Android without Google: Take back control! (Part 1)
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
...(...)...
Regardless of these "restrictions", we want to achieve the following with our project:
✅ Complete control over your own data
✅ Independent and self-determined use of the device
✅ The decoupling from the Google eco-system
✅ The exit from the advertising machinery of the manufacturers
✅ Protection against advertising profiling
https://t.me/BlackBox_Archiv/156
#android #NoGoogle #guide #part1 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
...(...)...
Regardless of these "restrictions", we want to achieve the following with our project:
✅ Complete control over your own data
✅ Independent and self-determined use of the device
✅ The decoupling from the Google eco-system
✅ The exit from the advertising machinery of the manufacturers
✅ Protection against advertising profiling
Read the full guide🇬🇧
https://t.me/BlackBox_Archiv/156
German (original)https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
#android #NoGoogle #guide #part1 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Android: IMSI Leaking during GPS Positioning
First of all, the basics:
Assisted GPS (abbreviated as A-GPS) is a system that usually significantly improves the time it takes to fix a satellite-based positioning system (GPS) for the first time - so GPS positioning is accelerated. How does this work? With mobile phones, the approximate location is already known from the radio cell in which your device is registered. This approximate location is then sent via the Secure User Plane Location Protocol (SUPL) to a SUPL server, which uses this information to limit the search range for the satellite signals and thus enables fast GPS positioning. Communication with the SUPL server takes place via TCP/IP or SMS.
Android systems use such a SUPL server to accelerate GPS positioning. However, the problem is that your IMSI number is also transmitted to the SUPL server when you make a request - which would not actually be necessary from a technical point of view.
The problem: The combination of the IMSI number with the radio cell ID enables the operator of a SUPL server to uniquely identify a user as soon as the smartphone locates or limits the location via a SUPL request. The SUPL protocol is therefore actually relatively sensible, but we do not know what the operators of the SUPL servers do with this information.
With my test devices I have now tried to find out when such a SUPL request is sent. Result: Whenever your GPS is activated and an app wants to query the location. It doesn't matter which mode you have chosen:
High accuracy:
Use GPS, WLAN, Bluetooth or mobile networks to determine your location.
Energy-saving mode:
Use WLAN, Bluetooth or mobile networks to determine your position.
Device only:
Use GPS to locate.
This means: Even if you have selected the mode "Device only", a request will be sent via A-GPS or SUPL-Request. The question is now which SUPL server or operator receives the radio cell information together with the IMSI number?
This is quite different - even with LineageOS. You can find out if you open the following file (root assumed) on your Android:
supl.google.com: Google
supl.sonyericsson.com: Sony
supl.qxwz.com: SUPL Server in China
supl.nokia.com: Nokia
If your GPS is activated, a SUPL request is sent to the SUPL_HOST - but this does not happen every time. You can force it after a device restart in combination with an app that wants to determine the GPS location. Sometimes it was also necessary to deactivate the WLAN interface.
Now you have to ask yourself if a quick GPS position determination via SUPL is important to you or maybe your privacy. If it's your privacy, you'll need to make the following changes to gps.conf and then restart your device:
With tcpdump you can check directly on the device if SUPL requests are still being sent:
How SUPL Reveals My Identity And Location To Google When I Use GPS. If you can help to answer this question, please feel free to contact me via email or use the forum thread.
With a "toy" like the HackRF One, mobile phone traffic on this level could certainly be recorded.
📡 @NoGoolag
#android #IMSI #leaking #GPS #positioning #guide #kuketz
First of all, the basics:
Assisted GPS (abbreviated as A-GPS) is a system that usually significantly improves the time it takes to fix a satellite-based positioning system (GPS) for the first time - so GPS positioning is accelerated. How does this work? With mobile phones, the approximate location is already known from the radio cell in which your device is registered. This approximate location is then sent via the Secure User Plane Location Protocol (SUPL) to a SUPL server, which uses this information to limit the search range for the satellite signals and thus enables fast GPS positioning. Communication with the SUPL server takes place via TCP/IP or SMS.
Android systems use such a SUPL server to accelerate GPS positioning. However, the problem is that your IMSI number is also transmitted to the SUPL server when you make a request - which would not actually be necessary from a technical point of view.
The problem: The combination of the IMSI number with the radio cell ID enables the operator of a SUPL server to uniquely identify a user as soon as the smartphone locates or limits the location via a SUPL request. The SUPL protocol is therefore actually relatively sensible, but we do not know what the operators of the SUPL servers do with this information.
With my test devices I have now tried to find out when such a SUPL request is sent. Result: Whenever your GPS is activated and an app wants to query the location. It doesn't matter which mode you have chosen:
High accuracy:
Use GPS, WLAN, Bluetooth or mobile networks to determine your location.
Energy-saving mode:
Use WLAN, Bluetooth or mobile networks to determine your position.
Device only:
Use GPS to locate.
This means: Even if you have selected the mode "Device only", a request will be sent via A-GPS or SUPL-Request. The question is now which SUPL server or operator receives the radio cell information together with the IMSI number?
This is quite different - even with LineageOS. You can find out if you open the following file (root assumed) on your Android:
/etc/system/gps.confor
/vendor/etc/gps.confThere you can search for the following entries:
SUPL_HOST=supl.google.comPreviously identified as SUPL_HOST or operator:
SUPL_PORT=7275 (may vary)
supl.google.com: Google
supl.sonyericsson.com: Sony
supl.qxwz.com: SUPL Server in China
supl.nokia.com: Nokia
If your GPS is activated, a SUPL request is sent to the SUPL_HOST - but this does not happen every time. You can force it after a device restart in combination with an app that wants to determine the GPS location. Sometimes it was also necessary to deactivate the WLAN interface.
Now you have to ask yourself if a quick GPS position determination via SUPL is important to you or maybe your privacy. If it's your privacy, you'll need to make the following changes to gps.conf and then restart your device:
SUPL_HOST=localhost⚠️Note: It is not sufficient to comment out the lines. Then a fallback becomes active. Where the fallback information came from I could not find out yet.
SUPL_PORT=7275
With tcpdump you can check directly on the device if SUPL requests are still being sent:
tcpdump -i any -s0 port 7275Unfortunately, one question remains unanswered: Does the proprietary baseband possibly send a SUPL request on its own and bypasses the Android operating system? In any case, this is indicated by the following article:
How SUPL Reveals My Identity And Location To Google When I Use GPS. If you can help to answer this question, please feel free to contact me via email or use the forum thread.
With a "toy" like the HackRF One, mobile phone traffic on this level could certainly be recorded.
Source and more infohttps://www.kuketz-blog.de/android-imsi-leaking-bei-gps-positionsbestimmung/
📡 @NoGoolag
#android #IMSI #leaking #GPS #positioning #guide #kuketz
🇬🇧 Pi-hole, Unbound & Hyperlocal: No Advertising - Maximum Independence
1. introduction
The Internet is decentralized - at least that's what I want. Many small networked units and you can get something anywhere, depending on what you need. But we are increasingly struggling with ever larger, central entities with dominating and monopolistic positions. They accumulate more and more data, which can be very dangerous to say the least. On the Kuketz blog and in the Kuketz forum there is already a lot of information on how to protect yourself against this. One possibility is to use a trustworthy name server or DNS server. This is a first step, but it still remains a sore point.
All places that we contact on the Internet (websites, e-mail, online games, etc.) only get to see a small summary of us. The name server, however, receives every contact request we send to the Internet (apart from Tor) - from a trustworthy operator or not. In the following, we want to get rid of this central place and make ourselves a bit freer and the Internet a bit more decentralized.
🇩🇪 Pi-hole, Unbound & Hyperlocal: Keine Werbung – Größtmögliche Unabhängigkeit
1. Einführung
Das Internet ist dezentral – zumindest wünsche ich mir das. Viele kleine vernetzte Einheiten und man kann sich überall etwas holen, je nachdem, was man gerade braucht. Doch wir haben zunehmend mit immer größer werdenden, zentralen Entitäten mit Vormacht- und Monopolstellung zu kämpfen. Diese kumulieren immer mehr Daten, was gelinde gesagt sehr gefährlich werden kann. Auf dem Kuketz-Blog und im Kuketz-Forum gibt es schon viele Informationen dazu, wie man sich dagegen schützen kann. Eine Möglichkeit ist, einen vertrauenswürdigen Nameserver oder DNS-Server zu verwenden. Das ist ein erster Schritt, jedoch bleibt es weiterhin ein wunder Punkt.
Alle Stellen, die wir im Internet kontaktieren (Webseiten, E-Mail, Online-Spiele etc.), bekommen immer nur einen kleineren Abriss von uns zu sehen. Der Nameserver jedoch bekommt jegliche Kontaktanfrage mit, die wir ins Internet absetzen (mal von Tor abgesehen) – vertrauenswürdiger Betreiber hin oder her. Wir wollen uns im Folgenden nun auch dieser zentralen Stelle entledigen und uns ein Stück freier und das Internet ein Stück dezentraler machen.
The complete manual (German) can be found here: https://www.kuketz-blog.de/pi-hole-unbound-hyperlocal-keine-werbung-groesstmoegliche-unabhaengigkeit/
#manual #guide #pihole #unbound #hyperlocal #kuketz
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
1. introduction
The Internet is decentralized - at least that's what I want. Many small networked units and you can get something anywhere, depending on what you need. But we are increasingly struggling with ever larger, central entities with dominating and monopolistic positions. They accumulate more and more data, which can be very dangerous to say the least. On the Kuketz blog and in the Kuketz forum there is already a lot of information on how to protect yourself against this. One possibility is to use a trustworthy name server or DNS server. This is a first step, but it still remains a sore point.
All places that we contact on the Internet (websites, e-mail, online games, etc.) only get to see a small summary of us. The name server, however, receives every contact request we send to the Internet (apart from Tor) - from a trustworthy operator or not. In the following, we want to get rid of this central place and make ourselves a bit freer and the Internet a bit more decentralized.
🇩🇪 Pi-hole, Unbound & Hyperlocal: Keine Werbung – Größtmögliche Unabhängigkeit
1. Einführung
Das Internet ist dezentral – zumindest wünsche ich mir das. Viele kleine vernetzte Einheiten und man kann sich überall etwas holen, je nachdem, was man gerade braucht. Doch wir haben zunehmend mit immer größer werdenden, zentralen Entitäten mit Vormacht- und Monopolstellung zu kämpfen. Diese kumulieren immer mehr Daten, was gelinde gesagt sehr gefährlich werden kann. Auf dem Kuketz-Blog und im Kuketz-Forum gibt es schon viele Informationen dazu, wie man sich dagegen schützen kann. Eine Möglichkeit ist, einen vertrauenswürdigen Nameserver oder DNS-Server zu verwenden. Das ist ein erster Schritt, jedoch bleibt es weiterhin ein wunder Punkt.
Alle Stellen, die wir im Internet kontaktieren (Webseiten, E-Mail, Online-Spiele etc.), bekommen immer nur einen kleineren Abriss von uns zu sehen. Der Nameserver jedoch bekommt jegliche Kontaktanfrage mit, die wir ins Internet absetzen (mal von Tor abgesehen) – vertrauenswürdiger Betreiber hin oder her. Wir wollen uns im Folgenden nun auch dieser zentralen Stelle entledigen und uns ein Stück freier und das Internet ein Stück dezentraler machen.
The complete manual (German) can be found here: https://www.kuketz-blog.de/pi-hole-unbound-hyperlocal-keine-werbung-groesstmoegliche-unabhaengigkeit/
#manual #guide #pihole #unbound #hyperlocal #kuketz
📡@cRyPtHoN_INFOSEC_ES
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
www.kuketz-blog.de
Pi-hole, Unbound & Hyperlocal: Keine Werbung – Größtmögliche Unabhängigkeit
Mit dem Pi-hole, Unbound & Hyperlocal zur größtmöglichen, werbefreien Unabhängigkeit in der DNS-Welt.
LineageOS - Take back control! Part2
1. release from the embrace
With the article series "Take back control!" you as a user should regain control over your Android device or your data step by step. A first step towards independence is the change of the manufacturer's own Android system. This will not only get rid of the manufacturer's bloatware, like pre-installed apps and services, but will also free us from Google's close embrace.
We manage this liberation with the free Android operating system LineageOS - a modification of Google's Android and the direct successor of the successful CyanogenMod. With such a custom ROM or alternative system we disconnect ourselves from the manufacturer's own Android systems. The use of LineageOS should bring us one step closer to our goal of regaining data dominance on the Android.
Read the full article (part1) in english:
https://t.me/BlackBox_Archiv/156
Read the full article (part2) in english:
https://t.me/BlackBox_Archiv/273
Source and more infos / read in german:
https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
https://www.kuketz-blog.de/lineageos-take-back-control-teil2/
#android #NoGoogle #LineageOS #guide #part1 #part2 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. release from the embrace
With the article series "Take back control!" you as a user should regain control over your Android device or your data step by step. A first step towards independence is the change of the manufacturer's own Android system. This will not only get rid of the manufacturer's bloatware, like pre-installed apps and services, but will also free us from Google's close embrace.
We manage this liberation with the free Android operating system LineageOS - a modification of Google's Android and the direct successor of the successful CyanogenMod. With such a custom ROM or alternative system we disconnect ourselves from the manufacturer's own Android systems. The use of LineageOS should bring us one step closer to our goal of regaining data dominance on the Android.
Read the full article (part1) in english:
https://t.me/BlackBox_Archiv/156
Read the full article (part2) in english:
https://t.me/BlackBox_Archiv/273
Source and more infos / read in german:
https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
https://www.kuketz-blog.de/lineageos-take-back-control-teil2/
#android #NoGoogle #LineageOS #guide #part1 #part2 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Firefox Lockbox: Android App with Adjust-Tracker
Immediately after the start a lot of information is sent to the analysis company Adjust (headquarters San Francisco, USA) [app.adjust.com]...(...)
The privacy statement linked in the app refers to Firefox. There I don't find any information about Firefox Lockbox or which data the app shares when with which third party.
Furthermore, telemetry data is sent to Mozilla [incoming.telemetry.mozilla.org]:...(...)
By now Mozilla should actually know that tracking or the transmission of telemetry data is not well received by the more data protection-sensitive target group. In addition, the above-mentioned data is transmitted before consent is given to the data protection declaration.
https://www.kuketz-blog.de/firefox-lockbox-android-app-mit-adjust-tracker/
#android #app #firefox #LockBox #adjust #tracker #kuketz #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Immediately after the start a lot of information is sent to the analysis company Adjust (headquarters San Francisco, USA) [app.adjust.com]...(...)
The privacy statement linked in the app refers to Firefox. There I don't find any information about Firefox Lockbox or which data the app shares when with which third party.
Furthermore, telemetry data is sent to Mozilla [incoming.telemetry.mozilla.org]:...(...)
By now Mozilla should actually know that tracking or the transmission of telemetry data is not well received by the more data protection-sensitive target group. In addition, the above-mentioned data is transmitted before consent is given to the data protection declaration.
https://www.kuketz-blog.de/firefox-lockbox-android-app-mit-adjust-tracker/
#android #app #firefox #LockBox #adjust #tracker #kuketz #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
AFWall+: Digital Door Controller - Take back control! (Part 4)
1. firewall
In the last part of the article series "Take back control! we got root rights on our Android system with the help of Magisk. This step was necessary because apps like AFWall+ and AdAway require root rights. https://www.kuketz-blog.de/magisk-bei-der-macht-von-root-take-back-control-teil3/
At this point, we should remember that switching to an alternative operating system like LineageOS does not necessarily protect us from the unwanted outflow of sensitive data. Rather, further adjustments are needed so that we can use the Android smartphone "self-determined". An important component of our defense strategy is the use of a firewall to control the Android's data traffic. Originally, firewalls were primarily intended to protect us from "dangers" from outside. However, this primary purpose of firewalls has changed more and more. Firewalls on client systems now increasingly serve to monitor and control outgoing data connections.
Various firewall solutions exist for Android - but only two are worth mentioning: NetGuard and AFWall+. In this article I present the installation and configuration of AFWall+.
2nd AFWall+
AFWall+ is a front-end for the firewall iptables known from the GNU/Linux world. It enables control over which app or system service should have access to the data network via 2G/3G/LTE/5G, roaming, WiFi or VPN. In my opinion it is an essential part of any rooted Android device to control the unwanted outflow of information.
AFWall+ is relatively easy to use in its basic functionality, as long as you have understood the concept of a firewall. It becomes complicated only with special use cases, which are represented by CustomScripts. If you are looking for a user-friendly alternative to AFWall+ or if you cannot / do not want to root your device, you should take a look at NetGuard.
https://www.kuketz-blog.de/afwall-digitaler-tuervorsteher-take-back-control-teil4/
Read the full guides in english:
(Part1: https://t.me/BlackBox_Archiv/156)
(Part2: https://t.me/BlackBox_Archiv/273)
(Part3: https://t.me/BlackBox_Archiv/322)
#android #NoGoogle #guide #part1 #part2 #part4 #AFWall #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. firewall
In the last part of the article series "Take back control! we got root rights on our Android system with the help of Magisk. This step was necessary because apps like AFWall+ and AdAway require root rights. https://www.kuketz-blog.de/magisk-bei-der-macht-von-root-take-back-control-teil3/
At this point, we should remember that switching to an alternative operating system like LineageOS does not necessarily protect us from the unwanted outflow of sensitive data. Rather, further adjustments are needed so that we can use the Android smartphone "self-determined". An important component of our defense strategy is the use of a firewall to control the Android's data traffic. Originally, firewalls were primarily intended to protect us from "dangers" from outside. However, this primary purpose of firewalls has changed more and more. Firewalls on client systems now increasingly serve to monitor and control outgoing data connections.
Various firewall solutions exist for Android - but only two are worth mentioning: NetGuard and AFWall+. In this article I present the installation and configuration of AFWall+.
2nd AFWall+
AFWall+ is a front-end for the firewall iptables known from the GNU/Linux world. It enables control over which app or system service should have access to the data network via 2G/3G/LTE/5G, roaming, WiFi or VPN. In my opinion it is an essential part of any rooted Android device to control the unwanted outflow of information.
AFWall+ is relatively easy to use in its basic functionality, as long as you have understood the concept of a firewall. It becomes complicated only with special use cases, which are represented by CustomScripts. If you are looking for a user-friendly alternative to AFWall+ or if you cannot / do not want to root your device, you should take a look at NetGuard.
Source and more infos / read in german
https://www.kuketz-blog.de/afwall-digitaler-tuervorsteher-take-back-control-teil4/
Read the full guides in english:
(Part1: https://t.me/BlackBox_Archiv/156)
(Part2: https://t.me/BlackBox_Archiv/273)
(Part3: https://t.me/BlackBox_Archiv/322)
#android #NoGoogle #guide #part1 #part2 #part4 #AFWall #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Android (Pie): Configure DNS over TLS (DoT)
From version 9.x (Pie) Android supports the DNS over TLS (DoT) protocol. This means: All DNS requests and answers are transmitted via a TLS secured connection, which is established between your Android and a DNS server. In contrast to unsecured DNS queries via UDP port 53, DoT protects against spying out DNS queries and man-in-the-middle attacks. DoT therefore improves both privacy and security.
Activation of DoT under Android 9:
✅ Open the system settings and navigate to "Network & Internet" -> "Advanced" -> "Private DNS".
✅ Choose "hostname of the private DNS provider".
✅ In the field below, enter the address of the DNS server that supports DoT.
Example:
With
IP:
AFWall+: To make DoT work in combination with AFWall+ you have to allow "(root) - Apps running as root".
Blokada: Only from version 4.x Blokada will support DoT.
NetGuard: Also NetGuard does not support DoT yet.
Note:
This is a global setting and applies to all network interfaces (WLAN, mobile, VPN, etc.). If, for example, you are on the road in your provider's mobile network, you will normally be assigned DNS servers by your provider, which will then answer the DNS queries. If you activate DoT, however, the DNS requests will be processed via the DNS server you have selected - the provider DNS servers will be overwritten.
#Android #Pie #DNS #DoT #TLS #Guide #Kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
From version 9.x (Pie) Android supports the DNS over TLS (DoT) protocol. This means: All DNS requests and answers are transmitted via a TLS secured connection, which is established between your Android and a DNS server. In contrast to unsecured DNS queries via UDP port 53, DoT protects against spying out DNS queries and man-in-the-middle attacks. DoT therefore improves both privacy and security.
Activation of DoT under Android 9:
✅ Open the system settings and navigate to "Network & Internet" -> "Advanced" -> "Private DNS".
✅ Choose "hostname of the private DNS provider".
✅ In the field below, enter the address of the DNS server that supports DoT.
Example:
dismail.com: fdns1.dismail.com
Then all DNS requests sent by your system will be transmitted via TLS-encrypted connection to the selected DNS server and answered.With
dnsleaktest.com you can check if the selected DoT server is used. Go to the page and tap Standard Test - if you have chosen the dismail.de DoT server you should see the result:IP:
80.241.218.68
Hostname: dismail.de
Interaction with AFWall+, Blokada and NetGuard:AFWall+: To make DoT work in combination with AFWall+ you have to allow "(root) - Apps running as root".
Blokada: Only from version 4.x Blokada will support DoT.
NetGuard: Also NetGuard does not support DoT yet.
Note:
This is a global setting and applies to all network interfaces (WLAN, mobile, VPN, etc.). If, for example, you are on the road in your provider's mobile network, you will normally be assigned DNS servers by your provider, which will then answer the DNS queries. If you activate DoT, however, the DNS requests will be processed via the DNS server you have selected - the provider DNS servers will be overwritten.
Source and more Info (read in German):https://www.kuketz-blog.de/android-pie-dns-over-tls-dot-einstellen/
#Android #Pie #DNS #DoT #TLS #Guide #Kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Android Captive Portal Check: 204-HTTP response from
Android sends a request for verification to the address
If you block this request to Google via AFWall+ or anywhere else on your network, a small cross will appear in the WLAN icon in the Android menu bar. Depending on the Android version, you will also see a message saying that there is no Internet available. Especially data protection-conscious users don't want to send a "ping" to Google every time they go online. There is now a solution for this for all users with root access on their devices.
English translation (full guide):
https://t.me/BlackBox_Archiv/337
Source and more info (german):
https://www.kuketz-blog.de/android-captive-portal-check-204-http-antwort-von-captiveportal-kuketz-de/
#android #captiveportal #check #HTTP #guide #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
captiveportal.kuketz.de
Each time your Android device connects to a WLAN, the system performs a Captive Portal Check. Android wants to ensure that your device has not only received an IP address from the access point, but that it can also actually reach destinations on the Internet.Android sends a request for verification to the address
connectivitycheck.gstatic.com. If the request is successful or answered with the HTTP response code 204, access to the Internet is available. With this request, the system transmits information to Google about the IP address of the connection, the time of Internet access and which browser is currently being used.If you block this request to Google via AFWall+ or anywhere else on your network, a small cross will appear in the WLAN icon in the Android menu bar. Depending on the Android version, you will also see a message saying that there is no Internet available. Especially data protection-conscious users don't want to send a "ping" to Google every time they go online. There is now a solution for this for all users with root access on their devices.
English translation (full guide):
https://t.me/BlackBox_Archiv/337
Source and more info (german):
https://www.kuketz-blog.de/android-captive-portal-check-204-http-antwort-von-captiveportal-kuketz-de/
#android #captiveportal #check #HTTP #guide #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Brave: Browser with its own advertising concept
I often hear the question why I don't recommend the Brave Browser and why I don't participate in the Brave Rewards program. First of all, the browser is based on Chrome - that's enough for me to avoid it as much as possible. Browsers based on Chrome are usually closely linked to Google services. As a user who is sensitive to data protection, I am happy to do without it.
I also find the "advertising concept" unconvincing. The integrated advertising blocker initially prevents advertising from being displayed. Brave then fades in its own advertising, which in the opinion of the developers is "less harmful" and does not make the user traceable on the Internet. For advertising, a fee is to be paid to the user as well as to the advertiser in the form of Basic Attention Tokens (BAT).
Currently, the browser can be operated completely free of advertising - i.e. even without advertising that displays Brave. In the future, this model may be adapted. Who decides then against the Ad Replacement, that must deactivate the integrated advertising blocker. Inevitably this means: In Brave, the user is either shown advertising from the respective website or advertising via the "Ad Replacement" concept. Unlike other browsers, the user cannot completely suppress advertising, for example via Adblocker plug-ins such as uBlock Origin. Whether this will be implemented in this way, however, is still speculation.
Final conclusion: Not recommended
https://www.kuketz-blog.de/brave-browser-mit-eigenem-werbekonzept/
📡 @NoGoolag
#brave #browser #advertising #kuketz
I often hear the question why I don't recommend the Brave Browser and why I don't participate in the Brave Rewards program. First of all, the browser is based on Chrome - that's enough for me to avoid it as much as possible. Browsers based on Chrome are usually closely linked to Google services. As a user who is sensitive to data protection, I am happy to do without it.
I also find the "advertising concept" unconvincing. The integrated advertising blocker initially prevents advertising from being displayed. Brave then fades in its own advertising, which in the opinion of the developers is "less harmful" and does not make the user traceable on the Internet. For advertising, a fee is to be paid to the user as well as to the advertiser in the form of Basic Attention Tokens (BAT).
Currently, the browser can be operated completely free of advertising - i.e. even without advertising that displays Brave. In the future, this model may be adapted. Who decides then against the Ad Replacement, that must deactivate the integrated advertising blocker. Inevitably this means: In Brave, the user is either shown advertising from the respective website or advertising via the "Ad Replacement" concept. Unlike other browsers, the user cannot completely suppress advertising, for example via Adblocker plug-ins such as uBlock Origin. Whether this will be implemented in this way, however, is still speculation.
Final conclusion: Not recommended
Source:
https://www.kuketz-blog.de/brave-browser-mit-eigenem-werbekonzept/
📡 @NoGoolag
#brave #browser #advertising #kuketz
Kuketz IT-Security Blog
Brave: Browser mit eigenem Werbekonzept
Ich erhalte oftmals die Frage, weshalb ich den Brave-Browser nicht empfehle und wieso ich nicht am Brave-Rewards-Programm teilnehme.
F-Droid: Free and Open Source Apps - Take back control! (Part 5)
1. app store with class
By installing LineageOS, we have abandoned our proprietary Android systems and taken control of outbound data traffic with AFWall+. But our journey is far from over, because to get rid of Google and to regain control we have to break away from the Google Play Store.
Most apps from the Google Play Store contain an above-average number of tracker and advertising modules. In the foreseeable future, this business model will probably not change because Android is a self-service data store with which (questionable) developers make a lot of money. Indirectly, Google also earns a lot of money - so Android users can wait in vain for an improvement.
In this article I would like to introduce you to the alternatives App-Store F-Droid. F-Droid is a consumer-friendly alternative to Google's Play Store, which only offers "free" and "open source" apps for download. The two properties "free" and "open source" mean basically nothing else than that the app source code can be viewed, used, changed and further developed by anyone. With its strict "Free Open Source Software (FOSS)" concept, F-Droid clearly sets itself apart from the Google Play Store and other comparable stores.
Source (german) and more info:
https://www.kuketz-blog.de/f-droid-freie-und-quelloffene-apps-take-back-control-teil5/
Translation (english):
https://t.me/BlackBox_Archiv/357
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #fdroid #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1. app store with class
By installing LineageOS, we have abandoned our proprietary Android systems and taken control of outbound data traffic with AFWall+. But our journey is far from over, because to get rid of Google and to regain control we have to break away from the Google Play Store.
Most apps from the Google Play Store contain an above-average number of tracker and advertising modules. In the foreseeable future, this business model will probably not change because Android is a self-service data store with which (questionable) developers make a lot of money. Indirectly, Google also earns a lot of money - so Android users can wait in vain for an improvement.
In this article I would like to introduce you to the alternatives App-Store F-Droid. F-Droid is a consumer-friendly alternative to Google's Play Store, which only offers "free" and "open source" apps for download. The two properties "free" and "open source" mean basically nothing else than that the app source code can be viewed, used, changed and further developed by anyone. With its strict "Free Open Source Software (FOSS)" concept, F-Droid clearly sets itself apart from the Google Play Store and other comparable stores.
Source (german) and more info:
https://www.kuketz-blog.de/f-droid-freie-und-quelloffene-apps-take-back-control-teil5/
Translation (english):
https://t.me/BlackBox_Archiv/357
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #fdroid #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES