Hi
i live in iran and recently iranian government forcing teachers and students to install an app, this app is not in play store and users must sideload it. so i suspect to this app and checked it in VirusTotal.com and found it:
https://www.virustotal.com/gui/file...259f76b3df94b045abd50e88b9e1f980b5d/detection
now my Q is detection is valid ?
Mehrdad.A said:
Hi
i live in iran and recently iranian government forcing teachers and students to install an app, this app is not in play store and users must sideload it. so i suspect to this app and checked it in VirusTotal.com and found it:
https://www.virustotal.com/gui/file...259f76b3df94b045abd50e88b9e1f980b5d/detection
now my Q is detection is valid ?
Click to expand...
Click to collapse
I' no security expert but my opinion for what it's worth.
Probably a false positive as it's only one detection. That said the app uses Iranian DNS (so government could potentially track your activity), it checks for root, and also has the following (see 2nd page of report) which could be fine but could also leak info to authorities you'd maybe not want to, though all also have legitimate functions.
Function name Detail info
ContentResolver;->query Read database like contact or sms LocationManager;->getLastKnownLocation Get last known location
android/app/NotificationManager;->notify Send notification getRuntime Get runtime environment
java/net/URL;->openConnection Connect to URL
java/net/HttpURLConnection;->connect Connect to URL
Camera;->open Open camera
HttpClient;->execute Query for a remote server
Also keep in mind an app can pass these tests by Antivirus but still use quite legitimate functions to leak data you maybe don't want to the app developers. Or worse download other files later that could be malicious, at the end of the day you need to trust both phone manufacturer & app producers to a large degree.
Related
Hi all,
Sorry if this is a duplicate but I already searched for an answer and couldn't find one. I am working on an Android app that I wish to distribute as trialware and I am seeking info on best practices.
First of all, what is the best way to make sure that users cannot get the free trial again by reinstalling? This is critical, of course.
Next, how do I manage the expectations of my users who think they are downloading a totally free app? Is there a better way than just shouting it in the app description?
Any other advice, links or suggestions on this topic are much appreciated!
Thanks in advance,
Barry
Hi!
The only way to prevent reseting the trial period with reinstalling is to create a server and validate the device only by some of its hardware IDs.
Alternatively You can use an online service like https://trialvalidator.com.
Robert
Just keep in mind that server validation isnt bullet proof.
Users can use a simple firewall like Droidwall to block incoming/outgoing communications or both for individual or all apps.
There's LBE or Pdroid which can prevent apps from obtaining uniquely identifiable information and also change it so that each time your app requests the ID it gets a different random ID.
Then there are "code patchers" like LuckyPatcher and others which can patch the server validation within the app and bypass it.
You might get lucky and be releasing an app whose target market isn't a particularly tech savvy audience, but personally I run a very tight ship on my phone, and will not install any apps without locking them down completely.
This includes free and purchased apps.
Even my system apps are screened and only allowed to access the bare minimum on my phone to retain their functionality.
Have you looked into having crippled/free and full/paid versions of your app? Or a crippled app that has an in app purchase option to upgrade to full funtionality?
Another option would be an always on internet requirement, but unless its a really great MMO game, users are not going to be too happy about that especially if, for example your app is a music player or shopping list or single player game.
Im not trying to disseminate methods to bypass validation, or dishearten your app protection efforts. This is just an FYI.
Okay, so, I summed up some 5 articles on this subject - in the hope of starting a discussion about device security. I hope you will find this interesting and meaningful and perhaps you will find out about some of the risks of using Android.
2 months ago Juniper Networks, one of the two biggest network equipment manufactures, published a blog post (1) about an intensive research their mobile threat department had on the Android market place.
In essence they analyzed over 1.7 million apps in Google Play, revealing frightening results and prompting a hard reality check for all of us.
One of the worrying findings is that a significant number of applications contain capabilities that could expose sensitive information to 3rd parties. For example, neither Apple nor Google requires apps to ask permission to access some forms of the device ID, or to send it to outsiders. A Wall Street Journal examination (2) of 101 popular Android (and iPhone) apps found that showed that 56 — that's half — of the apps tested transmitted the phone's unique device ID to other companies without users' awareness or consent. 47 apps — again, almost a half — transmitted the phone's location to other companies.
That means that the apps installed in your phone are 50% likely to clandestinely collect and sell information about you without your knowledge nor your consent. For example when you give permission to an app to see your location, most apps don't disclose if they will pass the location to ad companies.
Moving on to more severe Android vulnerabilities. Many applications perform functions not needed for the apps to work — and they do it under the radar! The lack of transparency about who is collecting information and how it is used is a big problem for us.
Juniper warns, that some apps request permission to clandestinely initiate outgoing calls, send SMS messages and use a device camera. An application that can clandestinely initiate a phone call could be used to silently listen to ambient conversations within hearing distance of a mobile device. I am of course talking about the famous and infamous US Navy PlaceRaider (3).
Thankfully the Navy hasn't released this code but who knows if someone hadn't already jumped on the wagon and started making their own pocket sp?. CIO magazine (4) somewhat reassures us though, that the "highly curated nature of [smartphone] application stores makes it far less likely that such an app would "sneak through" and be available for download."
A summary by The Register (5) of the Juniper Networks audit reads that Juniper discovered that free applications are five times more likely to track user location and a whopping 314 percent more likely to access user address books than paid counterparts. 314%!!!
1 in 40 (2.64%) of free apps request permission to send text messages without notifying users, 5.53 per cent of free apps have permission to access the device camera and 6.4 per cent of free apps have permission to clandestinely initiate background calls. Who knows, someone might just be recording you right now, or submitting your photo to some covert database in Czech Republic — without you even knowing that your personal identity is being compromised.
Google, by the way, is the biggest data recipient — so says The Wall Street Journal. Its AdMob, AdSense, Analytics and DoubleClick units collected data from 40% of the apps they audited. Google's main mobile-ad network is AdMob, which lets advertisers target phone users by location, type of device and "demographic data," including gender or age group.
To quote the The Register on the subjec, the issue of mobile app privacy is not new. However Juniper's research is one of the most comprehensive looks at the state of privacy across the entire Google Android application ecosystem. Don't get me wrong. I love using Google's services and I appreciate the positive effect this company has had over how I live my life. However, with a shady reputation like Google's and with it's troubling attitude towards privacy (Google Maps/Earth, Picasa's nonexistent privacy and the list goes on) I sincerely hope that after reading this you will at least think twice before installing any app.
Links: (please excuse my links I'm a new user and cannot post links)
(1) forums.juniper net/t5/Security-Mobility-Now/Exposing-Your-Personal-Information-There-s-An-App-for-That/ba-p/166058
(2) online.wsj com/article/SB10001424052748704694004576020083703574602.html
(3) technologyreview com/view/509116/best-of-2012-placeraider-the-military-smartphone-malware-designed-to-steal-your-life/
(4) cio com/article/718580/PlaceRaider_Shows_Why_Android_Phones_Are_a_Major_Security_Risk?page=2&taxonomyId=3067
(5) theregister co.uk/2012/11/01/android_app_privacy_audit/
____________________________________________________________________________________________
Now I am proposing a discussion. Starting with - do we have the possibility to monitor device activity on the phone? By monitoring device activity, such as outgoing SMSs and phone calls in the background, the camera functions and so on we can tell if our phone is being abused under the radar and against our consent. What do you think?
.
I am finding it sad and troubling but even more so ironic that nobody here cares about this stuff.
Pdroid allows you to tailor your apps and what permissions your device actually allows on a per app basis. Requires some setup, and the GUI is nothing fancy.. but for those worried about permissions, it is quite ideal.
Edit : http://forum.xda-developers.com/showthread.php?t=1357056
Great project, be sure to thank the dev
Sent from my ADR6425LVW using Tapatalk 2
DontPushButtons said:
Pdroid allows you to tailor your apps and what permissions your device actually allows on a per app basis
Click to expand...
Click to collapse
Sounds good for a start, I'll look it up
pilau said:
Sounds good for a start, I'll look it up
Click to expand...
Click to collapse
Okay, so I looked it up, and Pdroid does look like a fantastic solution to control what apps have access to what information on your droid.
However, it doesn't cover monitoring hardware functions such as texts being sent, calls being placed etc. as described in the OP. Besides, it only works in Gingerbread as far as I could gather.
EDIT: looking at PDroid 2.0, it does exactly what I originally asked
pilau said:
Okay, so I looked it up, and Pdroid does look like a fantastic solution a control what apps have access to what information on you droid.
However, it doesn't cover monitoring hardware functions such as texts being sent, calls being placed etc. as described in the OP. Besides, it only works in Gingerbread as far as I could gather.
Click to expand...
Click to collapse
I actually first found out about it on an ics rom, so it's definitely not just gb. As for monitoring, no clue. Any sort of extra process logging would likely bog down resources or space eventually.
Sent from my ADR6425LVW using Tapatalk 2
DontPushButtons said:
Any sort of extra process logging would likely bog down resources or space eventually.
Click to expand...
Click to collapse
I definitely wouldn't know. This solution looks very complicated in first impression but on the Google play page it says 100% no performance effects.
Anyway, I looked up PDroid 2.0 here on XDA, which is the rightful successor of the original app. It does everything the original app does and also monitors many device activities! Here is the full list of features. I would add a working link but I'm still a n00b and I am restricted from doing so. Sigh....
forum.xda-developers com/showthread.php?t=1923576
PDroid 2.0 allows blocking access for any installed application to the following data separately:
Device ID (IMEI/MEID/ESN)
Subscriber ID (IMSI)
SIM serial (ICCID)
Phone and mailbox number
Incoming call number
Outgoing call number
GPS location
Network location
List of accounts (including your google e-mail address)
Account auth tokens
Contacts
Call logs
Calendar
SMS
MMS
Browser bookmarks and history
System logs
SIM info (operator, country)
Network info (operator, country)
IP Tables(until now only for Java process)
Android ID
Call Phone
Send SMS
Send MMS
Record Audio
Access Camera
Force online state (fake online state to permanent online)
Wifi Info
ICC Access (integrated circuit-card access, for reading/writing sms on ICC)
Switch network state (e.g. mobile network)
Switch Wifi State
Start on Boot (prevents that application gets the INTENT_BOOT_COMPLETE Broadcast)
I've always had the luxury of someone else integrating it into the Rom, then I just had to set it up through the app. It is time-consuming, but not very difficult at all. I say give it a shot and see if that's what you had in mind. Maybe the logging is less detrimental than I had previously thought.
I'm sure you could get your post count up by asking for some tips in that thread. Every forum on xda has at least one person that's EXCESSIVELY helpful, frequently more. So have a ball
Sent from my ADR6425LVW using Tapatalk 2
Hi.
I recently came across some chinese / asian websites which kang / modify and release a diversity of roms.
I'm not specifying sources / which roms are, this is a general announcement to be careful with what we download & flash into our devices, and why ?
I flashed in order to test some of these roms (not the sense 5 kang tho), since I work in network security, I had noticed on our firewall logs when my mobile connected through the wifi, a bunch of UDP requests / DNS queries to russian websites. This can be used to botnets, DoS, even malware / spam propagation (a diversity of not cool stuff, basically).
A colegue of mine which also has a 'droid had once an app which sent repeatedly ICMP requests in "not random" but specific hours / intervals, he asked me to test his rom which he downloaded and flashed from "another" website, and I confirmed the suspicious behavior. There was established connections to foreigner addresses through a diversity of protocols, data being sent / received and at times, a udp flood directed to specific addresses. This is bad, my friends.
We don't know what these roms have inside, what's their mechanism besides the standard transparent operations which most of us are familiar with, and they could be very well used to do illegal things which I guaranty we don't want to be part of.
Flashing a rom, connecting through 3G or Wifi, and then our mobile is now part of a botnet which participates without our knowledge on such illegal operations is just one of the things that could happen. Phishing is also very possible - in other hand, a lot of things are possible without our knowledge and consent. We don't want this do we ?
The last Rom which I have experienced this, the link was removed and is no longer online. So i'm not pointing URL's / Rom names because this is something that each one of us has to be careful about.
Fortunately we have ways to detect / avoid / remove and make sure our device is used only for us and does only what we "tell" it to do.
We can use this thread to report such roms (since they're not published on xda, we can only warn each other and be aware) and applications that have malicious content.
I'll also be updating this thread with methods, applications for android to detect malware / suspicious activities (I'm not going into depth like using a sniffer or protocol / packet analyzer (although we can) I'll try to keep as simple as possible.
Suggestions, reports are very welcome and should be reported here. We can use this thread to protect our droids and help each other making our devices secure.
This post has the intention of protecting ourselfs, but privacy tips / applications are also welcome. Be careful tho, would be ironic to suggest an app to protect user privacy and in the end the app itself sends private data to GodKnowsWhere.
To be continued / Updated Soon.
List of Applications to monitor / analyze traffic:
Netstat Professional - Allows you to see what connections your android has established. Allows whois info, Real time IP / Port and status information (pretty much like netstat -an), and what service is running / port information.
Wi.cap. Network Sniffer - Much like a network protocol analyzer / network sniffer. This neat app allows you to see what connections are estabilished / protocol / status / analyze packets. If there's a connection estabilished - it will be listed. [Root needed]
Shark for Root - Traffic sniffer for 3G & Wifi (supports FroYo tethered mode too). Records traffic which later you can open with WireShark. To preview you can use Shark Reader.
List of Applications fo scan for malware.
Coming Soon...
Procedures to discover / analyze / report malware / suspicious behaviours and such.
Coming Soon...
Post reserved for procedures which will include:
- Common Sense
- How a malware works (the term malware is used to include viruses, trojans, custom scripts and apps.
- What to look for / suspicious behavior which you should pay attention to (also included in Common Sense).
- Basic tools to detect / analyze / remove malware.
More to come.
Sent from my HTC Z710e using xda premium
Generally, i suggest to use ROMs from XDA only, except for CM/MIUI official website. The risk is real! Thanks to @MidnightDevil for his help and his time
I suggest to read this thread to all the users!
XxXPachaXxX said:
Generally, i suggest to use ROMs from XDA only, except for CM/MIUI official website. The risk is real! Thanks to @MidnightDevil for his help and his time
I suggest to read this thread to all the users!
Click to expand...
Click to collapse
Thank you for your support
If anyone has suggestions / knowledge about this sort of matter please share
There's a LOT of info that I tend to post on this thread in a way to educate / share knowledge with everyone.
Trusting the developers and sources is the first step for prevention. Be careful with dodgy websites and roms which you don't know about.
Scanning the rom zip file with a virus scanner is useless in this matter.
Unknown Rom
The threat is over when a secure rom is installed (after using a none xda rom) ??
MidnightDevil said:
Thank you for your support
If anyone has suggestions / knowledge about this sort of matter please share
There's a LOT of info that I tend to post on this thread in a way to educate / share knowledge with everyone.
Trusting the developers and sources is the first step for prevention. Be careful with dodgy websites and roms which you don't know about.
Scanning the rom zip file with a virus scanner is useless in this matter.
Click to expand...
Click to collapse
phearell said:
The threat is over when a secure rom is installed (after using a none xda rom) ??
Click to expand...
Click to collapse
So far there isn't malware which persists after full wipe. Can't speak of the contents of the sdcard tho. But usually yes. But then you have the apk's which can contain malicious code and so forth...
Those apps are usually banned from the PlayStore, but there's a short window between published / report / removed from Store which users can download it.
Unless I didn't understood your post
MidnightDevil said:
So far there isn't malware which persists after full wipe. Can't speak of the contents of the sdcard tho. But usually yes. But then you have the apk's which can contain malicious code and so forth...
Those apps are usually banned from the PlayStore, but there's a short window between published / report / removed from Store which users can download it.
Unless I didn't understood your post
Click to expand...
Click to collapse
AFAIK google also scan apps installed on the device. When installing a 3rd party app (not via Google Play), you get a prompt to allow google to scan it anyway for malicious content.
Also, there are a couple of anti-virus apps available from well known companies such Avast for android, and also from AVG.
I never really tried those, but they might help protecting your device. However I doubt if they scan system apps/services, for in most cases they are supposed to be safe (from the OEM itself).
It is well known that the biggest security hole is the user. So the best thing to do is to keep away from unknown ROMs/sources.
astar26 said:
AFAIK google also scan apps installed on the device. When installing a 3rd party app (not via Google Play), you get a prompt to allow google to scan it anyway for malicious content.
Also, there are a couple of anti-virus apps available from well known companies such Avast for android, and also from AVG.
I never really tried those, but they might help protecting your device. However I doubt if they scan system apps/services, for in most cases they are supposed to be safe (from the OEM itself).
It is well known that the biggest security hole is the user. So the best thing to do is to keep away from unknown ROMs/sources.
Click to expand...
Click to collapse
No doubt the biggest flaw usually comes from the end user.
But answering your statemente about anti viruses.
Usually anti viruses (specially in portable devices) act base upon a database of known signatures and suspicious behavior. They provide no protection against a custom developed script or code with a work-around for this behavior. Basically - avoids behaving like a malware.
A code is considered malicious when acts upon suspicious behavior (for example, on windows - when an app registers itself on registry autorun / startup folders / tries to load a file on temp directory / temporary internet files, hooks itself into a process / uses a windows process to deliver it's payload faking a signature, etc etc). Knowing this, any custom app / script that avoids suspicious behavior / does not have a present signature on a AV database and a few more details - all doors are "open" and is a highway to hell.
Google scan engine uses the same mechanism, in fact, I'm not even sure if it has any sort of protection against suspicious behavior as it only executes upon apk install.
Believe me, the biggest flaw is the user as the best protection is also a well educated user. It's a matter of knowing what can do and what should avoid. Fear or suspicion is an important thing these days, as they prevent us from making mistakes as installing an app from a dodgy site. We should know better.
MidnightDevil said:
No doubt the biggest flaw usually comes from the end user.
But answering your statemente about anti viruses.
Usually anti viruses (specially in portable devices) act base upon a database of known signatures and suspicious behavior. They provide no protection against a custom developed script or code with a work-around for this behavior. Basically - avoids behaving like a malware.
A code is considered malicious when acts upon suspicious behavior (for example, on windows - when an app registers itself on registry autorun / startup folders / tries to load a file on temp directory / temporary internet files, hooks itself into a process / uses a windows process to deliver it's payload faking a signature, etc etc). Knowing this, any custom app / script that avoids suspicious behavior / does not have a present signature on a AV database and a few more details - all doors are "open" and is a highway to hell.
Google scan engine uses the same mechanism, in fact, I'm not even sure if it has any sort of protection against suspicious behavior as it only executes upon apk install.
Believe me, the biggest flaw is the user as the best protection is also a well educated user. It's a matter of knowing what can do and what should avoid. Fear or suspicion is an important thing these days, as they prevent us from making mistakes as installing an app from a dodgy site. We should know better.
Click to expand...
Click to collapse
I just remembered of an app called "Who is tracking" (was featured on the portal a while ago), that also scans system files (bloatware) and tells you which app tracks you. tried using it a while ago, but didn'y really try to understand it, and it seems to have changed since. will try it myself.
Agreed with Patcha, unless you 100% trust the source (CM/MIUI are well known and if they did something untrustworthy a massive ****storm would ensue) then I would stick to ROM's posted on XDA (though frankly I avoid MIUI out of moral principle #SouceCodeMuch?). Anything untrustworthy that is posted on XDA is picked up very quickly and dealt with effectively.
More to come from me on this, I need to organize what I want to say so it doesn't sound like a mad persons ramblings
Edit: A thing to look out for in google play store is the permissions, READ THEM, read what they mean, read what permissions the app requests and if you don't know why an app needs that permission or if it looks dodgy (like the permission to send sms messages without the user knowing) then for God's sake don't use the app util you've found out what the app needs that permission for (quick google search or email to the developer). Don't just blindly agree to all the permissions without reading them.
These permissions are declared by the developer in the Android_manifest.xml file and pulled from there when publishing the app on play store. As far as I am aware, there is no way to fool this system - you can't edit the visible permissions through the developer panel of play store, only by editing the manifest - I have a developer account on play store so this I am 100% sure on.
Yup, very true. Something I forgot to mention earlier and is VERY important.
Always check the permissions and what for the permissions are used. Some good developers write what for they need the permissions. Some things are obvious, others not so quite.
Also reading the comments of an app helps as well. More experienced users tend to write a more complete review and sometimes they draw the attention to things that sometimes other users miss. About permissions or anything else.
Any user can write a review, so if you find something important, you can also write in the review. Just make sure you don't underrate an app because of a doubt
Usually developers also have their contact email in case of doubts, it can be used to to bring some things to light.
Dear fellow developers,
I wonder how log will it take before we will unite and take some serious action against Google Play practices. Maybe you heard about banned apps and blocked accounts. I got my app blocked today and believe me that it is VERY frustrating experience.
I can write what is wrong with Google Play developer support, but others already done that better: androidofvirtue. com/dear-google-play-we-need-to-talk-about-a-few-things/
Long story short, I feel that Google is abusing its dominant position on the market by providing little to no service to developers. Developers has no other option for app publishing as manufacturers are pre-installing its market to almost every device. Users have no option as they do not have any good alternative available.
Google must listen to us, we are helping them to get money and they are treating us like criminals without any explanations, without possibility to defend ourselves and without possibility to use other and maybe more reasonable app market.
As I am from the EU I wrote an appeal to European Commission to investigate the Google market position regarding the competition advantage abuse. I really hate do do it but currently I feel that I ran out of options and I hate more to feel so powerless against Google ignorance and stupidity of its app removal policies.
If you would like to help then write an appeal too. Contact is [email protected]
They must hear us!
what app did you make and whats the reason they removed it
The app was intended for automatic connection to open hotspots and wifi password sharing. It was possible to enter password for some wifi when you connected to it and it was then shared with other users. This function was explicitly named in the name of the app, description and under the password box directly in application, therefore every user was sharing the password by his will and he was well informed what he's doing. It was intended for sharing of passwords for various public places, cafés etc.
The funny thing is, that the app got approved on Amazon which is also very strict, but obviously employs sane people.
The reason for banning is here:
REASON FOR REMOVAL: Violation of section 4.4 of the Developer Distribution Agreement.
After a regular review we have determined that your app interferes with or accesses another service or product in an unauthorized manner. This violates the provision of your agreement with Google referred to above.
Click to expand...
Click to collapse
I think that they think that I was phishing the passwords or something like that. Or maybe it is not ok to connect to open wifi automatically. Or maybe they think that if somebody share password for some hotspot then other people are not authorized to use it, however I feel that if I share password then I am giving implicit authorization to other users.
Thats the worst part -I simply don't know what is wrong. Can I fix it by adding some policy agreement? Should I ask user for some explicit permission to share the password and authorization for other users to use it? Isn't it a bit crazy?
The whole thing is not about me or my app. I just spend like month of evenings to build it and catch all the bugs, I made worse investments. What I really don't like is the Google attitude. They are keeping their developers in uncertainty, they are threatening them and they are behaving like the worst essence of corporations. We just need alternative store to become strong enough otherwise Google will not listen to us.
Good day!
I have a page for online privacy ( www.4yourprivacy.com) and want to add more information regarding smart phones and personal privacy and anonymity to that site.
Anyone who can offer insight to these questions as well as suggest additional questions I may not have thought of I will be most appreciative.
It is understood that using mobile networks data, tower triangulation can still provide coarse location information that is saved as part of your phone record. Assume that location services and GPS are disabled
1. Using cell data how much privacy is afforded by having an active VPN connection with regard to third party apps or with carrier provided SMS?
With no mobile data but using WiFi only with VPN.
2. Does VPN offer any actual privacy to the user of standard SMS messages? I realize that alternative means such as "Signal app" provide end-2-end privacy even without VPN.
3. Do some, all, most third party apps obtain and transmit the specific device ID such as phone number and IMEI etc back to a server some where? This is a technical/software question not related to developers privacy practice. Is this totally dependent upon permissions you can control per-app?
4. App tagging. I read that when a user downloads an app from PlayStore that app is tagged to your device to permit developers to monitor accounts for such things as billing etc to be able to disable apps where user either has not paid or has violated some TOS...also by Google to register it to your phone for updates etc.
But what about the same app obtained and manually installed as an APK file without going through PlayStore?
Any thoughts, links to authority or additional questions I failed to ask please let me here what you have to say. ( Yes this may appear on more than one forum! )
Again thanks in advance for any thoughts or info that you believe should make their way to a discussion about privacy and security when using a mobile device. ( Android in this case...will address iPhone elsewhere )
Paul
paulckruger said:
Good day!
I have a page for online privacy ( www.4yourprivacy.com) and want to add more information regarding smart phones and personal privacy and anonymity to that site.
...
Click to expand...
Click to collapse
Interesting... Just had a look to your site regarding privacy and anonymity by Webbkoll and got interesting results: https://webbkoll.dataskydd.net/en/results?url=http://www.4yourprivacy.com/
Do you agree that having Google and Linkin cookies already contradicts privacy etc.?
Well for starters there is no information on this page that Google does not already index. I am not concerned about the privacy of this web site simply because if the site itself is too "private" people searching for this kind of info won't be able to find me in Google...kinda defeats the purpose of such a site in the first place!
The actual "privacy" aspect is the responsibility of the user not this web site which by definition must be findable for people to access the information. The assumption should be that a first visit will be by someone already exposing their tracks online seeking info on how to avoid just that.
Second...not a response to my question!
But thanks.