Related
is online shopping on android phones actually safe ...i am confused ..any views on this
That depends on what your security concerns are. For me, I think it is totally safe to buy things online with your phone. I would do just about anything but financial activities in this context. However, my answer is a bit loaded so now I need to explain that part a bit. Credit Cards have built in protections. If you check your statements and dispute all charges that you did not authorize, then shopping through your phone is completely safe. I have had tons of fraudulent activity on my credit cards and I haven't paid a single cent that wasn't my own charge. The catch here is that you run pretty much the same risk doing your shopping online through an ordinary computer. Granted, phones have terrible security. My real point here is that you should use your phone assuming you cannot trust it. In this case, I use my credit card fraud protection as my mitigation for an untrustable platform.
dipinv.2007 said:
is online shopping on android phones actually safe ...i am confused ..any views on this
Click to expand...
Click to collapse
It is risky, indeed. Luckily, you can do something to protect your safety online. Android has a lot of flaws and it's vulnerable to malware and viruses- more vulerable than your personal computer because it's an open system( in theory) with millions of unverified apps for Download.
My recommendations:
[Remember, there's no 100% guarantee/solution, but it's better than doing nothing at all!]
Avoid using open WiFi Hotspots( Starbucks, McDonalds, City Hotspots, etc.) if it's not an URGENT purchase.
However, sometimes you find yourself in a situation where you need to purchase something right away. When connected to public networks( again, Sturbucks, City Hotposts, etc) consider using a VPN service to encrypt your connection.
I don't want to start a war over which VPN provider is better, but PIA( Private Internet Access) is ultra cheap and reliable.
Why using a VPN? VPN connections, like L2tp IPsec PSK connections can encrypt your data, securing your connection from sniffing( Wireless network tapping/monitoring).
When shopping online use the shop's app rather than your Android browser. Using your browser can have catastrophic consequences. Your eyes can deceive you! Don't trust them.^ ^
When using your browser( Chrome, Android browser, etc) always check your connection to the shop's sing-in page - if it's unsecured( http websites) leave the page! The same goes for links. Make sure to check the URL address! Again, don't rely on your eyes, when using public hotspots. Why? In layman's terms: When you connect to the internet, your Android resolves IP's(URL's/websites) via DNS servers, which can be infected. If a Hotspot is infected and you search for, let's say, PayPal you might actually get somehwere else! Relying on URL's when shopping via Hotspots is a stupid idea! That's why, again, you should consider using a VPN, which encrypt's your traffic+ paid VPN's have a lower chance of getting infected since the folks working there regularly check their servers+ most VPN providers use secure DNS servers, which overide the Hotspot's default DNS settings.
When downloading apps verify the company's name and make sure it's an original app! Avoid using user-made apps to access your eBay/Amazon account! Stay away from unknown&unverified, hence untrusted Android markets.
Antivirus/anitmalware. Scan your phone frequently!
GOLDEN RULE: NOTHING IS BULLETPROOF!
I guess that's it for the average user. :cyclops:
The same applies for your personal computer.
Thanks guys !! great replies, sums it all up ...every one should follow this advice !! :good:
dipinv.2007 said:
Thanks guys !! great replies, sums it all up ...every one should follow this advice !! :good:
Click to expand...
Click to collapse
You're welcome. Have a good day/night/whatever! :silly:
Of course it is just make sure you are using https:// means secure server that encrypts your data
Of course it is just make sure if you install the official apps
One Question reagarding the apps: Are they using a safe connection to the server or might there be a securtiy problem?
Im talking about the "big player apps" like amazon, ebay, paypal etc.
G'day all.
Currently I'm using Tor and Orbot on my rooted Galaxy S5. I have a basic idea as to how they work, but I am currently attempting to maintain anonymity on my device and am looking to better understand how this all works as I'm new to having my phone rooted and hoping to delve into development at some point.
With that being said, can someone give me a small detailed rundown as to how they work and what is Transparent proxying? Should I run my apps traffic through Orbot?
Thanks in advance!
I also have a galaxy s5 and I have tried transparent proxying, and it didn't work. I also wouldn't trust orbot with my an anonymity.
I could be very wrong but as I understand it tor is using all the clients at it's disposal to provide internet access to everyone .
Ie while you are using tor to surf racoon prom dresses with 50+ client computers around the world they are using your internet to surf Dragon porn with your (and 50+ other people's) internet.
You are basically anonymous in what you are surfing because if you claim you are running tor you are in fact serving internet to others who you don't know. So you can't be held accountable for something you did not see.(just like your internet provider is not responsible for piracy, porn or anything they provide)
But
Tor was crippled by the fbi when the fbi took the servers in Ireland
arstechnica.com/tech-policy/2013/09/fbi-admits-what-we-all-suspected-it-compromised-freedom-hostings-tor-servers/
And what they did once they will do again and again at will.
The government's of the world are actively taking measures to track everyone.And I'm sure are leading many anonymity projects.
There have been many implications of the fbi and other government agency's paying programmers to install backdoors in open software.
Fact is there is not enough money to audit the work of programmers that work on security for the internet.
(You basically have to pay two or three programmers to check the work of the first and hope they have not been payedoff, blackmailed etc)
There is little safety on the internet.
But tor is a step in the right direction, however it is brutally slow by it's nature. And it has been shown that it can be hacked
Private proxy servers, crowd funded public proxy servers, tor and encryption all used together only help.
Peer to peer networks of trusted individuals (like retro share,tor and similar) or other initiatives are the future of internet security.
But only if you can control and trust the ones you share with.
And even that will be pointless when your devices advertises your mac,isn,imei, and hundreds of other serial ids for you and your hardware.and the company's you buy your hardware from keeps records of that info into the foreseeable future.
Someone should write a faq on digital security and all the methods used to track hardware. And the ways to avoid it
(Ie use free Wi-Fi on a device with a spoofed mac(from a used device bought with cash at a garage sale) while blocking unwanted connections from system applications, using encryption and proxys)
It's like being safe from the cold.
Layer your protection in many ways.
But if it gets cold enough you will feel the chill
AmericanxDownxUnder said:
G'day all.
Currently I'm using Tor and Orbot on my rooted Galaxy S5. I have a basic idea as to how they work, but I am currently attempting to maintain anonymity on my device and am looking to better understand how this all works as I'm new to having my phone rooted and hoping to delve into development at some point.
With that being said, can someone give me a small detailed rundown as to how they work and what is Transparent proxying? Should I run my apps traffic through Orbot?
Thanks in advance!
Click to expand...
Click to collapse
Do you know if Verizon GS5 can be rooted?
I have always known that companies like google and facebook for example collect our data, web searches etc and sell this information for profit. Today, this has become an even bigger issue with what we see in the media with the nsa and other government organizations tapping into our devices and monitoring our usage. At the end of the day, most of us, myself included really dont have anything to hide, so it may not be a real issue. I have often thought that if anyone poked around in my pc or phone they would simply get bored as they are just full of geeky engineering files lol. The real thing for me is simply that it's an invasion of privacy and just not right. With that said, I find myself wanting to go the extra mile to make my pc and my phone completely private from outside sources taking my information, watching my web searches and seeing my data. My question is, is it possible to be 100% secure and private, and if not, how close can we get, and how? I have heard that VPN's can achieve this. Is this true? and if so are there any free secure VPN's for our android devices and or pc's that are really good? Do VPN's slow down our devices? Also, Is there a way when we delete android files to permanently delete them? I noticed when I flashed my rom, after doing the complete wipe that is still contains files from before the wipe.
(I know this isn't a pc forum, I only included the pc because it's relevant.)
Thank you all in advance.
There are no data retention laws in the United States. Meaning, if a data center does not want to hold any logs to their users' activity, they're not required by law to do so. Multiple countries are similar, which is why I recommend using Private Internet Access for your VPN. They have a client for PC and Android and they're really great. I've been using them for many years and have had no issues. And, if you're really wanting to remain "anonymous", you can pay for your VPN subscription using gift cards from popular outlets like Walmart, Starbucks, etc. And for search engines, I'd recommend DuckDuckGo, which doesn't log anything you search. For PC, I'd recommend disabling your IPv6 protocol in your router settings and getting uBlock Origin, HTTPS Everywhere, and PrivacyBadger. They're wonderful add-ons for Firefox or Chrome. uBlock Origin and PrivacyBadger can block WebRTC leaks which would leak your IP address and can be used to identify you. If you want more information, feel free to reply to my post and I'll help you out as much as I can.
Hoxic said:
There are no data retention laws in the United States. Meaning, if a data center does not want to hold any logs to their users' activity, they're not required by law to do so. Multiple countries are similar, which is why I recommend using Private Internet Access for your VPN. They have a client for PC and Android and they're really great. I've been using them for many years and have had no issues. And, if you're really wanting to remain "anonymous", you can pay for your VPN subscription using gift cards from popular outlets like Walmart, Starbucks, etc. And for search engines, I'd recommend DuckDuckGo, which doesn't log anything you search. For PC, I'd recommend disabling your IPv6 protocol in your router settings and getting uBlock Origin, HTTPS Everywhere, and PrivacyBadger. They're wonderful add-ons for Firefox or Chrome. uBlock Origin and PrivacyBadger can block WebRTC leaks which would leak your IP address and can be used to identify you. If you want more information, feel free to reply to my post and I'll help you out as much as I can.
Click to expand...
Click to collapse
Hoxic,
Thank you for all of the information. With the private internet access VPN on my PC and android, will that slow down anything like web surfing, uploads or downloads? I am limited to using Verizon's high speed DSL connection as they refer to it, (I refer to it as slowest speed connection lol) in my neighborhood and this is the only provider for me so it's already pretty slow compared to Fios and other broadband connections. I would hate to slow it down any more.
You mention to pay for these services using gift cards and such. Well as I mentioned, I do not have anything that I am actually worried about anyone seeing, this is simply my way of trying to protect my privacy so I wouldn't go that far but I am curious about that statement. Do you mean that using a VPN truly isn't private or is this just to remove any paper trail linking me to the use of a VPN provider? I have been using DuckDuckGo for several years already just to stop google from taking and selling my info. Weather it truly works or not I dont know but its a great search engine anyway so I figured why not use it.
Your advice to disabling IPv6 protocol in my router settings: I do not see anywhere in my router settings to do this so I googled it, and it looks like there's a way o do this in windows. Is that different that what you're advising? Also I read a windows blog on this and windows 10 says IPv6 is a mandatory part of Windows that they do not advise on disabling. Can you give me some more detail on this, and how to disable it, assuming the windows warning is bull.
Thanks for all of your help.
VPN Do you use one, do you notice ?
Yes I know why using a VPN is a good idea, hides you location.
Have thought about using one but a few concerns.
Price .... something like Express VPN is not free
Does a VPN slow your device ?
VPNs are great for privacy and bypassing location locked content. Recommend them for everyone especially if you are on public wifi networks a lot.
Does it slow your phone? No
Does it slow your connection? Slightly - depends on the vpn service and server you are connected to.
ExpressVPN is not the only VPN service out there. You can also look into Nord, PIA, CyberGhost, Tunnelbear.
FYI - Free VPNs aren't really free. They limit your bandwidth, show ads on connection and possibly do store some of that data being transferred. Best option is to go with a well known paid one. It is worth the $5-$15 per month for the privacy.
Hunter3U said:
VPNs are great for privacy and bypassing location locked content. Recommend them for everyone especially if you are on public wifi networks a lot.
Does it slow your phone? No
Does it slow your connection? Slightly - depends on the vpn service and server you are connected to.
ExpressVPN is not the only VPN service out there. You can also look into Nord, PIA, CyberGhost, Tunnelbear.
FYI - Free VPNs aren't really free. They limit your bandwidth, show ads on connection and possibly do store some of that data being transferred. Best option is to go with a well known paid one. It is worth the $5-$15 per month for the privacy.
Click to expand...
Click to collapse
+1
I have been using VPN for years.
Performance impact hasn't been an issue since three or four phone generations ago.
It does have a small impact on battery usage.
Free VPN sucks. They rarely work when you need it, and when it does work the speed is all over the place.
Commercial VPN service quality varies depending on your ISP and how you plan on using it. The reputable VPN usually offers some kind of trial period so you can try them out and decide for yourself.
AstroDigital said:
VPN Do you use one?
Click to expand...
Click to collapse
Yes. I concur with the above statements.
Phishing, have a lot of attacks yesterday for example "iTunes" sent a receipt for an expensive pack, they wanted me to get mad and click on the link..... I am not that stupid.
Netflix, if they trace a VPN well they can simply block access. They know I am Canadian from my login I am not sure how VPNs can get around Netflix content block.
Torrents, never done them
China I never plan on going
Tell me even still, money no object want do you recommend
Thanks guys, I do not think I will bother.
Reasons for VPN
You can not be traced, do not do torrents.
Hacking my security guy says sure in theory on open WiFi but he has not seen the happen
Get international websites Netflix, well some claim this is possible
If you ever visit a place like China
Not sure it is worth the money.
AstroDigital said:
Thanks guys, I do not think I will bother.
Reasons for VPN
You can not be traced, do not do torrents.
Hacking my security guy says sure in theory on open WiFi but he has not seen the happen
Get international websites Netflix, well some claim this is possible
If you ever visit a place like China
Not sure it is worth the money.
Click to expand...
Click to collapse
1. Some VPN services offer torrent protection.
2. My parents got phished using wifi at the library. I rather go offline than use public wifi.
3. Only some VPN can do Netflix. It's not trivial but mine does.
4. VPN is absolutely necessary for visiting China. It's the ultimate testing ground of VPN's technical ability. There are rumors that the reason some VPN can work flawlessly in China is because they are phishing agencies of Chinese government.
I am trying Express VPN, seven day trial.
So far no big deal.
Yep, I use IPVanish. Very fast, hardly notice a speed difference on downloads (but it is slightly slower, to be expected) and web traffic. It does nothing to the speed of my phone.
I use it when I use my banking apps, downloads and location blocking.
I have an Asus router with a VPN Server so free for me. I can connect to it when I'm out or even overseas. The IP isn't identified as a VPN service to any streaming service. I can use it along with some other trickery to prevent my cell carrier from throttling certain content including video or tethering. My way of taking back net neutrality.
Testing Express VPN, first day it sucked 10% battery life.
Slightly slower downloads is ok, but the battery life on the One Plus 7 Pro is not great.
larsdennert said:
I have an Asus router with a VPN Server so free for me. I can connect to it when I'm out or even overseas. The IP isn't identified as a VPN service to any streaming service. I can use it along with some other trickery to prevent my cell carrier from throttling certain content including video or tethering. My way of taking back net neutrality.
Click to expand...
Click to collapse
Are you connecting using open vpn client?
Yes but PPTP with the built in Android VPN also works. I think OpenVPN can use custom ports so someone can't block VPN so easily.
Asus makes amazing Routers! Not quite as customizable as DDWRT but more reliable and they get regular updates.
VPN's are great for internet privacy!
I use VPN apps to protect my internet privacy from espionage. And I think you should too.
I've tried several FREE VPNs but to tell you the truth - they suck and they're slow!
Paid VPNs are much faster. It's better that you first go for a trial version and if you are satisfied with their performance then buy their services.
You shouldn't compromise on your internet safety especially if you make purchases.
I understand a lot of people in this forum buy phones online, and you definitely need protection when you are in the transaction process.
I would round off by suggesting that you should learn more about cybersecurity and internet privacy. I personally use PureVPN, they've been pretty good but everything has their downside, but overall they make you safe and that's what matters the most.
Today vpns are not as useful for privacy as all communication is generally already encrypted at the app level anyway. They are more useful for being able to route connections that are otherwise blocked.
larsdennert said:
Today vpns are not as useful for privacy as all communication is generally already encrypted at the app level anyway. They are more useful for being able to route connections that are otherwise blocked.
Click to expand...
Click to collapse
Still they make it quite a lot harder for your provider to track your usage and for websites and e.g. Facebook trackers to track usage back to you.
You are correct. Your browsing history is obscured. You also need to make sure you are not still using your cell carriers DNS server with the VPN or you'll be just calling them back again.
the vpn provider can see what you are doing so you have to ask yourself if you can trust them, what country are them based in and what are the laws there, and if the risk is acceptable.
if not set up a vpn on you router if it supports it, or on your home pc, i trust my local ISP with local laws more than a random company in another country.
I use and recommend PIA. They have an abundance of servers around the world. I don't notice a big difference in loading speed for average web browsing. One account covers all my computers and devices. They do not log user activity which is the biggest advantage for me. The cost is quite reasonable if you subscribe for 1 or 2 years.
tperki said:
I use and recommend PIA. They have an abundance of servers around the world. I don't notice a big difference in loading speed for average web browsing. One account covers all my computers and devices. They do not log user activity which is the biggest advantage for me. The cost is quite reasonable if you subscribe for 1 or 2 years.
Click to expand...
Click to collapse
Have you heard? PIA was bought out recently. Apparently the company that bought them are questionable at best. I still have some time left on my subscription but I am considering changing VPNs. I just love how easy PIA is.
Google discusses security and how it fortified the Pixel 7 and Pixel 7 Pro
Ahead of its release, Google discussed the impressive security features that are available on the Pixel 7 and Pixel 7 Pro.
www.xda-developers.com
October 11, 2022 7:22pm Comment Timi Cantisano
Google discusses security and how it fortified the Pixel 7 and Pixel 7 ProThe Pixel 7 and Pixel 7 Pro are finally arriving to eager consumers tomorrow, and before their official retail release, Google has shed light on some of the phones’ security features, showing how the company took extra steps to build devices that protect users and their sensitive data.
Smartphones have become a big part of our daily lives, filled with personal photos, apps for education and entertainment, and even sensitive data like passwords, health information, and more. Because of this, Google outfitted the Pixel 7 series with its next-generation Tensor G2 processor and a custom Titan M2 security chip that offers layers of hardware protection to keep your data safe. The security that the chips offer is great for everyday use, but they’re also powerful enough to be used in business applications.
Google is confident in its Titan M2 security chip — so much so that the company had it certified under Common Criteria PP0084, a security standard that is used for ID and SIM cards, EMV-equipped bank cards, and other applications. In order to gain this certification, Google had its hardware tested by a third party, in which it received certification against CC PP0084 with AVA_VAN.5, the highest level of vulnerability assessment. This was a pretty painful process, as the company states that it took more than three years to achieve this certification.
The firm also made advancements in how it processes data with its Protected Computing initiative revealed during Google I/O in May, which it applied to the Pixel 7 devices. Even though Google does offer a lot of security through its hardware and software advancements, the company understands that it’s also important to give users the freedom of choice when it comes to the security experience by offering different options when it comes to user safety.
In addition to the above, Google takes things a step further by offering an extra layer of security by providing its own Virtual Private Network (VPN) service through Google One. The service encrypts network traffic and masks the user’s original IP address. This feature will come standard for Pixel 7 and Pixel 7 Pro owners later this year without any extra costs, giving users another option to protect themselves when browsing the web using cellular data, personal Wi-Fi, or public hotspots. The service will be offered to users as long as the phones receive security updates.
Of course, we can’t forget about Android 13, which will also provide multiple layers of protection of its own on top of what we have already discussed. While the Pixel 7 and Pixel 7 Pro are quite secure, they will eventually get even better, especially with Feature Drops, monthly security updates, and yearly OS upgrades. For its latest devices, Google has promised at least five years of security updates and at least three years of OS updates. If you are curious about either handset, you can now pre-order them with excellent incentives or wait for the retail release on October 13.
Source: Google Security Blog
Click to expand...
Click to collapse
I wonder how the security measures will affect root and getting certain modules to work in magisk.
rester555 said:
I wonder how the security measures will affect root and getting certain modules to work in magisk.
Click to expand...
Click to collapse
I doubt if it will at all, especially root itself, but we'll see.
rester555 said:
I wonder how the security measures will affect root and getting certain modules to work in magisk.
Click to expand...
Click to collapse
I don't see anything new for the Pixel 7. The Pixel 6 is equipped with the same "titan m2".
The only other thing it talks about is the free access to "google vpn", which is just a software thing, and which instead of improving your security, will actually DIMINISH your security. Fact of the matter is that Google is THE ONE entity that you most need security in order to protect yourself FROM, so rather than having a few fringe connections sending data from your phone to google, now you get to feed ALL of your data through them. That's BAD. Remember: If its free, then YOU ARE THE PRODUCT.
Absolutely agreed about the VPN. I will use my own VPN. This is why I have pixel, to de-google my phone.
rester555 said:
Absolutely agreed about the VPN. I will use my own VPN. This is why I have pixel, to de-google my phone.
Click to expand...
Click to collapse
I don't de-Google, but I believe their VPN only works on mobile data, too, and of course is very limited in capability. I use my own, too.
roirraW edor ehT said:
I don't de-Google, but I believe their VPN only works on mobile data, too, and of course is very limited in capability. I use my own, too.
Click to expand...
Click to collapse
Actually it says it works on WiFi hotspots too so it's probably an always on VPN so Google can get more information about us directly into their servers.
I will stick with my trusty VPN.ac that I've had since 2016.
EtherealRemnant said:
Actually it says it works on WiFi hotspots too so it's probably an always on VPN so Google can get more information about us directly into their servers.
I will stick with my trusty VPN.ac that I've had since 2016.
Click to expand...
Click to collapse
I don't think it's always on by default, but interesting about Wi-Fi, I'll have to test it again (I have since paying for Google One).
Android has a built-in method to enable always on for any VPN app. I use it with my own VPN, and I notice Google's VPN in the list of VPNs available to enable always on, first.
It's actually a clunky method to enable and disable always on for a particular VPN, if you want to enable and disable that capability often enough. I usually only want it on for certain kinds of activities. They need to implement a quick setting toggle to enable and disable always on for whatever VPN app you have set.