorm and throw the kitchen sink into the original post so as to get everything down in one place. I was hoping it could serve as a general security discussion thread. Not everything there is a huge concern of mine, and sorry if it made things seem absurd.
I appreciate your points about the intentions of the developers and the operation of Google's market (although of course a big selling point is we are NOT limited to that market... conversely, I suppose anything I chose off-market would be something I had by definition come to trust independently).
xdabr said:
Nanan00... "I don't think electronics are for you, I suggest books and a cabin in the woods." and the similar dismissive post above are exactly the kind of BS condescension that gives some open source communities a bad name. Stop it. Little by little it devalues the entire community and its projects.
.
Click to expand...
Click to collapse
I think your overreacting a wee bit too much. I can't speak for Nanan00 but the first sentence of his post feels like a joke. He took the time to write out the answers of OP's question...
Also since you were referring to my post at the top..... I was just being candid with OP.
I read his post, I could see that he was a bit paranoid (IMO) and told him my honest opinion. Which is: Hacking your nook, or any device for that matter, may not be for you. The reasons being that when you hack your device, you inevitably increase its chances of being exposed (even if the increase is small, its there.) I don't feel that I am being arrogant, and I didn't catch that drift from Nanan00. But I wanted to address this since you obviously feel strong that this type of behavior is "devaluing the entire community and its projects."
Anyways to the OP:
Sorry if my post came off rude. I should of taken the time to give you my explanation.
colbur87 said:
I think your overreacting a wee bit too much. I can't speak for Nanan00 but the first sentence of his post feels like a joke. He took the time to write out the answers of OP's question...
Also since you were referring to my post at the top..... I was just being candid with OP.
I read his post, I could see that he was a bit paranoid (IMO) and told him my honest opinion. Which is: Hacking your nook, or any device for that matter, may not be for you. The reasons being that when you hack your device, you inevitably increase its chances of being exposed (even if the increase is small, its there.) I don't feel that I am being arrogant, and I didn't catch that drift from Nanan00. But I wanted to address this since you obviously feel strong that this type of behavior is "devaluing the entire community and its projects."
Anyways to the OP:
Sorry if my post came off rude. I should of taken the time to give you my explanation.
Click to expand...
Click to collapse
Um, colbur87, "OP" and I are the same person.
Asking questions is one way we learn. As an Android newbie many of my questions would apply to any Android device, hacked/rooted or not. If they're not appropriate for this forum, or if no one here thinks they're valid or worth a response, that would be okay. But to say in effect "your concerns are stupid and you don't belong here" is not only insulting, but factually wrong. Just because some people are content to not consider security implications doesn't mean they're not real.
Blithe unquestioning acceptance and faith is more of an Apple iFanboy trait, I would have thought.
And much as with Linux as a whole, positioning "hacked" Android as something not amenable to ordinary consumers is counterproductive.
(By the way, I'm not an ordinary consumer.)
Anyway, I do appreciate the answers people have given.
Wasn't lookig at the names so my bad on the mix up.
Anyways if you still think im being rude even after my previous post then so be it.
im out
Sent from my Desire HD using XDA Premium App
Divine_Madcat said:
The application cannot hide what permissions it needs, so if you have something asking for way more than you think it should need, take that as your first red flag.
Click to expand...
Click to collapse
Actually, that isn't true. There are holes in Android Market, so if app makers really wanted to, they can hide certain permissions even if your app calls out that permission through androidmanifest, which is how the permission is given in the first place. It was shown that even big name developers had exploited this one time or another. Of course this has nothing to do with CM7. Even stock Android phones are vulnerable to this. However, in general, if you download a popular app, you should be able to trust the permissions listed. Unless your the first person to download an app, you'll usually hear back from initial users if there's something funky going on.
Google sure doesn't seem to be sticking true to their own philosiphy. It says we can hold them to it. The way they are treating this device launch goes back on their own statements.
As seen here: http://www.google.com/intl/en/about/company/philosophy/
Ten things we know to be true
We first wrote these “10 things” when Google was just a few years old. From time to time we revisit this list to see if it still holds true. We hope it does—and you can hold us to that.
Focus on the user and all else will follow.
Since the beginning, we’ve focused on providing the best user experience possible. Whether we’re designing a new Internet browser or a new tweak to the look of the homepage, we take great care to ensure that they will ultimately serve you, rather than our own internal goal or bottom line. Our homepage interface is clear and simple, and pages load instantly. Placement in search results is never sold to anyone, and advertising is not only clearly marked as such, it offers relevant content and is not distracting. And when we build new tools and applications, we believe they should work so well you don’t have to consider how they might have been designed differently.
It’s best to do one thing really, really well.
We do search. With one of the world’s largest research groups focused exclusively on solving search problems, we know what we do well, and how we could do it better. Through continued iteration on difficult problems, we’ve been able to solve complex issues and provide continuous improvements to a service that already makes finding information a fast and seamless experience for millions of people. Our dedication to improving search helps us apply what we’ve learned to new products, like Gmail and Google Maps. Our hope is to bring the power of search to previously unexplored areas, and to help people access and use even more of the ever-expanding information in their lives.
Fast is better than slow.
We know your time is valuable, so when you’re seeking an answer on the web you want it right away–and we aim to please. We may be the only people in the world who can say our goal is to have people leave our website as quickly as possible. By shaving excess bits and bytes from our pages and increasing the efficiency of our serving environment, we’ve broken our own speed records many times over, so that the average response time on a search result is a fraction of a second. We keep speed in mind with each new product we release, whether it’s a mobile application or Google Chrome, a browser designed to be fast enough for the modern web. And we continue to work on making it all go even faster.
Democracy on the web works.
Google search works because it relies on the millions of individuals posting links on websites to help determine which other sites offer content of value. We assess the importance of every web page using more than 200 signals and a variety of techniques, including our patented PageRank™ algorithm, which analyzes which sites have been “voted” to be the best sources of information by other pages across the web. As the web gets bigger, this approach actually improves, as each new site is another point of information and another vote to be counted. In the same vein, we are active in open source software development, where innovation takes place through the collective effort of many programmers.
You don’t need to be at your desk to need an answer.
The world is increasingly mobile: people want access to information wherever they are, whenever they need it. We’re pioneering new technologies and offering new solutions for mobile services that help people all over the globe to do any number of tasks on their phone, from checking email and calendar events to watching videos, not to mention the several different ways to access Google search on a phone. In addition, we’re hoping to fuel greater innovation for mobile users everywhere with Android, a free, open source mobile platform. Android brings the openness that shaped the Internet to the mobile world. Not only does Android benefit consumers, who have more choice and innovative new mobile experiences, but it opens up revenue opportunities for carriers, manufacturers and developers.
You can make money without doing evil.
Google is a business. The revenue we generate is derived from offering search technology to companies and from the sale of advertising displayed on our site and on other sites across the web. Hundreds of thousands of advertisers worldwide use AdWords to promote their products; hundreds of thousands of publishers take advantage of our AdSense program to deliver ads relevant to their site content. To ensure that we’re ultimately serving all our users (whether they are advertisers or not), we have a set of guiding principles for our advertising programs and practices:
We don’t allow ads to be displayed on our results pages unless they are relevant where they are shown. And we firmly believe that ads can provide useful information if, and only if, they are relevant to what you wish to find–so it’s possible that certain searches won’t lead to any ads at all.
We believe that advertising can be effective without being flashy. We don’t accept pop–up advertising, which interferes with your ability to see the content you’ve requested. We’ve found that text ads that are relevant to the person reading them draw much higher clickthrough rates than ads appearing randomly. Any advertiser, whether small or large, can take advantage of this highly targeted medium.
Advertising on Google is always clearly identified as a “Sponsored Link,” so it does not compromise the integrity of our search results. We never manipulate rankings to put our partners higher in our search results and no one can buy better PageRank. Our users trust our objectivity and no short-term gain could ever justify breaching that trust.
There’s always more information out there.
Once we’d indexed more of the HTML pages on the Internet than any other search service, our engineers turned their attention to information that was not as readily accessible. Sometimes it was just a matter of integrating new databases into search, such as adding a phone number and address lookup and a business directory. Other efforts required a bit more creativity, like adding the ability to search news archives, patents, academic journals, billions of images and millions of books. And our researchers continue looking into ways to bring all the world’s information to people seeking answers.
The need for information crosses all borders.
Our company was founded in California, but our mission is to facilitate access to information for the entire world, and in every language. To that end, we have offices in more than 60 countries, maintain more than 180 Internet domains, and serve more than half of our results to people living outside the United States. We offer Google’s search interface in more than 130 languages, offer people the ability to restrict results to content written in their own language, and aim to provide the rest of our applications and products in as many languages and accessible formats as possible. Using our translation tools, people can discover content written on the other side of the world in languages they don’t speak. With these tools and the help of volunteer translators, we have been able to greatly improve both the variety and quality of services we can offer in even the most far–flung corners of the globe.
You can be serious without a suit.
Our founders built Google around the idea that work should be challenging, and the challenge should be fun. We believe that great, creative things are more likely to happen with the right company culture–and that doesn’t just mean lava lamps and rubber balls. There is an emphasis on team achievements and pride in individual accomplishments that contribute to our overall success. We put great stock in our employees–energetic, passionate people from diverse backgrounds with creative approaches to work, play and life. Our atmosphere may be casual, but as new ideas emerge in a café line, at a team meeting or at the gym, they are traded, tested and put into practice with dizzying speed–and they may be the launch pad for a new project destined for worldwide use.
Great just isn’t good enough.
We see being great at something as a starting point, not an endpoint. We set ourselves goals we know we can’t reach yet, because we know that by stretching to meet them we can get further than we expected. Through innovation and iteration, we aim to take things that work well and improve upon them in unexpected ways. For example, when one of our engineers saw that search worked well for properly spelled words, he wondered about how it handled typos. That led him to create an intuitive and more helpful spell checker.
Even if you don’t know exactly what you’re looking for, finding an answer on the web is our problem, not yours. We try to anticipate needs not yet articulated by our global audience, and meet them with products and services that set new standards. When we launched Gmail, it had more storage space than any email service available. In retrospect offering that seems obvious–but that’s because now we have new standards for email storage. Those are the kinds of changes we seek to make, and we’re always looking for new places where we can make a difference. Ultimately, our constant dissatisfaction with the way things are becomes the driving force behind everything we do.
What exactly are they "going back on"?
"The way they are treating this device launch"
What? They took preorders and said 3-4 weeks. That timeframe still isn't up, and they are currently sending out stock to brick and mortar retailers so they can have a unified launch. What exactly is the problem?
*philosophy
Trollololol
Sent from my SGH-I777 using xda premium
Really?! For a TABLET?! It's not that serious.
Sent from my EVO using Tapatalk 2
Damn dude. Get a grip.
Sent from my Galaxy Nexus using Tapatalk 2
jamerican413 said:
Really?! For a TABLET?! It's not that serious.
Sent from my EVO using Tapatalk 2
Click to expand...
Click to collapse
It is serious. It's life or death :laugh:
Seriously though, I was just trolling to stir the masses. Take this sh*t with a grain of salt.
Idiots. It will be shipped mid July. Quit crying. They are planning to do (and will likely achieve) EXACTLY what they said.
You could get yourself an iPad...
timmytim said:
It is serious. It's life or death :laugh:
Seriously though, I was just trolling to stir the masses. Take this sh*t with a grain of salt.
Click to expand...
Click to collapse
You have to much time on your hands
Sent from my HTC Sensation 4G using xda premium
P1 Wookie said:
Trollololol
Sent from my SGH-I777 using xda premium
Click to expand...
Click to collapse
Trollololol Guy
chROMed said:
You could get yourself an iPad...
Click to expand...
Click to collapse
I would never own that peice of over priced trash but thanks for the advice :good:
Got to get in before the ban hammer.
Sent from my Galaxy Nexus using Tapatalk 2
Forgive me if this thread is out of place. I mean everything I say with the greatest respect for omnirom's devs and users.
I found out about omnirom recently. I was struck by its motto: "Omni isn’t better, just different." There has to be a better reason to go to the trouble of building a rom that's only going to be slightly different from AOSP or Cyanogenmod.
I want to make a suggestion. As a new android rom, why not fill a need in the community instead of saying, we've got nothing better to offer you, only something different. Novelty wears off and people want more than just "different" from their operating systems.
Can I suggest a huge glaring need in the Android rom space that no major mod is filling? Security and Privacy.
The NSA and other intelligence agencies and corporations are launching attacks on people. Even Google is doing that. Months after I got my new android device, I was shocked when I found that Android was uploading all my contacts and other data to google's servers without asking me.
Read this article (Ars Technica: Google’s iron grip on Android: Controlling open source by any means necessary) to see how Google is making a walled garden with Android.
With 4.4, Google seems to be going even further. They won't stop. Google is using android as a trojan horse to collect information from people and sell it. Facebook is also doing it. The NSA is doing it.
Is there anybody out there who respects people and their privacy any more? I can't think of any major rom that does it.
Omnirom has xplodwild, Dees_Troy and Chainfire and many other talented developers, but why is the only thing they offer us a slightly different rom?!
We techsavvy people want more from our roms than that. Our pressing need in this day and age is not split screen apps. We're being constantly spied on by everybody and being monetised by everyone. What about end-to-end email security via Mailpile and the Dark Mail alliance? What about the Freedombox project?
Omnirom's description says, "Omni is what custom ROMs used to be about – innovation, new features, transparency, community, and freedom." Every android rom innovates new features and they're all open source because Android is open source. Most of them have a community focus. How is Omnirom any different?
Every project needs a reason to exist. I can't see omnirom's reason for existence.
There is a lack of respect for people by governments and corporations. They seek to use us or buy and sell us. Omnirom has the chance to fill a need in FOSS android world: A rom that respects and protects the data and the individual from legalized spying.
Let me respectfully ask this question. Wouldn't it be more reasonable to put all your talents to something useful and filling a need in the android world instead of being another flavour of stock Android?
Hoodahottie said:
Forgive me if this thread is out of place. I mean everything I say with the greatest respect for omnirom's devs and users.
I found out about omnirom recently. I was struck by its motto: "Omni isn’t better, just different." There has to be a better reason to go to the trouble of building a rom that's only going to be slightly different from AOSP or Cyanogenmod.
I want to make a suggestion. As a new android rom, why not fill a need in the community instead of saying, we've got nothing better to offer you, only something different. Novelty wears off and people want more than just "different" from their operating systems.
Can I suggest a huge glaring need in the Android rom space that no major mod is filling? Security and Privacy.
The NSA and other intelligence agencies and corporations are launching attacks on people. Even Google is doing that. Months after I got my new android device, I was shocked when I found that Android was uploading all my contacts and other data to google's servers without asking me.
Read this article (Ars Technica: Google’s iron grip on Android: Controlling open source by any means necessary) to see how Google is making a walled garden with Android.
With 4.4, Google seems to be going even further. They won't stop. Google is using android as a trojan horse to collect information from people and sell it. Facebook is also doing it. The NSA is doing it.
Is there anybody out there who respects people and their privacy any more? I can't think of any major rom that does it.
Omnirom has xplodwild, Dees_Troy and Chainfire and many other talented developers, but why is the only thing they offer us a slightly different rom?!
We techsavvy people want more from our roms than that. Our pressing need in this day and age is not split screen apps. We're being constantly spied on by everybody and being monetised by everyone. What about end-to-end email security via Mailpile and the Dark Mail alliance? What about the Freedombox project?
Omnirom's description says, "Omni is what custom ROMs used to be about – innovation, new features, transparency, community, and freedom." Every android rom innovates new features and they're all open source because Android is open source. Most of them have a community focus. How is Omnirom any different?
Every project needs a reason to exist. I can't see omnirom's reason for existence.
There is a lack of respect for people by governments and corporations. They seek to use us or buy and sell us. Omnirom has the chance to fill a need in FOSS android world: A rom that respects and protects the data and the individual from legalized spying.
Let me respectfully ask this question. Wouldn't it be more reasonable to put all your talents to something useful and filling a need in the android world instead of being another flavour of stock Android?
Click to expand...
Click to collapse
Something that perhaps doesn't come across when reading about Omni is about our thoughts on security and privacy. I'm one of the loudest complainers about the actions of a few companies (Google being the main one), who are using Android as a platform to spy on people.
Make no mistake, Omni will seek to address that. One issue the community faces though is that it is currently at the ebb and whim of Google. If Google decide to do X, pretty much every custom ROM has no real choice other than to follow. The aim of Omni is to offer an alternative "upstream" to look towards, when you find out that Google has started to call home every inbound phone number that it doesn't "recognise", in order to find out if it's a company from Google Maps/Local... And presumably log that forever more with your account...
This is a timely question with a very reassuring response. There is F-Droid instead of PlayStore (but it tends to be a few months behind) and OsmAnd instead of Maps (which is better in some ways). I would like to see more in this direction too.
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
pulser_g2 said:
Something that perhaps doesn't come across when reading about Omni is about our thoughts on security and privacy. I'm one of the loudest complainers about the actions of a few companies (Google being the main one), who are using Android as a platform to spy on people.
Make no mistake, Omni will seek to address that. One issue the community faces though is that it is currently at the ebb and whim of Google. If Google decide to do X, pretty much every custom ROM has no real choice other than to follow. The aim of Omni is to offer an alternative "upstream" to look towards, when you find out that Google has started to call home every inbound phone number that it doesn't "recognise", in order to find out if it's a company from Google Maps/Local... And presumably log that forever more with your account...
Click to expand...
Click to collapse
Are you thinking of implementing off the shelf carddav / caldav syncing? Instead of syncing with Google for calendar and contacts, you can sync with any other source (like ownCloud).
Something that Davdroid does.
I am using this setup on my own private Linux server the last few days and seems to work well.
Sent from my TF300T using Tapatalk 4
jonathanxx1 said:
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
Unfortunately, this is the biggest problem that the security industry (ie. people like me) face, in trying to explain the issues here.
Here's a small example, to show you the problems, not specifically with the NSA, but with anything "cloud". Let's imagine a malicious attacker is going after you...
Let's look at your gmail account. It's likely that you signed up for it with your old Hotmail account (the previously most common type of email service). Most people did. It's also likely that you protect your Gmail account fairly well, but have likely not changed your Hotmail password in a while. That's likely the best way in for an attacker.
Now, before you say "OK, but what's the risk", let's take a look at what information is accessible to someone getting into your Google account.
Firstly, they know the details of all your android devices (IMEI etc) - they know what tablets you have, what phones you have, and their serial numbers and identifiers. They can also carry out a remote wipe on any of your devices via Mobile Device Manager. Let's come back to this later though
From Google Mail, they have a fair idea of what you're up to, based on your communications to other people. They can access your location history, and data-mine that, to figure out where you are. They can also look at your communications with other people via Hangouts and G+, and attempt to work out where you are (or simply use the GPS location). They can access the location sharing features of google's services, and see where you and your family are. They can see you're not at home (getting your address from an email), and go to your house, aware your kids are home alone, and rob the place, abducting them.
When you return home, you meet a scene of devastation. You take out your phone and call the cops. You call 911/999/112/whatever, but the call was intercepted and passed to the attackers, via software that was installed onto your phone remotely (via the play store's remote push system).
At this point, the attacker takes your phone, and puts you in the back of the van. He uses Google Device Manager, and removes the lockscreen password from your phone (via the forgot lockscreen code feature). This also resets your device encryption password to a known one. At this point, all the devices are turned off, and their SIMs removed, and you are driven to a remote location.
The attackers then call your partner (having got their number from your Google contacts), and demand $1 million, while telling your partner that you know they are currently in <name of place from their google shared location feature>. The same remote access toolkit is installed onto their phone (given they had used your email as a recovery email for their Google account), and this permits monitoring of their phone to check if they call 911 etc.
OK, that all sounds far-fetched, but that is all entirely possible. The sheer amount of data being held about you, by google and other cloud providers, is insane. I didn't even go into the possibility of financial theft here. Cellphones are a very important thing to people, and they often take them for granted. Would you consider that when you called 911 in a moment of need, that someone had remote-installed a piece of malicious software, which exploits an android security hole, to replace the dialer app, and route the call to a rogue attacker, pretending to be the emergency services?
The amount of control that "other people" have over a phone running "Google Apps" is immense. Don't just think about the "NSA" aspects of this - consider how devastating it would be if someone had access to your Google account. And now remember that anyone on the technical team of Google could (in theory) issue an access token to your account to a well-paying attacker...
Oh, and one of the best ways an attacker can get into your Google account is simply to steal a phone or tablet, and extract the Google authentication token. Sure, they might not be able to change your password, but they are now "into" the chain, and will be able to start the attack.
If this don't bother you, I don't know what will...
scanno said:
Are you thinking of implementing off the shelf carddav / caldav syncing? Instead of syncing with Google for calendar and contacts, you can sync with any other source (like ownCloud).
Something that Davdroid does.
I am using this setup on my own private Linux server the last few days and seems to work well.
Sent from my TF300T using Tapatalk 4
Click to expand...
Click to collapse
I currently use {Card,Cal}dav syncing via my OwnCloud server. Thanks for the link to DavDroid, I'd not seen it before!
jonathanxx1 said:
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
So please devs, give us the option to be more independent from the big companies.
Gesendet von meinem Find 5 mit Tapatalk
I
pulser_g2 said:
I currently use {Card,Cal}dav syncing via my OwnCloud server. Thanks for the link to DavDroid, I'd not seen it before!
Click to expand...
Click to collapse
DavDroid is a pretty nice solution and you can set it up for multiple accounts.
I am still looking for a good note taking app (using Evernote now) to sync with my OwnCloud server.
Do you have any suggestions for a sort of Evernote replacement that can sync with OwnCloud?
Sent from my Xperia T using Tapatalk
---------- Post added at 03:57 PM ---------- Previous post was at 03:53 PM ----------
boernie said:
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
So please devs, give us the option to be more independent from the big companies.
Gesendet von meinem Find 5 mit Tapatalk
Click to expand...
Click to collapse
For your calendar and contacts there are solutions already. Main problem is where so you store your data. You will need your own server or trusted third party.
Sent from my Xperia T using Tapatalk
I'm trying to set up my own infrastructure
But I was surprised that there was not out-of-the-box solution to use CardDav and CalDav.
Maybe you could include the apps mentioned above as they are/will become open source.
Gesendet von meinem Find 5 mit Tapatalk
scanno said:
I
DavDroid is a pretty nice solution and you can set it up for multiple accounts.
I am still looking for a good note taking app (using Evernote now) to sync with my OwnCloud server.
Do you have any suggestions for a sort of Evernote replacement that can sync with OwnCloud?
Sent from my Xperia T using Tapatalk
---------- Post added at 03:57 PM ---------- Previous post was at 03:53 PM ----------
For your calendar and contacts there are solutions already. Main problem is where so you store your data. You will need your own server or trusted third party.
Sent from my Xperia T using Tapatalk
Click to expand...
Click to collapse
I've found a nice notepad app, but none yet that use OwnCloud sync.
I was thinking about looking into https://github.com/spacecowboy/NotePad and trying to get it working with the API. It would be fairly easy to remove the "closed" bits like Dropbox sync etc, and use the OwnCloud backend. It would also be nice to add proper encryption of notes later on.
Anyone else interested? (I hate android app coding, I can't even get the dependencies to resolve for it to build... Thus contributing to my dislike for ANYTHING java based)
pulser_g2 said:
Something that perhaps doesn't come across when reading about Omni is about our thoughts on security and privacy. I'm one of the loudest complainers about the actions of a few companies (Google being the main one), who are using Android as a platform to spy on people.
Make no mistake, Omni will seek to address that. One issue the community faces though is that it is currently at the ebb and whim of Google. If Google decide to do X, pretty much every custom ROM has no real choice other than to follow. The aim of Omni is to offer an alternative "upstream" to look towards, when you find out that Google has started to call home every inbound phone number that it doesn't "recognise", in order to find out if it's a company from Google Maps/Local... And presumably log that forever more with your account...
Click to expand...
Click to collapse
I'm thrilled to hear this! Do other omnirom devs share your opinion?
I know it's early, but does the omnirom team have specific security/privacy ideas they want to implement?
In the long run, I don't see the Android ecosystem remaining in one piece. It's going to fragment. Amazon has already done it. Samsung may make this move. And people who want privacy and secure communications need a rom (and perhaps it's own app ecosystem) to which they can turn.
Please think about changing your why omnirom page. Right now, its pitch is very weak. Add a section about privacy and security and people will flock to this rom.
boernie said:
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
So please devs, give us the option to be more independent from the big companies.
Gesendet von meinem Find 5 mit Tapatalk
Click to expand...
Click to collapse
I'm absolutely shocked every time I hear people say this. So many people just dismiss the NSA spying because they're not terrorists. They don't have the imagination it takes to understand that today's citizen is tomorrow's terrorist. Every country that spied on it's citizens has oppressed them.
I'm not a spy or terrorist, but I don't want my every thought and action logged away to be used against me later.
boernie said:
I'm trying to set up my own infrastructure
But I was surprised that there was not out-of-the-box solution to use CardDav and CalDav.
Maybe you could include the apps mentioned above as they are/will become open source.
Gesendet von meinem Find 5 mit Tapatalk
Click to expand...
Click to collapse
I can't post links, but if you want your own secure cloud, look at the Freedombox project. It's Debian based and it has some radical ideas. Eben Moglen and Bdale garbee have worked on it since 2010. Eben Moglen's talk about countries spying on citizens came long before the NSA story came to light.
The website is kind of dead, but in August Bdale gave a talk where he said Freedombox 1.0 should come before 2014. It's on youtube.
boernie said:
It's shocking that so many people don't (want to?) see the actual problem. The whole spying system is not just about tracking down terrorists.
Google, Facebook, etc and even governmental institutions collect our data to predict and influence our future actions.
Click to expand...
Click to collapse
There is a pretty simple solution to this!
Don't behave like expected.
Sent from my Find 5 using Tapatalk
Hoodahottie said:
Even Google is doing that. Months after I got my new android device, I was shocked when I found that Android was uploading all my contacts and other data to google's servers without asking me.
We techsavvy people want more
Click to expand...
Click to collapse
With all due respect to the OP, the above is the major problem. While many of us are "tech savvy" to one degree or another, I think we forget how to read sometimes.
When you're given that stack of papers to sign for your mortgage, car loan, credit card or bank account, how many blindly sign where we are told to be the agent of that company? Do you read what you are signing? If you answer yes, why is setting up your phone any different? We are told that such and such information is going to be collected when we sign up for our Google accounts. We are told that additional information is going to be collected when we set up our phone. Every time we start up GPS services, we are told Google is going to use this data they collect.
This causes me to wonder why it takes people by surprise when they learn that Google isn't a computer hardware and software company, but a marketing company. And even more wonder happens when they mention it's without their knowledge. Reading terms of service is important. They spell out exactly what they are going to do and give you the option not to participate. When I worked for IBM in the 80's, I had to sign away any rights to technology I developed while working there (with the exception of anything I started before employment and listed on their agreement). If I didn't want to do that I was my choice to not work there. The same thing happened with Tricord, Wang, Computer Associates, MAI, Excactium, Pivotal, etc
The other response about the NSA is troubling as well. We elect our representatives in this country every two four or six years. How many of those people that you voted into office voted yes to the Patriot Act? You want some scary reading, research the rights we gave up allowing that to happen.
We are innocent until proven guilty. The NSA "spying" doesn't just ensnare terrorist, but easily the whole population of the USA. Their model of two, three and more levels of contact captures everyone. The real question isn't I'm not a terrorist so why does it matter, it is I'm not a terrorist so why are you doing it?
We setup up these phones with the knowledge we would be tracked. We walk down the street and see security cameras watching. Then we complain about it? We allowed it to happen to have a whiz bang new phone or to feel safer.
" Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." Benjamin Franklin
I work in retail. Every year I hear people complain that we set Christmas stuff too early. Those same people are buying their lights, cards and trees in the same visit. If they didn't buy early, we wouldn't set early. If we truly cared about not being used as marketing data, we wouldn't be using these phones. We wouldn't use Google.com to search. We wouldn't re-elect many of those in office at the local state and federal levels.
Sorry for the rant, I'll step of the soapbox and allow this discussion to get back on track.
Sent from my Nexus 4 using Tapatalk
With no disrespect, I wonder if people who ask me to take full responsibility understand life and power.
I understand that I have to take some responsibility for signing on for services and programs, but I blame the government and corporations more because they are many times richer and more powerful than me.
And they take advantage of that.
How many Terms of service agreements have I had to sign to use internet services? If I really read all of their ToS, I wouldn't have time for anything else. I'll bet that the ceos of these companies haven't read the ToS of their own products. They don't have to because they have the money to hire 50 of the best lawyers and ask them to craft a bullet-proof ToS.
They probably spent tens of thousands of dollars on the ToS. And I stand against all of that money and power, with limited time and resources and no law degree. Am I the one to be blamed? They know I'm tired from work, that I don't have a legal background and my attention span is limited and I need this product, and there is no other choice unless I'm willing to suffer a lot.
Often these multinational corporations control the whole market and I don't really have any choice. Look at the phone OS market now. I can choose between Android, iOS or Windows Phone. My choices are an open source OS built to facilitate spying, an overpriced, closed source, simplistic OS built by a company that co-operates with the NSA or a closed source, proprietary phone from an industry giant accused of anti-competitive behaviour and also collaborating with the NSA.
There's no real choice. Not just in the phone industry, but in most places in life. Powerful people don't become powerful by giving everyone else choices and freedom. They take freedom away. You ask me to take responsibility as if I had another, better choice. Apple, Google and Microsoft ToS will be mostly similar and it'll always protect their interests. There are no other real choices. It's always been that way, and why I blame the government, corporations and powerful people more than myself.
To really win, I'd have to devote my life to fighting all these powerful forces and even if I win, I'll have to spend the rest of my life defending against other crooks who'd try to do the same thing. I wouldn't have any time left for a life.
"You ask me to take responsibility as if I had another, better choice."
Who else is responsible for your actions?
"Apple, Google and Microsoft ToS will be mostly similar and it'll always protect their interests. There are no other real choices."
Yes, these companies are in business to make money. That is no different than you having a job to make money.
But do not tell me you or Bill or Steve or Larry do not have à choice. Ever heard of CP/M? An Altair? AltaVista? If you haven't, here is some history.
CP/M was a dominant operating system before DOS. Bill Gates made a choice to create Altair Basic for the Altair microcomputer being sold mail-order. That was the start of Micro-Soft (now Microsoft). He made another choice to create MS-DOS to compete against CP/M for the IBM PC and clones. He made another choice to start work on Windows to compete against Apple's graphical interfaces and IBM's TopView.
Before Steve Jobs made the choice to sell Woz's garage built microcomputer (later named the Apple) there was the Altair mentioned above. They made a choice to build an alternative.
Larry Page and Sergey Brin made the choice to start Google, thinking they could do search better than AltaVista, Yahoo, Excite, HotBot, MetaCrawler, etc.
Powerful people become powerful many times by giving others alternatives. The above mentioned powerful people are examples.
We can make the choice to use prepaid basic phones and not worry about anyone watching us because you don't use personal information to activate.
"To really win, I'd have to devote my life to fighting all these powerful forces"
You should. Doing so makes you powerful. Recently two women changed how one of the world's largest food brands makes their products. One of them eventually dropped out of the spot light and it became the crusade of ONE woman. Kraft Foods is changing how they make some of their Mac and Cheese products due to the efforts of one individual. No more Yellow #5 in their Mac and Cheese products specifically marketed at children. That was a choice she made. A fight that became part of her life.
We all have choices. We are all responsible for our own actions. We can't blame government as a whole because they are largely elected by us. We work to make money to live the life we choose. Corporations (started by individuals) do the same thing.
Sorry again for diverting off topic, but I have a difficult time with responsibility shifting to account for mistakes. We all make them (this reply is probably one of mine). A wise person once said, the man who makes no mistake, usually doesn't make anything worthwhile.
This particular set of threads, all the Omni threads, are what make communities like this work. We can voice opinions, state facts, help with commands to build a repository, compile a kernel, even agree to disagree.
This is how XDA started, while maybe some sections have stayed from the roots, Omni has brought it back full circle.
Sent from my Nexus 4 using Tapatalk
jonathanxx1 said:
IMO unless your a spy or a criminal I don't see why someone would care about all that NSA stuff.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
You may want to skim through this: http://online.wsj.com/news/articles/SB10001424052748704471504574438900830760842
Some laws (in many? all? countries) are so loosely worded that you're probably breaking some of them right now. Now remember that the government/google/facebook/whoever is watching everything you do. If you ever become "a problem" you're not going to be too difficult to "deal with". Just a potential look at one of the many problems with complete surveillance.
You guys talk about this as if Google, Facebook and all these companies willingly gave up this information.
But the reality is this: the government (NSA) asks for the data. If the companies deny them this, the NSA then goes to obtain a generalized warrant from the FISA courts, secret courts with a 99.7% warrant approval rate, and then obtain the data regardless of what these companies want.
And for those of you who STILL think it's the companies, read this: http://www.washingtonpost.com/world...1d661e-4166-11e3-8b74-d89d714ca4dd_story.html
---------- Post added at 10:38 AM ---------- Previous post was at 10:31 AM ----------
And yes, these companies DO own your data. As soon as you click "I accept these terms" on the registration page, they are now the owners of everything that goes through their online services.
But, here's the catch. Companies are individuals too, as established in Citizens United v. FCC, and are protected under the same rights as any other individual. And it logically follows that because of this, it is a breach on each company's 4th amendment rights for the NSA to obtain generalized warrants, that list NO goal for the investigation, and use these in order to force each company to fork over account details among other things.
frustration pure
one of the most common arguments of those who don't care or don't want to face the
risks of others knowing anything or almost everything of us is:
i have nothing to hide so what !
now to make a point i would like to come up with a very simple and for many
perhaps a bit strange example but i think most will understand what i mean.
ALBEIT I'M ALLOWED TO MAKE LOVE TO MY WIFE AND IT'S TOTALLY LEGAL
AND RIGHT, I DO NOT WANT ANYONE TO LISTEN OR WATCH :laugh:
UNDERSTOOD ?
regards
+1
I've been lurking and decided to give my opinion. First though, let me give a little background. Two years ago I bought my first Nexus and I rooted it right away. I left the bootloader unlocked, the CWM recovery installed, and USB debugging left on. Any app that could log me in automatically I allowed...Ebay, Amazon, Gmail, etc. I thought I was doing a good job protecting my privacy by using a strong password lock and installing Lookout.
I had no idea how easy it was to gain access to all of my data. My ignorance would not have protected me. Now to today. I have a rooted phone, but the bootloader is locked with the stock recovery installed. I will install a custom rom when a good one is available, but the stock recovery will be re-flashed and the bootloader locked when I'm done. I still use Lookout. I'm using LastPass to manage unique strong passwords now...no more saving passwords. I'm waiting for ADB Toggle to be fixed for Kitkat and USB Debugging will be turned off when my phone plugs into a computer. I am constantly looking for ways to protect my data.
To have total convenience, you must give up privacy and security. To have total privacy and security, you must give up convenience. I know that google has access to EVERYTHING I do with my phone and am not happy about it. I try to be informed and balance convenience, privacy, and security.
:good: I second the suggestion that OmniROM should attempt to become the ROM for people who want to protect their privacy and security. :good: There is a lot that can be done at the operating system level that cannot be performed by individual apps. Sure, I love all the features that custom ROMs offer and look forward to see what can be done, but privacy and security are #1 for me.
If you agree, then +1 this post.
Anti-Piracy Service/"Project Guard" [UPDATED W/ LINK TO DISABLE IT VIA XPOSED 8/16]
If you use any of the following apps:
(List Updated 8/14)
-- Freedom
-- Lucky Patcher
-- Black Mart
-- All in one Downloader
-- Get APK Market
-- CreeHack
-- Game Hacker
Either do not flash any of the ROMs in the list below which have a trojan "Anti-Piracy" Service implemented or use one_minus_one's Xposed module (link above) to disable it.
(List Updated 8/14)
-- AICP (Confirmed)
-- Exodus (Confirmed)
-- Broken OS 3.0
-- OrionLP V1.3
The devs of AICP and custom ROMs such as exodus (a new ROM based on Cyanogen from the vanir devs, that is available for klte and kltespr) and others are implementing what is effectively an Anti-Piracy trojan in their ROMs that they call "Project Guard".
Project Guard is a service that runs in the background and literally blocks you from installing the APKs associated with these apps. And it doesn't stop there. Apparently Project Guard was having talk of banning both Aptoide and XPOSED in these ROMs. Thankfully, this was voted down but Aptoide was still on the table as far as I heard last. The fact that even the idea of banning Xposed from AOSP ROMs in order to stop it's users from pirating was even discussed, is frankly surreal to me and out of control. It's shameful. Not sure why the developers felt the need to implement this trivial and easily bypassed "feature" but it goes against everything I thought the AOSP stood for. While it is easy enough to bypass this service using third party apps or a hex editor, I do not wish to support any developers that would stoop to this level of greed. If you want money for your code, I totally understand, but this is AOSP not apple and there is a time and place for everything. Please, don't take out your misplaced aggression at software pirates on the AOSP. Because, although this may be just a little bit of code to you, to me it is the beginning of the end of AOSP. If you compromise your integrity now, it's a short trip from here to bloatware with a monthly subscription fee. In a modern internet climate that is becoming increasingly controlled and corporatized, AOSP is a beacon of hope to me. A reminder that technology belongs to the many and not the few. This decision spits in the face of that hope. People will say i'm being dramatic but this is a huge deal to me and if you care about having the freedom to do what you want with your phone, which i'm pretty sure most of you do, then this should be a big deal to you too. I thought I could trust AOSP developers to do the right thing but apparently they feel that it's their place to decide which apps I can and cannot install. If you care about having the freedom to do why you wish with your phone, I urge you not to flash this ROM, or any ROM that would compromise its integrity by adding code that is meant to control its users. This is the kind of thing that made us choose AOSP in the first place. It doesn't even make logical sense to implement things like this in an open source ROM, as inevitably new versions of the ROM will be released with this ridiculous code removed. I am seriously disappointed as AICP was one of my favorite ROMs. The developers of AICP and the other affected ROMs have the right to do whatever they want(within legal boundaries) with their code as creators of intellectual property but as an AOSP user you have the right to flash a ROM with a little more integrity.
*Update 8/14*
This is directly from the Project Guard Official Github Page:
"NOTE: Please report new piracy markets and malware to me or any of the others involved with this project. Pull requests are also welcome. For ROM developers interested in using this it makes more sense to track this project directly and then bridge into an existing package with correct perms (like settings). This way any changes made here to the blacklisted packages and improvements will reach out to everyone."
This "note", written in huge font right on the Project Guard Github main page, begs the question;
So what exactly is the criteria for a "Piracy Market"?
Any market that contains software that will help or allow you to pirate software? That's my best guess at the projects aim, HOWEVER, they have provided, as far as I can tell, ZERO criteria for what constitutes a "Piracy Market". A "Piracy Market" may include Aptoide but it could also include the Google Playstore. You see the problem here? This is much too arbitrary and relative to be efficient in stopping piracy and much more likely to hurt developers, especially seeing as anyone who knows how to pirate, can also learn to bypass this service with a quick Google search. I did. What is going to happen is, legitimate software, or software that gives a user access to legitimate software, will end up being banned in these ROMs. This is a very dangerous mindset they have here. This could turn into a witch hunt or full blown technological McCarthyism.
Make no mistakes about it, as a user named "Bikas" pointed out on the OPO forums here, this is indeed a trojan.
According to wikipedia a computer trojan is defined as "any malicious computer program which misrepresent itself as useful, routine, or interesting in order to persuade a victim to install it". When someone downloads a custom ROM, especially AOSP, they assume they are gaining more freedom but in this case they are having it taken away. People trust AOSP devs and won't expect this to happen. Nobody expects to be controlled like this by a backround service in an AOSP custom ROM, therefore the entire ROM can be considered a trojan.
Wikipedia also states that if the trojan is "installed or run with elevated privileges a Trojan will generally have unlimited access. What it does with this power depends on the motives of the attacker." This also fits these ROMs. The ROMs DO have unlimited access to your phone and blocking you from installing a whole category of APKs is very malicious. In this case the "motives of the attacker" are to stop or curb piracy.
It is very clear that they,
A. Have unlimited access to your phone
B. Have clear motives
C. Are using this access without your permission to prevent you from installing apps that they have deemed "pirate markets", which is consistent with these motives.
Now ask yourself, are you okay with your ROM including a Trojan entirely based on the ROM developer's personal motives and political ideology, at the cost of your technological freedom to install whatever the hell you want? Software, especially AOSP ROMs, should be free of it's creator's bias and motives.
One more thing. It is of my opinion that the underlying reason for the creation of these "Anti-Piracy" ROMs is just money, or simply put, greed. I understand it can be frusterating when you put your blood, sweat and tears into an app or ROM and not only does nobody donate but they remove your advertisement's with an app like lucky patcher or complain that you aren't releasing nightlys often enough. I really do get that. But at the end of the day this thing is about money as virtually all "Anti-Piracy" groups, laws and efforts are. This is about forcing people to pay. I'm not saying they shouldn't pay, BUT THIS IS THE WRONG WAY TO ENFORCE IT.
-- Tipsy
-- SlimLP
-- SlimSaber
-- MinimalOS
-- CyanogenMod 12.1
-- Euphoria
-- Slimremix
-- Cmremix
-- Resurrection Remix
Don't take my word for it,
READ UP!
The apps you mention these ROM developers are trying to block are all to bypass google licensing.
In effect "getting paid apps for free"...
These ROM developers may also develop apps which could require payment/donation to use..
Why should they take out their anti piracy measures? I haven't looked into these roms personally, but i'd be happy to use them if they have info messages before installation to warn of such measures.
Just my two pennies
I support Anti-piracy where time and effort has been put into apps, and these guys are just asking for small donations to use their apps
EDIT: I disagree with banning the use of xposed within their ROMS, but i agree if they just do not want to support this.
Aptoide I partially disagree due to the fact some coutries do not have access to the Google Playstore, it is down to Aptoide ti implement anti piracy measures within their store app.
Regards
f0xy said:
The apps you mention these ROM developers are trying to block are all to bypass google licensing.
In effect "getting paid apps for free"...
These ROM developers may also develop apps which could require payment/donation to use..
Why should they take out their anti piracy measures? I haven't looked into these roms personally, but i'd be happy to use them if they have info messages before installation to warn of such measures.
Just my two pennies
I support Anti-piracy where time and effort has been put into apps, and these guys are just asking for small donations to use their apps
EDIT: I disagree with banning the use of xposed within their ROMS, but i agree if they just do not want to support this.
Aptoide I partially disagree due to the fact some coutries do not have access to the Google Playstore, it is down to Aptoide ti implement anti piracy measures within their store app.
Regards
Click to expand...
Click to collapse
The biggest problem is they have no designated criteria for what apps are to be banned and what apps aren't. They just ask the general public to go and snitch on apps that they think are "pirate markets".
I also am concerned that if we compromise and allow this to be the norm then we have just set out on a path ruin. If things like this are allowed next time it WILL be closed.
As I stated above, they have the right to do whatever they want with their ROM but I have the right to not flash it and to encourage others not to in order to protect AOSP from becoming something like touchwiz.
jujijoog said:
The biggest problem is they have no designated criteria for what apps are to be banned and what apps aren't. They just ask the general public to go and snitch on apps that they think are "pirate markets".
I also am concerned that if we compromise and allow this to be the norm then we have just set out on a path ruin. If things like this are allowed next time it WILL be closed.
As I stated above, they have the right to do whatever they want with their ROM but I have the right to not flash it and to encourage others not to in order to protect AOSP from becoming something like touchwiz.
Click to expand...
Click to collapse
Without fully reading into this(no time at moment, at work! )
I can agree with your comments. Project Guard should not have the right to disallow users of roms to not run specific apps. I can understand what they are trying to do but they are going around it all the wrong ways.
I am now following the movement Anti - Contentguard
f0xy said:
The apps you mention these ROM developers are trying to block are all to bypass google licensing.
In effect "getting paid apps for free"...
These ROM developers may also develop apps which could require payment/donation to use..
Why should they take out their anti piracy measures? I haven't looked into these roms personally, but i'd be happy to use them if they have info messages before installation to warn of such measures.
Just my two pennies
I support Anti-piracy where time and effort has been put into apps, and these guys are just asking for small donations to use their apps
EDIT: I disagree with banning the use of xposed within their ROMS, but i agree if they just do not want to support this.
Aptoide I partially disagree due to the fact some coutries do not have access to the Google Playstore, it is down to Aptoide ti implement anti piracy measures within their store app.
Regards
Click to expand...
Click to collapse
f0xy said:
Without fully reading into this(no time at moment, at work! )
I can agree with your comments. Project Guard should not have the right to disallow users of roms to not run specific apps. I can understand what they are trying to do but they are going around it all the wrong ways.
I am now following the movement Anti - Contentguard
Click to expand...
Click to collapse
Exactly. I am not speaking out against Anti-Piracy, to do so would be to speak out against a persons right to intellectual property and capitalism as a whole really. I am speaking out against the intrusive method and implementation of Project Guard.
The main thing that concerns me on this matter is the fact that I like to try apps before I buy them. If the app is crap then I just uninstall it and don't worry with it after that. Some apps in the app store, and I have had problems with this, do not allow refunds once purchased. It is frustrating some times to just have nothing but screen shots that look awesome and a video that looks great, but you are the first one that sees the app and you buy it to only find out that it is nothing like described. I do personal ROM development from time to time and I would never allow anything like this in anything I do. It takes away from everything that is Linux. And yes android is Linux/UNIX based, so therefore should not be restricted as such. That is why Google implemented software that checks for pirated apps and won't allow you to use them if it sees certain checks that not even lucky patcher can bypass. My personal opinion on this matter is that there might be other reasons behind this code. If you analyze the code to be implemented, you will notice it connects to a server for verification of new apps added that are considered to be piracy apps and also to confirm the currently installed database. I know that some hackers use this type of ploy to gain access to your personal information because any time that you connect to a server with an app with full access to your device it can essentially get all the information saved on your device regardless of how secure you think it is. So keep that on mind. Take a look at their code on github and see for yourself.
Sent from my klte using Tapatalk
How will this effect folks in countries that crack down on the free flow of information like here in the US? Think it's more about control than it is money...ooopps, my bad, no such thing as money just notes. Imagine being paid in debt instruments for your labor, oh wait we already do and we love it; suckers!!
Prison Planet peace out!
This is epic!
The time you have spent to make this post was more than enough to learn how to compile rom from source and build it without this so called Trojan that helps the app devs.
And if we added a Trojan, you wouldn't even know it
@jujijoog
You are totaly right. How can the devs only dare, trying to protect us against breaking the laws rules.
What those piracy apps does is simply stealing.
You are taking someones right for money.
This is simply an anti-thief prevention.
Now ask yourself. Is it okay to steal things. Is it okay to steal money?
You say, they have clear motives.
So you have.
When your "freedom" is about stealing, i hope you end up in jail.
Sincerely,
mono
http://forum.xda-developers.com/showthread.php?p=62363666
no more and no less
HGT - S5 G900F - ONEPLUS ONE - TESLA TTL7 - Windows 10
---------- Post added at 15:05 ---------- Previous post was at 15:00 ----------
A page for thieves, nice.
HGT - S5 G900F - ONEPLUS ONE - TESLA TTL7 - Windows 10
Again in plain text
Tell me an app which does not have full access to my phone,
1, SuperSU and all Google Apps, then Facebook, Whatsapp, Viber and so on.
Each shi... app has access if they want to. Your argument is not an argument.
I'm more afraid of Google + + + and stolen apps as of the Anti Piracy code.
many Problems come from Google
http://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/
LorD ClockaN said:
The time you have spent to make this post was more than enough to learn how to compile rom from source and build it without this so called Trojan that helps the app devs.
And if we added a Trojan, you wouldn't even know it
Click to expand...
Click to collapse
Well if you read my post you would understand that I'm not concerned about bypassing content guard. In fact i made it painfully obvious when I stated how easy it is to do just that, in the first paragraph....
What I am concerned about is compromising the integrity of AOSP.
One thing you cannot argue is that this is a precedent and I fear that this precedent has "awakened a sleeping giant" and could be the catalyst for something much worse. I'm not going to re-explain myself because you were either too lazy to read my whole post or too ignorant to comprehend it.
monochro100 said:
@jujijoog
You are totaly right. How can the devs only dare, trying to protect us against breaking the laws rules.
What those piracy apps does is simply stealing.
You are taking someones right for money.
This is simply an anti-thief prevention.
Now ask yourself. Is it okay to steal things. Is it okay to steal money?
You say, they have clear motives.
So you have.
When your "freedom" is about stealing, i hope you end up in jail.
Sincerely,
mono
Click to expand...
Click to collapse
You hope I end up in jail because I have a philosophical disagreement about what open source ROM content should be? Calm down bro.
And you are god damn right I have clear motives.
Talk about stating the obvious, LOL.
It's not like I pretended this was an unbiased research post.
My freedom is not about stealing, its about not having code in my ROM that does nothing for me but control me.
Content guard has the potential to stop much more than pirating.
It is already blocking access to legitimate apps and apps that provide access to legitimate apps.
I HAVE STATED BEFORE THAT I AM NOT OPPOSING ANTI-PIRACY MEASURES AS A WHOLE I AM PROTESTING THIS PARTICULAR METHOD OF ANTI-PIRACY IMPLEMENTATION AS I THINK IT IS DANGEROUS.
HorstiG said:
Again in plain text
Tell me an app which does not have full access to my phone,
1, SuperSU and all Google Apps, then Facebook, Whatsapp, Viber and so on.
Each shi... app has access if they want to. Your argument is not an argument.
I'm more afraid of Google + + + and stolen apps as of the Anti Piracy code.
many Problems come from Google
http://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/
Click to expand...
Click to collapse
This is a ridiculous argument because although those apps have full access to your phone, NONE OF THEM DO ANYTHING EVEN CLOSE TO AS MALICIOUS AS CONTENT GUARD! Super SU simply gives the user privileges while Content Guard takes them away. To compare them in this way is frankly hilarious as they are actually great examples of a polar opposites.
Wow this is the best you Pro Content-Guard types got?
Can someone who has actually graduated from high school please come at me?
@jujijoog
You're a pompous ass and an instigator to theft, no more and no less.
I hope the post is closed here
HorstiG said:
@jujijoog
You're a pompous ass and an instigator to theft, no more and no less.
I hope the post is closed here
Click to expand...
Click to collapse
How am I an instigator to theft because I oppose the implementation of some code that I believe could cause AOSP to lose integrity and worsen? How many times do I have to say that I am not defending pirating software nor am I helping to do so. I may be helping to throw up road blocks to measures against it but even that I doubt as there was an exposed module made completely independent of my influence as well as several methods developed for bypassing content guard before I even knew it existed. What im getting at is that regardless of what I say or do content guard would have been made useless. Its the unintended side effects I'm worried about. The people behind this project were discussing banning xposed as a way of stopping a bypass. If they are willing to do something that damaging to the xda community then they are a problem. Do you not agree?
Do you think xposed should be banned? Really? Did you even read my post? What are you even reacting to, what you are saying makes no sense in the context of my post. I think by "you are a pompous ass", what you really meant was "I don't understand your post because I'm ignorant and that makes me insecure, scared and upset". Why would my post be b&? What possible reason would a mod find to b& my post. As far as I know XDA isn't in the business of censorship. I'm sure you would love to be though. You're the one that's more likely to get banned for name calling. Grow up.
What's up with all the name calling? If you don't agree with me then explain why as any intelligent, respectable adult would, this isn't a YouTube comment section.
LorD ClockaN said:
The time you have spent to make this post was more than enough to learn how to compile rom from source and build it without this so called Trojan that helps the app devs.
And if we added a Trojan, you wouldn't even know it
Click to expand...
Click to collapse
By the way, I don't appreciate you putting words in my mouth? When did I say this was helping app devs? Although its irresponsible of the app devs to agree to implement this I am not under the illusion that content guard was created by them. Its clear who is ultimately behind this and its not the app devs. However any app dev that allows this becomes, in their passivity, an agent of negative change to the whole Android dev scene. And I didn't know you added this until it blocked my install. All Trojans become apparent after they execute their malicious intent, with the exception of like a data mining trojan so I'm not sure what you mean?
P.S Funny you should mention I actually am working on a ROM right now. When I drop it I'll shoot you a link.
People just aren't wanting to listen. They aren't realizing the full affect this is going to have on the community. The devs working on getting xposed to work well with 5.1 are busting their butts to make it work and then someone comes along and tries to restrict the use of our ROMs. No where has anyone said that they are supporting piracy. You don't need apps like blackmart alpha, aptoid or anything of such to get free apps. If someone were to support piracy, then it is up to that individual. Like we say in the military, to each his own. Like I have said before, since this connects to a server for checks, we don't know what all it is capable of. And none of this " well facebook and other apps do the same thing and could do more damage! ". Yes we all know this, but there is a catch to that argument ..... We choose to install that software and understand the risk. They are not forced upon us or hidden like a piece of Turkey jerky mixed with beef. And from my understanding this code is going to be hidden in settings as well.
Sent from my Samsung Galaxy S5 using Tapatalk
What difference is this privacy guard going to make. People will just Google apks instead. I can't see where this is going. And this xposed module is made.
This is exactly the like of the story of the BPI. Greedy people trying to monopolise the market. What happened to AOSP's freedom. Well people have gone round the privacy measures.
Let's say Google Play doesn't allow an app for instance Adaway. Where am I going to get it officially? From their site or a market he uploads it to. There are genuine apps on there which are because of Google's terms. Most of them are pirated (which I don't condom at all).
With these new rules go ahead and block Google Play. There are unmonitored apps on there which can allow you to download music. Why can't you? Oh yeah, the greed.
I'm pretty sure this is a evasion of the users privacy. Even Windows 10 allowed you to change default settings and stop feedback; this change would be illegal which is why Windows 7 came with a browser choice update to allow other browser vendors.
Yup roms with this content guard BREAKS THE GPL. You cannot upload roms on XDA which break GPL [emoji12]
XDA_h3n said:
What difference is this privacy guard going to make. People will just Google apks instead. I can't see where this is going. And this xposed module is made.
This is exactly the like of the story of the BPI. Greedy people trying to monopolise the market. What happened to AOSP's freedom. Well people have gone round the privacy measures.
Let's say Google Play doesn't allow an app for instance Adaway. Where am I going to get it officially? From their site or a market he uploads it to. There are genuine apps on there which are because of Google's terms. Most of them are pirated (which I don't condom at all).
With these new rules go ahead and block Google Play. There are unmonitored apps on there which can allow you to download music. Why can't you? Oh yeah, the greed.
I'm pretty sure this is a evasion of the users privacy. Even Windows 10 allowed you to change default settings and stop feedback; this change would be illegal which is why Windows 7 came with a browser choice update to allow other browser vendors.
Yup roms with this content guard BREAKS THE GPL. You cannot upload roms on XDA which break GPL [emoji12]
Click to expand...
Click to collapse
Well said my friend. People don't really think about that kind of stuff usually though. That's how privacy guard came about. Lol
Sent from my Samsung Galaxy S5 using Tapatalk
XDA_h3n said:
What difference is this privacy guard going to make. People will just Google apks instead. I can't see where this is going. And this xposed module is made.
This is exactly the like of the story of the BPI. Greedy people trying to monopolise the market. What happened to AOSP's freedom. Well people have gone round the privacy measures.
Let's say Google Play doesn't allow an app for instance Adaway. Where am I going to get it officially? From their site or a market he uploads it to. There are genuine apps on there which are because of Google's terms. Most of them are pirated (which I don't condom at all).
With these new rules go ahead and block Google Play. There are unmonitored apps on there which can allow you to download music. Why can't you? Oh yeah, the greed.
I'm pretty sure this is a evasion of the users privacy. Even Windows 10 allowed you to change default settings and stop feedback; this change would be illegal which is why Windows 7 came with a browser choice update to allow other browser vendors.
Yup roms with this content guard BREAKS THE GPL. You cannot upload roms on XDA which break GPL [emoji12]
Click to expand...
Click to collapse
Well its definitely an invasion of privacy as far as im concerned but what constitutes an invasion of privacy is a matter of perspective. Do you think it is possible that content guard technically breaks any of googles TOS or possibly even privacy laws? Im not too familiar with legislation like this if it does exist. Much of the post 9/11 legislation has been aimed at making things like content guard more legal unfortunately. Several people I mentioned this to on another forum I frequent pointed out the windows 10 connection. Everyone agreed that content guard is a much more malicious implementation of Anti-Piracy code. You are right, people will just google or torrent apks, that is until Content Guard 2.0 blocks the installation of sideloaded apps, xposed and Installation of all apks via ADB (Just Kidding).
Edit: I just notice the last line about GPL. I had missed that. Is that true or are you just being facetious?
lunerceli said:
Well said my friend. People don't really think about that kind of stuff usually though. That's how privacy guard came about. Lol
Sent from my Samsung Galaxy S5 using Tapatalk
Click to expand...
Click to collapse
Im honestly kind of shocked that more people dont see, or at least care about the possible negative implications of something like this. I figured on a forum like XDA, support for an anti content guard movement would be mostly unanimous but it seems to be pretty well devided which actually makes things a little more interesting.
Completely computer code illiterate. Have some rudimentary knowledge of computer use ......but, .....that's about it.
Bought an LG V40 ThinQ, SKU: LMV405QA7 .AUSABK, in 2019 directly from the manufacturer. I never activated it, never used it. It's been sitting, brand new in the box, ever since. I didn't want to go the same route I did prior -- allowing all the outside control of my device -- facilitating all the snooping upon me, i.e. data collection of my private personal information ......and life.
I have spent the duration of time, since purchase of this phone, attempting to educate myself; as to, how to free myself of the surveilance on me by corporate America.
Unfortunately, I have since learned: the LG V40 was much more complicated to take control of, than other phones. Atleast, more than the general skill set of the layman would allow.
I am here seeking the knowledge and power of XDA's developers, to free myself, like so many others -- and protect what remain of my civil liberties, from the surveillance state.
Respectfully,
Alex
Welcome to XDA.
If you're concerned about privacy I would unlock the bootloader and install a custom ROM without Google services. It won't be perfect but a little less data will be transferred. Maybe something like a PinePhone would be better for privacy, or better yet an old time "dumbphone"...
You should be able to find most of the info you need in the LG V40 section of the forums. Check it out...
And just a heads-up: keep the politics off the forum. To quote the forum rules:
2.4 Personal attacks, racial, political and / or religious discussions: XDA is a discussion forum about certain mobile phones. Mobile phones are not racial, political, religious or personally offensive and therefore, none of these types of discussions are permitted on XDA.
Click to expand...
Click to collapse
Again, welcome and I hope you have a good experience here on XDA.
Step 1 - abandon or delete FB, Twitter, Instagram, WhatsApp etc accounts.
Extreme - Get burner phone with prepaid minutes paid with cash. Power down when not using. Don't use at home or familiar/same locations. Toss as needed, repeat
They use voice recognition algorithms so they can likely ID you by voice probably in real time.
NASA surveillance has been online for a while now... and is far more capable than they like you to know. It effectively has unlimited storage capacity for all voice calls, text, internet activity and more.
Didgeridoohan said:
Welcome to XDA.
If you're concerned about privacy I would unlock the bootloader and install a custom ROM without Google services. It won't be perfect but a little less data will be transferred. Maybe something like a PinePhone would be better for privacy, or better yet an old time "dumbphone"...
You should be able to find most of the info you need in the LG V40 section of the forums. Check it out...
And just a heads-up: keep the politics off the forum. To quote the forum rules:
Again, welcome and I hope you have a good experience here on XDA.
Click to expand...
Click to collapse
Thank you much for your reply, guidance, and help, Didgeridoohan.
I was happy to see, layman or not, I was, atleast, on the right track with some things. I have been utilizing the "dumb phones". Mostly, flip phones from yester-year; mostly a decade old or more. The problem I am running into with those: the 2G and 3G bands they operate on are being discontinued by more and more cellular providers. By some time in 2022, most of my dumb phones will nolonger be operational.
Regarding the Pine phone, is was nice to see, I was on the right track there. I will indeed continue to investigate that phone, and see what is possible there.
I'd love to unlock the bootloader of my LG V40, and install that Googleless ROM, as suggested. It looks pretty complicated to accomplish though, on a LG V40 (unlocked, US version); and, I am a likely brick candidate, if there ever was one. Hoping to figure out what is possible for me by talking to you guys; then, move on from there, to what I can safely accomplish myself.
I'd love to get Microsoft and Google off my machines and devices; and, still have decent avenues to keep doing the stuff I have been doing. Speaking of which, any recommendations for the computer programming ignorant and novice still wanting near Microsoft OS capability and functionality, without all the snooping, in a replacement OS for their desktop and laptop??
Thanks Didgeridoohan,
ALEX
Take the PC offline. Use Android for interfacing with the internet. It's far less likely to be compromised or infected by malware.
Use Karma Firewall to see what's connecting and where to, block if needed. Fully functional on Pie and below, freeware that uses almost no battery.
&
Try this:
blackhawk said:
Step 1 - abandon or delete FB, Twitter, Instagram, WhatsApp etc accounts.
Extreme - Get burner phone with prepaid minutes paid with cash. Power down when not using. Don't use at home or familiar/same locations. Toss as needed, repeat
They use voice recognition algorithms so they can likely ID you by voice probably in real time.
NASA surveillance has been online for a while now... and is far more capable than they like you to know. It effectively has unlimited storage capacity for all voice calls, text, internet activity and more.
Click to expand...
Click to collapse
Thank you for the empowerment Black Hawk.
Definitely understand why you are calling my attention to the social media apps ......what aren't they collecting about your communications with others?!
I as well understand: why you are steering me towards prepaid phone accounts, funded in cash only. I additionally understand why you are suggesting keeping my phone powered off, and using it only in unfrequented places. Lastly, getting rid of the device, and starting over with a fresh device periodically, understand as well. All powerful recommendations, if higher levels of privacy are valued. Thank you much!
NASA surveillance, and their capabilities .......effectly, databasing any and all forms of communication between human beings .......is scary stuff. I only wonder: who has access, for what purposes; and, does this access include private corporations .......and what might those corporations be using this database for?
I am continuing to review and think about your latest suggestions, and will comment later. How may I private message you, if possible, and you allow it?
Your input has been greatly appreciated, my friend.
ALEX
ThankGod 4 XDA developers said:
Thank you for the empowerment Black Hawk.
Definitely understand why you are calling my attention to the social media apps ......what aren't they collecting about your communications with others?!
I as well understand: why you are steering me towards prepaid phone accounts, funded in cash only. I additionally understand why you are suggesting keeping my phone powered off, and using it only in unfrequented places. Lastly, getting rid of the device, and starting over with a fresh device periodically, understand as well. All powerful recommendations, if higher levels of privacy are valued. Thank you much!
NASA surveillance, and their capabilities .......effectly, databasing any and all forms of communication between human beings .......is scary stuff. I only wonder: who has access, for what purposes; and, does this access include private corporations .......and what might those corporations be using this database for?
I am continuing to review and think about your latest suggestions, and will comment later. How may I private message you, if possible, and you allow it?
Your input has been greatly appreciated, my friend.
ALEX
Click to expand...
Click to collapse
I'm being somewhat sarcastic about the paid phone apps. Really if you are under their suspicion and a high value target... they can be quit adaptable with a lot of resources at their disposal.
I wasn't being sarcastic about FB etc, pure poison. Don't dime yourself out... social malware.
blackhawk said:
Step 1 - abandon or delete FB, Twitter, Instagram, WhatsApp etc accounts.
Extreme - Get burner phone with prepaid minutes paid with cash. Power down when not using. Don't use at home or familiar/same locations. Toss as needed, repeat
They use voice recognition algorithms so they can likely ID you by voice probably in real time.
NASA surveillance has been online for a while now... and is far more capable than they like you to know. It effectively has unlimited storage capacity for all voice calls, text, internet activity and more.
Click to expand...
Click to collapse
The usage of voice recognition technology, by the telecommunication companies, and others, is a real scary thing; and, I believe: most of the public is not aware of this fact. This technology, and its wide spread usage, across our telecommunication networks, represents a direct assault on our freedom of speech, and right to privacy, as we attempt to communicate privately with our fellow citizens, in a supposedly, free society. The fact, the government, and corporations operating in the private sector, have access to, and are scrutinizing, communications between private citizens, who have not been convicted in a court of law as being involved in criminal or terroristic activity; or, even had been benefit of the judicial process, as they are unknowingly being spied upon......is.....
...diabolical ..........and certainly, ............anti-American.
Well again this is a technical forum.
blackhawk said:
Take the PC offline. Use Android for interfacing with the internet. It's far less likely to be compromised or infected by malware.
Use Karma Firewall to see what's connecting and where to, block if needed. Fully functional on Pie and below, freeware that uses almost no battery.
&
Try this:
Click to expand...
Click to collapse
blackhawk said:
I'm being somewhat sarcastic about the paid phone apps. Really if you are under their suspicion and a high value target... they can be quit adaptable with a lot of resources at their disposal.
I wasn't being sarcastic about FB etc, pure poison. Don't dime yourself out... social malware.
Click to expand...
Click to collapse
I understand, now, you were being a little "tongue and cheeck" with me; but, I think: your recommendations still apply, for anyone trying to understand: what it would take, not to be tracked easily. I as well understand: later, what you were alluding to, and your overall point -- about the magnitude of surveillance resources that could be brought to bare against you; if, you were quite important, to substantial figures.
blackhawk said:
Take the PC offline. Use Android for interfacing with the internet. It's far less likely to be compromised or infected by malware.
Use Karma Firewall to see what's connecting and where to, block if needed. Fully functional on Pie and below, freeware that uses almost no battery.
&
Try this:
Click to expand...
Click to collapse
Thanks for the gold nugget of info on this protection mechanism. I will certainly be checking this out!
Happy Halloween Black Hawk.
ALEX
ThankGod 4 XDA developers said:
I understand, now, you were being a little "tongue and cheeck" with me; but, I think: your recommendations still apply, for anyone trying to understand: what it would take, not to be tracked easily. I as well understand: later, what you were alluding to, and your overall point -- about the magnitude of surveillance resources that could be brought to bare against you; if, you were quite important, to substantial figures.
Click to expand...
Click to collapse
Not exactly. My PC is always offline, but that's simply because it's mission doesn't require internet connection so it's a needless liability.
All else applies in that statement.
It's blackhawk...
Didgeridoohan said:
Welcome to XDA.
If you're concerned about privacy I would unlock the bootloader and install a custom ROM without Google services. It won't be perfect but a little less data will be transferred. Maybe something like a PinePhone would be better for privacy, or better yet an old time "dumbphone"...
You should be able to find most of the info you need in the LG V40 section of the forums. Check it out...
And just a heads-up: keep the politics off the forum. To quote the forum rules:
Again, welcome and I hope you have a good experience here on XDA.
Click to expand...
Click to collapse
With all due respect, we live in a pervasive, corrupt corporate and political technocracy that has weaponized our phones, and all technology, to surveil and track our every move, views, opinions, activities, locations. The Borg is exempt from this illegal invasion of privacy and operates in secrecy with impunity for their tyrannical crimes against humanity. Ignoring this tragic reality is why our privacy, rights, and freedoms are all being stripped away. Those who bury their head in the sand and refuse to wake up to this travesty and resist on all relative platforms. Are useful idiot slaves who are playing right into their hands and are assimilated by the Borg! Just keeping it real because this harsh reality must be spread far and wide since capitulation is assimilation and assimilation is extermination. Comply and you Die!
Anti-Trans-Humanist said:
With all due respect, we live in a pervasive, corrupt corporate and political technocracy that has weaponized our phones, and all technology, to surveil and track our every move, views, opinions, activities, locations. The Borg is exempt from this illegal invasion of privacy and operates in secrecy with impunity for their tyrannical crimes against humanity. Ignoring this tragic reality is why our privacy, rights, and freedoms are all being stripped away. Those who bury their head in the sand and refuse to wake up to this travesty and resist on all relative platforms. Are useful idiot slaves who are playing right into their hands and are assimilated by the Borg! Just keeping it real because this harsh reality must be spread far and wide since capitulation is assimilation and assimilation is eradication!
Click to expand...
Click to collapse
Good thing that the Borg are fictitious then...
Still, my original statement stands: leave the politics out of any discussions/posts on XDA. It's perfectly possible to discuss privacy concerns without bringing up politics...
Didgeridoohan said:
Good thing that the Borg are fictitious then...
Still, my original statement stands: leave the politics out of any discussions/posts on XDA. It's perfectly possible to discuss privacy concerns without bringing up politics...
Click to expand...
Click to collapse
Obviously the Borg taken from Star Trek is fictitious but it's a single word representation of a conglomeration of secret societies. That includes the Freemasons, Jesuits, Illuminati and other psychopathic death cults with an anti human, genocidal agenda.
Your name implies you reside or are from Australia which is being overtaken and decimated by them. In part because the good people of Australia have fallen right into their trap. Which includes spinning and twisting words to subvert the truth and distort reality. Such as inferring the use of this fictitious title to describe a conglomeration of very real, nefarious, evil, elements. Ridiculously suggests I'm some psychotic conspiracy theorist that blurs the lines between truth and fiction.
The distinction's very clear to me because I'm awake to reality unlike the masses that are like lemmings running straight off a cliff to their death. I'll leave it at that.