I have a bit of a concern here regarding Skyfire as i wonder how it works and loads pages.
I tested the following by opening a site which shows your IP-adress, source and stuff (sorry links are forbidden for me but it doesnt matter anyway and can easily be tested by you guys).
(1) 3G connection, OPERA browser: It shows adress A (as expected)
(2) WLAN connection, OPERA browser: It shows adress B (as expected)
(3) 3G connection, Skyfire browser: It shows adress C (???)
(4) WLAN connection, Skyfire browser: adress C again (??????)
What i am worried about: am i using a proxy all of a sudden (automatically)? Can I forbid it to do so?
I have the bad feeling about that, so could someone please explain to me what exactly happens (say when I open my bank account)? Who grants it is my device that renders the pages?
Privacy terms:
(is it normal to collect all this as a browser? Does Opera/IE do so as well?)
Am i just paranoid?
When you use Skyfire Labs' mobile browser, Skyfire Labs keeps collects activity information as follows:
•When you sign up for a Skyfire Labs account or service in the application, you provide personal information during the registration process, such as your name, email address, mobile phone number, and account password. We maintain your sensitive information, such as account passwords in an encrypted form on secure servers.
•When you use the Skyfire Services, our servers automatically record certain information about your usage from your mobile device. These server logs may include information such as a mobile device identification number and device identifier, web requests, Internet Protocol ("IP") address, browser type, browser language, referring / exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, features used in the Skyfire mobile application, the number of shared pages and referrals related to Skyfire, the amount of time spent on particular web pages, the dates and times of your requests, and cookies that may uniquely identify your device to web sites you visited.
•Skyfire Labs might maintain usage data to assist Skyfire Labs in debugging its system or addressing other problems in its products or services. This usage data may include such information as your web request, web response, IP address, the date and time of your request, size of the communication, and cookies as well as client side data such as connect times, connect failures and performance problems.
Click to expand...
Click to collapse
archvile77 said:
I have a bit of a concern here regarding Skyfire as i wonder how it works and loads pages.
I tested the following by opening a site which shows your IP-adress, source and stuff (sorry links are forbidden for me but it doesnt matter anyway and can easily be tested by you guys).
(1) 3G connection, OPERA browser: It shows adress A (as expected)
(2) WLAN connection, OPERA browser: It shows adress B (as expected)
(3) 3G connection, Skyfire browser: It shows adress C (???)
(4) WLAN connection, Skyfire browser: adress C again (??????)
What i am worried about: am i using a proxy all of a sudden (automatically)? Can I forbid it to do so?
I have the bad feeling about that, so could someone please explain to me what exactly happens (say when I open my bank account)? Who grants it is my device that renders the pages?
Click to expand...
Click to collapse
Skyfire works by rendering pages server side, compressing them, and then sending them to you. It has a few advantages, but yes, it does mean that all information goes through them. Adjust tinfoil had accordingly.
this means that even the information i enter like usernames/passwords and so on have to be transferred to their servers. otherwise they would be unable to render protected sites.
which means: bank accounts, any logins,....
i am shocked tbh.
Yup. It's the downside of server-side rendering with compressed transmission. Opera Mini does it as well (not Opera Mobile).
opera mobile do it too if you turn on opera turbo
Related
I know Opera mini reroutes through a server to decrease the data actually downloaded to the phone. Does the pre-installed Opera 9.5 work along the same lines, or does it download the full page as per a regular browser?
If you activate Turbo in Opera Mobile it will function like Opera Mini and route the data through a server, but in 'out the box' configuration it is like any other browser, direct from the server of the page you are accessing (simplistically speaking anyway)
Thanks!
Does anyone know whether Skyfire reroutes or loads directly?
Steeve24 said:
If you activate Turbo in Opera Mobile it will function like Opera Mini and route the data through a server, but in 'out the box' configuration it is like any other browser, direct from the server of the page you are accessing (simplistically speaking anyway)
Click to expand...
Click to collapse
I don't see any option to turn it on and off. Did I miss it somewhere?
nevermind, I guess I had to use the command opera:config and change it in there. I though tit would be some kind of quick toggle switch in setting.
Hi, my university (California State University, Long Beach in case you know it) has a splash page (BeachNet) for its campus-wide WiFi network. The page requires you to log in and prevents you from saving the username and password via (I'm guessing here) autocomplete=off.
Is there a way to get around this limitation via the Android Browser (or any other browser)? The page does not have to stay open, you must just login once. Disconnecting and reconnecting even works w/o re-entering credentials.
Does anyone know how to force the browser to save log-in information?
Edit: Being able to open the page, it's basically something like secure.arubanetworks.com/login.cgi&ip=10.0.0.0&mac=4d:7e etc. So it looks like the mac address and ip address are used as part of the URL identifier. I suppose that this would mean the browser would see them as separate pages. Hope this helps!
Check out firefox beta for (i guess) android?
It supports saving account + password. Works very well for me.
it didn't show up in the market (do i need a market hack/fix?), so i got the latest Fennec build from Mozilla FTP. Unfortunately, that didn't work.
I have summarized this bug in a video here.
http://youtu.be/O8lSz7yYnY4
moksha51 said:
I have summarized this bug in a video here.
http://youtu.be/O8lSz7yYnY4
Click to expand...
Click to collapse
The reason is that you are a) using Wifi that requires an HTTP type of authentication via browser like ones you find in Hotels, Coffee shops, etc. and b) the reason it works on an external browser besides Chrome because updated Chrome has SSL validation checks to disable certain types of SSL certificates that certain sites uses. Other browser might not have the same security validation checks, therefore, it loads the page ok.
vboyz103 said:
The reason is that you are a) using Wifi that requires an HTTP type of authentication via browser like ones you find in Hotels, Coffee shops, etc. and b) the reason it works on an external browser besides Chrome because updated Chrome has SSL validation checks to disable certain types of SSL certificates that certain sites uses. Other browser might not have the same security validation checks, therefore, it loads the page ok.
Click to expand...
Click to collapse
I agree the problem is due to SSL validation in Chrome. But there must be a way to "trust" certain websites or a workaround in Chrome that allows you to continue to the website anyway.
If you noticed in the video, when you try to login from Settings-> Wifi directly, that's impossible to do, as well. I witnessed something similar in Kitkat. I remember I had issues logging in to the same Wi-Fi with KK . But I was able to hit "Proceed anyway" in Chrome and was able to login.
Hypothetically, if you don't have a third party browser installed and you want to login to a hotel wifi, you can't ?
Hey there XDA
So I was reading this article the other day that pertains to security and encryption on the Android Operating System
http://www.bibliotecapleyades.net/sociopolitica/sociopol_cia38.htm
Basically what is says is that even if you use encryption in apps there's nothing preventing people from accessing your devices mic or camera
But I was thinking what if you encrypt ALL outgoing traffic? Now I'm not the most well versed guy when it comes to technology but I've heard about for example SSH tunnels
So I found this guide on how to setup one on Android: https://www.howtogeek.com/121698/how-to-route-all-your-android-traffic-through-a-secure-tunnel/
Would this effectively encrypt all outgoing data?
Eklondh said:
Hey there XDA
So I was reading this article the other day that pertains to security and encryption on the Android Operating System
http://www.bibliotecapleyades.net/sociopolitica/sociopol_cia38.htm
Basically what is says is that even if you use encryption in apps there's nothing preventing people from accessing your devices mic or camera
But I was thinking what if you encrypt ALL outgoing traffic? Now I'm not the most well versed guy when it comes to technology but I've heard about for example SSH tunnels
So I found this guide on how to setup one on Android: https://www.howtogeek.com/121698/how-to-route-all-your-android-traffic-through-a-secure-tunnel/
Would this effectively encrypt all outgoing data?
Click to expand...
Click to collapse
Not really, setting up an SSH tunnel will only encrypt your traffic between your device and your server, at some point most traffic will have to enter the internet in just as secure manner as it does now so that you can view a website for example, it will add another layer of security, but really only useful for privacy from those on your local network or (if your server is outside your ISP network) from your ISP also (but you'd have to change your DNS servers also or they can get info from there about sites you visit)
Also non of that will stop the issue you mention above about gaining access to your camera, mic, files etc that to beat encryption they just have to gain access to your phone, that could be as simple as sending you a malware link to your email, Whatsapp or whatever, which you visit. Which seems to be what my mum did 2 days ago, there was a well crafted email that appeared to be from Genes Reunited making specific reference to her personal private data & contacts in her account so she clicked the link, now she has no internet access & other issues on tablet, but of course I can't log in to fix from here & she can't follow my instructions over the phone properly! The email password she gave me doesn't work (I wanted to examine the file she clicked on), though there was no confirmation via txt of password changed. So right now I'm not sure as could be related to the TalkTalk hacks.... Or just my mum! Rant over!
So in short no, ssl is not a simple solution
this might help. https://www.torproject.org/
"err on the side of kindness"
IronRoo said:
Not really, setting up an SSH tunnel will only encrypt your traffic between your device and your server, at some point most traffic will have to enter the internet in just as secure manner as it does now so that you can view a website for example, it will add another layer of security, but really only useful for privacy from those on your local network or (if your server is outside your ISP network) from your ISP also (but you'd have to change your DNS servers also or they can get info from there about sites you visit)
Also non of that will stop the issue you mention above about gaining access to your camera, mic, files etc that to beat encryption they just have to gain access to your phone, that could be as simple as sending you a malware link to your email, Whatsapp or whatever, which you visit. Which seems to be what my mum did 2 days ago, there was a well crafted email that appeared to be from Genes Reunited making specific reference to her personal private data & contacts in her account so she clicked the link, now she has no internet access & other issues on tablet, but of course I can't log in to fix from here & she can't follow my instructions over the phone properly! The email password she gave me doesn't work (I wanted to examine the file she clicked on), though there was no confirmation via txt of password changed. So right now I'm not sure as could be related to the TalkTalk hacks.... Or just my mum! Rant over!
So in short no, ssl is not a simple solution
Click to expand...
Click to collapse
Heh, **** man.. Hope she sorts it out
Now I think I've decided to use an SSH tunnel paried with RSA authentication for the time being, it seems good enough for me
mrrocketdog said:
this might help. https://www.torproject.org/
"err on the side of kindness"
Click to expand...
Click to collapse
Tor seems awesome
The proper way to achieve this is using a vpn which permits flexibility on the networking side. I use openvpn server on my home computer and i connect my phones to it. It is set to redirect all traffic through the encrypted tunnel which is forwarded to the internet through my home computer.
Now as noted before the information still goes out to the net at some point and comes back. Encrypting traffic does not help if you click on something malicious out there.
It does help to prevent the directly connected network to snoop on your actual traffic though. Handy when you connect to free wifi etc. Also you can filter traffic by application on the phone or by destination on the other side on the server.
I need and app that allows me to see web connections on phones on my network like what a certain IP"connected to my WiFi" is browsing
App that allow you to see web connection
Not only an app, you are supposed to be having a paid firewall. It is having a network flow panel which will let you know how many devices are connected with your IP address and what http packets they are accessing.
Or if you are having a client server topology, then server logs can easily tell you which user is viewing what.
Even there are free tool for checking ip address-
1) Microsoft Network Monitor
2) Nagios
3) OpenNMS
4) Advance IP Scanner
you can also try "Norton Family" when you first register you have 30 days of trial for free.
Csploit does achieve this I believe, and you can also intercept other people's browsing.Though, you should be really careful when using it and you should really know what all the functions do. I do not recommend you using it, but if it is a one time quicky then sure.