== THREAD PURPOSE ==
I'm opening this thread to share and learn ideas about privacy solutions, please respect the purpose and keep this thread clean. My main language isn't English so if you spot errors or omissions please PM to me so I can correct them. Thank you.
All trolling or demotivating posts, disbelieving about privacy concerns or defending Google honor will be reported for cleaning.
== PROBLEM, HYPOTHESIS, TESTS, CONCLUSION ==
For years I've been very annoyed about privacy abuse on Internet and since Snowden and Assange revelations my concerns raised. I'm sure my personal and professional life is common and boring but I want privacy with my things just like I don't want a guy next table in the coffee shop listening to my talking subjects.
My first decision was to deploy a personal server, in my home, with OwnCloud. All went fine for some months until I realized the pain it was maintaining the system working, from server attacks and system fails to energy bills nothing could justify such paranoia. The OwnCloud Android client was also very bad those days.
The second idea was hosting OwnCloud and mail services on a private host, but this didn't made any sense because data wasn't encrypted and every employee could easily see my thermonuclear projects and my banana pancakes secret recipes. It was also a paid solution for nothing.
Finally I thought "If you're using German services you should be fine, Germany privacy data laws are the toughest in the world (even better than Swiss in this matter)". I'm in Europe so using European services was a no brainier decision, preferably in Germany and owned by German companies. Yes, I know you can't trust anyone but even so I think it's a well balanced solution.
== SERVICES ==
These are my services right now, share yours and try to justify why they're equal or even better. This list will be changed as needed:
Mail - GMX (Germany)
- Generally I really don't like 1&1 services but GMX is really good and working only on European servers. I advise you to don't use their other service, mail.com, because this one use USA servers. Unfortunately all other free German providers have low storage space. If you're willing to pay for privacy try Dutch StartMail but it's beta at the moment.
Contacts & calendar - fruux (Germany)
- Amazing services, great philosophy. For privacy and decentralization purposes I've opt for don't have this services on my mail provider. Unfortunately their servers are on Amazon Ireland, but I believe fruux have implemented cryptographic code on their system.
Cloud - HiDrive (Germany)
- I NEVER upload sensitive information to the cloud, even encrypted (remember Heartbleed and AES backdoor theory?). I was using Wuala for years but gave up after have been acquired by LaCie (USA). Tresorit shouldn't be trusted either, they're using Microsoft Azure servers, each uploaded and shared link pass through USA. Mega is darkness, I don't like the smell of it.
Apps - F-Droid (UK/France)
- FOSS is the way you should go, F-Droid is the obvious choice. F-Droid client was forked from Aptoide's source code.
Aptoide (Portugal) it's good but not consensual. Recently they're processing Google with Antitrust Complaint in EU proving they're concerned. You can only trust Aptoide IF you choose to install apps from their main centralized store (the default one, be ware and don't trust any other user store). http://m.aptoide.com/about
If you can't find what you're looking for then you can use Blank Store or Opera Mobile Store. Never choose Amazon Appstore, apps installed from there have proprietary code inserted.
Search engines - DuckDuckGo (USA!)
- Technically DuckDuckGo is a meta-search engine. It's amazingly good and you have lots of options to choose (did you know you can directly search images from Google if you search !gi [image you're searching for]?).
Another great alternative is Startpage (Netherlands).
== ANDROID SYSTEM ==
My Android system:
- CyanogenMod + freecyngn + NOGAPPS + SuperSU
- TWRP recovery
- Hardening Android for Security and Privacy
== APPS ==
My essential apps are:
Apps client - F-Droid (FOSS)
- See services above.
Privacy and cleaning - AdAway and AFWall+ (both OSS)
- Obvious choices on each privacy concerned system. Block almost everything, trust no one.
Android browser - Boat (proprietary code)
- I just love the options, specs, interface and speed. I know this choice will be highly controversial for some because it's a Chinese made browser, but isn't a cloud browser (like the also Chinese Maxthon) and it's really easy to firewall it from calling home (something somehow difficult with Dolphin). The obvious FOSS choice for almost everyone would be Firefox but I really hate their Android app and I have some bad thoughts about their Google connections. The FOSS best shot would be Tint or Lightning, but they're rather limited and AOSP it's even worse. Chrome it's obviously excluded for privacy sake.
Boat devs also used to be active on Xda with many supporters. For security precautions block port range 192.241.158.0/24 and 211.151.0.0/24.
Email app - K-9 (FOSS)
- The oldest, most forked and trusted email client. Needs a deep design/interface Overhaulin' (hey, Chip Foose...)
Contacts and calendar sync - Fruux + Birthday Adapter (FOSS)
- See services above.
Password & confidential safe - KeePassDroid (FOSS)
- Believe me, I don't know a single password of my accounts and I have hundreds. The only really big and complex password I know is the one from KeePass.
Antivirus - NONE, JUST DON'T
- I will not discuss here about the needs or true benefits of these apps but I can assure your data is leaking each time you go online. All them claim about privacy but they're always collecting "unidentifiable data".
== I will post links for everything soon. Please include links in your posts when justified. Thanks. ==
== Android Alternative FOSS ==
This is a list of some well known apps and their open source alternatives. Incredibly some of them are even better than "official" or paid apps, some others are quite limited but evolving and much secure.
It's impossible to put everything here, only the best apps I've tried with success will be listed. Please keep posting your suggestions.
BitTorrent Sync > Syncthing
Chrome > Firefox
Dolphin > Tint Browser
Dropbox > OwnCloud, Seafile
Facebook > Tinfoil for Facebook
Gmail > k-9 Mail
Lux Auto Brightness > YAAB
Tasker > SwiP
Titanium Backup > oandbackup
Twitter > Twidere
Reserved, just in case.
Really great thread sancho_panzer. I never thought someone can be as paranoid as I am, but I found you.
I'd like to add a few services:
Posteo (Mail):
A german email provider that doesn't claim as much data aa most of them do. It just needs your mail, pw of course and you can add your mobile phone number if you like to (it will be saved hashed in their database). Posteo has great SSL connections and uses a the first (german) provider the new protocol DANE as well as DNSSEC. You can use their CalDav and CardDav server and choose to encrypt your address book and your calendar. The service costs 1€ per month (10 cents for additional aliases and 20ct for the next gig), that can be paid by post mail, PayPal or bank transfer. The last two way won't get linked to your account.
CalDav/CardDav
To manage my addressbook and calendar on multiple devices I use aCal from F-Droid.
For googling issues there is a browser add on for PCs that tunnels the Google searchs for you called disconnect.me
Greetz, and i appreciate your love to FOSS very much!
@traceless There are lots of people on Xda concerned about privacy on Android and the Internet. I really hope this thread could help them to take some measures about it and share alternatives.
Thank you for https://posteo.de/ suggestion. Could be a great service problem is I don't speak German. I really don't understand why the website don't have an English version. I'm also concerned with recent leaks news about *.de domains ( http://www.bbc.com/news/technology-25825784 ).
I've tried CalDav-sync and CardDav-sync and they're great little apps, but if you want a FOSS solution try DAVdroid and the very new Flock from F-Droid.
I really can't trust https://disconnect.me/ . ( http://www.darkreading.com/document.asp?doc_id=1251070& ) or Ghostery, both track you ( http://www.reddit.com/r/firefox/comments/1qkc2b/disconnect_vs_ghostery/ ). If you're using Firefox on PC or Android my advice is to install Adblock Edge (Adblock Plus is worse and heavy) + Self-Destructing Cookies (BetterPrivacy is also great) + NoScript. You should also consider CleanQuit.
@sancho_panzer
I knew, that Disconnect was founded by a former Google employee but didn't know he was linked to the NSA. Anyway my current FF configuration looks just as you recommended, but I additionally installed a plugin that's called FireGloves. This is especially useful if you want to make fingerprinting your browser harder. It disables or disguises trackable settings; if you'd like to every browsing session. How unique ones configuration is, can be seen here at Panopticlick.
I agree, that it's a pity some services aren't available in the most common languages. Posteo's webmailer can be changed to English, but the whole service is German. Btw you don't have to be worried about the de ccTLD, the 16m mail that were compromised earlier this year were most likely taken due a hack of a german online shop and as the most customers were germans, the majority of the mails end up with *.de. So it doesn't mean every german domain is compromised and mail provider are insecure.
As you don't speak german you could take a look at Secure-Mail, a mail service provided by the mainly german VPN Perfect Privacy. It hosts in NL and supposes to store no identifiable data and is also encrypted. I found no setting to change the language to english on Secure-mail, but I thought I've seen it once in english, maybe it canges only if your country is english-speaking.
Flock is really nice, but I stay with aCal, cause it comes with a calender other than the integrated one and I'm not dependent on the built-in one with the (also switchable) Googl sync.
Excellent thread, thank you for starting it.
Edit : I think HTTPS Everywhere by the EFF should be mentioned in a thread like this.
https://www.eff.org/https-everywhere
sancho_panzer said:
I'm sure my personal and professional life is common and boring but I want privacy with my things just like I don't want a guy next table in the coffee shop listening to my talking subjects.
Click to expand...
Click to collapse
It doesn't matter if you think you life is important enough to be watched or if it's just boring. The fact that you know you *could* be watched in every move you make, automatically changes your behaviour. It changes the way you think, it changes the way you speak and write. It influences the way you interact with others. Feeling watched makes you fear of what you do!
Opening a thread like this is a good thing to begin to overcome this fear. :good:
Good linux expert, my colleague, told me some finding, android wise.....
He has installed Android Firewall, and blocked every possible application and system modules, including kernel.
In apk log, found that all ip packets sent by android kernel are routed through some chinese ip address, regardless of theirs final destination.
After some research, turned out that this IP is used by NSA. Yes, all ip packets going out of our android phone are sniffed by NSA. Embedded in kernel.
My 2 cents here, and sorry if ot.
Cheers!
Sent from my GT-I9195 using Tapatalk
Nice thread, thanks! :good:
Some thoughts from my side:
I generally distrust every online service, especially if I don't pay for them. I think it is better to decentralise services and host them on self managed servers in families, groups of friends,... and thus basically only give data to trusted persons you know in real life.
Here are two good links that show alternatives to proprietary software/cloud services:
https://prism-break.org/en/
https://wiki.debian.org/FreedomBox/LeavingTheCloud
== SERVICES ==
Mail -
I think mails are generally difficult to self-host. So you need a good mail service. Posteo was mentioned here, another similar reliable german mail provider (with english translation) is mailbox.org. They even encrypt unencrypted incoming mails with your PGP-key before they store them.
Contacts & calendar -
Posteo and mail.org also include contact and calendar synchronisation via CalDav/CardDav. Even better: Host it by yourself.
Instant Messaging -
XMPP (Jabber) is an open decentralised protocol with lots of implementations for almost every platform. You can host it by yourself or use an existing server. There are also very good clients for Android like Conversations or Xabber
== ANDROID SYSTEM ==
Two additions:
Free Your Android! - campaign of the Free Software Foundation Europe
IMSI Catcher/Spy Detector
== APPS ==
sancho_panzer said:
Android browser - Boat (proprietary code)
Click to expand...
Click to collapse
Don't do this! Firefox for Android is also a good choice. And Orweb not to forget!
traceless said:
I use aCal from F-Droid
Click to expand...
Click to collapse
DAVdroid is also a very good FOSS CalDav/CardDav-provider that integrates with the contacts/calendar app of android. And it is under active development (in contrast to aCal)
I can only agree that using posteo.de is a must. Completely anonymous. I put cash in an envelop (didn't actually touch any of it myself ) and they opened my account no problem. Last time I checked their site alao had an English version. Feel free to pm me with translation issues. I speak both languages fluently. Also a thread like this without XPrivacy?
For those interested in tor along with afwall, I have posted instructions on getting them to work together in the afwall thread
I prefer the Android system to be: OMNI + NOGAPPS + SuperSU
Note that freecyngn & NOGAPPS author has switched to OMNI
Regarding OwnCloud: it's a great software, but you're right not to trust it when it runs on some server that is not under your control. That's why I run OwnCloud on a Raspberry Pi that is running at my home, behind my firewall. Syncing is made with CardDAV and CalDAV, and both apps use SSL. I think I can trust that one.
dvdram said:
Regarding OwnCloud: it's a great software, but you're right not to trust is when it runs on some server that is not under your control. That's why I run OwnCloud on a Raspberry Pi that is running at my home, behind my firewall. Syncing is made with CardDAV and CalDAV, and both apps use SSL. I think I can trust that one.
Click to expand...
Click to collapse
And what connection are you using? I thought about exactly the same solution, but it's nearly useless with ADSL.. (6 MBit/s down and just 60kbits upstream)
Thank you guys for your contribution on this thread.
Ultramanoid said:
I think HTTPS Everywhere by the EFF should be mentioned in a thread like this.
https://www.eff.org/https-everywhere
Click to expand...
Click to collapse
@Ultramanoid You're absolutely right I forgot to mention it, I use it with Firefox on my laptop and it's great.
dvdram said:
Opening a thread like this is a good thing to begin to overcome this fear. :good:
Click to expand...
Click to collapse
@dvdram I agree and don't understand why so much people just don't care to talk about it.
jukyO said:
Good linux expert, my colleague, told me some finding, android wise.....
He has installed Android Firewall, and blocked every possible application and system modules, including kernel.
In apk log, found that all ip packets sent by android kernel are routed through some chinese ip address, regardless of theirs final destination.
After some research, turned out that this IP is used by NSA. Yes, all ip packets going out of our android phone are sniffed by NSA. Embedded in kernel.
Click to expand...
Click to collapse
@jukyO Lookout, the real test here should be made on a clean system, just ROM and a Firewall. That's the only way you can say it's kernel coded. Some apps use kernel to send and receive packets, your alert could be related to one of these.
Another debatable subject should be SElinux. Many ROMs, like CyanogenMod, have it in enforcing mode by default. If you install another kernel, like Alucard, SElinux become permissive. Even if SElinux is considered OS we all should not forget that was developed and implemented by NSA (!).
bastei said:
Here are two good links that show alternatives to proprietary software/cloud services:
https://prism-break.org/en/
https://wiki.debian.org/FreedomBox/LeavingTheCloud
== SERVICES ==
Mail -
I think mails are generally difficult to self-host. So you need a good mail service. Posteo was mentioned here, another similar reliable german mail provider (with english translation) is mailbox.org. They even encrypt unencrypted incoming mails with your PGP-key before they store them.
Contacts & calendar -
Posteo and mail.org also include contact and calendar synchronisation via CalDav/CardDav. Even better: Host it by yourself.
Instant Messaging -
XMPP (Jabber) is an open decentralised protocol with lots of implementations for almost every platform. You can host it by yourself or use an existing server. There are also very good clients for Android like Conversations or Xabber
== ANDROID SYSTEM ==
Two additions:
Free Your Android! - campaign of the Free Software Foundation Europe
IMSI Catcher/Spy Detector
== APPS ==
Don't do this! Firefox for Android is also a good choice. And Orweb not to forget!
DAVdroid is also a very good FOSS CalDav/CardDav-provider that integrates with the contacts/calendar app of android. And it is under active development (in contrast to aCal)
Click to expand...
Click to collapse
@bastei Thanks for your useful input. I know Boat would be controversial talk but if you read my comments you'll see I'm aware about the dangers of such decision. Even so I'm convinced about the safety of it.
Firefox is my primary choice on my laptops since the earlier version 3. Even if I tried alternatives on some occasions I've always returned to Firefox security and true development power (I always use it to analyse code and test all websites I make), the only real alternative was Opera (the original one with Presto engine, not the crap they use these days).
Android Firefox is a completely different beast. It's heavy, buggy, need extras for simple tasks like automatic close and clean or user agent changing, but above all WHY THE HELL CAN'T WE MAKE FOLDERS and organise favorites at will? The only solution I found for favourites was to sync them with my PC, organise all there and sync them back. Did I mentioned the ridiculous times it FC? Maybe in the future, right now the only FOSS I could consider is Tint Browser.
an0n981 said:
Also a thread like this without XPrivacy?
For those interested in tor along with afwall, I have posted instructions on getting them to work together in the afwall thread
Click to expand...
Click to collapse
@an0n981 XPrivacy and Xposed could be all we need IF they were OSS. The other problem are the inevitable lags introduced by these layers.
I've tested several configurations on my phones and tablets over the time but ultimately my OP describes my options at this moment. This subject isn't closed and will never be, there aren't perfect security systems, and that's the purpose of this thread, I'm sure the OP will be changed on some occasions. Please keep suggesting alternatives and solutions, your contribution will be greatly appreciated.
aelmahmoudy said:
I prefer the Android system to be: OMNI + NOGAPPS + SuperSU
Note that freecyngn & NOGAPPS author has switched to OMNI
Click to expand...
Click to collapse
@aelmahmoudy OMNI is a valid CM alternative, developed and maintained by well know Xda developers. Unfortunately I don't really like the excessive cleanliness and limitations. The only way I could advise it would be complemented with Xposed+XPrivacy+GravityBox, besides NOGAPPS and SuperSU.
I can't talk for them but I believe @MaR-V-iN and many other ditched CM after the group became comercial oriented, the inclusion of analytical and proprietary code didn't helped either. CM it's still the base for lots of ROMs and I'm still convinced it's the best for me, provided that are VM snapshots and thoroughly cleaned and modded like mentioned on my OP.
sancho_panzer said:
...
@an0n981 XPrivacy and Xposed could be all we need IF they were OSS. The other problem are the inevitable lags introduced by these layers...
Click to expand...
Click to collapse
Both are 100% open source, just not distributed through F-Droid. You can compile them yourself, source is on GitHub. Security software will always add some lag.
an0n981 said:
Both are 100% open source, just not distributed through F-Droid. You can compile them yourself, source is on GitHub. Security software will always add some lag.
Click to expand...
Click to collapse
You're absolutely right, my mistake. Still when I used them my system felt somehow lagging.
:delete:
err on the side of kindness
traceless said:
And what connection are you using? I thought about exactly the same solution, but it's nearly useless with ADSL.. (6 MBit/s down and just 60kbits upstream)
Click to expand...
Click to collapse
I admit I have a bit more speed than you, but it depends on what you want to use OwnCloud for. I use it only for syncing calendars and contacts, and for that few bits of information even your speed is more than enough, although you should consider to do the first time syncing over WiFi. Later, when you add contacts and calendar entries, you won't notice much disadvantage.
Of course, if you want to sync pictures and movies, that speed will not be enough. But do you really need that? Is it not much more efficient to copy pictures and photos via USB cable, when you're at home? Do you really need to sync them while on the road?
That is what you need to ask yourself. Like I said: contacts and meetings are very small pieces of information, less than a text message. A 60k download (from your phone's point of view) is more than enough for that.
dvdram said:
I admit I have a bit more speed than you, but it depends on what you want to use OwnCloud for. I use it only for syncing calendars and contacts, and for that few bits of information even your speed is more than enough, although you should consider to do the first time syncing over WiFi. Later, when you add contacts and calendar entries, you won't notice much disadvantage.
Of course, if you want to sync pictures and movies, that speed will not be enough. But do you really need that? Is it not much more efficient to copy pictures and photos via USB cable, when you're at home? Do you really need to sync them while on the road?
That is what you need to ask yourself. Like I said: contacts and meetings are very small pieces of information, less than a text message. A 60k download (from your phone's point of view) is more than enough for that.
Click to expand...
Click to collapse
Thanks. Firstly I wanted to use it for an alternative to Dropbox but then I found out the Cal- and CardDAV support. And you're totally right with syncing after first initialisation. Maybe I get an RPi later and try this one and also the owncloud feed reader [emoji2]
Any idea how to use the FF sync of owncloud, since FF only supports upgrading old accs to the new mozilla ones but personally I'd prefer the old way.
Greetz
Privacy Browser is an open source Android web browser focused on user privacy. It is released under the GPLv3+ license. The source code is available from git.stoutner.com.
The only way to prevent data from being abused is to prevent it from being collected in the first place. Privacy Browser has two primary goals.
Minimize the amount of information that is sent to the internet.
Minimize the amount of information that is stored on the device.
Most browsers silently give websites massive amounts of information that allows them to track you and compromise your privacy. Websites and ad networks use technologies like JavaScript, cookies, DOM storage, user agents, and many other things to uniquely identify each user and track them between visits and across the web.
In contrast, privacy sensitive features are disabled by default in Privacy Browser. If one of these technologies is required for a website to function correctly, the user may choose to turn it on for just that visit. Or, they can use domain settings to automatically turn on certain features when entering a specific website and turn them off again when leaving.
Privacy Browser currently uses Android’s built-in WebView to render web pages. As such, it works best when the latest version of WebView is installed. In the 4.x series, Privacy Browser will switch to a forked version of Android’s WebView called Privacy WebView that will allow for advanced privacy features.
Warning: Android KitKat (version 4.4.x, API 19) ships an older version of OpenSSL, which is susceptible to MITM (Man In The Middle) attacks when browsing websites that use outdated protocols and cipher suites.
Features:
Integrated EasyList ad blocking.
Tor Orbot proxy support.
SSL certificate pinning.
Import/Export of settings and bookmarks.
Further information:
News
Changelog and Downloads
Roadmap
Permissions
Privacy Policy
Bug Tracker
Security and Privacy Canary
Mastodon
The standard version is available on F-Droid, Google Play, the Amazon Appstore, and the Galaxy App Store. The free version has all the features of the standard version with the addition of a banner ad across the bottom of the screen. It is available on Google Play, the Amazon Appstore, and the Galaxy App Store.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
One thing I thought I'd mention, using the default html ddg page I get a forbidden message any time I do a search. Using the toolbar works fine though.
Thanks for the app!
blk_jack said:
One thing I thought I'd mention, using the default html ddg page I get a forbidden message any time I do a search. Using the toolbar works fine though.
Thanks for the app!
Click to expand...
Click to collapse
I'm assuming that you are having this problem with the DuckDuckGo's .onion website. If so, this is a bug in their website that I have already tried to submit to them, but so far have not got any response.
https://forum.duckduckhack.com/t/searches-fail-on-the-onion-site-if-javascript-is-disabled/1927
https://www.reddit.com/r/duckduckgo...earches_fail_on_the_onion_site_if_javascript/
There are a couple of workarounds you can use until DuckDuckGo fixes their problem.
1. Set the Tor homepage setting to be https://start.duckduckgo.com instead of https://3g2upl4pq6kufc4m.onion/. The normal website works fine with JavaScript disabled.
2. Use domain settings to automatically turn on JavaScript for https://3g2upl4pq6kufc4m.onion/. You should also set the Tor search to be JavaScript enabled to match.
You might also add your voice to either of the websites above where I submitted the bug report. If enough people mention the problem it will probably get to the person who can fix it.
Problems with the default homepage.
blk_jack said:
One thing I thought I'd mention, using the default html ddg page I get a forbidden message any time I do a search. Using the toolbar works fine though.
Thanks for the app!
Click to expand...
Click to collapse
This problem will be fixed in the next release of Privacy Browser by changing the default homepage to https://duckduckgo.com/?kao=-1&kak=-1, which works with both JavaScript enabled and disabled. See https://www.reddit.com/r/duckduckgo...hes_on_startduckduckgocom_fail_if_javascript/ for more information.
So, this browser starts in an incognito or..?
Privacy Browser Defaults
Freddy1X said:
So, this browser starts in an incognito or..?
Click to expand...
Click to collapse
Privacy Browser starts with the following defaults, which can be configured on-the-fly, by domain, or globally:
JavaScript disabled.
First-party cookies disabled.
Third-party cookies disabled.
DOM storage disabled.
Form data disabled.
Incognito mode is off by default, but can be turned on in the preferences. Incognito mode clears the history and cache after each webpage finishes loading.
There is also a Clear and Exit button, which clears all cookies, DOM storage, form data, cache, and removes Privacy Browser from memory.
How to switch tabs ?
jerryn70 said:
How to switch tabs ?
Click to expand...
Click to collapse
Tabbed browsing is not yet implemented. See the roadmap for more information.
Privacy Browser 2.5 has been released.
Changelog:
• Add SSL certificate pinning to domain settings.
• Add searx.me to the list of search engines.
• Update the default homepage to work with both JavaScript enabled or disabled.
• Fix a bug that caused the website title to be lost on rotate.
• Ghost the “Clear DOM Storage” options menu item if there is nothing to delete.
• Use non-bolded red text to indicate unencrypted websites.
• Fix a bug that sometimes caused custom domain user agents to fail.
• Fix a bug that caused website modifications (like the sorting of a list) to be lost if Privacy Browser was moved to the background.
• Many small improvements were made to the Domains activity.
• Updated Italian translation provided by Francesco Buratti.
• Updated Spanish translation provided by Jose A. León.
There is a blog post with more information about the new features.
Privacy Browser 2.6 has been released.
Changelog:
• Add night mode rendering.
• Update the dark theme rendering of the About and Guide sections.
• Add support for HTTP authentication.
• Color code the Common Name in the view SSL certificate dialog.
• Updated Italian translation provided by Francesco Buratti.
• Updated Spanish translation provided by Jose A. León.
There is a news post with more information about each of these items.
Awesome privacy browser..I have already purchased it from google play store. Please add tabbed browser option.
Please update it soon.
Tabbed Browsing
nausha7 said:
Awesome privacy browser..I have already purchased it from google play store. Please add tabbed browser option.
Please update it soon.
Click to expand...
Click to collapse
nausha7, I'm glad you like it.
Tabbed browsing will be part of the 3.x series. You can read the roadmap for more information.
Privacy Browser 2.7 has been released.
Changelog:
• Add a bookmarks drawer that is accessed by sliding from the right.
• Prevent Night Mode from flashing a white background when loading new pages.
• Update the user agents.
• Bump target API to 26 (Android Oreo, 8.0.0).
• Updated Italian translation provided by Francesco Buratti.
• Updated Spanish translation provided by Jose A. León.
There is a blog post with more detailed information about the changes.
How is webRTC IP leaks handled?
WebRTC
m0d said:
How is webRTC IP leaks handled?
Click to expand...
Click to collapse
Privacy Browser currently uses Android's WebView to render web pages. WebView does not provide any controls over WebRTC, which is a privacy problem.
WebRTC requires JavaScript. By default, JavaScript is disabled in Privacy Browser. So when browsing the web with the default settings, WebRTC will not function and will not leak a user's IP address.
In Privacy Browser, JavaScript may be enabled on the fly or automatically by domain. Because of risks like WebRTC, users should only enable JavaScript for domains they trust.
In the 4.x series, I plan on forking Android's WebView to make Privacy WebView. I will then add WebRTC privacy controls, which will allow a user to disable WebRTC even when JavaScript is enabled.
https://redmine.stoutner.com/issues/62
https://www.stoutner.com/category/roadmap/
Hello! I first download Privacy Browser from F-Droid, then bought in Play store. Updates first appears in Play store, but I haven't update option, only uninstall.
Is it possible to update app installed from F-droid by Play store, or I have to uninstall F-droid version and than install Play store version? Is it possible to keep setting or export and import them?
APK Signatures
CubaoX said:
Hello! I first download Privacy Browser from F-Droid, then bought in Play store. Updates first appears in Play store, but I haven't update option, only uninstall.
Is it possible to update app installed from F-droid by Play store, or I have to uninstall F-droid version and than install Play store version? Is it possible to keep setting or export and import them?
Click to expand...
Click to collapse
Android will only let an app update if the signature on the new APK matches the signature on the currently installed APK. The APKs on Google Play, XDA Labs, and stoutner.com are all signed with my personal key. The APKs on F-Droid are built from source by F-Droid and signed by their key. I believe that the Amazon Appstore strips my signature from the APK I upload to them and applies their own signature, but I have not taken the time to verify that is the case.
As such, when Privacy Browser is installed from Google Play, XDA Labs, or stoutner.com it can afterwords be updated using APKs from any of these three locations. Note, however, that Google Play will only offer to update Privacy Browser if the signature matches and the Play Store database indicates the user has purchased the app through them. I would imagine that XDA Labs performs a similar check, but I have not verified that such is the case.
Because F-Droid builds the app from source there is a delay between when a new version is released and when it becomes available on F-Droid. Some information about the current status of the build can be found at:
https://f-droid.org/wiki/page/com.stoutner.privacybrowser.standard
See also this forum thread:
https://forum.f-droid.org/t/is-the-f-droid-build-process-currently-broken/195
It is not currently possible to export and import settings, but that is a planned feature that will likely be implemented in the next few months:
https://redmine.stoutner.com/issues/23
https://www.stoutner.com/category/roadmap/
Of course, if you have root access, you can use a program like Titanium Backup to backup and restore the bookmarks and settings.
It is also now possible to get F-Droid to include the original APK with my signature on their platform using reproducible builds. As far as I know this was not an option when I first uploaded Privacy Browser to F-Droid. Switching to it now would cause difficulty for those who already have Privacy Browser from F-Droid installed because they would no longer be able to update. So at a minimum I would want to have the ability to backup and restore bookmarks before implementing reproducible builds. Also, there is some infrastructure that would be required. I have not made a complete decision about reproducible builds for F-Droid, but it is likely that at some point in the future I will implement them.
https://f-droid.org/docs/Reproducible_Builds/
https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds
Thank You for answer. So now I'm really waiting for import/export option!
CubaoX said:
Thank You for answer. So now I'm really waiting for import/export option!
Click to expand...
Click to collapse
The next release, version 2.8, will likely be the last release in the first half of the 2.x series. Version 2.9 will move to the second half of the 2.x series and introduce the dangerous file permissions. Once those permissions are added, the features will be implemented to make the default download location public, allow uploading of files to webpages, and export and import of bookmarks and settings, likely in that order.
Privacy Browser 2.7.1 has been released.
Changelog:
• Fix a crash when editing a bookmark in the new bookmarks drawer.
There is a blog post with further information.