Found something new to me
https://prettyeasyprivacy.com/
Email encryption easy...
Found On fdroid under k9/p=p
Claims it works with your existing email account
But I have not found out how it works yet
Our how the foundation is set up.
And that's the kind of thing I like to know before I install
Anyone have any experience with them?
Personally, if you are looking for encrypted email... I'd choose Proton Mail any day of the week over p=p.
p=p just doesn't seem anywhere near the security of Proton. But that's just my opinion. Test it out and let us know how you like it. It's always nice to have options!
I'm just not at the point where I want my email provider to supply my email program.
Don't get me wrong it's not a bad idea..
(I like that it's open source, that's always good)
But I would much rather have encryption all on me and my device..
And I can pick and choose what provider I'm using.
I don't love the idea of being locked into anything...
nutpants said:
I'm just not at the point where I want my email provider to supply my email program.
Don't get me wrong it's not a bad idea..
(I like that it's open source, that's always good)
But I would much rather have encryption all on me and my device..
And I can pick and choose what provider I'm using.
I don't love the idea of being locked into anything...
Click to expand...
Click to collapse
hey @nutpants , i know you are more knowledgeable than me (and know how to search.lol) but i did find this link for p=p. you can email them i beleive.
https://prettyeasyprivacy.com/integrate/
"err on the side of kindness"
I found the instructions
https://www.prettyeasyprivacy.com/docs
I wish that people would stop hosting instructions online and include manuals with the installs.I mean seriously how much space will it take?
I will be doing some time reading everything carefully..
But would love opinions from everyone else.
Basically it appears to create extradition keys between users of the app automagiclly and then encrypt everything by default when possible.
Much like text secure was doing for text.
Hopefully things like this will become a standard for email.
(With a common method of encryption so no one it tied to just one particular email app)
And we will see more applications that can be used to encrypt mail.
I'm going to do some testing
Well ive done a little testing.
And honesty I'm looking what I see.
Sure this is in early stages and early days.
But it appears that it is as simple as they suggest.
I could even get my least technical buddies to use this email encryption.
I have not seen it try to contact anything except my mail server.
And it does not require contracts out other erroneous permissions (it asks but you can block it and no crashes(at least for me)
It's works automagiclly.
If you exchange emails with someone who is using pep (I think it's stupid that they have the three lines between the p's why not just have the E)
It figures that out and starts exchange of public pgp keys.
Art that point your messages title bar have a yellow background do you know encryption is taking place.
After you verify the "code words" with your correspondent (by voice so you verify who you are taking to is who you are really taking to(or any other method you desire)
Your messages get a green title bar do you know encryption is going on with a verified user..
So simple even a grandpa can understand it.
It uses pgp for encryption so you know it's good
Right now it's pretty basic and there are few encryption options
But they plan ad more features as time goes on
I'm liking what I'm seeing and I will do more testing and will keep an eye on this to see how fast it matures.
The only real con at the moment it that there is no way to secure the app from running with a password to keep any one who gets their hands on your device from reading everything.
But that's a little minor..
If someone had their hands on your device, you have already broken the golden rule.
This app is simply a fork of K9Mail with a few icons replaced...
It is definitely a fork.
But encryption had been built in, including auto key generation and key exchanges.
K9 is my daily driver.. And I love it.
But pEp makes encryption simple enough for anyone to use..
(As in my grandmother could use it)
When and if it matures to have all the encryption features most advanced users need
(Like easy key import, export, backup, manual key changes)
It may become my daily driver..
Sadly in the world today, encryption is almost mandatory.
And pep is on the way to make that easy for everyone.
Related
I am coming from Blackberry and therefore have high standards for email clients. After trying every workaround that I could find from forums, I sent an email to Samsung with my recommendations for future software updates. I am not surprised by the response. On a side note, I fixed the GAL issue by installing "Swift Contacts" from the market but in my opinion all of these features should be out of the box functionality in a modern smartphone especially if iOS has it. I am running Touchdown in parallel right now to see if it is worth the $20 but this phone should do these things stock. Am I crazy for having these expectations?
Subject: Email Client
I have had my Captivate for 3.5 weeks. While I love it for many reasons, and besides my major gripe with the GPS performance, I continue to struggle with the email functionality as a past Blackberry user. The stock email client lacks many basic features that Blackberry and iPhone have. Is there any plan to fix the following basic Smartphone/Activesync functionality in an upcoming software update?
- GAL support (global address list)
- Cut/Copy/Paste
- Move email between folders
- Meeting request Accept/Tentative/Decline w/ or w/o message
- Syncronized draft folder w/ exchange
- Create calendar appt. and choose'show time as' free/busy/tentative/out of office.
If there is a way to do any of these thing now, I would appreciate the instructions. Otherwise will these be addressed in future software releases? I am debating switching back to Blackberry really want to make this phone work for me!
Samsung Response:
Thank you for your inquiry. Unfortunately, we are unable to speculate when/if a software revision with this feature might be available due to the fact that this might lead to inaccurate information and confusion.
Please feel free to check back with us periodically for updates. We hope that you will allow us another opportunity to serve you.
Should you desire additional assistance resolving this, we invite you to call Samsung Customer Support by phone at our toll free number 1-888-987-4357 between the hours 7:00 a.m. to 9:00 p.m. Monday through Friday, and 9:00 a.m. to 6:00 p.m. Saturday, Central Standard Time.
Sincerely,
Samsung Technical Support
- Meeting request Accept/Tentative/Decline w/ or w/o message
- Syncronized draft folder w/ exchange
- Create calendar appt. and choose'show time as' free/busy/tentative/out of office.
Click to expand...
Click to collapse
I'm sure there's an app out there for this stuff, but android is not a business oriented client and as such these are not things "normal" users would need.
I use the gmail app that came on the phone and it has cut copy and paste.
you'll have to define GAL, again the gmail client has access to all your gmail contacts, which is everyone I know since you can easily sync all your contacts with gmail (even phone numbers)
again, a gmail user, but gmail doesn't really have folders it has labels, which is more or less the same from the users point of view, and this can be done, moving labels...
apps are your friend, search appbrain for the things you need, ex: http://www.appbrain.com/search?q=exchange
hope some of that helps
I'm sure there's an app out there for this stuff, but android is not a business oriented client and as such these are not things "normal" users would need.
Click to expand...
Click to collapse
Thanks for your feedback but I do not accept that Android is not business oriented and only for "normal" users. Many companies that are not on AT&T and therefore can't get an iPhone are allowing android phones form Verizon and others. iPhone can do all of these things and many other Android phones have much more client email functionality. For some reason this Samsung version is hobbled. If Android is going to succeed and eventually dominate in the market any new phone platform must have basic business functionality that is expected with any Exchange implementation using Activesync. If an app like Touchdown can do these things then the stock client should be able to. For Android to win it must work for both business and "normal" consumers.
Also, how do you have cut and paste in gmail? Are you rooted? I do't have it and have read many threads complaining about the lack of this feature.
A couple corrections:
1. cut/paste is there and pretty easy to use - if using the samsung keyboard, tap and hold the 123 key. Viola, you get a directional pad with cut/paste functions, that works very well.
2. GAL is available when composing an email. instead of typing a name, hit the search button near the name box; this will search the server - downside; you only get email address, not phone numbers
3. you missed my biggest annoyance: not being able to dial a phone number in a calendar invite/meeting - phone numbers and urls are not recognized as links. You have to "edit" then copy paste.
These are not android deficiencies, they are Samsung's. Other android phones do not have these problems. So hopefully a 2.1 update, or 2.2 will fix all this. If not we should have some Vanilla (Plain Android) Roms to use in the near future.
orb_526 said:
Thanks for your feedback but I do not accept that Android is not business oriented and only for "normal" users. Many companies that are not on AT&T and therefore can't get an iPhone are allowing android phones form Verizon and others. iPhone can do all of these things and many other Android phones have much more client email functionality. For some reason this Samsung version is hobbled. If Android is going to succeed and eventually dominate in the market any new phone platform must have basic business functionality that is expected with any Exchange implementation using Activesync. If an app like Touchdown can do these things then the stock client should be able to. For Android to win it must work for both business and "normal" consumers.
Also, how do you have cut and paste in gmail? Are you rooted? I do't have it and have read many threads complaining about the lack of this feature.
Click to expand...
Click to collapse
I am rooted but I doubt that is it, I am running the jh2 update, that may be it, but if I tap and hold,i get the option to cut, copy, and paste. As mentioned above hitting 123 also works, and if you're using swype tap the swype key and swype right, to the "sym" button to get the same thing.
As for the other androids that are more business oriented, they just have different apps, which is why android is awesome, I don't want your features, and you don't want mine, so we just download different apps, and everyone is happy.
Sent from my SAMSUNG-SGH-I897 using XDA App
screwyluie said:
I am rooted but I doubt that is it, I am running the jh2 update, that may be it, but if I tap and hold,i get the option to cut, copy, and paste. As mentioned above hitting 123 also works, and if you're using swype tap the swype key and swype right, to the "sym" button to get the same thing.
As for the other androids that are more business oriented, they just have different apps, which is why android is awesome, I don't want your features, and you don't want mine, so we just download different apps, and everyone is happy.
Sent from my SAMSUNG-SGH-I897 using XDA App
Click to expand...
Click to collapse
If you are rooted and on JH2 then I would classify you as a super users. I understand all of your points and this is why Android is so great! But I am also very invested in Android now and want it to be successful in the market for the benefit of all users. A large majority of users are not power users. Buy an iPhone or a Blackberry or even another Android phone and these basic Corporate Exchange features are working out of the box. Most people do not have the skill or patience to try multiple apps until they find one that works. And most people do not want to spend more money to make their phone do the most basic functions. The Captivate is the only Android phone on AT&T that most corporate users would consider. Even if you don't want or need these features, many will, and it is Samsung not Google that messed up. Samsung should provide this high level device with the features to make it competitive out of the box. These basic features would not deter or impact the non-corporate user in any way so why not include them?
Do you have the "Copy Paste It" app installed? I even tried again and I do not have Copy/Paste in Gmail. What I mean is I cannot copy and paste from the quoted text. I can from the text I am adding. I know how to use the keyboard text select features. If I am missing something I would love to be corrected and figure this thing out!
These basic features would not deter or impact the non-corporate user in any way so why not include them?
Do you have the "Copy Paste It" app installed? I even tried again and I do not have Copy/Paste in Gmail. What I mean is I cannot copy and paste from the quoted text. I can from the text I am adding. I know how to use the keyboard text select features. If I am missing something I would love to be corrected and figure this thing out!
Click to expand...
Click to collapse
I would blame att as much as samsung.. perhaps if att had more android phones instead of sticking with the iphone, we would have corporate android.... as it stands I'm just happy we have a high end android at all.
as for copying, no i can not copy from the quoted text, you are correct
alphadog00 said:
A couple corrections:
1. cut/paste is there and pretty easy to use - if using the samsung keyboard, tap and hold the 123 key. Viola, you get a directional pad with cut/paste functions, that works very well.
2. GAL is available when composing an email. instead of typing a name, hit the search button near the name box; this will search the server - downside; you only get email address, not phone numbers
3. you missed my biggest annoyance: not being able to dial a phone number in a calendar invite/meeting - phone numbers and urls are not recognized as links. You have to "edit" then copy paste.
These are not android deficiencies, they are Samsung's. Other android phones do not have these problems. So hopefully a 2.1 update, or 2.2 will fix all this. If not we should have some Vanilla (Plain Android) Roms to use in the near future.
Click to expand...
Click to collapse
1. It is not possible to cut/copy/paste from the quoted text. This is the whole point for me. If somebody sends me an email with information, sometimes I want to copy a subset of that information into another email or app. That is not possible with either the stock email client or gmail.
2. For some reason GAL was not working for me out of the box and believe me I tried mutlitple times. I tried installing Swift Contacts and all of the sudden it worked. I can explain it but at least it works. Too bad it does not show the phone number.
3. I had not noticed this before but now that I have, I have another thing to be frustrated about. Thanks
Hopefully Samsung fixes these issues in an upcoming build otherwise I will be rooting for sure.
Hi Everyone,
So Sony PSN join the ranks of Gizmod, Play.com, Facebook, Sky, Apple, AOL [there are many more] as leaker's of our information.
What are peoples thoughts on this?
It seems that more often than not our passwords and details are not safe with companies anymore, but how can we protect against this?
Although it is best practice to use different passwords for every site and to use secure passwords (i.e. mix of numbers and letters) surely this is not practical since our heads are only capable of remembering so much. I also try to avoid trying out multiple passwords when logins fail, afterall, what happens if that is logged!
What solutions exist to combat this issue? Are there any alternatives?
I think it is safe to say that if at least one of your passwords has not been leaked by now, then it is simply a matter of time. I just don't think passwords are good enough now, we need something better.
Do you mean the latest PSN Network problem? If you talking about that:
Sony will have to repay people for stolen account info such as credit card info! Its because sony security was so weak that this happened!!
Now i agree that passwords are not always the best protection for us. And never use public computers to check email and stuff since most have keyloggers!
For Password i use a real strong password using all sort of simbols and its meaning its not related to me nor family... Makes it hard to guess for people
xploz1on said:
Do you mean the latest PSN Network problem? If you talking about that:
Sony will have to repay people for stolen account info such as credit card info! Its because sony security was so weak that this happened!!
Now i agree that passwords are not always the best protection for us. And never use public computers to check email and stuff since most have keyloggers!
For Password i use a real strong password using all sort of simbols and its meaning its not related to me nor family... Makes it hard to guess for people
Click to expand...
Click to collapse
The problem is that not matter how strong the password is, once it is stolen it doesn't matter anymore unless you have strong passwords for each and every site and a Rain-Man brain to recall them all.
I agree about public computers, you can add to that Open Wifi connections and those people who think it is a great idea to keep their wifi unsecured!
I think as people have become aware of password security, they do use better passwords, but they still use them everywhere.
I know some people use apps to store their passwords, but not only is that inconvenient but what happens if you battery is flat?
For such a big problem, there must be some kind of answer.
Sony are a bit of a joke these days. To be fair, it's not definate that CC info was taken as they don't actually know, and to the best of my knowledge nobody has reported actually having been defrauded yet. Credit Cards are covered by fraud protection anyway so it would only be the inconvenience that it causes people rather than a loss of money.
PSN passwords and account info is another matter though. That should all be encrypted and if it's not they have a lot to answer for! Also, why did it take them a week to report this problem to the account holders?
Just read this: http://www.fudzilla.com/games/item/22562-sony-now-saying-there-was-no-leak
Hi! When I read about this Sony issue i shocked! I mean, if that happens to sony... i think i'm not buying anything else without a virtual credit card.
Regarding to the passwords... i found this article in a blog the other day that recommended to use long passwords, with different elements, one common and one specific for every site. For example:
p4ssw0rd_fBk for facebook, or p4ss_gM41L for gmail... i think thats an interesting idea!
neival said:
Hi! When I read about this Sony issue i shocked! I mean, if that happens to sony... i think i'm not buying anything else without a virtual credit card.
Regarding to the passwords... i found this article in a blog the other day that recommended to use long passwords, with different elements, one common and one specific for every site. For example:
p4ssw0rd_fBk for facebook, or p4ss_gM41L for gmail... i think thats an interesting idea!
Click to expand...
Click to collapse
yeah I was thinking of something along similar lines.
I guess you have to make it slightly more than a simple combo though or there is still a chance it could be used. It would stop most automated attacks though, which would be far better than using the same password.
A different take on using a combo of random letters/numbers is suggested here http://www.baekdal.com/tips/password-security-usability. Interesting that "It is 10 times more secure to use "this is fun" as your password, than "J4fS<2"" even though you are using common words and you are much more likely to remember it...makes sense I suppose, there are only 128 ascii chars but far more possible common words so even three is enough. It goes against what most password advice of using mixed case etc, but in fact it is right - although note that WAP2 talks about a pass-phrase rather than a password, you can see why now. Obviously unrelated words would be better, i.e. not using famous quotes etc , and you still have the problem of putting a unique bit in for the site itself which can't be used to access your other accounts, if they get your password from somewhere else.
I think if I did use such a system it would be worth keeping note of the codes you've used (somewhere nice and safe of course) or you could end up locking yourself out of a lot of places (or at least keep track of which places you've adopted the system on).
Could also having a system so you can change your passwords periodically but still remember them i.e. a year code or something, 1st letter of your car reg perhaps.
Another thing you could do is to protect your email address (since that is a prime target once your details have been lost...i.e. they now have a password (or variations to try) and related email account to try it on) is to use email aliases (like hotmail allows), so that the signed up email address does not even relate to an actual real account (hotmail just says the password is incorrect, even if you are using the correct one for the linked account!).
The only other issue is down to security questions and password reminders on sites, a password is useless if they just reset it due to a simple security question. (Does sony have that info as part of sign up or is it just your email address they use for reminders - I can't remember now).
After-all, if they just need you to supply your D-O-B or mothers maiden-name and it was stored on a site which has lost it's data, it is not something you can change (unless you lie of course from now on). What info would they use to verify you if you told them you've lost access to your email address, would that info also have been included in the "lost" data from these companies???
Hey there,
I saw a couple of posts on the Internet regarding this new Tasker plugin. I was wondering how it really works, but couldn't find any detailed explanation on how exactly this works.
I'm a bit sceptical installing a Tasker plugin which can be controlled by any browser. Sure you have to know the shortened URL and you can define a password, but I don't see myself handing over control of my phone to a Tasker login lying around in the cloud somewhere.
Any insights?
https://play.google.com/store/apps/details?id=com.joaomgcd.autoremote.lite
This is the lite version if anyone is interested.
How to from pocketables
http://www.pocketables.com/tag/autoremote
Sent from my GT-I9300 using Tapatalk 2
AutoRemote developer here
Hi.
I'm AutoRemote's developer.
What exactly are your concerns over AutoRemote's security?
The way it works is, like you said, you control your phone from your own personal URL. You give that that URL to other people or keep it to yourself. The probability of someone finding that URL by chance is extremely low, and even if they do, they would have to guess which commands you configured on your phone.
Feel free to ask any questions and I'll try to answer them.
Hi,
thanks for taking the time to answer my questions. And I have to admit, I was a bit vague in my first post.
How does the communication between my desktop browser and my phone work? Let's say I defined a message and send it from my browser at work to my phone, which is on the mobile network. How does this work? Will the message be send from the PC to the phone? I don't know how that would work, as the ip I got from my ISP is behind a firewall and there is no way to directly reach my phone. This leaves two possibilities:
1. the phone has a constant connection to the server, like an ssh tunnel (http://autoremotejoaomgcd.appspot.com/?key), or
2. the phone itself checks for new messages on the server in regular intervals (again, http://autoremotejoaomgcd.appspot.com/?key)
1. battery will drain a lot, judging from my experience with ssh or VPN. Phone won't go into deep sleep.
2. Messages will be stored on the server.
I guess 2 is more likely, but then again, I could be talking out of my a**
My main problem with it though: Everything done via http://autoremotejoaomgcd.appspot.com/ is a black box for me. You could save all messages, including passwords and messages and this is a big problem for me. Don't get me wrong, but why should I trust you with this data when you could do all kinds of nasty things with the devices. Let's assume I made a message to remotely wipe my phone, you could do same, couldn't you?
I'm not saying you do these things, but I don't know you
I guess my guestion is, any way to host the middleman goo.gl/12345 and http://autoremotejoaomgcd.appspot.com/ myself?
If I'm wrong about these things, please feel free to correct me and thanks again for taking the time
Greetings
Thanks for the friendly message.
About the first part, the way it works is, the autoremotejoaomgcd.appspot.com page sends a message to Google which in turn sends a push notification to your phone.
That doesn't drain any more battery than it would otherwise, the connection to Google's servers to receive push notifications is always open anyway.
This is the same way you receive new email alerts or instant messages on other apps.
About the second part, yes, it's true. If I wanted, I could keep all your messages and resend them. I certainly DON'T do that, but why would you trust me?
Well, what I always say is, use AutoRemote for fun and non-dangerous stuff if you don't feel like trusting me. If you feel I'm not a bad guy (I already have lots of positive reviews on Google Play that show that I haven't done anything wrong), that by all means create a remote-wipe profile in Tasker.
Hope this helps!
Hey man,
Thanks for the explanation and sorry for the delay, but the last couple of days were pretty busy. Anyway, I still have a follow up question
I'm curious about the Google push notification feature you mentioned and I'd like to know how that works. I hope there is some sort of mechanism to prevent people from sending notifications to my device without my consent. If you could point me in the right direction in terms of documentation I would be grateful (well, I already am for your response )
I think I will give it a try and use incoming email for wiping device. Being able to disable my xmpp account on the tablet when phone leaves home would be a great feature. So, thanks again for your effort and your answer.
Have a nice day.
Hillbicks
Sent from my ASUS Transformer Pad TF700T using Tapatalk 2
Hi,
I know this is an old thread but wanted to jump in since the developer seems to be on this thread.
From a security perspective, a couple of suggestions:
Make both the Google Short URL and the URL that the Google Short URL directs to HTTPS. This would keep people on the local network from sniffing both your URL query string and password. Certificates appear to already be in place, so it's as simple as adding a character, assuming AutoRemote would allow it.
Use the password as a hash to encrypt the data being passed over the Google Servers. Process would look something like the below, and would ensure total security of the data being transmitted.
Web form uses client-side JS to encrpyt any data based on password
Encrypted data is BASE64 encoded to plain text
This string is sent through the notification engine of Google
When received, the phone uncodes the BASE64, then decrpyts using the password
Thanks,
Ben
Fmstrat said:
Hi,
I know this is an old thread but wanted to jump in since the developer seems to be on this thread.
From a security perspective, a couple of suggestions:
Make both the Google Short URL and the URL that the Google Short URL directs to HTTPS. This would keep people on the local network from sniffing both your URL query string and password. Certificates appear to already be in place, so it's as simple as adding a character, assuming AutoRemote would allow it.
Use the password as a hash to encrypt the data being passed over the Google Servers. Process would look something like the below, and would ensure total security of the data being transmitted.
Web form uses client-side JS to encrpyt any data based on password
Encrypted data is BASE64 encoded to plain text
This string is sent through the notification engine of Google
When received, the phone uncodes the BASE64, then decrpyts using the password
Thanks,
Ben
Click to expand...
Click to collapse
I'm with Ben here. I just installed Autoremote for testing and tried adding my linux box as a registered device. That implies entering a valid username and password for the linux box, and I'm guessing that both username and password are sent on the clear when sending a message from Autoremote to the linux box. This is a major security risk, and perhaps Ben's solution could be easily implemented...
I think Autoremote is a great idea with a great execution so far, just lacking the security component for our peace of mind!
Ivan.
There's lots of stuff you can do with autoremote that requires no security. I used it, like the pocketables guy, to spread alarms between two android devices. Lowers the risk of one device's alarm failing to go off, and I'm hard to wake up, so the more alarms the better. All I passed through autoremote was the time and the command the client needed to know what to do with the time. Security for such a transmission just isn't necessary.
Not that I am opposed to you guys getting your security, but I'd imagine it'd be a pricier functionality, and what exists now is for applications where security would be unnecessary.
fortunz said:
There's lots of stuff you can do with autoremote that requires no security. I used it, like the pocketables guy, to spread alarms between two android devices. Lowers the risk of one device's alarm failing to go off, and I'm hard to wake up, so the more alarms the better. All I passed through autoremote was the time and the command the client needed to know what to do with the time. Security for such a transmission just isn't necessary.
Not that I am opposed to you guys getting your security, but I'd imagine it'd be a pricier functionality, and what exists now is for applications where security would be unnecessary.
Click to expand...
Click to collapse
Not sure if anyone is still monitoring this, but I still think it would be really awesome to be able to do this without the need to loop through someone else's server.
Does anyone know of something that is out there that would allow one to do that?
--Ironhead65
ironhead65 said:
Not sure if anyone is still monitoring this, but I still think it would be really awesome to be able to do this without the need to loop through someone else's server.
Does anyone know of something that is out there that would allow one to do that?
--Ironhead65
Click to expand...
Click to collapse
Hi, as long as your sending device and the reciever (that may be another phone or a PC) are in the same network, there is a possibility to send the messages directly via WiFi. Also, messages can be sent by using Bluetooth.
So, as long, as your connected to the same network (what you usually are as long as you´re at home), or your devices are in the same room there is no need for external servers
Greetings!
@joaomgcd
Any news on that matter?
C0qRouge said:
@joaomgcd
Any news on that matter?
Click to expand...
Click to collapse
What part exactly do you mean?
thanks for taking the time! there are many interesting ideas in this thread.
* HTTPS <-- seems to be already in place
* Encryption of communication
* no private server, only direct connection or google as a relay
and to add: it would be nice to have a bit of documentation "behind the scene" to understand whats going on how the devices are communicating with each other.
C0qRouge said:
thanks for taking the time! there are many interesting ideas in this thread.
* HTTPS <-- seems to be already in place
* Encryption of communication
* no private server, only direct connection or google as a relay
and to add: it would be nice to have a bit of documentation "behind the scene" to understand whats going on how the devices are communicating with each other.
Click to expand...
Click to collapse
+1 to direct communication, as in LAN communication ONLY
Two devices both running tasker/autoremote, able to communicate with one another on the same network, without being routed outside the network.....ever
Whether thats feasible, ....i dont know
I also like the encryption bit
Ive been through the entire security forum. Must say till a little raw but it will mature hopefully. Still a lot of noobs talking and no serious dev talk. Im not a developer but I have done some research esp on encryption systems and keep myself updated with the loopholes in various apps. Until such time when they do join in I think it would be a good idea (esp if the higher-level know-its) would share their list of apps they use for their everyday functioning and especially how you currently protect yourself best against unwarranted attacks to the types other forums are talking about.
My list is:
K-9 mail : for email. I use APG with that though im still not convinced its worth it cause the keys would be a easy to 'reverse engineer' as you can easily detect the device you use to send the mail and thus an estimate of the computing power essentially showing them the narrow range of prime numbers in which the key could have been generated. But you would need to be a dedicated target for that. Plus its open-source and very popular.
Xprivacy: its good for apps with too many unnecessary permissions but it wont protect you against intruder attacks.
network connections: just switched over to this from wire shark. Still undergoing testing. But it tell you the current internet connections and seem promising. You can block the suspicious IPs using xposed framework called peerblock (look into the xposed mod index). Needless to say but I think blacklisting google would be perhaps make you life considerably old-fashioned esp if your plugging the google 'backdoor' access they provide to 'he-who-shall-not-be-named' organizations.
Browser: im using the native AOSP browser. Firefox would be a better alternative in my opinion to chrome or others. I wish we had chromium for android.
Quickpic: using it instead of the native gallery after i found that it was connecting to the internet.
Calander: using the native AOSP calander but deleted the calander sync cause i try to avoid relying on google too much. selectively Denied internet permission.
ES file manager: a very complete tool. root explorer with checksum built-in. denied internet permissions.
TextSecure : Using this for standard texting because it seems to offer more encryption that any other texting app at the moment. Plus its going to be the default messaging app in Cyanogen ROMs in the future. Offers One-Time-Pad system encryption which is encryption theoretically secure (what that means for the common man is that this encryption is the only one that has stood the test of time to be unbreakable of used properly. All other encryption systems rely on the fact that the decrypting systems used to 'crack' the encryption lag behind the algorithms. Lets hope the devs did implement it properly)
Remove Google from CM10+ ROMs : http://www.xda-developers.com/android/remove-the-google-from-cyanogenmod-with-freecygn/
"Not every user particularly cares for Google’s proprietary bits and its tendency to put them everywhere. As such, XDA Senior Member MaR-V-iN has created a script to clear out Google proprietary binaries from all CM10+ ROMs. Freecyngn disassembles the CyanogenMod settings app and replaces Google Analytics library with the free NoAnalytics. The whole process doesn’t break the Settings app, and turns your device into one that is Google-free"
Click to expand...
Click to collapse
Thanks to @SecUpwN for the site: www.prism-break.org As you will see by visiting this site its not secure but just a list of more open-source projects.
I dont use a lot of google products like gmail or chrome or maps but i would like to minus the uneasiness that i have using it. And i dont use public wifi at all. The great things in life are hardly ever free!
Needless to say but i use CM 10.1 since its well developed and open-source. Looking forward to omniROM by chainfire and other great devs. I do believe we need some serious stenographic programs for android because encryption alone is not the way to go. Maybe they will take this more seriously. This remains a work in progress. As always hit thanks if it helps.
CM is now for profit. It's CyanogenMOD Inc. Anyway, this is a pretty naive approach, IMHO. You want to keep something secret you can't tell technology about it. Check out "Schneier on Security."
where did you download "network connections" from?
@aejazhaq: See www.prism-break.org!
runwithme said:
where did you download "network connections" from?
Click to expand...
Click to collapse
I downloaded it when the dev was giving the pro version free for a limited time to XDA members. How ever its available on the play store...https://play.google.com/store/apps/details?id=com.antispycell.connmonitor&hl=en
SecUpwN said:
@aejazhaq: See www.prism-break.org!
Click to expand...
Click to collapse
Yes i cam across that just a week ago. It seems to me as my knowledge progress' that the apps available are just to keep the selective data eg your mails private if you use APG with that. @pan.droid I think anything on your device is still as vulnerable as can be honestly and don't think, at least as of now that you can protect your data on you device with any satisfactory means, at least not yet. I'm interested in stenographic means more now than ever because I think encryption alone wont cut it esp keys generated on the phone; the prime numbers needed for a foreseeable future (3+ yrs) protection are elusive on the phone, perhaps the PC can do a better job, but again with its fallacies esp with emails being stored in the cloud permanently means that there's an expiration date on such material you choose to share. And given it lacks forward secrecy and anyone using PGP in emails is definitely shouting encrypted msgs being transmitted perhaps arousing more suspension and the subsequent package.
Thus I do agree the list is currently very naive but perhaps the best we can do at the moment. Thats why I'll leave people to share their opinions on this because this is perhaps an ongoing discussion.
I'm really interested in a contacts replacement. I hate the new style google version but I don't trust ANYTHING free from the app store. They all download your contacts!
You didn't mention AFWall+, the iptables firewall I consider instrumental in blocking most phone home attempts.
SecUpwN said:
@aejazhaq: See www.prism-break.org!
Click to expand...
Click to collapse
Actually, pretty great site!
pan.droid said:
Actually, pretty great site!
Click to expand...
Click to collapse
You're welcome. If you're interested in security projects, have a look!
I'd totally jump on board with that, but all I have is a WI-FI tablet, ATM. Great activist project for anyone serious about security.
pan.droid said:
I'd totally jump on board with that, but all I have is a WI-FI tablet, ATM. Great activist project for anyone serious about security.
Click to expand...
Click to collapse
Sadly, our project is missing real security enthusiasts and DEVELOPERS. Do you know anyone I should get in touch with?
I use "Keepass2Android Offline" to manage my passwords. This "offline" version removes Internet access permissions which I consider essential for security of my database.
Scrolling through the apps installed on my phone, and it is hit or miss on which of the Android and/or Google apps have \u0026 in the middle of their names. Not all, but it seems the important ones do, that downloaded and installed in the middle of the night hours or days after the initial purchase and set up of the phone. Isn't Gmail, Chrome, Android Web View, Device Unlock, Calculator, Device Health Services, and most Google services already installed in Android phones? It's even in some of the apps I installed later on, but not all. I have looked it up, both here and using different search engines. Not too excited with the results, nor do I have the IT brains to understand all the jargon. Would someone here please explain it in layman's terms? BTW, I know I have been hacked/tracked by my ex for a while now. Would \u0026 happen to be a way to remote access and monitor my phone usage?
EDIT: Nothing was synced to old phones, devices, or accounts. This isn't the first new device he has gained access to. There have been several brands and models, phones and laptops. Your guess is as good as mine, and the police, as to how it is being done. Sometimes he leaves "<rooted>" on the screen or turns on 911 only it locks up the phone a few hours after bringing it into the house. He works in the tech industry. No, this isn't my device I've asked this on. This really hasn't been as fun as it sounds.
Thank you all in advance!
I will put my tin foil hat on while anxiously waiting your replies.
(I know, funny not funny. Either has been having to live with his BS.)
Checking back and bumping. There was just one reply on another thread. Please, someone has to know of this Google and Android system hacking apps combo floating around in Google Developer and Firebase. It's a real thing, and my nightmare now. I will not censure if you developed it or are using it on someone other than me. However, I beg you to reconsider if you are. There are days that I feel that worrying about the safety of my kids and if he does show up somewhere I'm at with a grudge to settle is too much to handle. Not everyone has the ability to get through that. I did not deserve his controlling abuse when we were together and there seems to be no way to get out from under his thumb currently. The local cyber cops have been of no help. They either do not believe this happening, these types of apps exist and what they do are possible (One said, "Those kind of things are just in James Bond movies"), or they think there is no imminent threat because there aren't bruises and the little I do have in the bank has not been touched after closing and opening numerous accounts to keep him out. I make just enough to support my kids and myself. Banking, online shopping, and social media are impossible, and the time is now spent trying to end this on my own. Please, help is needed. One of the members on here has to know what the hell this is.
Thank you again.
ripppani said:
\u0026 seems to be the escape sequence of the Unicode character &. \u0026 cannot do any damage by itself, but it can be and probably is a result of incorrect encoding or decoding of text strings, which in turn could be caused by hacking. If you don't know what Unicode is, here is the Wikipedia article.
I am not sure whether the "<rooted>" really represents that the device is rooted, but you generally don't want someone untrusted to root your device, as rooting it allows the one who rooted it to have unrestricted access to the device.
Click to expand...
Click to collapse
He has had remote unrestricted access to my devices. The <rooted> is one of his reminders he is there, as well as <bootloadermode>, or the locking up or turning on 911 calls only. This hasn't been fun, either having it happen en use or waking up to it. I do not allow this. New devices, new Google accounts, never syncing, and never logging into old accounts. However, no one seems to be able to figure out how he gets into new devices once they enter the house. New routers, modems, entire internet accounts, he still weasels his way in. The hacking apps are Google Developer based, this I know. Try getting info on that out of Google without a warrant. Cyber cops have brushed this under the rug since there has been no physical or financial harm, as of yet.
He lived with me when we were dating. Is there a device that may be in my home that could hi-jack my wifi, allow him to sign into my device, and show it as my device while VPN-ing an address even after all the changes? (I seems to travel all over the place on occasion according to my IP addresses that show up) The location tracking and call/text monitoring is real, as he has shown up or had let things said in my private (ha!) conversations with others slip. Of course he has nothing to do with this. (ha! again)
Any help or input on this would be greatly appreciated. I have looked things up at the library until my eyes bled. I can only comprehend so much without an IT background. I do not have the money for a cyber forensic investigator, and I know the local police probably have me on the Crazy Crying Wolf list. Which is just as embarrassing as knowing that having a complete lack of privacy in my life is a total nightmare.
Thank you again.