Heads up to all #Riot users: with the recent attack on @matrix' infrastructure, it's possible that Riot's Google Play version got compromised. This doesn't affect Riot's F-Droid version. Just as Riot started to do now, F-Droid has always signed all its apps on an inaccessible, offline machine. For more information, see riot.im/reinstall

To avoid maintenance overhead, however, it's likely to happen that F-Droid users must also change the app in near future. Still, there's no need to act now.

@fdroidorg @matrix Who's behind Matrix? How does it compare to Mastodon? Is it safe?

@pj @matrix @fdroidorg

Matrix is more real-time / group chat oriented where Mastodon is more for micro-blogging. For now the two don’t federate between them.

It has a robust spec, featuring optional end-to-end encryption which −IMHO− is very secure, despite the recents attacks that only impacted the “official” implementation but not the core itself (and they showed good response).

Behind Matrix is Matrix.org which is a non-profit organization that runs the spec, and there are some for-profit organizations too that makes the implementations, and other collaborators since it’s Free Software (disclaimer: I’m not very sure of that last bit).

Follow

@GeoffreyFrogeye
It's secure enough from the client to server standpoint, but there are lots of trivial and obvious, unfixed exploits that just about anyone should pick up on in short order, so "robust spec" is something of an overstatement. The encryption is good enough, except that one has to verify all devices in e2ee rooms, or blindly trust everyone there (and no encryption of attachments)
@matrix @fdroidorg @pj

@darkmeson @pj Oh, I did not knew that. I guess « spec that has the best potential » would be more appropriate.
Yeah, E2E still has way to go but still it still better than services with no encryption at all or with encryption completely hidden.

@GeoffreyFrogeye
I don't know if I'd say "better than" since it's historically amounted to about the same thing in my case. Riot naively keys itself based on system information which, for hopefully obvious reasons, effectively makes it think it's on a completely different system each time (and there's no batch delete, so my device list is HUGE...one of those potential exploits since there doesn't appear to be a list length limit, LRU eviction, etc)
@pj

@darkmeson @pj Yeah, it is for me too. Hopefully this is just a fix on the client side (Riot Android, nheko and Quaternion don't have this issue at least for me).

@GeoffreyFrogeye
I've been meaning to check the Tensor build that I'd discovered was in the F-Droid repos a few days ago, but I have to unbork Package Installer first (expandable storage issues strike again)
@pj

@darkmeson @pj Honestly, don't bother. It's a 3 years old build, I couldn't make it work, and it doesn't even have a field for personal homeservers.
@darkmeson (I mean, do bother for the Package Installer, might be important :D )

@GeoffreyFrogeye
It's not that difficult to approximate the functionality with a shell script on a rooted device, but definitely still preferable to address the underlying cause...especially since it's only one manifestation of of a common, root cause. It's my own fault though. I knew Google half-assed ES support and laziness compelled me to do it anyway. Time for a custom posixovl and bind-mount solution, I guess (and fingers crossed that su.d launches scripts reliably enough)

@darkmeson Wow, talk about laziness, you seem very motivated to implement a very technical solution to a relatively mundane problem :D
I'd rather accept all the encryption keys by hand.
@darkmeson On a related note, it's sad that Android is locked to this point... You can't do a damn thing a little bit out of the norms without being rooted. And even with that the system architecture makes your life harder if you just want a little bit of freedom :/

@GeoffreyFrogeye
Well,as much as I'd like to lay the blame on Google,the locked down nature is actually the work of the carriers,who want as unfettered access into your device as they can get,and who want to create artificial markets for basic things like tethering.Android itself is surprisingly well (+ thoughtfully) developed to the point that it and a normal distro can even co-exist on the same partition,and the Google-branded devices I've had were among the easiest to unlock

@GeoffreyFrogeye
Android is well-developed in every area but the ones that benefits Google's ad business not to be, anyway (like webview and it's gratuitous leaking of device information and exact build, among other tidbits). AOSP roms like LOS help a bit by providing toggles to disable network access for certain apps without having to root and use iptables directly, but I was reading recently that something similar had landed in Android P too

@GeoffreyFrogeye
but alas,still no sign of anything remotely similar to XPrivacy and other Xposed modules' interactive blocking dialogs for connect() attempts, etc, so I'll still be left devising LD_PRELOAD mechanisms, bind-mounted, spoofed /proc entries,selinux alterations,automatic,programmatic build.prop changes at intervals, and various other things requiring root just to make a crude approximation to be able to move beyond 6. Then we might have to start all over on Fuschia

@darkmeson You seem to put a lot of effort into making sure some applications don't access the internet. I'm really curious into knowing why 😊​.

@GeoffreyFrogeye
First of all, an app should ALWAYS be asking for permission rather than forgiveness anyway (that's ust good design).Secondly, even seemingly innocent telemetry and other "anonymized" datasets aren't actually anonymous today no matter what (big data corellations).Then there's the matter of the information asymmetry.They steal data on us that's rightfully our IP, but don't even give us the benefit of who, exactly, ever gets to look at it, much less anything else.

@GeoffreyFrogeye
Intensive information gathering is almost always the prelude to some sort of attack, so one ALWAYS needs to know who is looking (preferably as near to realtime as possible) so that counter intelligence can be conducted and any active threats identified, neutralized before they become a problem. Finally, revisiting big data correlations, cell carriers are selling our realtime location (via cell tower pings) to whoever'll pay. Makes it extra dangerous on cells.

@darkmeson I don't even think this will be even possible in Fushia without a lot of reverse engineering. AFAIK, it has telemetry built-in, is based on permissions, is not based on a kernel as open as Linux, and will be completly closed source. I hope I'm wrong...

@GeoffreyFrogeye
The kernel is still completely BSD-licensed afaik,but they supposedly try to do away with root in favor of some other model that supposedly will still allow or about the same.Honestly,I just view it as a thinly-veiled attempt to complicate the countermeasures, and I'm sure many others are skeptical enough too that they'll likely end up with the industry forking Android if they don't tread extremely carefully and deliberately.They have a channel on freenode btw.

@darkmeson Yeah, making it from scratch to be what they want it to be won’t make modder’s life easier. At least Linux can do tons of different things even if they’re not used by the OS.

Hmm why not, but the problem will hardware drivers. Even already when they’re made for Linux it’s difficult enough to port them to another kernel version / ROM especially since usually source is not released. So now if drivers are made for the Fushia kernel, porting them to Linux clearly won’t be cake.

@darkmeson I guess AOSP roms are a more involved setup rather than just getting root.

Also, what do you think are the advantages of using iptables instead of a host-based blocklist?

@GeoffreyFrogeye
It really depends on the device/SoC, but a lot of times it's easier to unlock the bootloader, flash a custom recovery, and flash a rooted, AOSP rom like LOS than it is to bother messing with the stock image to begin with (especially since they tend to be buggier, and the OTA updates are a major security vulnerability in and of themselves).

@GeoffreyFrogeye
iptables vs VPN-based blockers vs hosts files is a little involved, but suffice it to say that the guarantees lessen as you read from left to right. Being able to set an Always-on VPN takes the place of iptables in theory, but only certain apps can be set as that, and the carriers often disable tat functionality in their builds anyway (and it's likely not their only anti-user,/anti-privacy "special sauce").

@GeoffreyFrogeye
The other problem with VPN apps is that some of them let protocols they don't handle like UDP, ICMP, etc, to pass through unfettered rather than capturing and blocking as they should. The situation is even worse for hosts files and configured proxies, since those are totally advisory and any app is free to ignore them, or generally be oblivious to them.

@GeoffreyFrogeye
Android 7+ has the feature whereby one can prevent apps from running in the background without root or anything special, and that certainly helps with snoops like Amazon Shopping, who try to make random, sneaky, unsolicited connections, but it still takes iptables firewalling to guarantee that they only do what you've allowed via (ex:) NoRootFirewall, or they don't get any access at all until you respond to NRF's request on what to do about it

@GeoffreyFrogeye
Finally, whether it's a playstore game, a F-Droid app, a popular browser extension or what have you, the growing trend is for bad actors to buy them out to capitalize on the user base (usually to steal browsing data and other personal IP, for blackmailing purposes or otherwise). Knowing what's connecting where not only gives one a sense of who knows what, but also when such a transition has happened, and what can no longer be trusted...in near realtime ;)

@GeoffreyFrogeye
Far shorter version:being more secretive gives the upper hand against most of today's aggressors their having little ammunition to work with makes their initial attack easier to fend of,and then they're at the disadvantage(having lost the element of surprise)since they tend not to be nearly as cautious.The worst of the worst (the predatory sort) have a strong tendency to be extremely cowardly, so NOT being the low-hanging fruit is prudent for that reason alone.

@darkmeson Exactly! That’s what I usually install as few apps as possible, and use websites when I can. They don’t access as much info as they could as an app and it’s way easier to block the trackers and stuff. Well for now. Whether as an app or as a website if more and more people are caring about their privacy, whatever the solution used, they will try to disguise tracking ads and co as legitimate traffic so it will be harder to counter. But in the meantime a lot of open-source or at least more ethics variants of apps/websites are being developped so there’s that.

@GeoffreyFrogeye
The problem there is everything but Firefox/Fennec/etc use the webview (including the new "Firefox Lite" in F-Droid's repos), so that doesn't shift the problem around much. In theory, WebApps and its offshoot WebMediaShare might be a bit safer while still using the webview, but not even Bromite and the other privacy forks bother to anonymize or remove obvious things like the UA for some reason (Privacy Browser has specifics on their site for this situation btw)

@GeoffreyFrogeye
No, actually, I guess I should elaborate on the Firefox situation a little more. We can use it (and should), but even it isn't safe without extensions like uMatrix (which WebApps has its own rough approximation o builtin btw), ScriptSafe, NoScript, Negotiator, uBlock (uMatrix doesn't have all the BLs for some reason), a self-destructing cookie extension, etc, and then it's both slow and likely to be killed unless one has a 4G (RAM) phone or better.

Show more
Show more

@darkmeson Don’t Firefox & co use their own web engine instead of the one provided by the system (webview if I understood that right)?

Show more

@darkmeson Yeah but even if they don’t do connections in the background, nothing stops them of delaying those connections until you allow it to have internet access because you need to use it. I guess so far that’s not what most are doing…

@GeoffreyFrogeye
Right. The analytics and telemetry libs do exactly that, if you go looking under /data/data (ex: "find /data/data -name '*lytic*'" as root). They just store everything they can't send immediately, and burst-transmit the second they figure out they can connect to their phone-home server (all silently and without ever asking for permission first, o course)

@GeoffreyFrogeye
Coincidentally, one can generally thwart them (with root or custom recovery like TWRP) by simply blowing away their reports storage directory, replacing it with a root-owned file, and chattr +i (which is what I do via a script that runs at intervals)

@darkmeson Honestly if I have to use an app with some trackers (I use the Exodus Privacy app to see which ones), it stays on hibernate until I need it. Except for my bank. I’d rather want to be notified of an unwanted payment ASAP…

By the way, didn’t Lucky Patcher or something like that had a way to path the APK to remove the trackers at some point?

Show more

@darkmeson Ow. Honestly did not think it was already there. Is the circumventing of the host files already there too or am I still safe for a short while?

@GeoffreyFrogeye
Reading from the hosts file has always been purely advisory (across ALL OSes, afaik), and anything implementing its own lookup code may well not even take its presence into consideration.

Show more
Show more

@darkmeson Is it really a problem nowadays where everything is a HTTPS request ? :D

@darkmeson Yeah those are advisory but so far most of the apps assume that the customer did not modify their (or is it really theirs? that’s for another question…) device so if the ad don’t load / the tracking data isn’t reported the app don’t bother. So I guess for now it works. If they start implementing DNS-over-HTTPS as a default things will start to get fiery.

@GeoffreyFrogeye
If they do, I'll probably be a lot more noisy reporting abusers ;)

All Android and streaming devices are isolated to their own wireless segment here, so they can't get access without passing through a logging, filtering proxy to begin with, all attempts to redirect DNS elsewhere (as they do via the 8.8.8.8 "bug") end up hitting a local server instead, and some simple scripts notify me when access patterns change

@GeoffreyFrogeye
btw, that usually sounds pathological to most people, but note that that's while I'm at home, and it's essentially an R&D sandbox that does double duty as a quarantine mainly to help prevent location privacy from being lost (which is the most important one NOT to lose)

@darkmeson Yeah I somewhat did the same. I blocked 53 ports on the router’s firewall so every device has to use the local resolver. Which turns out to be a Raspberry Pi with a DHCP server because my internet provider don’t allow me to change the DNS settings of the network from the router (which is illegal but the regulator has more important problems right now so no trial for now :/).

@GeoffreyFrogeye
Technically, you should be considering any ISP-provided device you don't have full control over to be outside of your network/untrusted/part of the internet anyway (which, of course, is part of the problem with mobiles since one can't do that with the cellmodem). I actually get a little trickier, and have DHCP set up to have a "gateway" that redirects outbound DNS to itself and snitches on the requesting device via iptables' NFLOG and syslog

Show more
Show more

@darkmeson Yeah so VPN is mostly for the carrier then, not really for the apps.

@darkmeson For a developper PoV I agree, but from a user PoV, it’s always been easier to use a root exploit for me.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!