AOSDP FIRST TEST BUILD FOR WHYRED [ 08.01.19 ]
By - The Spartann & AOSDP team

⚡️ Android Version - 9.0 Pie
⚡️ XDA Link - SOON
⚡️ Download Link - HERE

@Whyredcloud ™| channel
@Rn5pofficial | Group

⚙ Changelog -
- First Build
- It's a whole new ROM so do support their work and the first release is for WHYRED luckily

Test and report HERE in official AOSDP group

📊 Smokescreen DOH (DNS over HTTPS) Server App
As the name Smokescreen is unfortunately already taken in the Playstore, here the survey once more completely new and based only on your suggestions.
Also, please check first if the name you want to suggest is not already used by another app in the Playstore, otherwise it is not a real option for this poll.

Charon [10]

NebuloDOH [30-50]

Smokescreen DoH [4]

TrumpDNS [15-20]

DoHnut [10-15]

youDoH [1]

AvocaDoH [2]

Secure Me - DOH [5]

Eto dns [0]

DoHgo(doggo/doh go) [2]

Efficacious Planning [1]

Camo [1]

EncDNS [0]

👥 50-100 Leute haben bis jetzt abgestimmt

TWIF 2019 Week 1

https://f-droid.org/en/2019/01/05/twif-37-the-european-bug-bounty-edition.html

Tor vs I2P Review

Tor and I2P are the main privacy routing networks that we have to hide IP addresses other than basic VPN connections. There are other projects too but they are either new or not that popular so they are less effective as anonymity scales by the number of users. I am going to give my honest opinion and compare the two:

✴️I2P Features:

✅Designed for hidden services which are faster and more efficent than Tor (1)
✅Distributed, P2P, decentralized and self organizing (2)
✅Packet switch instead of circuit switch, provides higher level of anonymity
✅Unidirectional tunnels, doubling the security / node than Tor
✅Tunnels are shorter lived than Tor
✅All peers participate in the network 🚩🚩 (3)
✅Bandwidth requirement is low
✅Built in Java 🚩🚩🚩🚩🚩🚩🚩🚩(4)
✅Free and Open Source

(1) I am not sure whether the onionv3 system would be more superior than this. While Tor wasn't designed for hidden services and it's just a plugin, with the onionv3 system it's getting there.

(2) Although it's much more decentralized than Tor, their claims are misleading. They still have directory servers and I guess the development team has a lot of power over the project, it's not like a blockhain which is fully decentralized, so this is misleading. Though it's more decentralized than Tor in either case.

(3) This makes I2P use very risky, especially connecting to it directly, as if somebody is doing something illegal, it would put every node there in danger and suspects of that same crime. Police I guess is not well experienced with this ,and due to the low user count ,this makes it very dangerous to use. Though connecting to I2P from Tor or from a VPN is less risky.

(4) Java is a very flawed language with a history security bugs, and the way the website mocks C in favor of Java makes them look ridiculous. This is a massive red flag for me.

✴️Tor Features:

✅More users hence bigger haystack of anonymity
✅More security audits and academic reviews on it
✅Has solved the scaling issue
✅Centralized 🚩🚩🚩🚩 (1)
✅Has more funding and workforce working on it
✅Is censorship resistant, it doesn't assume clear access to internet lik I2P (2)
✅Adaptive to DDOS attacks
✅Higher degree of plausible deniability and smaller risk of usage
✅Low usage of resources on clients but big usage on servers 🚩🚩 (3)
✅High bandwidth throughput reaching the throughput level of an average VPN service
✅Free and Open Source
✅Supposedly resistant to Sybil attacks (4)

(1) This is a big problem, the development and the infrastructure is very centralized, which would increase the risk of it being shutted down or censored, as it has a few points of failure. I think about 9 directory nodes exist now, which means that blocking only those 9 IP addresses worldwide would cripple the network. The use of bridges and proxies can help, but this issue needs to be addressed.

(2) While I2P assumes that you can connect to the internet, Tor assumes that you are censored, which is better. Tor has a bridge feature which allows to bypass any censorship other than total blocking of the internet. It can connect even through a HTTP proxy and it molds the traffic to be hard to distinguish from normal browsing by packet inspection. Though I2P can be used through Tor, so it's not a big drawdown, Tor still needs to do this, so perhaps the two systems complement eachother.

(3) It's balanced towards higher user experience by outsourcing the work to servers, but this increases centralization which is not good.

(4) It is supposedly resistant against Sybil by it's mechanism is picking trusted nodes, but due to it's centralized nature, operators could be coerced or coopted to become informants, so I don't think this works as well as advertised.

✴️Conclusion and more infos at: https://www.reddit.com/r/privacy/comments/8naaw8/tor_vs_i2p_review/
✴️ I2P Website: https://geti2p.net/en/
✴️ Tor Website: https://www.torproject.org/
✴️ Read in german language: https://t.iss.one/cRyPtHoN_INFOSEC_DE/1678
#Tor #I2P #Review

Darkness-Kernel Manager Updates

Changelogs

- CPU Input Boost/MSM Limiter: use correct ApplyOnBoot id
- Add BCL Low Battery Value tunable

https://github.com/DarknessMod/Kernel-Manager

#dc

⚠️ES File Explorer Android

With more than 100,000,000 downloads ES File Explorer is one of the most famous Android file manager.

The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone. https://mobile.twitter.com/fs0c131y/status/1085461301588094976?p=v

❗️Technically, everytime a user is launching the app, a HTTP server is started. This server is opening locally the port 59777. On this port, an attacker can send a JSON payload to the target

Video Youtube: 🔽🔽🔽
https://youtu.be/z6hfgnPNBRE

#Android #FileManager #ES #FileExplorer #JSON #payload

microG will get funded by Prototypefund

https://prototypefund.de/project/microg/

microg

Marvin Wißfeld 
#Infrastructure #round 5

What problem do you want to solve with your project?

microG is a project that allows Android apps that actually use Google Play services to run without them. The Google Play services are a non-open extension of the Android operating system, which is preinstalled on most modern Android smartphones. Many apps use these services and work without them or worse. With microG it is possible to fully use these apps even if you remove Google Play services from your smartphone. In doing so, the user can select exactly which services Google wants to use, while private data is in any case disguised.As part of this project, microG will be expanded to include support for smartwatches with Android Wear and the card function will be completely redesigned.

How does your project solve the problem?

microG currently consists of a number of modules whose technical structure is defined by Google's given interfaces. These interfaces need to be reverse-engineered because Google has not publicly documented them. As soon as Google makes changes to the interfaces or adds functions, they must also be implemented accordingly in microG, which requires ongoing maintenance. Of course, it's not enough just to know the interfaces, because often behind them a complex function is hidden. 
The function for displaying maps (originally with Google Maps) is to use a library of MapBox. 
To support Android Wear, the logic and communication with the smartwatch must be completely self-developed. It is planned to work with GadgetBridge, whose app can already drive some simple smartwatches and is completely open source.

Who is your tool aimed at?

microG is for those who are unwilling to share their private data with Google or Apple, but still want to use any apps they need for social participation. Since the installation of microG on many smartphones is not readily possible, a person with technical know-how is required.After successful setup and introduction, however, everyone can use microG and keep it up to date.

The Prototypefund will also support the creation of an open push service for Android

https://prototypefund.de/project/open-source-push-service-fuer-android-apps/

Open source push service for Android apps

Markus Hoffmann
#Infrastructure #round 5

What problem do you want to solve with your project?

So far, the only way to easily send push notifications for mobile apps is to use 
either Google's or Apple's push services. On the one hand, these require the use of proprietary system services and libraries, on the other hand, they allow the large platforms to collect all the metadata of all push messages. Even if the app encrypts the content of the sent message, the analysis of the metadata allows conclusions to be drawn on the communication behavior of users. In addition, they make all apps dependent on their own terms of use.

How does your project solve the problem?

Push notifications work, the smartphone establishes a long-lasting connection to a server and this is maintained by the occasional sending of "keepalive" packages. The (push) server assigns individual active connections to the clients and, if necessary, sends a notification to the recipient via the open connection. The client is awakened by the incoming data packets from the sleep mode. 
As part of the project, an Android library will be developed together with a server component that can be integrated by app developers into existing apps. The Android library takes care of maintaining the connection and registering the client. The server component provides an interface for app developers to send push messages to mobile devices. The development of the interfaces (client lib and push server API) takes place 
based on Google's FCM services.

Who is your tool aimed at?

The project consists of an Android library as an alternative to Google's proprietary FCM libraries and a server component and API. The target group are open source projects that want to integrate push notifications without having to develop another project-specific solution themselves.

Purism announces PureOS Store

A secure alternative to proprietary app stores that respects your privacy and freedom. While there is much to do before we go live, we are well into building the infrastructure and refining the policy. PureOS Store will be a vibrant hub for both mobile and desktop apps.

https://puri.sm/posts/purism-announces-pureos-store

Follow their news updates:
https://puri.sm/news

#purism #store #librem #phone

Google Faces Third EU Antitrust Fine Within Weeks

The curtain could soon fall on the last in a trilogy of European Union antitrust fines for Alphabet Inc.’s Google.

Competition Commissioner Margrethe Vestager is set to announce a penalty targeting the AdSense advertising service in the coming weeks, according to people familiar with the probe who spoke on condition of anonymity. Regulators were probing whether Google’s advertising contracts unfairly restricted rivals. The timing is tentative and could still be pushed back, the people said.
https://www.bloomberg.com/news/articles/2019-01-17/google-s-woes-pile-up-as-eu-said-to-ready-third-antitrust-fine

Read Via Telegram

📡@cRyPtHoN_INFOSEC_EN

Energized ⚡️ Protection
is back and updates will be live soon.
https://energized.pro is still not working (read energized group chat).
https://t.iss.one/EnergizedProtection
#energized #adblock

Newpipe 14.2 from F-Droid currently crashes

Downgrade to 14.1 or get next version from github until next release fixes it

https://gitlab.com/fdroid/fdroiddata/issues/1509

https://github.com/TeamNewPipe/NewPipe/releases/tag/v0.15.0


Explanation for slow updates on F-Droid apps:
https://github.com/TeamNewPipe/NewPipe/issues/1981

How switching my parents over to Linux saved me a lot of headache and support calls

https://blog.simon-frey.eu/how-switching-my-parents-over-to-linux-saved-me-a-lot-of-headache-and-support


#alternatives #linux #windows #parents #grandma #grandpa #why

How can I remove Google from my life?

Geoffrey writes from his Gmail address to ask how he can stop Google from intruding into almost everything

How can I stop the intrusion of Google into almost everything? (After I’ve changed my email address.) Geoffrey

Google’s motto used to be “don’t be evil”, but in the eyes of some it has now taken on the mantle of the “evil empire” from Microsoft, which Bill Gates and crew inherited from the IBM mocked in the Mac’s launch advert in 1984.
https://www.theguardian.com/technology/askjack/2018/dec/20/how-can-i-remove-google-from-my-life

Read Via Telegram

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE