Database Info

Online shopping

is online shopping on android phones actually safe ...i am confused ..any views on this

That depends on what your security concerns are. For me, I think it is totally safe to buy things online with your phone. I would do just about anything but financial activities in this context. However, my answer is a bit loaded so now I need to explain that part a bit. Credit Cards have built in protections. If you check your statements and dispute all charges that you did not authorize, then shopping through your phone is completely safe. I have had tons of fraudulent activity on my credit cards and I haven't paid a single cent that wasn't my own charge. The catch here is that you run pretty much the same risk doing your shopping online through an ordinary computer. Granted, phones have terrible security. My real point here is that you should use your phone assuming you cannot trust it. In this case, I use my credit card fraud protection as my mitigation for an untrustable platform.

dipinv.2007 said:
is online shopping on android phones actually safe ...i am confused ..any views on this
Click to expand...
Click to collapse
It is risky, indeed. Luckily, you can do something to protect your safety online. Android has a lot of flaws and it's vulnerable to malware and viruses- more vulerable than your personal computer because it's an open system( in theory) with millions of unverified apps for Download.
My recommendations:
[Remember, there's no 100% guarantee/solution, but it's better than doing nothing at all!]
Avoid using open WiFi Hotspots( Starbucks, McDonalds, City Hotspots, etc.) if it's not an URGENT purchase.
However, sometimes you find yourself in a situation where you need to purchase something right away. When connected to public networks( again, Sturbucks, City Hotposts, etc) consider using a VPN service to encrypt your connection.
I don't want to start a war over which VPN provider is better, but PIA( Private Internet Access) is ultra cheap and reliable.
Why using a VPN? VPN connections, like L2tp IPsec PSK connections can encrypt your data, securing your connection from sniffing( Wireless network tapping/monitoring).
When shopping online use the shop's app rather than your Android browser. Using your browser can have catastrophic consequences. Your eyes can deceive you! Don't trust them.^ ^
When using your browser( Chrome, Android browser, etc) always check your connection to the shop's sing-in page - if it's unsecured( http websites) leave the page! The same goes for links. Make sure to check the URL address! Again, don't rely on your eyes, when using public hotspots. Why? In layman's terms: When you connect to the internet, your Android resolves IP's(URL's/websites) via DNS servers, which can be infected. If a Hotspot is infected and you search for, let's say, PayPal you might actually get somehwere else! Relying on URL's when shopping via Hotspots is a stupid idea! That's why, again, you should consider using a VPN, which encrypt's your traffic+ paid VPN's have a lower chance of getting infected since the folks working there regularly check their servers+ most VPN providers use secure DNS servers, which overide the Hotspot's default DNS settings.
When downloading apps verify the company's name and make sure it's an original app! Avoid using user-made apps to access your eBay/Amazon account! Stay away from unknown&unverified, hence untrusted Android markets.
Antivirus/anitmalware. Scan your phone frequently!
GOLDEN RULE: NOTHING IS BULLETPROOF!
I guess that's it for the average user. :cyclops:
The same applies for your personal computer.

Thanks guys !! great replies, sums it all up ...every one should follow this advice !! :good:

dipinv.2007 said:
Thanks guys !! great replies, sums it all up ...every one should follow this advice !! :good:
Click to expand...
Click to collapse
You're welcome. Have a good day/night/whatever! :silly:

Of course it is just make sure you are using https:// means secure server that encrypts your data

Of course it is just make sure if you install the official apps

One Question reagarding the apps: Are they using a safe connection to the server or might there be a securtiy problem?
Im talking about the "big player apps" like amazon, ebay, paypal etc.

[VPN (Virtual Private Network) and why you should use it if you're serious about...]

Greetings all and Happy Holidays.
Per some fellow XDA users request and also to compliment the great thread "[TUTO] How To Secure Your Phone," by: unclefab, I figured this would help...a thread on VPN.
I am also shocked to not see anything in the security forum about VPN! I did a search and NOTHING.
What is a VPN?
(Virtual Private Network)
A simple search on the web will give you the nitty gritty stuff on what a VPN is, but I'll just lay it out very simply.
A VPN takes your data connection and encrypts it so it protects your data from not only your ISP seeing your traffic, but also from middle man attacks. Say if you were at a cafe connected to their open (unsecured) public WiFi and you did some shopping online, which involved you entering in your credit card number, name, address, etc... Well, it doesn't take much for someone to intercept your sensitive data passing through the cafe's unsecured WiFi connection.
How it works:
Encrypts your Computer's/Phone's data ---> Connects it to your VPN's server (Exit Server) ---> Then it reaches the end destination (website). (Safe Passage)
ie...
Safely passes your Internet Data, through a ---> [TUNNEL] ---> ...that is encrypted so that all your data is not only anonymous, but also protected.
There are may VPN's service providers out there, however, they are not all created equal. I've spent a lot of time researching VPN's and have went to great lengths to find the best of the best. The criteria of what I was looking for is as follows:
Offshore Company. Something outside of the US.
Liked and approved by even the extreme private/security activists.
Reliability and Speed! Some VPN's can be very slow only allowing you to achieve 30-50% of your internet speed at best.
A wide choice of servers.
Able to pay anonymously.
A VPN THAT WORKS ON OUR ANDROID DEVICES!
Some VPN companies have their own Android VPN client, which makes things a breeze. Just launch, connect and violla....all your traffic is now safely tunneled.
For the companies that do not have their own Android VPN client, you'll have to use the app: OpenVPN, which can be a hit or a miss for those on KK 4.4. Let me explain...
When I was on my Note 3 on 4.3, OpenVPN worked flawlessly and my speeds were darn near 100% of my regular LTE speeds even connected to a VPN! Well, once KK 4.4 came around, it completely ruined everything in terms of being able to stay connected. KK 4.4 is and was a nightmare for OpenVPN users. Upgrading from 4.3 to 4.4 was the biggest mistake I have ever made in my Android world. Bottom line, KK 4.4 sucks.
The good news is, there are a few VPN companies that work flawlessly on KK 4.4. I'm using one at the moment and it stays connected just fine with awesome speeds!
Why you should use a VPN:
Well think about. You can go the whole nine yards in securing your phone, which is awesome, but then you'd still be tunneling all that traffic "unencrypted," over the internet .... this is counter-intuitive in every way that you look at it. It's like ordering a BIG MAC Extra value meal and getting a diet coke. I mean really? What's the point? Diet? No matter how you see it, you're going to get fat if you keep eating it and thinking a diet coke is going to take edge off of you getting fat. Sorry, it doesn't work that way....
Imagine a semi-trucks driving down the highway with some completely exposed and some locked and covered. Well you'll obviously be able to see the exposed cargo on all the trucks that are not contained yes? Whereas the ones that are covered and locked, you'd have no clue what's in there. This is how a VPN works....it covers your data/traffic so that no one can see or know what is inside of that container during transit...ie...it provides a safe passage of your data over the internet to the end destination.
Now a VPN will protect your data from point A to the end destination (website.) That website will only be able to see your "exit server," and not your ISP or your location, but of course your data.
Ex: You're in New York connected to the internet using a VPN ----> The VPN server you're connected to is in Texas ---> The website you're visiting is located and hosted in Canada.
In that example, your "encrypted" data/traffic is being routed through Texas and then to Canada where the website is hosted/located. Make sense?
Because you're connecting to a VPN server, this is why you have to know which ones to use so that you can trust your data routing through their servers. Not all VPN companies are created equal!
If you're interested to know which VPN's are best in general and for our Android devices, PM me and I'll share with you my research. I don't want to advertise anything on here to be in compliance with the forum rules.
I hope this helps!
To be continued....

You forgot to tell the data is not encrypted by the VPN between it's server and the website's server, you are only moving a problem from place A to place B. It may be better for you if this is what you are looking for but it doesn't add that much security.
How a VPN works : Your device data is encrypted FIRST, it leaves your device and goes to the VPN's server, it is DECRYPTED, and then it is relayed to the server you were trying to contact. Your data is less traceable but you're not anonymous, the VPN provider knows who you are and your DNS provider may still know what you are looking at if you the device leak DNS requests.
Your guide is missing details, anonymity and security is not easy and trying to simplify it too much you lost important parts users should not forget.
Regards

Magissia said:
You forgot to tell the data is not encrypted by the VPN between it's server and the website's server, you are only moving a problem from place A to place B. It may be better for you if this is what you are looking for but it doesn't add that much security.
How a VPN works : Your device data is encrypted FIRST, it leaves your device and goes to the VPN's server, it is DECRYPTED, and then it is relayed to the server you were trying to contact. Your data is less traceable but you're not anonymous, the VPN provider knows who you are and your DNS provider may still know what you are looking at if you the device leak DNS requests.
Your guide is missing details, anonymity and security is not easy and trying to simplify it too much you lost important parts users should not forget.
Regards
Click to expand...
Click to collapse
Misleading? I think you need to re-read the post. Here let me help you:
"A VPN takes your data connection and encrypts it so it protects your data from not only your ISP seeing your traffic, but also from middle man attacks. Say if you were at a cafe connected to their open (unsecured) public WiFi and you did some shopping online, which involved you entering in your credit card number, name, address, etc... Well, it doesn't take much for someone to intercept your sensitive data passing through the cafe's unsecured WiFi connection."
"Now a VPN will protect your data from point A to the end destination (website.) That website will only be able to see your "exit server," and not your ISP or your location, but of course your data."
"Ex: You're in New York connected to the internet using a VPN ----> The VPN server you're connected to is in Texas ---> The website you're visiting is located and hosted in Canada."
So you're going to argue the fact that a VPN wouldn't be affective in a cafe scenario like the example I've given in the post?
Any additional information is appreciated, but please don't come in here saying that it's misleading....
THE FACT IS...YOU'RE BETTER OFF WITH A VPN, than WITHOUT ONE. PERIOD.

It's about trust, the VPN server can do the middle man attack itself or one could do it somewhere between the VPN's server and the final destination.
Of course you're better with a VPN most of the time, but it's important to clearly state it's not captain america's shield neither. It's important to clearly tell at all cost that the data is encrypted only between you and the VPN's server.
Best regards.

The only way to ensure you are safe from MITM is to use end to end encryption, like SSL/TLS (https). Even if the MITM is using sslstrip, you'll be able to tell by the security popup in your browser when it asks you to trust the connection (which you shouldn't...)
VPN is useful for protecting you from someone sniffing the airwaves on an open network or for accessing services behind a firewalled network. (Like SMB/Windows File Sharing).
Like Magissa said, it isn't captain America's shield, and don't be fooled by a false sense of security. You have to trust the VPN provider, and it would be pretty easy for one to sniff your traffic or read logs...

iunlock said:
Greetings all and Happy Holidays.
Per some fellow XDA users request and also to compliment the great thread "[TUTO] How To Secure Your Phone," by: unclefab, I figured this would help...a thread on VPN.
I am also shocked to not see anything in the security forum about VPN! I did a search and NOTHING.
What is a VPN?
(Virtual Private Network)
A simple search on the web will give you the nitty gritty stuff on what a VPN is, but I'll just lay it out very simply.
A VPN takes your data connection and encrypts it so it protects your data from not only your ISP seeing your traffic, but also from middle man attacks. Say if you were at a cafe connected to their open (unsecured) public WiFi and you did some shopping online, which involved you entering in your credit card number, name, address, etc... Well, it doesn't take much for someone to intercept your sensitive data passing through the cafe's unsecured WiFi connection.
How it works:
Encrypts your Computer's/Phone's data ---> Connects it to your VPN's server (Exit Server) ---> Then it reaches the end destination (website). (Safe Passage)
ie...
Safely passes your Internet Data, through a ---> [TUNNEL] ---> ...that is encrypted so that all your data is not only anonymous, but also protected.
There are may VPN's service providers out there, however, they are not all created equal. I've spent a lot of time researching VPN's and have went to great lengths to find the best of the best. The criteria of what I was looking for is as follows:
Offshore Company. Something outside of the US.
Liked and approved by even the extreme private/security activists.
Reliability and Speed! Some VPN's can be very slow only allowing you to achieve 30-50% of your internet speed at best.
A wide choice of servers.
Able to pay anonymously.
A VPN THAT WORKS ON OUR ANDROID DEVICES!
Some VPN companies have their own Android VPN client, which makes things a breeze. Just launch, connect and violla....all your traffic is now safely tunneled.
For the companies that do not have their own Android VPN client, you'll have to use the app: OpenVPN, which can be a hit or a miss for those on KK 4.4. Let me explain...
When I was on my Note 3 on 4.3, OpenVPN worked flawlessly and my speeds were darn near 100% of my regular LTE speeds even connected to a VPN! Well, once KK 4.4 came around, it completely ruined everything in terms of being able to stay connected. KK 4.4 is and was a nightmare for OpenVPN users. Upgrading from 4.3 to 4.4 was the biggest mistake I have ever made in my Android world. Bottom line, KK 4.4 sucks.
The good news is, there are a few VPN companies that work flawlessly on KK 4.4. I'm using one at the moment and it stays connected just fine with awesome speeds!
Why you should use a VPN:
Well think about. You can go the whole nine yards in securing your phone, which is awesome, but then you'd still be tunneling all that traffic "unencrypted," over the internet .... this is counter-intuitive in every way that you look at it. It's like ordering a BIG MAC Extra value meal and getting a diet coke. I mean really? What's the point? Diet? No matter how you see it, you're going to get fat if you keep eating it and thinking a diet coke is going to take edge off of you getting fat. Sorry, it doesn't work that way....
Imagine a semi-trucks driving down the highway with some completely exposed and some locked and covered. Well you'll obviously be able to see the exposed cargo on all the trucks that are not contained yes? Whereas the ones that are covered and locked, you'd have no clue what's in there. This is how a VPN works....it covers your data/traffic so that no one can see or know what is inside of that container during transit...ie...it provides a safe passage of your data over the internet to the end destination.
Now a VPN will protect your data from point A to the end destination (website.) That website will only be able to see your "exit server," and not your ISP or your location, but of course your data.
Ex: You're in New York connected to the internet using a VPN ----> The VPN server you're connected to is in Texas ---> The website you're visiting is located and hosted in Canada.
In that example, your "encrypted" data/traffic is being routed through Texas and then to Canada where the website is hosted/located. Make sense?
Because you're connecting to a VPN server, this is why you have to know which ones to use so that you can trust your data routing through their servers. Not all VPN companies are created equal!
If you're interested to know which VPN's are best in general and for our Android devices, PM me and I'll share with you my research. I don't want to advertise anything on here to be in compliance with the forum rules.
I hope this helps!
To be continued....
Click to expand...
Click to collapse
which is the best VPN to use?

I've installed OpenVPN for Android and it works fine.

[VPN (Virtual Private Network) and why you should use it if you're serious ab...
TheMoroccan said:
which is the best VPN to use?
Click to expand...
Click to collapse
There's no concrete answer to that question. Your best bet is to use a VPN provider that's based outside of your country, preferably one that is less likely to corporate with your local law enforcement.

Agreed. Out of country, away from your government's reach... There are some offshore server farms in countries with lax laws... Those are usually tax havens also. Research

snapper.fishes said:
There's no concrete answer to that question. Your best bet is to use a VPN provider that's based outside of your country, preferably one with a less likely to corporate with your local law enforcement.
Click to expand...
Click to collapse
Thanks bro for the info.

Phone privacy and security, is it possible to be completely private and secure?

I have always known that companies like google and facebook for example collect our data, web searches etc and sell this information for profit. Today, this has become an even bigger issue with what we see in the media with the nsa and other government organizations tapping into our devices and monitoring our usage. At the end of the day, most of us, myself included really dont have anything to hide, so it may not be a real issue. I have often thought that if anyone poked around in my pc or phone they would simply get bored as they are just full of geeky engineering files lol. The real thing for me is simply that it's an invasion of privacy and just not right. With that said, I find myself wanting to go the extra mile to make my pc and my phone completely private from outside sources taking my information, watching my web searches and seeing my data. My question is, is it possible to be 100% secure and private, and if not, how close can we get, and how? I have heard that VPN's can achieve this. Is this true? and if so are there any free secure VPN's for our android devices and or pc's that are really good? Do VPN's slow down our devices? Also, Is there a way when we delete android files to permanently delete them? I noticed when I flashed my rom, after doing the complete wipe that is still contains files from before the wipe.
(I know this isn't a pc forum, I only included the pc because it's relevant.)
Thank you all in advance.

There are no data retention laws in the United States. Meaning, if a data center does not want to hold any logs to their users' activity, they're not required by law to do so. Multiple countries are similar, which is why I recommend using Private Internet Access for your VPN. They have a client for PC and Android and they're really great. I've been using them for many years and have had no issues. And, if you're really wanting to remain "anonymous", you can pay for your VPN subscription using gift cards from popular outlets like Walmart, Starbucks, etc. And for search engines, I'd recommend DuckDuckGo, which doesn't log anything you search. For PC, I'd recommend disabling your IPv6 protocol in your router settings and getting uBlock Origin, HTTPS Everywhere, and PrivacyBadger. They're wonderful add-ons for Firefox or Chrome. uBlock Origin and PrivacyBadger can block WebRTC leaks which would leak your IP address and can be used to identify you. If you want more information, feel free to reply to my post and I'll help you out as much as I can.

Hoxic said:
There are no data retention laws in the United States. Meaning, if a data center does not want to hold any logs to their users' activity, they're not required by law to do so. Multiple countries are similar, which is why I recommend using Private Internet Access for your VPN. They have a client for PC and Android and they're really great. I've been using them for many years and have had no issues. And, if you're really wanting to remain "anonymous", you can pay for your VPN subscription using gift cards from popular outlets like Walmart, Starbucks, etc. And for search engines, I'd recommend DuckDuckGo, which doesn't log anything you search. For PC, I'd recommend disabling your IPv6 protocol in your router settings and getting uBlock Origin, HTTPS Everywhere, and PrivacyBadger. They're wonderful add-ons for Firefox or Chrome. uBlock Origin and PrivacyBadger can block WebRTC leaks which would leak your IP address and can be used to identify you. If you want more information, feel free to reply to my post and I'll help you out as much as I can.
Click to expand...
Click to collapse
Hoxic,
Thank you for all of the information. With the private internet access VPN on my PC and android, will that slow down anything like web surfing, uploads or downloads? I am limited to using Verizon's high speed DSL connection as they refer to it, (I refer to it as slowest speed connection lol) in my neighborhood and this is the only provider for me so it's already pretty slow compared to Fios and other broadband connections. I would hate to slow it down any more.
You mention to pay for these services using gift cards and such. Well as I mentioned, I do not have anything that I am actually worried about anyone seeing, this is simply my way of trying to protect my privacy so I wouldn't go that far but I am curious about that statement. Do you mean that using a VPN truly isn't private or is this just to remove any paper trail linking me to the use of a VPN provider? I have been using DuckDuckGo for several years already just to stop google from taking and selling my info. Weather it truly works or not I dont know but its a great search engine anyway so I figured why not use it.
Your advice to disabling IPv6 protocol in my router settings: I do not see anywhere in my router settings to do this so I googled it, and it looks like there's a way o do this in windows. Is that different that what you're advising? Also I read a windows blog on this and windows 10 says IPv6 is a mandatory part of Windows that they do not advise on disabling. Can you give me some more detail on this, and how to disable it, assuming the windows warning is bull.
Thanks for all of your help.

Private DNS for Android (and other systems)

Private DNS has been around for a little bit on newer devices. However, finding a service that provides both the Private DNS side (TLS) and ad-blocking, filtration of bad domains, etc., has been another whole mess.
I've launched a donation-backed Private DNS service which provides an internet-side option. Think pi-hole style blocking without needing a VPN or only working from your LAN.
What's this entail?
1. Running Android Pie (or anything with the feature ported to it)
2. Using a custom Private DNS Server address that I will provide.
What happens?
1. Your DNS requests are routed via DNS-over-TLS to my CDN virtual machines.
2. Your DNS requests are then locally processed through several internal systems including the infamous Pi-Hole.
3. Final data requests from the local resolver are forwarded via DNS-over-HTTPS to root DNS servers such as 1.1.1.1 and others that are found to support HTTPS protocol.
4. No personal data is stored. Only data with respect to filtration is stored such as blocked versus permitted domains, hit/misses, and caching statistics to continue to develop a more fluid system.
What do I do?
Put "DNS.DEREKGORDON.COM in your Private DNS settings for Android.
Use IP address 35.243.170.151 for other applications to include your home network router, ChromeOS, etc.
Like it? CONSIDER DONATING. This system is kicking out almost one million responses a day for users.
More information is at http://www.derekgordon.com/dns/.
Always provide THANKS no matter what folks. It's the nice thing to do....

So we are looking at a encrypted dns with ad blocking? I would be into trying that.
I'm using dns.agduard.com at the moment on my Huawei P20 pro running Android pie.

Have a number of people using it without issue now....
Check it out here:
https://www.derekgordon.com/dns

crypted said:
Have a number of people using it without issue now....
Check it out here:
https://www.derekgordon.com/dns
Click to expand...
Click to collapse
I'm gonna check it out

Cool. Give it a go. My only concern now rests with the attack prevention stuff I've added. It rate limits and bans those who are hitting the server or servers if expanded quite hard. Basically it's to ward off attackers. Anyway no bad reports from it but it's the only factor I'm not totally sure of.

Gonna give it a shot and give you my results in 24hrs.

Cool. I have zero issues on our family's Pixel 2s and 3s. No one said much bad except someone who had login issues on an Xbox when they used the system for their network's DNS. I solved that for them.
Note I'm not filtering Google ads domain as a few people complained since they click the first couple links on Google. I haven't felt intruded upon by ads with this change since making it a couple weeks back.

hi,
sometime i can use this dns, sometime cannot.
my mi 8 using baskalos rom stated coudlnt connect.
issit because of my isp?

Very strange. No one has reported that issue. Is it the same result on WiFi vs mobile data? Want to give me your IP to search logs?
I've used the server in four countries on various WiFi and mobile netwiens without issue on Pixel 3.

How did you get the Private DNS in android Pie to recognize your dns server? I've got my own pi-hole server, yet when I put in my FQDN, I lose internet access on my phone.

First, I don't use Pi-Hole only. I made a custom Debian image and deployed it into the world of CDN. Pi-Hole's opensource software was incorporated as one of my mechanisms for blacklists.
To your point on connection, you need two things: 1) a TLS server to establish the connection and 2) signed certificates for the domain you are using installed on your server. Android will connect via TLS and will verify that your certificate is valid against its root certificates on the device.
Happy note - my server is providing over 250,000 queries daily now and over 90% connect via TLS so that indicates lots of happy Android users.

I'm check yours out and see how well it compares to the VPN connection I currently use to my pihole.

Been loving your Private DNS so far. Great job on it. Question though, do you have a form or something for people to submit domains that are blocked and shouldn't be?

Hey. Feel free to tell me these domains. There is such high usage and hardly any feedback so I haven't even thought about it. I could make a Google Form later.

Actually, I had a spare moment at lunch. Try this: https://forms.gle/oGtAFKAc7yJPmmEZ6

crypted said:
Actually, I had a spare moment at lunch. Try this: https://forms.gle/oGtAFKAc7yJPmmEZ6
Click to expand...
Click to collapse
Was gonna request https://go.redirectingat.com be unblocked since many many sites use it to link to products on sites like Walmart and Amazon. Can't use that form though since you require a screenshot URL, and I can't screenshot a redirection site.

You figured out a good workaround to make your request. Processing now, give it a minute and should be good.

All of your requests are cleared if you didn't notice yet. Happy browsing.

Not really sure how to publicize this and it probably isn't worth trying to do... But for those who do use this, and there are plenty of folks, I have been working on some changes.
1. These will not work with Android as I don't have the extra cash to blow on more SSL certificates. But, they will work for home networking purposes:
US.EAST.DNS.DEREKGORDON.COM
US.WEST.DNS.DEREKGORDON.COM
DE.FRUNKFURT.DNS.DEREKGORDON.COM
BR.SAO.DNS.DEREKGORDON.COM
2. DNS.DEREK.GORDON.COM is now a pool of a number of VM instances that are connected to Google's CDN. It will grow as necessary. This helps spread out some of the intensity that has been hitting the TLS daemon.
3. Servers will automatically reboot between once a week to every other week depending on load and latency. Sometimes the intense flood of queries really makes things sluggish. Reboot takes just a few seconds and I'm working for it to time it during off-peak hours so hardly anyone will notice.

Hi, I have my own pihole installed on aws server. Could you please share tutorial how could i make it work with private dns in android pie. Thanks.

[WARNING] DNS + Root Cert is insecure!

Firstly some little rant about keweon which is the most hypocrite security service I've ever seen:
[
The mentioned bet was with me. PM for details or public if you make me care enough.
>Copypasting all the elaborate posts from the Telegram sphere as I cant bother to spend much time on it.
I mostly agree with whats written there.
Seriously I dont care about Thorsten (MrT69) personally or in any other way.
I am actually quite sick of this topic. Even mad that I have to deal with basic **** like that. These people managed to trigger a hermit into logging on to tracking heavy XDA.
Why I do this? It needs to be done.
I could have never imagined that such a blatant scam could gain enough traction that it regularly annoys me.
]
<<< A little bit of ranting about keweon >>>
"
Evidence and proof of concept that keweon Online Security is not as secure as claimed by its developer.
After a group of independent IT and cyber security specialists proved that keweon is not as secure as claimed by the developer, they confronted the developer with the results and reminded him of a bet. All keweon support groups on TG then were deleted by the developer personally and without further explanation on the morning of February 4, 2019.
We all know by now that the way keweon DNS works is based on users using keweon's DNS and the keweon root certificate.
What has now been proven is exactly what keweon could do with its users, but Torsten vehemently denies and claims "that's impossible" and "that doesn't work":
1. get users to use your DNS server.
2. get users to use your root certificate.
3. redirecting a page, e.g. mybank.com, to one of the keweon servers (by changing the DNS record)
4. issue your own SSL certificate for the website, users have installed your Root-CA and so this is not a "witch work"
5. read username/password from the connection (if 2FA is used, just wait until the user logs in and use the token again quickly as it is valid for 30 seconds).
We now have proof that this is possible without a doubt. In fact, this is a classic MITM attack, and anyone who denies that it is possible either has no idea (you shouldn't assume this from Torsten) or is trying to hide something from his users.
The developer of keweon has repeatedly asserted and insisted that a root certificate cannot intercept connections or collect data.
Quote from the keweon developer with his PayPal bet:
"Prove that to me. Give me any DNS and a root certificate and try to get my PayPal data.
I'll then even contact you when I sign up for PayPal. If you manage to get my PayPal data this way, you can log in and transfer 500 Euro to your account. I have made this offer very often and this is a serious offer from my side."
Unfortunately the developer of keweon didn't contribute his part to the test as he promised so often and of course he didn't log into Paypal via our provided DNS and root certificate.
The only reaction on his part was, apart from some insults, the deletion of all keweon groups on TG.
The security test of the keweon servers also revealed that under certain conditions connections are even redirected to keweon's own termination server and answered with 1x1 pixel gifs.
The fact is that the requests contain tracking IDs that can be easily managed from these servers.
So even Torsten's statement that the keweon SSL server only terminates requests with empty (0 byte) responses is wrong.
This again contradicts Torsten's own statement.
The point now is that the developer of keweon Online Security is actively trying to deny that it is possible for him to abuse the root certificate, although it has now been proven that it is actually possible for him to do exactly that with the keweon root certificate and its users.
Until the developer decides to disprove the accusations made against keweon Online Security or can prove that the accusations against him are unfounded, it is advisable for obvious reasons of security not to use keweon Online Security for the time being.
Anyone who is interested in repeating this test can do so at:
http://https-interception.info.tm/, where you will find a DNS and a root certificate, same as with keweon Online Security.
Furthermore there is a real-time log about recorded connections.
Everything else can be found there.
Please be careful not to use your correct email address or password for this test!
#keweon #test #bet #evidence #ProofOfConcept
"
<<< /rant >>>
<<< Explanation of some DNS and TLS/HTTPS basics for noobs >>>
DNS And Root Certificates - What You Need To Know
e8aebe8eb8b24035ae75260ca0ea80a7 / 20190205
Due to recent events we felt compelled to write an impromptu article on this matter. It's intended for all audiences so it will be kept simple - technical details may be posted later.
1. What Is DNS And Why Does It Concern You?
DNS stands for Domain Name System and you encounter it daily. Whenever your web browser or any other application connects to the internet it will most likely do so using a domain. A domain is simply the address you type: i.e. duckduckgo.com. Your computer needs to know where this leads to and will ask a DNS resolver for help. It will return an IP like 176.34.155.23; the public network address you need to know to connect. This process is called a DNS lookup.
There are certain implications for both your privacy and your security as well as your liberty:
- Privacy
Since you ask the resolver for an IP for a domain name, it knows exactly which sites you're visiting and, thanks to the "Internet Of Things", often abbreviated as IoT, even which appliances you use at home.
- Security
You're trusting the resolver that the IP it returns is correct. There are certain checks to ensure it is so, under normal circumstances, that is not a common source of issues. These can be undermined though and that's why this article is important. If the IP is not correct, you can be fooled into connecting to malicious 3rd parties - even without ever noticing any difference. In this case, your privacy is in much greater danger because, not only are the sites you visit tracked, but the contents as well. 3rd parties can see exactly what you're looking at, collect personal information you enter (such as password), and a lot more. Your whole identity can be taken over with ease.
- Liberty
Censorship is commonly enforced via DNS. It's not the most effective way to do so but it is extremely widespread. Even in western countries, it's routinely used by corporations and governments. They use the same methods as potential attackers; they will not return the correct IP when you ask. They could act as if the domain doesn't exist or direct you elsewhere entirely.
2. Ways DNS lookups can happen
2.1 3rd Party DNS Resolvers Hosted By Your ISP
Most people are using 3rd party resolvers hosted by their internet service provider. When you connect your modem, they will automatically be fetched and you might never bother with it at all.
2.2 3rd Party DNS Resolver Of Your Choice
If you already knew what DNS means then you might have decided to use another DNS resolver of your choice. This might improve the situation since it makes it harder for your ISP to track you and you can avoid some forms of censorship. Both are still possible though, but the methods required are not as widely used.
2.3 Your Own (local) DNS Resolver
You can run your own and avoid some of the possible perils of using others'. If you're interested in more information drop us a line.
3. Root Certificates
3.1 What Is A Root Certificate?
Whenever you visit a website starting with https, you communicate with it using a certificate it sends. It enables your browser to encrypt the communication and ensures that nobody listening in can snoop. That's why everybody has been told to look out for the https (rather than http) when logging into websites. The certificate itself only verifies that it has been generated for a certain domain. There's more though:
That's where the root certificate comes in. Think of it as the next higher level that makes sure the levels below are correct. It verifies that the certificate sent to you has been authorized by a certificate authority. This authority ensures that the person creating the certificate is actually the real operator.
This is also referred to as the chain of trust. Your operating system includes a set of these root certificates by default so that the chain of trust can be guaranteed.
3.2 Abuse
We now know that:
- DNS resolvers send you an IP address when you send a domain name
- Certificates allow encrypting your communication and verify they have been generated for the domain you visit
- Root certificates verify that the certificate is legitimate and has been created by the real site operator
How can it be abused?
- A malicious DNS resolver can send you a wrong IP for the purpose of censorship as said before. They can also send you to a completely different site.
- This site can send you a fake certificate.
- A malicious root certificate can "verify" this fake certificate.
This site will look absolutely fine to you; it has https in the URL and, if you click it, it will say verified. All just like you learned, right? No!
It now receives all the communication you intended to send to the original. This bypasses the checks created to avoid it. You won't receive error messages, your browser won't complain.
All your data is compromised!
4. Conclusion
4.1 Risks
- Using a malicious DNS resolver can always compromise your privacy but your security will be unharmed as long as you look out for the https.
- Using a malicious DNS resolver and a malicious root certificate, your privacy and security are fully compromised.
4.2 Actions To Take
Do not ever install a 3rd party root certificate! There are very few exceptions why you would want to do so and none of them are applicable to general end users.
Do not fall for clever marketing that ensures "ad blocking", "military grade security", or something similar. There are methods of using DNS resolvers on their own to enhance your privacy but installing a 3rd party root certificate never makes sense. You are opening yourself up to extreme abuse.
5. Seeing It Live
5.1 WARNING
A friendly sysadmin provided a live demo so you can see for yourself in realtime. This is real.
DO NOT ENTER PRIVATE DATA!
REMOVE THE CERT AND DNS AFTERWARDS
If you do not know how to, don't install it in the first place. While we trust our friend you still wouldn't want to have the root certificate of a random and unknown 3rd party installed.
5.2 Live Demo
Here is the link: http://keweonbet.info.tm/
- Set the provided DNS resolver
- Install the provided root certificate
- Visit https://paypal.com and enter random login data
- Your data will show up on the website
6. Further Information
If you are interested in more technical details, let us know. If there is enough interest, we might write an article but, for now, the important part is sharing the basics so you can make an informed decision and not fall for marketing and straight up fraud. Feel free to suggest other topics that are important to you.
For more information/feedback/corrections visit our chat linked in the pinned post. (Search ID 0728e516cf2446e7b25af7622c26d8d + 5 in case you hid it.)
All content is licensed under CC BY-NC-SA 4.0. (Attribution-NonCommercial-ShareAlike 4.0 International https://creativecommons.org/licenses/by-nc-sa/4.0/)
- DNS resolvers send you an IP address when you send a domain name
- Certificates allow encrypting your communication and verify they have been generated for the domain you visit
- Root certificates verify that the certificate is legitimate and has been created by the real site operator
How can it be abused?
- A malicious DNS resolver can send you a wrong IP for the purpose of censorship as said before. They can also send you to a completely different site.
- This site can send you a fake certificate.
- A malicious root certificate can "verify" this fake certificate.
This site will look absolutely fine to you; it has https in the URL and, if you click it, it will say verified. All just like you learned, right? No!
It now receives all the communication you intended to send to the original. This bypasses the checks created to avoid it. You won't receive error messages, your browser won't complain.
All your data is compromised!
4. Conclusion
4.1 Risks
- Using a malicious DNS resolver can always compromise your privacy but your security will be unharmed as long as you look out for the https.
- Using a malicious DNS resolver and a malicious root certificate, your privacy and security are fully compromised.
4.2 Actions To Take
Do not ever install a 3rd party root certificate! There are very few exceptions why you would want to do so and none of them are applicable to general end users.
Do not fall for clever marketing that ensures "ad blocking", "military grade security", or something similar. There are methods of using DNS resolvers on their own to enhance your privacy but installing a 3rd party root certificate never makes sense. You are opening yourself up to extreme abuse.
5. Seeing It Live
5.1 WARNING
A friendly sysadmin provided a live demo so you can see for yourself in realtime. This is real.
DO NOT ENTER PRIVATE DATA!
REMOVE THE CERT AND DNS AFTERWARDS
If you do not know how to, don't install it in the first place. While we trust our friend you still wouldn't want to have the root certificate of a random and unknown 3rd party installed.
5.2 Live Demo
Here is the link: http://https-interception.info.tm
- Set the provided DNS resolver
- Install the provided root certificate
- Visit https://paypal.com and enter random login data
- Your data will show up on the website
6. Further Information
If you are interested in more technical details, let us know. If there is enough interest, we might write an article but, for now, the important part is sharing the basics so you can make an informed decision and not fall for marketing and straight up fraud. Feel free to suggest other topics that are important to you.
For more information/feedback/corrections visit just PM the poster here.
He activated Mail forwarding.
All content is licensed under CC BY-NC-SA 4.0. (Attribution-NonCommercial-ShareAlike 4.0 International https://creativecommons.org/licenses/by-nc-sa/4.0/)

I appreciate you taking the time to write this up.

After reading this, im a bit scared because yesterday i installed both the dns and cert from keweon and since then i logged into bank accounts and several important sites (apps and browser).
Is this really that bad? Is keweon creator really capable of stealing users data just by using a custom dns and cert?

2 yrs later the same s**t again?
I'm honored about the fact that you try to fight against keweon. It seems you are someone from the advertising industries and this statement is almost the same as you have started the big ****storm against me 2 yrs ago.
Did you ever talk about the 46 Root Certificates within Windows which are responsible to share Ransomware, Malware, Spyware and other crap? No.
Did you ever talks about all the Apps which are using hidden root certificates to spy user data? No.
Did you ever talk about custom ROMS which contains hidden Root Certificates? No.
But you are still fighting against me? What will ever happens when I would shut down keweon?
keweonDNS is cleaning up the internet for various threats and of cause advertising. Because of blocking this it's causing HTTPS errors. To suppress this errors I have developed this Root Certificate. At the moment everything is still just for testing and when I launch the "real Infrastructure" there will be definitely a different Root Certificate.
You can use the DNS even without the certificate. Where is the problem? It's not a need or a must to use it but then Adblock detection is possible and a lot of other things. All addresses outside are working via HTTPS and the only reason for this certificate is to prevent HTTPS errors caused by Adblocking. I was asking you for a better Idea - no answer. Even various data protection agreed to me that this is a good Idea to protect against data collections.
I'm 100% sure you are someone from the advertising industries because until today you are only talking about common things that "might" happens or that "can" happens or "possibilities". In the meantime a lot of companies are using keweonDNS and there are some big Companies and this will definitely show that you have no idea about HTTPS and how it is working.
I repeat again. Using keweonDNS is cleaing up the internet within an incredible way. If you want to have everything faster or if you want to suppress the upcomming HTTPS errors cause by Adblocking YOU CAN USE the Certificate. It's not a MUST HAVE. But if you ever have a better Idea to fight against data collection and privacy violation without a certificate then any idea is welcome. That's the reason why it's still a TEST SYSTEM.
This certificate suppress all Adblock detections and data collections. Why you don't talk about this? Why you only talk about this is possible and that is possible? Why you don't write about the actual facts? Why you don't write about the things which are possible with the certificate?
In the meantime there are worldwide 32 million users who are using keweonDNS. Do you honestly think I didn't expect someone to try a ****storm against me or keweon? keweonDNS is a war declaration against Google, Facebook, Microsoft, Yahoo and the entire worldwide ads industry and you are talking about evil things what "might" happens? But hey, it's OK for me
I still offer to you - if you have a better idea let's do it together. I'm open for any idea or help. If you still want to fight against me then this shows me you support Google, data collection and privacy violation.