Beginning with 2016 we will not longer support the coexistence with EYEO's AdBlocker.
This tool is an advertising gateway and they will pass more and more advertising.
keweonDNS
THE FIRST ADBLOCKER WORLDWIDE
WHICH RUNS ON
EVERY OPERATION SYSTEM
EVERY BROWSER
EVERY SYSTEM
without any Software Installation
Tested & working on:
WinXP to Win10 - Windows Mobile - Linux - UNIX - Android - iPhone - iPad - MacOS - BeOS - BLACKBERRY - JavaOS - XBOX - PLAYSTATION - APPLE WATCH - WebOS - Microsoft EDGE - RASBERRY - NAS DEVICES - SmartTV's
Click to expand...
Click to collapse
I'm proud to present a brand new ad-block and security solution. I hope to find some supporter here to check, test and optimize the system.
The name of this system is keweon which is a short form from the German words "keine werbung online". Translated to English this would be "no advertising online"
Unfortunately every online presence is within German language because my English is not longer the best.
The idea and very first solution was born in year 2003. In the year 2013 I decided to launch the system as an online based system and we have tested this system almost on every device. AdBlocking is just only one of the many features but at the moment it's only important if the black and white lists are usable and what to change.
keweon is also the only adblock solution world wide which is not possible to block. If you find a web page where you receive the message "Blocked because you are using an adblocker" let me know this link here or post it on our facebook page and we will change this.
Now it's up to you to decide what you want to think about it.
How can you use it?
The big advantage is that you don't need to install any software. Just point your device to the keweonDNS Server and - that's it!
You can use it on your device or on your SOHO Router or you can use it just on your PC to test and see how does it work.
It's working on EVERY operation system, on EVERY device. Even on IPhone, PlayStation, XBOX and if you want it will even run on the Apple Watch.
Here are the keweonDNS Server list and where they are located:
DNS Server IPv4
GERMANY 01 (*) 46.101.208.121
GERMANY 02 (**) 46.101.187.194
UNITED KINGDOM 01 (*) 178.62.117.240
USA - Dallas (TX) (**) 45.32.198.153
DNS Server IPv6
GERMANY 01 (*) 2a03:b0c0:3:d0::3c:7001
GERMANY 02 (**) 2a03:b0c0:3:d0::b0:8001
UNITED KINGDOM 01 (*) 2a03:b0c0:1:d0::28:8001
USA - Dallas (TX) (**) 2001:19f0:6400:8945:5400:00ff:fe17:5dba
(*) = only available for Germany, Austria, Switzerland and Liechtenstein
(**) = global available
Our DNS Server are not pointing to Google server at the other end. We want to have a clean DNS solution. The DNS servers points to root-server.net infrastructure only.
This might cause some troubles e.g. with MarkMonitor URL's and Domains. I don't care because this company is anyway block at 99,999% via keweonDNS
HTTPS Advertising - no more chance
This is also a big advantage that keweon is able to cover also this crap. We know the current solution is not the best but it is the cheapest.
If you want get rid of the HTTPS advertising error message than you need to install the keweon Adblock Root Certificate on your Computer or on your device.
I know that there are better solutions but the problem is that keweon is currently just a hobby and to buy a public certificate and spending 800 Euro just for fun would be a big financial pain.
You don't need the certificate to use the keweon Adblock but if you want to get rid of the https nags you need to use is.
Browser example without keweon Root Certificate:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Browser example with keweon Root Certificate:
If you want to see what is inside this certificate than browse to the keweon HTTPS Sniper Server and take a look inside the SSL Certificate. You can see what URL's we will take over for ad-blocking reason.
How does keweonDNS work?
It's not a big secret because EVERYTHING is working on 100% pure native DNS technologies. The only thing you need is a FreeBSD Server, a LINUX Server and - YES, it is REQUIRED - a Windows Server. You need to build your own operation system based on UNIX and some special kernel things.
That's all!
I also have had a contact to a big AdBlock Company and the CEO still think this solution is a Proxy solution. I don't want to make a big discussion but keweon is running on 100% native DNS.
The only exception for this is currently YouTube. We have unlocked YouTube that you will not longer get stupid messages "Is blocked because...".
In non other country of the world are more Videos blocked than in Germany. Don't ask for the secret of the YouTube solution. It's working and we will not send the traffic over the keweon systems. That's the reason why we can offer this solution to nearly half a million users.
Check this and see:
https://apps.opendatacity.de/gema-vs-youtube/en/
Currently we have the problem that YouTube unblocker will not run 100% on iOS devices. If you want to see EVERY Video you need to uninstall the YouTube App from your device and watch the videos within the browser.
Therefore I would need additional help to sort out where the hell this app will take the GEO location information's. At the moment it seems it will use the iOS API for this but my knowledge about the iOS API is very limited.
Here are the important links:
On Facebook: https://www.facebook.com/keweonNetwork
On Twitter: https://www.twitter.com/keweonNetwork
Because of legal reason the web site is still offline. One little error on the page could cost a lot of money in Germany.
The Web: http://www.keweon.de
The keweon Root Certificate.
Keep in mind it is not required to use the certificate. If you want to get rid of the HTTPS error messages u can use it but for the basic Ad-blocking it is NOT REQUIRED.
Here is the list of the current entries within our certificate. You can double check this within our HTTPS sniper server: https://adblock.keweon.center
http://forum.keweon.de/viewtopic.php?f=9&t=8
For Windows Systeme (MSI File)
The certificate is working for IE, Edge and Chrome Browser.
http://pki.keweon.center/certs/keweonAdBlockCertificate.msi
MSI within a ZIP file:
http://pki.keweon.center/certs/keweonAdBlockCertificate-MSI.zip
For Android and iOS devices, also for Firefox and Mozilla Browser:
http://pki.keweon.center/certs/keweonAdBlockCertificate.crt
CRT within a ZIP file:
http://pki.keweon.center/certs/keweonAdBlockCertificate-CRT.zip
For Admins to use it within Active Directory as REG file:
http://pki.keweon.center/certs/keweonAdblockCertificate.reg
REG within a ZIP file:
http://pki.keweon.center/certs/keweonAdblockCertificate-REG.zip
If you want to have a "AllInOne Package" use this link please:
http://pki.keweon.center/certs/keweonAdblockCertificate.zip
What will this cost?
It will cost nothing. You can use it where ever you want to use it.
Why it's free?
Because we can do it.
We are unknown.
We don't know what you think about this solution.
That's the reason why this will be free of charge. But keep in mind that this system is only a demo system because we don't have the money to do what we want to do.
The only thing what we expect:
Like, Share and Promote us here by XDA (hit the Thanks Button), on Facebook and Twitter. That's all we want to have from you.
And now?
Now it's your turn.
Read it, use it and decide if you want to have the Internet in a newer Version. Take a look and see.
Hope you enjoy it!
How you can support keweon?
If you have found an address which is blocked that needs to be unblocked or if you have found additional critical address then just send this via email.
At the moment we need to cross check everything manually but we hope that we can automated this process within a few weeks. For this it is important how you send the email. Let's give a short example.
BLACKLIST EXAMPLE:
You have found the URL www.ads-terror.com. But this address is a Popup from the site www.cool-site.com
Now create a text file as like as a hosts file and add the bad URL. Use the Hash sign (#) to seperate the comment. As comment you should use the source URL where you have found the Popup.
www.ads-terror.com # www.cool-site.com
If you have found a malware site or address or something like the "Flashplayer Update" which is in real a malware or spyware trash than comment this with what it is. Just one or two words that we know what it is. You can also combine this or write a few more words. It's up to you.
www.ads-terror.com # fake flashplayer
WHITELIST EXAMPLE:
We know that 7 million entries will not be 100% safe and clean. So don't worry, if you find an address which is blocked which should be not blocked than let's whitelist this.
Also write this into a TXT File and comment this with some self spelling infos that we know why.
bit.ly # Twitter URL shortener
That's all. Please don't send any screenshot or PDF or anything else than a TXT file. Keep in mind that we only will work with the attachments. It does not make sence to send the information within the email body. Whatever you write in the mail this will be ignored because this is an half automated process.
Where to send?
It's easy.
If you have an request and attachment for white listing send this to:
[email protected]
If you have an request and attachment for black listing send this to:
[email protected]
Anything else?
Yes. If you have seen a website where you will receive the Message "this website is blocked because you are using an adblocker" than we also want this to know.
Sometimes it will take a few hours, sometimes this can take up to 3 days until whe are able to break this. But we keep you updated on twitter if we are able to remove this crap.
If you have found an address please copy this address also into a TXT file and send this to:
[email protected]
A few of our blocked URL's might cause some HTTPS errors. For this we have the Root Certificate and because of this we are able to manage this errors within a few minutes.
If you are using the keweon Adblock Root Certificate and find an error on a web page than make a screenshot OR send a TXT file with the URL.
We will double check this and if we see that this address needs to be placed in our HTTPS certficate we will do this. If something wents wrong we will remove this address from our blacklist.
If you see or find an error within the HTTPS certificate than we also need this to know. Send the screenshot or the TXT file to this address and we will take action.
[email protected]
Update of white and black lists
Currently we have a job, we have family and we can not offer 24x7 support for this. This system is just a damn small system, it's a hobby and this update procedure can cause a timeout for round about 60 sec. when we do an update on our DNS Servers. We know how to solve this but we don't have the money currently for this.
This update has only impact to NEW site and URL requests.
If you are playing an online game, stay on facebook or doing work on the same site you will see no interruption. If you do a new site request and you will see that this request runs into a time out take a smoke or move away for a new cup of coffee.
I hope you enjoy this and if you have any recommendations please let me know this.
What is keweonDNS?
keweonDNS is more than just a simple adblocker system. keweon is a solution which offers a lot of cute things.
privacy Protection
protection by Virus and Trojan infection (prevent the download of additional files)
protection against spying (blocking the source address)
Internet without Ads and Popups
real time online ad-blocking
domain address based
working with ipv4 and ipv6
tracking protection
malware protection
spyware protection
trojan protection
fake security filter
fake software filter
phishing protection
advantage because of all of this: up to 50% faster internet on all devices
We also have found a solution where we are able to block even IP Addresses and filter single websites or a picture. But currently it is to expensive to release this for public usage.
We need your support!
The keweonDNS phishing protection is a beta solution at the moment because we have the idea. We know what to do. We know where to do.
But we have no email with a phishing address or URL. We hope someone of you is able to support us and send us a few URL's.
If you receive a phishing mail than copy the content of the mail into a TXT file. Please make sure that you will copy the PHISHING address into this TXT file and then send the TXT file as attachment to:
[email protected]
!!! ATTENTION !!!
IF YOU DON'T KNOW WHAT TO DO - NEVER CLICK ON A LINK WITHIN A PHISHING MAIL.
ASK A FRIEND OF YOU OR SOMEONE WHO KNOWS WHAT TO DO!
Click to expand...
Click to collapse
If you are not sure than you can forward and send the complete mail to us. Please send this mail to:
[email protected]
The problem is that our mail provider might filter this mail. That is the reason why we are asking for the source and destination address within a text file.
It will not help if you only send a screenshot because the LINK and the LINK REFERENCE are completely different. It's also an idea if you are able to save the message and send the message as ZIP file.
If we have this mail we will take action and prevent phishing attacks when you are using the keweonDNS Servers.
Currently we have not a real solution how you can send the information's within a secure way. You can do what you want as long as you are safe and can make sure that you will be not infected.
If you have any idea how to send the complete mail your welcome to keep us informed.
It seems no one is using this System because of my self signed Root Certificate.
I want to get rid of the Certificate installation.
Does someone know if there are some provider who offers free public web server certificates?
Currently I only know Comondo.
Thanks in advance!
(2015/12/11 - 12:15) EDIT:
Click to expand...
Click to collapse
We have done a Certificate request with public domains entries within the SAN field.
After this the certificate request was catched by fraud detection and they denied the certificate.
Bad luck for us. But we don't give up.
If someone knows a different solution than our Root Certificate please let me know.
At the moment it is only possible to get rid of the HTTPS trash with our Root Certificate.
Thanks in advance!
Over 500 Hits and no one seems to be interessted?
Can someone explain to me why there is a problem to give it a try and test this System?
Would be a great thing. Thanks in advance.
I'll give it a try, i already promoted it over my friends, i thank you for your work
Inviato dal mio Nexus 4 con Tapatalk 2
jacomail95 said:
I'll give it a try, i already promoted it over my friends, i thank you for your work
Inviato dal mio Nexus 4 con Tapatalk 2
Click to expand...
Click to collapse
That's good to know.I will Update this Thread with more options.
I have no exerience with Italy and ads, Malware and Spyware.
Hope you will give some feedback to optimize it. Infos and how2 will follow within this Thread the next few hours.
Thanks and I hope you enjoy this system
Now you can help us with update and clean up the white and black lists.
http://forum.xda-developers.com/showpost.php?p=64055856&postcount=2
Best regards!
Hello , thanks for this dns. Could you provide server & net provider information?
Please take a look at dnscrypt.org , usage would be great.
Your website isnt loading , what happened
Sent from my GT-I9505 using XDA Free mobile app
HeathenMan said:
Hello , thanks for this dns. Could you provide server & net provider information?
Please take a look at dnscrypt.org , usage would be great.
Your website isnt loading , what happened
Sent from my GT-I9505 using XDA Free mobile app
Click to expand...
Click to collapse
At this point DNS encryption is not a thing we Plan to implement.
This System is comlete VPS based and a real smal system.
We are using some overloaded security on the servers. If we have success to establish this as an commercial system we will use DNS encryption.
But at the moment we only want to clean up the Black and white lists and for this DNS encryption will cause more troubles than security.
Best regards!
Technical Focus:
It seems that adblock blocking will become the "Advertising Surprise XXL Feature" for 2016.
May be for all other Adblockers. But this will not work with the keweon System.
We cross the fingers and we wil see :fingers-crossed:
Blocking Adblocker which blocking ads to make sure that ads will never blocked
If you see any Website which is blocked when you will use an ad-blocker please test this also with the keweon System.
Yahoo is working on this to prevent ad-blocker usage.
We are working on this problem too and for a well-balanced result we take the other side.
Help and let us know when you find such a site!
Tell us what you think about this:
kinox.to and movie2k.to are now 98% ad free.
We also removed the abo traps when you use this sites on your mobile phone.
Best regards and we hope you enjoy this!
What are you doing with all the user data you are collecting with this?
Gesendet von meinem HTC One mit Tapatalk
flummi3000 said:
What are you doing with all the user data you are collecting with this?
Gesendet von meinem HTC One mit Tapatalk
Click to expand...
Click to collapse
Collecting data? From users? Or any connections?
I guess you are german because that's typically german bull****!
Who the hell told you that we collecting data? Collecting user data via DNS Server? Did you saw any data collection?
Do you realy belive that we break the communication to nearly everywhere and than we collect data for what?
Oh damn!! Almost idiots only here in germany!
Sprint
Anyone know how to change the DNS on android KK?
Sent from my N9515 using XDA Forums Pro.
brad65807 said:
Sprint
Anyone know how to change the DNS on android KK?
Sent from my N9515 using XDA Forums Pro.
Click to expand...
Click to collapse
Check the Playstore and search "RomToolBox". But this tool requires root.
Unfortunately I'm using currently an iPhone but with this Tool I have had the best experience on android.
With higher versions than KK (4.4) I have no clue how to change the DNS Servers because HTC OneMax with 4.4 was my last android device.
I just use the DNS changer from Playstore. Works fine so far. Thanks for your effort!:good:
Shockwave71 said:
I just use the DNS changer from Playstore. Works fine so far. Thanks for your effort!:good:
Click to expand...
Click to collapse
Good to know. thanks for the Feedback :good:
bencozzy said:
I have to agree this is not open source so only security conscious conclusion is that you are data sniffing.
Click to expand...
Click to collapse
Hmmm... Data sniffing with DNS? How? And why?
Everyone is claiming that it is not possible to protect data. I have found years ago a solution and after 10 years I decided to launch this as an online solution.
Let's assume that I will data sniffing. What can I get?
Compare DNS as a phone book. You have the option to look inside where the Webserver or the destination exists. You are searching only a phone number or IP Address.
If you take data from the webserver this will not served and offered by the DNS Servers because this will be done from the webserver which you are browsing to. DNS is only telling your browser, hey go there and there you will find the rest.
The only thing I would get is which IP address is seeking for what address. So what data I should sniff? I only will get the information which IP address is searching xyz.com. Based on this information what should I do with this?
If I would like to have this Data that makes no sence because I have a account to statista.com where I can get more and detailed informations about this. Therefore is no need to launch such a tool.
I decided to build this project DNS based because in no country of the world it is requrired to log DNS request. May be China is an exception but especially in germany where it is required by law to log EVERY web server access DNS will be an exception.
Everyone is claiming that it is not possible to filter dangerous things within the Internet or web sites. Also the site and user tracking. If you use my DNS you can browse to Amazon do a search any you will get not "stalking result" when you visit ebay after your amazon visit.
I have disabled this online tracking which a lot of people say this it not possible. I'm working with this keweonDNS solution since years and also a lot of other people. This was finally the reason why I decided to launch this system as a public system. I'm specialist for Active Directoy since 2000 and I promises to you I will and I can do things with DNS where others will never dream of.
And yes. The system is closed source. And it will stay closed source.
On the one hand I have spend years of work into this system and if you ask someone who has experience with DNS this guy will confirm that this will not work what I do. I heard this so many times - but it's working. On the other handy I keep this closed because I will give no one the chance to break my system or doing some evil things.
If this system will have success than hey, I will find an Investor and I'm able to implement all the security features and launch this as an global system. Yes, this is what I want to do with this.
At the moment you will see only 20% of it's power because all other things would make this system damn expensive when I would release this as public system.
Big companies better pray that this never will happens because for them this system will become an evil nightmare.
If it's no success and everyone has concerns to use it than I will put everything back into the drawer and that's it. At the moment it is fun, fun, fun and more fun. Nothing more.
The same is with my Adblock Root Certificate. I was searching a solution. I found it and it's working. Within a Windows System you will see 42 root certificates. Do you know what they will do? Do you know what they are responsible for? I guess you will not know this but you trust them by default.
I will open and release my complete certificate if you want.
I can not take the fear away which you might have with my system, it's up to you to use it. But the main reason is I want to keep my data on my machine. I don't like if someone try to spy me, my machine and everything what I do.
At the moment I only want to know if the Black and White Lists are OK. To launch the system as a public system there is a lot of additional work required which is not possible that one or two guys can handle this.
I have a solution. I offer the solution as a public system and I will never say that this is the master solution. But with keweon you have more security and options than every other system.
It is absolut O.K. that someone thinks twice bevor he use this system. It is absolut O.K. when someone do not trust the certificate. And it's absolut OK when someone think that this is a big peace of sh**t.
I expected a lot of complains and I'm prepared for nearly everything.
But to think that I'm collecting data?
That's a hard pain because this is what I hate and that is something what this system prevent.
If you will not trust this solution it's O.K. for me. If you have any recommendations how can I achieve more trust into this system than let me know this because I'm open to anything.
Best regards!
bencozzy said:
I have to agree this is not open source so only security conscious conclusion is that you are data sniffing.
Click to expand...
Click to collapse
Just shut-up for godsake if you want to use it use it, or if you don't leave it, why so many complaints, go learn computer networks DNS stuffs and then talk, its just a solution, there are many other adblocking solutions out there. If you are concerned with too much privacy why use Google or xda there's trackers everywhere, its inevitable to avoid. Grow up please.
Related
Hey there,
I saw a couple of posts on the Internet regarding this new Tasker plugin. I was wondering how it really works, but couldn't find any detailed explanation on how exactly this works.
I'm a bit sceptical installing a Tasker plugin which can be controlled by any browser. Sure you have to know the shortened URL and you can define a password, but I don't see myself handing over control of my phone to a Tasker login lying around in the cloud somewhere.
Any insights?
https://play.google.com/store/apps/details?id=com.joaomgcd.autoremote.lite
This is the lite version if anyone is interested.
How to from pocketables
http://www.pocketables.com/tag/autoremote
Sent from my GT-I9300 using Tapatalk 2
AutoRemote developer here
Hi.
I'm AutoRemote's developer.
What exactly are your concerns over AutoRemote's security?
The way it works is, like you said, you control your phone from your own personal URL. You give that that URL to other people or keep it to yourself. The probability of someone finding that URL by chance is extremely low, and even if they do, they would have to guess which commands you configured on your phone.
Feel free to ask any questions and I'll try to answer them.
Hi,
thanks for taking the time to answer my questions. And I have to admit, I was a bit vague in my first post.
How does the communication between my desktop browser and my phone work? Let's say I defined a message and send it from my browser at work to my phone, which is on the mobile network. How does this work? Will the message be send from the PC to the phone? I don't know how that would work, as the ip I got from my ISP is behind a firewall and there is no way to directly reach my phone. This leaves two possibilities:
1. the phone has a constant connection to the server, like an ssh tunnel (http://autoremotejoaomgcd.appspot.com/?key), or
2. the phone itself checks for new messages on the server in regular intervals (again, http://autoremotejoaomgcd.appspot.com/?key)
1. battery will drain a lot, judging from my experience with ssh or VPN. Phone won't go into deep sleep.
2. Messages will be stored on the server.
I guess 2 is more likely, but then again, I could be talking out of my a**
My main problem with it though: Everything done via http://autoremotejoaomgcd.appspot.com/ is a black box for me. You could save all messages, including passwords and messages and this is a big problem for me. Don't get me wrong, but why should I trust you with this data when you could do all kinds of nasty things with the devices. Let's assume I made a message to remotely wipe my phone, you could do same, couldn't you?
I'm not saying you do these things, but I don't know you
I guess my guestion is, any way to host the middleman goo.gl/12345 and http://autoremotejoaomgcd.appspot.com/ myself?
If I'm wrong about these things, please feel free to correct me and thanks again for taking the time
Greetings
Thanks for the friendly message.
About the first part, the way it works is, the autoremotejoaomgcd.appspot.com page sends a message to Google which in turn sends a push notification to your phone.
That doesn't drain any more battery than it would otherwise, the connection to Google's servers to receive push notifications is always open anyway.
This is the same way you receive new email alerts or instant messages on other apps.
About the second part, yes, it's true. If I wanted, I could keep all your messages and resend them. I certainly DON'T do that, but why would you trust me?
Well, what I always say is, use AutoRemote for fun and non-dangerous stuff if you don't feel like trusting me. If you feel I'm not a bad guy (I already have lots of positive reviews on Google Play that show that I haven't done anything wrong), that by all means create a remote-wipe profile in Tasker.
Hope this helps!
Hey man,
Thanks for the explanation and sorry for the delay, but the last couple of days were pretty busy. Anyway, I still have a follow up question
I'm curious about the Google push notification feature you mentioned and I'd like to know how that works. I hope there is some sort of mechanism to prevent people from sending notifications to my device without my consent. If you could point me in the right direction in terms of documentation I would be grateful (well, I already am for your response )
I think I will give it a try and use incoming email for wiping device. Being able to disable my xmpp account on the tablet when phone leaves home would be a great feature. So, thanks again for your effort and your answer.
Have a nice day.
Hillbicks
Sent from my ASUS Transformer Pad TF700T using Tapatalk 2
Hi,
I know this is an old thread but wanted to jump in since the developer seems to be on this thread.
From a security perspective, a couple of suggestions:
Make both the Google Short URL and the URL that the Google Short URL directs to HTTPS. This would keep people on the local network from sniffing both your URL query string and password. Certificates appear to already be in place, so it's as simple as adding a character, assuming AutoRemote would allow it.
Use the password as a hash to encrypt the data being passed over the Google Servers. Process would look something like the below, and would ensure total security of the data being transmitted.
Web form uses client-side JS to encrpyt any data based on password
Encrypted data is BASE64 encoded to plain text
This string is sent through the notification engine of Google
When received, the phone uncodes the BASE64, then decrpyts using the password
Thanks,
Ben
Fmstrat said:
Hi,
I know this is an old thread but wanted to jump in since the developer seems to be on this thread.
From a security perspective, a couple of suggestions:
Make both the Google Short URL and the URL that the Google Short URL directs to HTTPS. This would keep people on the local network from sniffing both your URL query string and password. Certificates appear to already be in place, so it's as simple as adding a character, assuming AutoRemote would allow it.
Use the password as a hash to encrypt the data being passed over the Google Servers. Process would look something like the below, and would ensure total security of the data being transmitted.
Web form uses client-side JS to encrpyt any data based on password
Encrypted data is BASE64 encoded to plain text
This string is sent through the notification engine of Google
When received, the phone uncodes the BASE64, then decrpyts using the password
Thanks,
Ben
Click to expand...
Click to collapse
I'm with Ben here. I just installed Autoremote for testing and tried adding my linux box as a registered device. That implies entering a valid username and password for the linux box, and I'm guessing that both username and password are sent on the clear when sending a message from Autoremote to the linux box. This is a major security risk, and perhaps Ben's solution could be easily implemented...
I think Autoremote is a great idea with a great execution so far, just lacking the security component for our peace of mind!
Ivan.
There's lots of stuff you can do with autoremote that requires no security. I used it, like the pocketables guy, to spread alarms between two android devices. Lowers the risk of one device's alarm failing to go off, and I'm hard to wake up, so the more alarms the better. All I passed through autoremote was the time and the command the client needed to know what to do with the time. Security for such a transmission just isn't necessary.
Not that I am opposed to you guys getting your security, but I'd imagine it'd be a pricier functionality, and what exists now is for applications where security would be unnecessary.
fortunz said:
There's lots of stuff you can do with autoremote that requires no security. I used it, like the pocketables guy, to spread alarms between two android devices. Lowers the risk of one device's alarm failing to go off, and I'm hard to wake up, so the more alarms the better. All I passed through autoremote was the time and the command the client needed to know what to do with the time. Security for such a transmission just isn't necessary.
Not that I am opposed to you guys getting your security, but I'd imagine it'd be a pricier functionality, and what exists now is for applications where security would be unnecessary.
Click to expand...
Click to collapse
Not sure if anyone is still monitoring this, but I still think it would be really awesome to be able to do this without the need to loop through someone else's server.
Does anyone know of something that is out there that would allow one to do that?
--Ironhead65
ironhead65 said:
Not sure if anyone is still monitoring this, but I still think it would be really awesome to be able to do this without the need to loop through someone else's server.
Does anyone know of something that is out there that would allow one to do that?
--Ironhead65
Click to expand...
Click to collapse
Hi, as long as your sending device and the reciever (that may be another phone or a PC) are in the same network, there is a possibility to send the messages directly via WiFi. Also, messages can be sent by using Bluetooth.
So, as long, as your connected to the same network (what you usually are as long as you´re at home), or your devices are in the same room there is no need for external servers
Greetings!
@joaomgcd
Any news on that matter?
C0qRouge said:
@joaomgcd
Any news on that matter?
Click to expand...
Click to collapse
What part exactly do you mean?
thanks for taking the time! there are many interesting ideas in this thread.
* HTTPS <-- seems to be already in place
* Encryption of communication
* no private server, only direct connection or google as a relay
and to add: it would be nice to have a bit of documentation "behind the scene" to understand whats going on how the devices are communicating with each other.
C0qRouge said:
thanks for taking the time! there are many interesting ideas in this thread.
* HTTPS <-- seems to be already in place
* Encryption of communication
* no private server, only direct connection or google as a relay
and to add: it would be nice to have a bit of documentation "behind the scene" to understand whats going on how the devices are communicating with each other.
Click to expand...
Click to collapse
+1 to direct communication, as in LAN communication ONLY
Two devices both running tasker/autoremote, able to communicate with one another on the same network, without being routed outside the network.....ever
Whether thats feasible, ....i dont know
I also like the encryption bit
I have always known that companies like google and facebook for example collect our data, web searches etc and sell this information for profit. Today, this has become an even bigger issue with what we see in the media with the nsa and other government organizations tapping into our devices and monitoring our usage. At the end of the day, most of us, myself included really dont have anything to hide, so it may not be a real issue. I have often thought that if anyone poked around in my pc or phone they would simply get bored as they are just full of geeky engineering files lol. The real thing for me is simply that it's an invasion of privacy and just not right. With that said, I find myself wanting to go the extra mile to make my pc and my phone completely private from outside sources taking my information, watching my web searches and seeing my data. My question is, is it possible to be 100% secure and private, and if not, how close can we get, and how? I have heard that VPN's can achieve this. Is this true? and if so are there any free secure VPN's for our android devices and or pc's that are really good? Do VPN's slow down our devices? Also, Is there a way when we delete android files to permanently delete them? I noticed when I flashed my rom, after doing the complete wipe that is still contains files from before the wipe.
(I know this isn't a pc forum, I only included the pc because it's relevant.)
Thank you all in advance.
There are no data retention laws in the United States. Meaning, if a data center does not want to hold any logs to their users' activity, they're not required by law to do so. Multiple countries are similar, which is why I recommend using Private Internet Access for your VPN. They have a client for PC and Android and they're really great. I've been using them for many years and have had no issues. And, if you're really wanting to remain "anonymous", you can pay for your VPN subscription using gift cards from popular outlets like Walmart, Starbucks, etc. And for search engines, I'd recommend DuckDuckGo, which doesn't log anything you search. For PC, I'd recommend disabling your IPv6 protocol in your router settings and getting uBlock Origin, HTTPS Everywhere, and PrivacyBadger. They're wonderful add-ons for Firefox or Chrome. uBlock Origin and PrivacyBadger can block WebRTC leaks which would leak your IP address and can be used to identify you. If you want more information, feel free to reply to my post and I'll help you out as much as I can.
Hoxic said:
There are no data retention laws in the United States. Meaning, if a data center does not want to hold any logs to their users' activity, they're not required by law to do so. Multiple countries are similar, which is why I recommend using Private Internet Access for your VPN. They have a client for PC and Android and they're really great. I've been using them for many years and have had no issues. And, if you're really wanting to remain "anonymous", you can pay for your VPN subscription using gift cards from popular outlets like Walmart, Starbucks, etc. And for search engines, I'd recommend DuckDuckGo, which doesn't log anything you search. For PC, I'd recommend disabling your IPv6 protocol in your router settings and getting uBlock Origin, HTTPS Everywhere, and PrivacyBadger. They're wonderful add-ons for Firefox or Chrome. uBlock Origin and PrivacyBadger can block WebRTC leaks which would leak your IP address and can be used to identify you. If you want more information, feel free to reply to my post and I'll help you out as much as I can.
Click to expand...
Click to collapse
Hoxic,
Thank you for all of the information. With the private internet access VPN on my PC and android, will that slow down anything like web surfing, uploads or downloads? I am limited to using Verizon's high speed DSL connection as they refer to it, (I refer to it as slowest speed connection lol) in my neighborhood and this is the only provider for me so it's already pretty slow compared to Fios and other broadband connections. I would hate to slow it down any more.
You mention to pay for these services using gift cards and such. Well as I mentioned, I do not have anything that I am actually worried about anyone seeing, this is simply my way of trying to protect my privacy so I wouldn't go that far but I am curious about that statement. Do you mean that using a VPN truly isn't private or is this just to remove any paper trail linking me to the use of a VPN provider? I have been using DuckDuckGo for several years already just to stop google from taking and selling my info. Weather it truly works or not I dont know but its a great search engine anyway so I figured why not use it.
Your advice to disabling IPv6 protocol in my router settings: I do not see anywhere in my router settings to do this so I googled it, and it looks like there's a way o do this in windows. Is that different that what you're advising? Also I read a windows blog on this and windows 10 says IPv6 is a mandatory part of Windows that they do not advise on disabling. Can you give me some more detail on this, and how to disable it, assuming the windows warning is bull.
Thanks for all of your help.
Private DNS has been around for a little bit on newer devices. However, finding a service that provides both the Private DNS side (TLS) and ad-blocking, filtration of bad domains, etc., has been another whole mess.
I've launched a donation-backed Private DNS service which provides an internet-side option. Think pi-hole style blocking without needing a VPN or only working from your LAN.
What's this entail?
1. Running Android Pie (or anything with the feature ported to it)
2. Using a custom Private DNS Server address that I will provide.
What happens?
1. Your DNS requests are routed via DNS-over-TLS to my CDN virtual machines.
2. Your DNS requests are then locally processed through several internal systems including the infamous Pi-Hole.
3. Final data requests from the local resolver are forwarded via DNS-over-HTTPS to root DNS servers such as 1.1.1.1 and others that are found to support HTTPS protocol.
4. No personal data is stored. Only data with respect to filtration is stored such as blocked versus permitted domains, hit/misses, and caching statistics to continue to develop a more fluid system.
What do I do?
Put "DNS.DEREKGORDON.COM in your Private DNS settings for Android.
Use IP address 35.243.170.151 for other applications to include your home network router, ChromeOS, etc.
Like it? CONSIDER DONATING. This system is kicking out almost one million responses a day for users.
More information is at http://www.derekgordon.com/dns/.
Always provide THANKS no matter what folks. It's the nice thing to do....
So we are looking at a encrypted dns with ad blocking? I would be into trying that.
I'm using dns.agduard.com at the moment on my Huawei P20 pro running Android pie.
Have a number of people using it without issue now....
Check it out here:
https://www.derekgordon.com/dns
crypted said:
Have a number of people using it without issue now....
Check it out here:
https://www.derekgordon.com/dns
Click to expand...
Click to collapse
I'm gonna check it out
Cool. Give it a go. My only concern now rests with the attack prevention stuff I've added. It rate limits and bans those who are hitting the server or servers if expanded quite hard. Basically it's to ward off attackers. Anyway no bad reports from it but it's the only factor I'm not totally sure of.
Gonna give it a shot and give you my results in 24hrs.
Cool. I have zero issues on our family's Pixel 2s and 3s. No one said much bad except someone who had login issues on an Xbox when they used the system for their network's DNS. I solved that for them.
Note I'm not filtering Google ads domain as a few people complained since they click the first couple links on Google. I haven't felt intruded upon by ads with this change since making it a couple weeks back.
hi,
sometime i can use this dns, sometime cannot.
my mi 8 using baskalos rom stated coudlnt connect.
issit because of my isp?
Very strange. No one has reported that issue. Is it the same result on WiFi vs mobile data? Want to give me your IP to search logs?
I've used the server in four countries on various WiFi and mobile netwiens without issue on Pixel 3.
How did you get the Private DNS in android Pie to recognize your dns server? I've got my own pi-hole server, yet when I put in my FQDN, I lose internet access on my phone.
First, I don't use Pi-Hole only. I made a custom Debian image and deployed it into the world of CDN. Pi-Hole's opensource software was incorporated as one of my mechanisms for blacklists.
To your point on connection, you need two things: 1) a TLS server to establish the connection and 2) signed certificates for the domain you are using installed on your server. Android will connect via TLS and will verify that your certificate is valid against its root certificates on the device.
Happy note - my server is providing over 250,000 queries daily now and over 90% connect via TLS so that indicates lots of happy Android users.
I'm check yours out and see how well it compares to the VPN connection I currently use to my pihole.
Been loving your Private DNS so far. Great job on it. Question though, do you have a form or something for people to submit domains that are blocked and shouldn't be?
Hey. Feel free to tell me these domains. There is such high usage and hardly any feedback so I haven't even thought about it. I could make a Google Form later.
Actually, I had a spare moment at lunch. Try this: https://forms.gle/oGtAFKAc7yJPmmEZ6
crypted said:
Actually, I had a spare moment at lunch. Try this: https://forms.gle/oGtAFKAc7yJPmmEZ6
Click to expand...
Click to collapse
Was gonna request https://go.redirectingat.com be unblocked since many many sites use it to link to products on sites like Walmart and Amazon. Can't use that form though since you require a screenshot URL, and I can't screenshot a redirection site.
You figured out a good workaround to make your request. Processing now, give it a minute and should be good.
All of your requests are cleared if you didn't notice yet. Happy browsing.
Not really sure how to publicize this and it probably isn't worth trying to do... But for those who do use this, and there are plenty of folks, I have been working on some changes.
1. These will not work with Android as I don't have the extra cash to blow on more SSL certificates. But, they will work for home networking purposes:
US.EAST.DNS.DEREKGORDON.COM
US.WEST.DNS.DEREKGORDON.COM
DE.FRUNKFURT.DNS.DEREKGORDON.COM
BR.SAO.DNS.DEREKGORDON.COM
2. DNS.DEREK.GORDON.COM is now a pool of a number of VM instances that are connected to Google's CDN. It will grow as necessary. This helps spread out some of the intensity that has been hitting the TLS daemon.
3. Servers will automatically reboot between once a week to every other week depending on load and latency. Sometimes the intense flood of queries really makes things sluggish. Reboot takes just a few seconds and I'm working for it to time it during off-peak hours so hardly anyone will notice.
Hi, I have my own pihole installed on aws server. Could you please share tutorial how could i make it work with private dns in android pie. Thanks.
Firstly some little rant about keweon which is the most hypocrite security service I've ever seen:
[
The mentioned bet was with me. PM for details or public if you make me care enough.
>Copypasting all the elaborate posts from the Telegram sphere as I cant bother to spend much time on it.
I mostly agree with whats written there.
Seriously I dont care about Thorsten (MrT69) personally or in any other way.
I am actually quite sick of this topic. Even mad that I have to deal with basic **** like that. These people managed to trigger a hermit into logging on to tracking heavy XDA.
Why I do this? It needs to be done.
I could have never imagined that such a blatant scam could gain enough traction that it regularly annoys me.
]
<<< A little bit of ranting about keweon >>>
"
Evidence and proof of concept that keweon Online Security is not as secure as claimed by its developer.
After a group of independent IT and cyber security specialists proved that keweon is not as secure as claimed by the developer, they confronted the developer with the results and reminded him of a bet. All keweon support groups on TG then were deleted by the developer personally and without further explanation on the morning of February 4, 2019.
We all know by now that the way keweon DNS works is based on users using keweon's DNS and the keweon root certificate.
What has now been proven is exactly what keweon could do with its users, but Torsten vehemently denies and claims "that's impossible" and "that doesn't work":
1. get users to use your DNS server.
2. get users to use your root certificate.
3. redirecting a page, e.g. mybank.com, to one of the keweon servers (by changing the DNS record)
4. issue your own SSL certificate for the website, users have installed your Root-CA and so this is not a "witch work"
5. read username/password from the connection (if 2FA is used, just wait until the user logs in and use the token again quickly as it is valid for 30 seconds).
We now have proof that this is possible without a doubt. In fact, this is a classic MITM attack, and anyone who denies that it is possible either has no idea (you shouldn't assume this from Torsten) or is trying to hide something from his users.
The developer of keweon has repeatedly asserted and insisted that a root certificate cannot intercept connections or collect data.
Quote from the keweon developer with his PayPal bet:
"Prove that to me. Give me any DNS and a root certificate and try to get my PayPal data.
I'll then even contact you when I sign up for PayPal. If you manage to get my PayPal data this way, you can log in and transfer 500 Euro to your account. I have made this offer very often and this is a serious offer from my side."
Unfortunately the developer of keweon didn't contribute his part to the test as he promised so often and of course he didn't log into Paypal via our provided DNS and root certificate.
The only reaction on his part was, apart from some insults, the deletion of all keweon groups on TG.
The security test of the keweon servers also revealed that under certain conditions connections are even redirected to keweon's own termination server and answered with 1x1 pixel gifs.
The fact is that the requests contain tracking IDs that can be easily managed from these servers.
So even Torsten's statement that the keweon SSL server only terminates requests with empty (0 byte) responses is wrong.
This again contradicts Torsten's own statement.
The point now is that the developer of keweon Online Security is actively trying to deny that it is possible for him to abuse the root certificate, although it has now been proven that it is actually possible for him to do exactly that with the keweon root certificate and its users.
Until the developer decides to disprove the accusations made against keweon Online Security or can prove that the accusations against him are unfounded, it is advisable for obvious reasons of security not to use keweon Online Security for the time being.
Anyone who is interested in repeating this test can do so at:
http://https-interception.info.tm/, where you will find a DNS and a root certificate, same as with keweon Online Security.
Furthermore there is a real-time log about recorded connections.
Everything else can be found there.
Please be careful not to use your correct email address or password for this test!
#keweon #test #bet #evidence #ProofOfConcept
"
<<< /rant >>>
<<< Explanation of some DNS and TLS/HTTPS basics for noobs >>>
DNS And Root Certificates - What You Need To Know
e8aebe8eb8b24035ae75260ca0ea80a7 / 20190205
Due to recent events we felt compelled to write an impromptu article on this matter. It's intended for all audiences so it will be kept simple - technical details may be posted later.
1. What Is DNS And Why Does It Concern You?
DNS stands for Domain Name System and you encounter it daily. Whenever your web browser or any other application connects to the internet it will most likely do so using a domain. A domain is simply the address you type: i.e. duckduckgo.com. Your computer needs to know where this leads to and will ask a DNS resolver for help. It will return an IP like 176.34.155.23; the public network address you need to know to connect. This process is called a DNS lookup.
There are certain implications for both your privacy and your security as well as your liberty:
- Privacy
Since you ask the resolver for an IP for a domain name, it knows exactly which sites you're visiting and, thanks to the "Internet Of Things", often abbreviated as IoT, even which appliances you use at home.
- Security
You're trusting the resolver that the IP it returns is correct. There are certain checks to ensure it is so, under normal circumstances, that is not a common source of issues. These can be undermined though and that's why this article is important. If the IP is not correct, you can be fooled into connecting to malicious 3rd parties - even without ever noticing any difference. In this case, your privacy is in much greater danger because, not only are the sites you visit tracked, but the contents as well. 3rd parties can see exactly what you're looking at, collect personal information you enter (such as password), and a lot more. Your whole identity can be taken over with ease.
- Liberty
Censorship is commonly enforced via DNS. It's not the most effective way to do so but it is extremely widespread. Even in western countries, it's routinely used by corporations and governments. They use the same methods as potential attackers; they will not return the correct IP when you ask. They could act as if the domain doesn't exist or direct you elsewhere entirely.
2. Ways DNS lookups can happen
2.1 3rd Party DNS Resolvers Hosted By Your ISP
Most people are using 3rd party resolvers hosted by their internet service provider. When you connect your modem, they will automatically be fetched and you might never bother with it at all.
2.2 3rd Party DNS Resolver Of Your Choice
If you already knew what DNS means then you might have decided to use another DNS resolver of your choice. This might improve the situation since it makes it harder for your ISP to track you and you can avoid some forms of censorship. Both are still possible though, but the methods required are not as widely used.
2.3 Your Own (local) DNS Resolver
You can run your own and avoid some of the possible perils of using others'. If you're interested in more information drop us a line.
3. Root Certificates
3.1 What Is A Root Certificate?
Whenever you visit a website starting with https, you communicate with it using a certificate it sends. It enables your browser to encrypt the communication and ensures that nobody listening in can snoop. That's why everybody has been told to look out for the https (rather than http) when logging into websites. The certificate itself only verifies that it has been generated for a certain domain. There's more though:
That's where the root certificate comes in. Think of it as the next higher level that makes sure the levels below are correct. It verifies that the certificate sent to you has been authorized by a certificate authority. This authority ensures that the person creating the certificate is actually the real operator.
This is also referred to as the chain of trust. Your operating system includes a set of these root certificates by default so that the chain of trust can be guaranteed.
3.2 Abuse
We now know that:
- DNS resolvers send you an IP address when you send a domain name
- Certificates allow encrypting your communication and verify they have been generated for the domain you visit
- Root certificates verify that the certificate is legitimate and has been created by the real site operator
How can it be abused?
- A malicious DNS resolver can send you a wrong IP for the purpose of censorship as said before. They can also send you to a completely different site.
- This site can send you a fake certificate.
- A malicious root certificate can "verify" this fake certificate.
This site will look absolutely fine to you; it has https in the URL and, if you click it, it will say verified. All just like you learned, right? No!
It now receives all the communication you intended to send to the original. This bypasses the checks created to avoid it. You won't receive error messages, your browser won't complain.
All your data is compromised!
4. Conclusion
4.1 Risks
- Using a malicious DNS resolver can always compromise your privacy but your security will be unharmed as long as you look out for the https.
- Using a malicious DNS resolver and a malicious root certificate, your privacy and security are fully compromised.
4.2 Actions To Take
Do not ever install a 3rd party root certificate! There are very few exceptions why you would want to do so and none of them are applicable to general end users.
Do not fall for clever marketing that ensures "ad blocking", "military grade security", or something similar. There are methods of using DNS resolvers on their own to enhance your privacy but installing a 3rd party root certificate never makes sense. You are opening yourself up to extreme abuse.
5. Seeing It Live
5.1 WARNING
A friendly sysadmin provided a live demo so you can see for yourself in realtime. This is real.
DO NOT ENTER PRIVATE DATA!
REMOVE THE CERT AND DNS AFTERWARDS
If you do not know how to, don't install it in the first place. While we trust our friend you still wouldn't want to have the root certificate of a random and unknown 3rd party installed.
5.2 Live Demo
Here is the link: http://keweonbet.info.tm/
- Set the provided DNS resolver
- Install the provided root certificate
- Visit https://paypal.com and enter random login data
- Your data will show up on the website
6. Further Information
If you are interested in more technical details, let us know. If there is enough interest, we might write an article but, for now, the important part is sharing the basics so you can make an informed decision and not fall for marketing and straight up fraud. Feel free to suggest other topics that are important to you.
For more information/feedback/corrections visit our chat linked in the pinned post. (Search ID 0728e516cf2446e7b25af7622c26d8d + 5 in case you hid it.)
All content is licensed under CC BY-NC-SA 4.0. (Attribution-NonCommercial-ShareAlike 4.0 International https://creativecommons.org/licenses/by-nc-sa/4.0/)
- DNS resolvers send you an IP address when you send a domain name
- Certificates allow encrypting your communication and verify they have been generated for the domain you visit
- Root certificates verify that the certificate is legitimate and has been created by the real site operator
How can it be abused?
- A malicious DNS resolver can send you a wrong IP for the purpose of censorship as said before. They can also send you to a completely different site.
- This site can send you a fake certificate.
- A malicious root certificate can "verify" this fake certificate.
This site will look absolutely fine to you; it has https in the URL and, if you click it, it will say verified. All just like you learned, right? No!
It now receives all the communication you intended to send to the original. This bypasses the checks created to avoid it. You won't receive error messages, your browser won't complain.
All your data is compromised!
4. Conclusion
4.1 Risks
- Using a malicious DNS resolver can always compromise your privacy but your security will be unharmed as long as you look out for the https.
- Using a malicious DNS resolver and a malicious root certificate, your privacy and security are fully compromised.
4.2 Actions To Take
Do not ever install a 3rd party root certificate! There are very few exceptions why you would want to do so and none of them are applicable to general end users.
Do not fall for clever marketing that ensures "ad blocking", "military grade security", or something similar. There are methods of using DNS resolvers on their own to enhance your privacy but installing a 3rd party root certificate never makes sense. You are opening yourself up to extreme abuse.
5. Seeing It Live
5.1 WARNING
A friendly sysadmin provided a live demo so you can see for yourself in realtime. This is real.
DO NOT ENTER PRIVATE DATA!
REMOVE THE CERT AND DNS AFTERWARDS
If you do not know how to, don't install it in the first place. While we trust our friend you still wouldn't want to have the root certificate of a random and unknown 3rd party installed.
5.2 Live Demo
Here is the link: http://https-interception.info.tm
- Set the provided DNS resolver
- Install the provided root certificate
- Visit https://paypal.com and enter random login data
- Your data will show up on the website
6. Further Information
If you are interested in more technical details, let us know. If there is enough interest, we might write an article but, for now, the important part is sharing the basics so you can make an informed decision and not fall for marketing and straight up fraud. Feel free to suggest other topics that are important to you.
For more information/feedback/corrections visit just PM the poster here.
He activated Mail forwarding.
All content is licensed under CC BY-NC-SA 4.0. (Attribution-NonCommercial-ShareAlike 4.0 International https://creativecommons.org/licenses/by-nc-sa/4.0/)
I appreciate you taking the time to write this up.
After reading this, im a bit scared because yesterday i installed both the dns and cert from keweon and since then i logged into bank accounts and several important sites (apps and browser).
Is this really that bad? Is keweon creator really capable of stealing users data just by using a custom dns and cert?
2 yrs later the same s**t again?
I'm honored about the fact that you try to fight against keweon. It seems you are someone from the advertising industries and this statement is almost the same as you have started the big ****storm against me 2 yrs ago.
Did you ever talk about the 46 Root Certificates within Windows which are responsible to share Ransomware, Malware, Spyware and other crap? No.
Did you ever talks about all the Apps which are using hidden root certificates to spy user data? No.
Did you ever talk about custom ROMS which contains hidden Root Certificates? No.
But you are still fighting against me? What will ever happens when I would shut down keweon?
keweonDNS is cleaning up the internet for various threats and of cause advertising. Because of blocking this it's causing HTTPS errors. To suppress this errors I have developed this Root Certificate. At the moment everything is still just for testing and when I launch the "real Infrastructure" there will be definitely a different Root Certificate.
You can use the DNS even without the certificate. Where is the problem? It's not a need or a must to use it but then Adblock detection is possible and a lot of other things. All addresses outside are working via HTTPS and the only reason for this certificate is to prevent HTTPS errors caused by Adblocking. I was asking you for a better Idea - no answer. Even various data protection agreed to me that this is a good Idea to protect against data collections.
I'm 100% sure you are someone from the advertising industries because until today you are only talking about common things that "might" happens or that "can" happens or "possibilities". In the meantime a lot of companies are using keweonDNS and there are some big Companies and this will definitely show that you have no idea about HTTPS and how it is working.
I repeat again. Using keweonDNS is cleaing up the internet within an incredible way. If you want to have everything faster or if you want to suppress the upcomming HTTPS errors cause by Adblocking YOU CAN USE the Certificate. It's not a MUST HAVE. But if you ever have a better Idea to fight against data collection and privacy violation without a certificate then any idea is welcome. That's the reason why it's still a TEST SYSTEM.
This certificate suppress all Adblock detections and data collections. Why you don't talk about this? Why you only talk about this is possible and that is possible? Why you don't write about the actual facts? Why you don't write about the things which are possible with the certificate?
In the meantime there are worldwide 32 million users who are using keweonDNS. Do you honestly think I didn't expect someone to try a ****storm against me or keweon? keweonDNS is a war declaration against Google, Facebook, Microsoft, Yahoo and the entire worldwide ads industry and you are talking about evil things what "might" happens? But hey, it's OK for me
I still offer to you - if you have a better idea let's do it together. I'm open for any idea or help. If you still want to fight against me then this shows me you support Google, data collection and privacy violation.
As an Android user, I've been complaining for a long time about one of the biggest faults, the administration of passes and tickets for events.
The funniest thing is that it does have the possibility of doing it through Google Pay, but the way they have implemented it, forces the companies that generate the passes to perform a lot of steps that most are not willing to do.
That's why I've decided to create this app that uses all the Google tools to solve this problem, allowing to import almost any type of pass to our Google Pay account so we can use them very easily.
Pass2Pay.
The specific application is called Pass2Pay, and unlike many others that just store them so you can open them in your application. Pass2Pay, allows you to import them directly into Google Pay.
Thanks to this step, you will be able to automatically consult all your passes and use them in all your devices, since Google will save them in its cloud so you never lose them.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
How are passes imported?
As you can see in the image above, importing passes can be done in several ways. From the possibility of directly adding an Apple pkpass file, a PDF by reading the barcode or QR or directly from an image that can be captured on the spot.
Once imported, depending on the method used, we will have more or less data from the pass, so the next step will be the revision of the form, from where we can change the type of pass (Offers, airline tickets, gift cards, loyalty cards, etc.) and even modify some missing data.
Google Pay.
The next step is only to add the generated pass to Google Pay, for which we only have to press the button below and we can save it.
Once inside the Google application, we can use it whenever we want to benefit from all the possibilities of Google Pay, such as notification of events, integration with the calendar or the ability to enter the sites without the need to be looking for the typical PDF they send us by mail.
Example.
To check it out, we tried an old movie ticket to go see a Star Wars movie.
In the photos above you can see the steps to follow:
1. We have sent ourselves the pass by telegram to simulate a real situation.
2. We have opened it and the application has recognized it and has detected all the data
3. We gave him to keep on the phone
4. We cared about Google Pay and we were able to use it
As you can see it has been very simple to import a pass that was sent to us, after doing it we could go to the cinema and present it so that they let us in without having to carry the pdf or anything.
Advertising and contributions.
Due to the fact that the application is free, and it has cost me a lot to create it, I have decided that in order to finance it and be able to continue developing interesting things, advertisements will be used, which are limited so that no more than a long ad appears every 3 minutes. I think it's a good ratio to use it comfortably, but I listen to your opinions.
Anyway, if you like the app you can support it with a donation that removes the ads.
Coming soon.
• Possibility of uploading personalized photos to the passes (we need to create and maintain a server so it will cost money / donations)
• Improvements in overall stability
• More ways to import documents
• OCR reading of the PDFs
Download Link :- https://play.google.com/store/apps/details?id=color.dev.com.tangerine
I don’t understand the personalized photos option in the coming soon section. Who is limiting that? Your app or Google?
cristianndc said:
I don’t understand the personalized photos option in the coming soon section. Who is limiting that? Your app or Google?
Click to expand...
Click to collapse
To send the pass to Google Pay, we have to create it and then send it to their servers. But they do not accept pictures, we have to upload the photos to a server and give the URL to Google.
Where are the images stored? The comments on Reddit make it seem like there's a potential security issue here. Can you clear that up?
MishaalRahman said:
Where are the images stored? The comments on Reddit make it seem like there's a potential security issue here. Can you clear that up?
Click to expand...
Click to collapse
Right now we are not uploading the photos anywhere, it's in the coming soon section. Maybe I don't explain it very well as English is not my first language (A lot of people asked already what's the problem with the images in the app... :silly
The problem, it's that Google it's telling us that we have to take care of the images hosting but we don't have the resources to create a server and upload everybody images in there. So right now, we are just taking care of the pases information, the image it's just a static one (our logo). But if the people like our app we plan to make a server to upload the photos.
PS. The comments on Reddit it's because a failure, with the ads outside Europe with Adblock, but we think that it's solved now in v2.7.2 or v2.7.3
xurxooo said:
Right now we are not uploading the photos anywhere, it's in the coming soon section. Maybe I don't explain it very well as English is not my first language (A lot of people asked already what's the problem with the images in the app... :silly
The problem, it's that Google it's telling us that we have to take care of the images hosting but we don't have the resources to create a server and upload everybody images in there. So right now, we are just taking care of the pases information, the image it's just a static one (our logo). But if the people like our app we plan to make a server to upload the photos.
PS. The comments on Reddit it's because a failure, with the ads outside Europe with Adblock, but we think that it's solved now in v2.7.2 or v2.7.3
Click to expand...
Click to collapse
v2.7.3 is out and it's going well so far.
Thnx
Thank you everyone for your help and comments.
We are receiving so much love and a lot of comments and issues, about some little problems that we are starting to solve. Probably tomorrow we will push an update with a lot of improvements
Also, we are starting to plan the option to upload custom images that everybody is asking us, but it’s difficult because we have to create a server to host your images.
We will keep you updated here
xurxooo said:
Thank you everyone for your help and comments.
We are receiving so much love and a lot of comments and issues, about some little problems that we are starting to solve. Probably tomorrow we will push an update with a lot of improvements
Also, we are starting to plan the option to upload custom images that everybody is asking us, but it’s difficult because we have to create a server to host your images.
We will keep you updated here
Click to expand...
Click to collapse
I see great potential in your app. The idea is brilliant and I believe everyone who uses Google Pay needs it. Google should have introduced something like this a long time ago but it looks that it wouldn't plan it anytime soon.
But let me ask you something: while there is a lot of things to do to make the application really operative, do you believe that it is a good idea to bother with your own server? Think not only about needed technical engagement but also about decent security, fast communication, etc. There are so many cloud solutions to rent (even from Microsoft or Google) with top performance, backup and security that it is at least questionable if it is worth to burn your own staff, technical capacity, and money. Perhaps you're more needed for further development.
piskr said:
I see great potential in your app. The idea is brilliant and I believe everyone who uses Google Pay needs it. Google should have introduced something like this a long time ago but it looks that it wouldn't plan it anytime soon.
But let me ask you something: while there is a lot of things to do to make the application really operative, do you believe that it is a good idea to bother with your own server? Think not only about needed technical engagement but also about decent security, fast communication, etc. There are so many cloud solutions to rent (even from Microsoft or Google) with top performance, backup and security that it is at least questionable if it is worth to burn your own staff, technical capacity, and money. Perhaps you're more needed for further development.
Click to expand...
Click to collapse
Thank you very much for your comment I really appreciate it.
Sure, we are not planning to create the server on our machines. When I said "create a server" I refer to design the architecture, technologies, APIs and everything.
But thanks for the advise :highfive:
One thing I would like to recommend is a feature for dealing with websites that don't expose Apple Wallet pass download links unless you are on an iPhone. An easy way to implement this feature is to allow users to "Share..." a webpage to Pass2Pay and then have Pass2Pay display an in-app browser window of that page, but with the user agent faked to appear as an iPhone, tricking the site into displaying the Apple Wallet pass download link.
MehStrongBadMeh said:
One thing I would like to recommend is a feature for dealing with websites that don't expose Apple Wallet pass download links unless you are on an iPhone. An easy way to implement this feature is to allow users to "Share..." a webpage to Pass2Pay and then have Pass2Pay display an in-app browser window of that page, but with the user agent faked to appear as an iPhone, tricking the site into displaying the Apple Wallet pass download link.
Click to expand...
Click to collapse
Hi MehStrongBadMeh, thank you very much for your comment. Can you give me an example so I can take a look?
xurxooo said:
Hi MehStrongBadMeh, thank you very much for your comment. Can you give me an example so I can take a look?
Click to expand...
Click to collapse
An example of this functionality can be seen in the app Pass2U, which has the functionality I mentioned (though the resulting passes are saved in the app itself). As for example websites where this feature is needed, that is a bit tough, as you would have to buy a ticket to see it in action. I know for a fact that American Airlines does this as well as my local movie theater, but that probably isn't much help.
MehStrongBadMeh said:
An example of this functionality can be seen in the app Pass2U, which has the functionality I mentioned (though the resulting passes are saved in the app itself). As for example websites where this feature is needed, that is a bit tough, as you would have to buy a ticket to see it in action. I know for a fact that American Airlines does this as well as my local movie theater, but that probably isn't much help.
Click to expand...
Click to collapse
Don't worry I take a look. Thanks for your help anyway
Hey man! Nice app you made here! I'm trying it and I'm running into a problem though: When I try to add my boarding pass (via PDF, completing all the missing fields), the app says the flight number is wrong when I try to upload it to Google Pay (flight number VY1572, I've even tried with other shared codes like IB5050). Do you have an idea as to what could I be doing wrong?
Thank you so much, keep up the good work!!
Robdyx said:
Hey man! Nice app you made here! I'm trying it and I'm running into a problem though: When I try to add my boarding pass (via PDF, completing all the missing fields), the app says the flight number is wrong when I try to upload it to Google Pay (flight number VY1572, I've even tried with other shared codes like IB5050). Do you have an idea as to what could I be doing wrong?
Thank you so much, keep up the good work!!
Click to expand...
Click to collapse
Hi Robdyx thank you very much for your nice work and support.
The problem is that the real flight number is 1572 or 5050, the letters correspond to the IATA parameter. But yes it's a problem, it's a little bit messy, we need to make it a little more user friendly.
Greetings from Spain!
Thank you! That didn't come to my mind for some reason. Maybe putting the IATA code grated out (not modificable un that field) in front of the number would make it more intuitive that only the numbers are required. Or making it character sensitive. Anyway, thank you for this great tool!
Un abrazo!
Robdyx said:
Thank you! That didn't come to my mind for some reason. Maybe putting the IATA code grated out (not modificable un that field) in front of the number would make it more intuitive that only the numbers are required. Or making it character sensitive. Anyway, thank you for this great tool!
Un abrazo!
Click to expand...
Click to collapse
+1 for this, or maybe put the IATA code and flight number on the same row but with the flight number to the right? So it directly follows the airline letters? I guess the drop-down arrow could also be to the left then
Love the idea, wish I had it a month ago but I'm keeping it installed for the next time
supleed2 said:
+1 for this, or maybe put the IATA code and flight number on the same row but with the flight number to the right? So it directly follows the airline letters? I guess the drop-down arrow could also be to the left then
Love the idea, wish I had it a month ago but I'm keeping it installed for the next time
Click to expand...
Click to collapse
Even after upgrade with OCR I can't upload any data (no element could be detected) from the ticket and no ticket could be detected from files (either pdf or picture). There is indeed a limited possibility to capture the ticket with the camera but still, no field is filled automatically. Is it just me doing something wrong or this functionality is yet to be available?
piskr said:
Even after upgrade with OCR I can't upload any data (no element could be detected) from the ticket and no ticket could be detected from files (either pdf or picture). There is indeed a limited possibility to capture the ticket with the camera but still, no field is filled automatically. Is it just me doing something wrong or this functionality is yet to be available?
Click to expand...
Click to collapse
Hi Piskr what version are you using right now? (You can see it on the settings window)
xurxooo said:
Hi Piskr what version are you using right now? (You can see it on the settings window)
Click to expand...
Click to collapse
It's 2.8.4