[Q] how hide apps in start menu of Windows 10 Mobile "or" add whitelist to Edge?
Hi,
is it possible to "hide" an app from the W10M start menu? And I don't refer to the home screen, I mean the full list of apps.
Or would there be a way to let the browser only work with a whitelist? .. No, Microsoft Family does not work properly on W10M.
Background - feel free to call me soft:
- Bought a Lumia 640 XL for my wife and a 2nd hand Lumia 535 for my daughter (to be her first smartphone, getting 9 end of the month) so that they could "share" the same experience, more or less.
- Played around with the "Microsoft Family" feature, and, to make it short, it doesn't work properly, not nearly close to what was expected or advertised. That might change ... in a few months. Maybe.
At least the URL filtering does not work "at all".
- So, in short, in order not to instantly fall back to pick an Android based device for my daughter (one beloved Razr i still in close range...), I was wondering if it was possible to "hide" one or the other thing from the start menu instead, the Edge browser in particular. Uninstallation I don't expect to be possible, probably being a deeper chunk of the OS, but only touching the start menu I concluded "should" be possible, one way or the other. At least I hope so.
Would I start to deal with the "full file system access" approach or rather try to dive into registry fiddling? Any help or maybe clear hint would be highly appreciated.
By now I did not find anything related to this. Neither here at xda or somewhere else. Probably no one considers doing something like that for his kids on Windows 10 Mobile ...
Who would want to hide a browser on a smartphone, anyway? .. yeah, I can't keep my kids "off" of the bad Internet, but I can at least keep an eye upon as long as possible.
Thanks in advance,
regards,...
bloodot
additional remark:
... after adding "a few" URLs to Microsoft's web interface for blocking URLs (via a web automation tool, yeah, I'm lazy...) it stopped working at 1003 regitered URLs. So, as long as they don't come up with something that works (whitlist... external service for checking URLs... whatever...) any help on this matter would be highly appreciated.
You want to keep her off the "web," correct?
Change your Mobile Data & Wifi DNS to 127.0.01
(You will need interop/FS access: )
Create a hosts file in C://Windows/system32/drivers/etc
Determine what sites you want to *allow* and find their IP. For example, if you want to whitelist Facebook, open cmd.exe from your PC and type:
Code:
ping facebook.com
You'll see:
Code:
C:\WINDOWS\system32>ping facebook.com
Pinging facebook.com [31.13.76.68] with 32 bytes of data:
Reply from 31.13.76.68: bytes=32 time=75ms TTL=82
Reply from 31.13.76.68: bytes=32 time=76ms TTL=82
Reply from 31.13.76.68: bytes=32 time=79ms TTL=82
Reply from 31.13.76.68: bytes=32 time=74ms TTL=82
Ping statistics for 31.13.76.68:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 79ms, Average = 76ms
C:\WINDOWS\system32>
So, you'd add:
Code:
31.13.76.68 facebook.com
31.13.76.68 www.facebook.com
to your phone's host file.
If you can create profiles on your router, you can also do the same (DNS to 127.0.01 for her phone's MAC address)
Doing this would make all of the web unresolvable, except facebook.com
To change the Wifi DNS:
Settings -> Network & Wireless -> Wi-fi -> Static IP -> fill your info
*If your router doesn't support static IP, you should check and see if your router supports profiles, and build one to target her phone mac address.* (If you don't target her mac address/other phone identifier and set your router to 127.0.01, all of the devices on your network will encounter blocked access to the web)
For Mobile Data:
I don't see an immediate switch for this (at least with my provider), it's routed through a network port on their servers. Unless something changes in future builds, it's probably best to just turn mobile data off and use the Wifi/hosts to keep control of what sites she can access.
Thank you very much!
Point is, I don't want to keep her off completely, and the major issue would be to keep control once she's "not" inside our home network but on cellular.
So I think I need to start investigating on my own whether I can manipulate the start menu or even the browser itself.
The local DNS lookup, which would only work on WiFi anyhow, would also result in me analyzing all communcation end points for "any" kind of
app I'd like her to use. Doable, but still the mobile part would be open. Beyond that I cannot block here "re-enabling" the cellular data connection,
the system isn't that strict in that matter. Would be nice, though, ...
@home I already use OpenDNS, probably should have mentioned that, so that's more or less under control.
Let's see if some other ideas or approached pop up from xda; I'm actually trying to get in direct contact with one of the Microsoft Family team
as, on a business level, we're currently working closely with some of the Microsoft 10 teams.
If they, if connected that is, tell me that they're aware of the bugs and that they're actually part of a road map, I'd be happy, too.
However, for the time being I expect I have to sort it on my own.
I'll give it a go with interop and see what I can find to deal with.
So, any other ideas?
Regards,..
bloodot
How about interopunlock and use your own hosts file?
How about App corner inside settings?
augustinionut said:
How about interopunlock and use your own hosts file?
How about App corner inside settings?
Click to expand...
Click to collapse
... the hostsfile will only work via WiFi, at least that's my current understanding as for cellular one cannot change the DNS settings, meaning, you can't make them point towards 127.0.0.1.
App Corner I already "played" around with - it has some other issues
- it's buggy, sometimes it doesn't even start.
- can be bypassed by just restarting the device
- everything "allowed" is available to public, more or less.
- the App Corner does not allow "games" to be made available ...
... hey, so what about the kids' corner?
- well, that doesn't allow the phone app... but still, that would also be a half-baked approach again.
I hope it were at least three different teams designing those packages, the kids' corner, the app corner and the family safety integration.
As a whole, NONE of them delivers what a parent needs when actually "permanently" giving a Windows based phone to one of his children.
bloodot said:
... the hostsfile will only work via WiFi, at least that's my current understanding as for cellular one cannot change the DNS settings, meaning, you can't make them point towards 127.0.0.1.
App Corner I already "played" around with - it has some other issues
- it's buggy, sometimes it doesn't even start.
- can be bypassed by just restarting the device
- everything "allowed" is available to public, more or less.
- the App Corner does not allow "games" to be made available ...
... hey, so what about the kids' corner?
- well, that doesn't allow the phone app... but still, that would also be a half-baked approach again.
I hope it were at least three different teams designing those packages, the kids' corner, the app corner and the family safety integration.
As a whole, NONE of them delivers what a parent needs when actually "permanently" giving a Windows based phone to one of his children.
Click to expand...
Click to collapse
PIN + kids corner. Can't bypass it.
-W_O_L_F- said:
PIN + kids corner. Can't bypass it.
Click to expand...
Click to collapse
... it's not my phone she should use. She should be able to use her own phone.
That includes calling her mum or me.
"Phone" is not an allowed app for the kids corner, it ain't listed when setting that up.
And even if it was, it would allow "anyone" who would steal that phone to directly use it's SIM card hazzle free.
And, as a minor annoyance, anything else that would be allowed via that mechanism.
It's just the current truth to deal with, W10M is not child-ready by any means.
If I want more control, I need to switch the phone.
Or start trusting a 9year-ish old girl to deal with the Internet without restrictions.
... so fiddled around with a few things, though interop is active according to the tool itself after sideloading it, wconnect won't work at all (crashes, no proper error given and before that IpOverUsbInstaller won't finish installation), so I can't get that key to get the SSH connection done and therefore I can't get full file access.
I think I'm done with this now. Selling the phone, using the Razr I instead, already have the proper system locking tools in place for that, bye bye Lumia 535. I would have loved to see my child deal with such an "easy" OS interface for getting used to smartphones, but I can't let her have access to the Internet while "not at home" without restrictions. No way.
... went so far and tried miradore to restrict the system via MDM. And guess what ... the f'n browser CANNOT be blocked via MDM. At least miradore has a free trial of 14 days. I was even willing to pay the damn 2$ per month for that service. *sigh* MAYBE it has a URL filter SOMEWHERE ...
... however, at least one can disallow the "usage" of the browser. MAYBE that works. Trying...
Yes. Works. JESUS ... what a mess. Let's see if I can get that done somewhere / somehow via MDM "without" another monthly fee ...
yeah, worked. Pitty though, they want "10$" minimum fee per month.
BUT: ... I stumbled over https://www.manageengine.com/mobile-device-management/
Free for up to 25 devices. Either cloud based (not supporting W10M for now) or Windows based installation (supporting W10M, more up2date...).
And it works. Thank you very much. Case closed.
Though I cannot restrict the URLs ... I can blog the Edge browser. And the Microsoft Store. Happy bunny.
Related
Hi all,
Eversince i bought my BA, i did not need to use Wlan on it (over a year now !!) but i am getting a bit frustrated in the last couple of days as i am unable to use it.
here is the situation - when i come to a place where i know there is a wifi signal (at my friends house) i tap the little icon on the bottom right side of the desktop screen and i get the "Wireless LAN manager" , i check the "Wireless LAN ON" checkbox and then tap "ok" . then the screen changes back to the desktop screen and i can see the little antenna in searching mode (accumulating dots beside it), then i get a popped up baloon asking if i wish to connect to "internet" or "work", i check the internet circle and tap ok (or connect - i dont remmember as i have no wifi signal at the moment), but than nothing happens - the little icon of the antenna is still searching and if i tap it i get the same "Wireless LAN manager" with no signal strength or any thing...if i try the internet explorer, it tries to connect via the GPRS connection...
PLEASE....HELP ANYONE....
It's only a notion but I'd check your friend's WiFi AP. I set one up recently in our place. The device used is a Wireless G Broadband Router and Access Point (AP) which also has a net port (4 physical connections).
I couldn't get a murmur out of it on the simplest device... ancient Jornada 720 Win 2000 with Aironet 340 card (they are matched) although it was evident that all parts were working and the setup programs recognised each other as being there. Tried our Acer n30 next on a Safecom card. Same result. Head scratching.
Eventually a light bulb went on.
Tried a hard reset on the AP/Router. It re-set from one channel (11) to another (6). Everything suddenly started talking.
Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
The AP Router is full of encryption options from WEP up. Your gadget has to match the requirement from the AP/Router... that might mean a keyword used as a base for encryption or steadily more complex requirements... depends on what your friend's AP Router is set to.
My solution had to be simpler. I could not be bothered to prat about sticking code words all over the place every time I wanted to add a device... and getting encryptions to agree is sometimes not as easy as they'd have you believe.
Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
So check with your chum and see what his settings on his WiFi are. Maybe try a hard re-set on it too if poking about in the admin program doesn't help.
QF
Yol said:
Hi all,
Eversince i bought my BA, i did not need to use Wlan on it (over a year now !!) but i am getting a bit frustrated in the last couple of days as i am unable to use it.
here is the situation - when i come to a place where i know there is a wifi signal (at my friends house) i tap the little icon on the bottom right side of the desktop screen and i get the "Wireless LAN manager" , i check the "Wireless LAN ON" checkbox and then tap "ok" . then the screen changes back to the desktop screen and i can see the little antenna in searching mode (accumulating dots beside it), then i get a popped up baloon asking if i wish to connect to "internet" or "work", i check the internet circle and tap ok (or connect - i dont remmember as i have no wifi signal at the moment), but than nothing happens - the little icon of the antenna is still searching and if i tap it i get the same "Wireless LAN manager" with no signal strength or any thing...if i try the internet explorer, it tries to connect via the GPRS connection...
PLEASE....HELP ANYONE....
Click to expand...
Click to collapse
quinbus_flestrin said:
Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
[snip]
Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
Click to expand...
Click to collapse
QF,
Are you aware that it's a fairly simple task for someone to spoof a MAC?
And in that you haven't implemented any kind of encryption that means you're broadcasting everything in the clear ... which means that anyone who wishes to access your network needs only wait until they pick up one of your valid MAC's and they're in.
Blocking MAC's is useful ... but enabling WEP (even though we all know it's not going to stop a determined attempt at penetration) will do more to keep out a casual 'visitor'. If your clients can handle WPA-PSK (which may not be the case) given a sufficiently long and random passphrase the only attack is bruteforce which can take years.
Implementing decent security just isn't that hard ... there are plenty of howto's on the net that will walk someone through everything from getting WEP going right through to setting up a VPN.
Yol,
Your friend may have set up some kind of encryption on his Access Point ... if he's connecting to it with a client then he should know what he's using.
If he's NOT connecting to it then check the manual and have a look at the settings on the Access Point. Almost all Access Points will let you connect to them using a web browser.
So if (as an example) your friends AP is at 192.168.1.254 you just plug that into your web browser on a computer that is on the network (in other words, NOT from your BA).
You'll then need to navigate your way to the settings for Wireless security (I can't help you with that ... it's different for pretty much every brand of AP) and see what's set up.
Once you know what the required settings ARE for his AP you need to configure your phone to match. Not having a BA I can't really help with that either ... but I'm sure someone else here can.
I just knew there'd be a more complicated way ;-))...
Seriously Mr Doormat... Thanks for the heads up though.
This guy was just hanging here without a response this morning when I found this XDA board.
I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.
What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?
We have the AP/Router open for web access only AFAIK.
The only physical connection is the one you mention... to the computer via the Ethernet card, which accesses the Admin Menu.
I'm unable to get any access around logged in machines myself and I'm on the admin machine.
I dloaded WiFi for Dummies but, as usual, I haven't got past the boring bit in the front where they describe what you are dealing with rather than what you can do to/with it.
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.
I picked up a Safecom 802.11g PCMCIA card to try in the laptop, but it really hated that and refused to see it in the end. But it really loves the old Aironets.
Both Vaio and PC are on a nice Windoze XP SP2, from our friends at Appznet. The Jornada is Win 2000, and the two Pocket PCs are 2003.
I looked for a walk thru for bringing this AP on stream. Even the suppliers were baffled... until we did the hard re-set and the channel changed. I don't know what else changed.
As for bringing security on stream... well I tried sorting out the lowest common denominator... the oldest handhelds... they balked at it and I reverted to the last good setting... an old tradition.
It seems to be a question of finding the level for whatever you have.
I can allegedly bring 802.11g on with this PCMCIA card and the AP, but if I do the XDA can only do 802.11b can't it? As can the Safecom for the Acer.
I am so pleased to have found a forum for the XDA, but you'll understand I hope that I'm a bit bemused to find the first topic I get into is WiFi. I thought that had been sorted... I should have known better. )
Any information you feel relevant to this would be much appreciated. Jornada forums are all but dead now. The Acer N30 is having an unusual revival for no reason I can think of. And the AP Router is from a pleasant bunch of folks, but they eveidently know about as much as I do.
QF
Doormat said:
quinbus_flestrin said:
Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
[snip]
Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
Click to expand...
Click to collapse
QF,
Are you aware that it's a fairly simple task for someone to spoof a MAC?
And in that you haven't implemented any kind of encryption that means you're broadcasting everything in the clear ... which means that anyone who wishes to access your network needs only wait until they pick up one of your valid MAC's and they're in.
Blocking MAC's is useful ... but enabling WEP (even though we all know it's not going to stop a determined attempt at penetration) will do more to keep out a casual 'visitor'. If your clients can handle WPA-PSK (which may not be the case) given a sufficiently long and random passphrase the only attack is bruteforce which can take years.
Implementing decent security just isn't that hard ... there are plenty of howto's on the net that will walk someone through everything from getting WEP going right through to setting up a VPN.
Yol,
Your friend may have set up some kind of encryption on his Access Point ... if he's connecting to it with a client then he should know what he's using.
If he's NOT connecting to it then check the manual and have a look at the settings on the Access Point. Almost all Access Points will let you connect to them using a web browser.
So if (as an example) your friends AP is at 192.168.1.254 you just plug that into your web browser on a computer that is on the network (in other words, NOT from your BA).
You'll then need to navigate your way to the settings for Wireless security (I can't help you with that ... it's different for pretty much every brand of AP) and see what's set up.
Once you know what the required settings ARE for his AP you need to configure your phone to match. Not having a BA I can't really help with that either ... but I'm sure someone else here can.
Click to expand...
Click to collapse
quinbus_flestrin said:
I just knew there'd be a more complicated way ;-))...
Click to expand...
Click to collapse
There is always a more complicated way ... that's part of the fun, I think
quinbus_flestrin said:
I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.
What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?
Click to expand...
Click to collapse
Yes and No.
An unsecured AP provides a simple means for someone to access the Net anonymously. For someone with malicious intent this has great advantages, as you can imagine. And whatever they might do would be traced back to you.
Don't get me wrong ... I'm not suggesting that there is a pack of rabid hackers circling your place using your wifi as an initial entry point to permit them to realise their schemes to bring down the Internet and western civilisation ;-)
But, as I often point out to my clients ... How would you feel if you found out that in the middle of the night someone used your unsecure AP to upload a couple of hundred MB of kiddie porn? And that you then had to prove that it wasn't YOU.
I admit - it's unlikely and a bit graphic ... but it IS a possible senario.
Less dramtically there is the cost. I'm not sure what your deal is with your ISP ... but in Australia a lot of people have quota's - a given data allowance per month, after which they are either charged excess data rates or are shaped to narrowband speeds. I imagine it would suck to experience either because someone has been downloading movies over your wifi.
quinbus_flestrin said:
We have the AP/Router open for web access only AFAIK.
Click to expand...
Click to collapse
It is fairly simple to tunnel any kind of connection through port 80 (which is used for http). Goggle for http AND tunnel and count the hits.
quinbus_flestrin said:
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.
Click to expand...
Click to collapse
There is, of course, an overhead with WEP or any other encryption scheme. I personally haven't ever had a problem, although I know some who have.
Generally they found updating the firmware on the router/AP end, and using the latest drivers for their client got them the best performance. YMMV of course.
quinbus_flestrin said:
I looked for a walk thru for bringing this AP on stream. Even the suppliers were baffled... until we did the hard re-set and the channel changed. I don't know what else changed.
Click to expand...
Click to collapse
Quite possibly nothing ... it is not uncommon for people (even people who should know better) to focus on everything but the channel. Everyone does it
quinbus_flestrin said:
As for bringing security on stream... well I tried sorting out the lowest common denominator... the oldest handhelds... they balked at it and I reverted to the last good setting... an old tradition.
Click to expand...
Click to collapse
If WEP is your only common denominator and updating firmware and drivers doesn't improve your peformance sufficiently under WEP then there is one security measure that I routinely employ, which rarely seems to be mentioned. TURN THE WIFI OFF WHEN YOU AREN'T USING IT.
Case in point ... my home AP is currently running (I see no point in power cycling it over and over) but the wireless is disabled. It takes 30 seconds to browse to the setting on the menu to enable it. It then takes about 30 seconds before I can associate. Before I go to bed at night I make sure that the wireless on the AP is disabled ... I'm not going to be using it so there's no need for it.
There is a lot of discussion about how easy it is to crack WEP ... and it IS easy. IF you have the hardware and sofware and know what you're doing, etc. I should point out that I do NOT have the setup to crack a WEP key ... but I've studied it sufficiently so that I know it's not really secure. BUT it will keep the majority of those who wish to jump on your bandwidth out. So if you can get it going, do so.
The other aspect is the security of what you are moving across the network. Internet banking, for example, is pretty secure as the data is encrypted anyway. But your usernames and passwords for your email, forum accounts, and anything that you are sending that isn't encrypted by default is being broadcast in clear.
This only becomes a problem IF someone is bothering to gather the packets being broadcast and then extracts the relevant info from all the other noise. Which is probably pretty unlikely. Unless, like a mate of mine, you live in a block of apartments with 3 unsecure wifi AP's in reach. I recently suggested that if he were to sell his flat, he could get more by pointing out that it came with free internet
Now thats what I call some good advice. A lot of the topics in this board are a bit over my head... upgrading or cooking new ROMs for example... but this is good practical advice for relatively simple old boys like me.
Our police are so good at arresting people who are not criminals, and so bad at catching those who are, that it is more than likely that bandwidth stolen to upload stuff like porn would land us in prison. They are pathalogically unable to admit that they themselves lie as much as the criminals do and deliberately cause miscarriages of justice now, so unless you can produce an iron-clad case then you are stuffed. They stopped policing some time ago when they started working for the government.
Eight of them performed a judicial murder in the tube, in full view of everyone, and still they deny that they were responsible for a needless death. That about sums them up now. Overpowered and Overpowering.
Sometimes I'm glad I'm confined to the house and the locale so much.
I will certainly turn off the WiFi when not in use. Thanks a lot for the tip.
<Less dramtically there is the cost. I'm not sure what your deal is with your ISP ... but in Australia a lot of people have quota's - a given data allowance per month, after which they are either charged excess data rates or are shaped to narrowband speeds. I imagine it would suck to experience either because someone has been downloading movies over your wifi.>
Here in the increasingly Orwellian UK we use an outfit called ntl. The deal we have is £25 pm 2Gig Broadband and (as yet) no practical dload limits. Although traffic limits are in the agreements, no one so far has reported a penalty. I stayed on 512k for a while when they brought them in, as the limit on there was far higher. But next door went on the 10Gig and dloaded more in a week than I had in a year (films mostly I think) and suffered no hit from ntl.
<It is fairly simple to tunnel any kind of connection through port 80 (which is used for http). Goggle for http AND tunnel and count the hits.>
This I must look into further. Thanks.
<
quinbus_flestrin said:
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.
Click to expand...
Click to collapse
There is, of course, an overhead with WEP or any other encryption scheme. I personally haven't ever had a problem, although I know some who have. >
I'll try the WEP once more.
<Generally they found updating the firmware on the router/AP end, and using the latest drivers for their client got them the best performance. YMMV of course. >
This AP/Router is UD'd to date AFAIK. Drivers for the old Jornadas are built-in to the ROM... they don't do Firmware... it's hard wired. I'll really have to retire them I suppose. They're prematurely becoming as anachronistic as my old Atari Portolio and DIPs. )
This is the kicker... simple, effective, and easily done by the punter. The mark of the professional at work.
<If WEP is your only common denominator and updating firmware and drivers doesn't improve your peformance sufficiently under WEP then there is one security measure that I routinely employ, which rarely seems to be mentioned. TURN THE WIFI OFF WHEN YOU AREN'T USING IT.>
<Case in point ... >
Funny you should mention flats. There are some next door and some houses on the other side.
Yesterday our XDAiis and PC notified me that a net was operational and the usual "did I want to connect". I didn't then.
However after reading your post I have.
You're right again. I needn't have bothered with all the work I did WiFi-ing, and the £40 for the AP/Router. This lets the XDA and our laptop in the upstairs sitting room on-line anyway.
My initial task was to get off dial-up in the upstairs sitting room and on to our downstairs BB account... saving the cost of the old account and the extra phone line we had put in, then to re-direct that saving to upping the BB speed.
The AP is off at night anyway... my lady won't have electrics on (aside from the phone) at night... and religiously goes round shutting them off b4 we retire.
I'm going to get my nose back into WiFi for Dummies now, and another one I just 'found' called Wireless Network Hacks and Mods. Please let me know if anything else occurs to you.
QF
quinbus_flestrin said:
This AP/Router is UD'd to date AFAIK. Drivers for the old Jornadas are built-in to the ROM... they don't do Firmware... it's hard wired. I'll really have to retire them I suppose. They're prematurely becoming as anachronistic as my old Atari Portolio and DIPs. )
Click to expand...
Click to collapse
I love old hardware ... I think it's a shame to waste it and with the passion everyone has for 'latest and greatest' one can pick up 'outdated' stuff really cheap.
Add to that the fact that never I upgrade OS or software unless it very clearly provides something that I really want. So I can totally empathise with your desire to keep the Jornada alive as it were.
I'll send you a PM, as we're really drifting into stuff that has little relevance to these forums.
YOL anyone having WIFI WIRELESS PROBLEM
YOL anyone having WIFI WIRELESS PROBLEM
http://forum.xda-developers.com/viewtopic.php?t=40712&highlight=wifi+problem
read this thread fully.. should help..
Doormat said:
quinbus_flestrin said:
I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.
What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?
Click to expand...
Click to collapse
Yes and No.
An unsecured AP provides a simple means for someone to access the Net anonymously. For someone with malicious intent this has great advantages, as you can imagine. And whatever they might do would be traced back to you.
Click to expand...
Click to collapse
More importantly, once someone has access to the wireless side of your router (i.e., you don't use encryption or you use WEP/WPA-PSK and they cracked your key/passphrase), it's possible for them to poison the ARP tables and launch a man-in-the-middle (MITM) attack against BOTH your wireless clients AND the wired clients plugged into the router. This sounds hard, but it actually quite simple with a tool like Cain. Once they are set up as a MITM, anything goes, including attacks on your SSH connections and web browser SSL sessions (i.e., https). A successful MITM attack such as this can compromise all of the data in these "secure" connections, including usernames, passwords, PINs, etc.
It is very important to lock down the wireless side of your router, even if you do all of your "sensitive" surfing from the wired side. Also, you should always be careful when accepting certificates for secure sites in your web browser. For more information, I suggest you read this whitepaper: http://www.eecs.umich.edu/~aprakash/eecs588/handouts/arppoison.pdf.
Good luck,
Paul
Can someone please tell me how -- or point me to an existing thread that will provide instructions for how -- to get AT&T's Tilt 2 to use wi-fi?
My situation is that I'm new to the Tilt 2, and I'd like to be able to access wi-fi -- rather than the slower than molasses 3G network -- when I'm within range.
My network is wired with a WAP, and it uses static IP addressing. I have no problem accessing the network with my (old) 8525 and my (newer) iPhone or my PDA or my laptop (all configured by me) to use my network to access the Internet and email.
My network is pretty tight (I think, or hope) in that it requires a specific IP address that matches a specific MAC address to gain access.
I've configured my router & WAP to accept a specific IP address for the Tilt 2, as well as the Tilt 2's MAC. I've checked & rechecked too many times to count to make sure I didn't make any typos. I've assigned the IP address on the Tilt 2 by going to Settings > Connections > Wi-Fi > Wireless Networks > Network Adapeter, and I set the Boradcom 8-2.11 DHD Newwork Adapter (is that the right one?) to use the specific IP addy I've assigned.
However, while the wi-fi icon indicates it's connected, I'm unable to use either browser on the Tilt 2 to access the Internet -- all I get are error messages.
I have honestly tried to read here for tips, and while I've read that I need to disable the AT&T proxy, the threads I found were a little (or a lot!) over my head.
I would sincerely appreciate any guidance.
TIA,
Saundra
Please, Need Help with Wi-Fi Settings
Surely I'm not the only one having problems getting the settings right so my AT&T Tilt 2 can connect to a home network, am I?
Honestly, I'm not a moron, but I can't figure it out, and the AT&T store was no help today, either. I recall that I had a similar problem with my 8525, so I went back & looked at my notes from 2008-- the problem was the MEdia Net proxy settings. On the 8525, it was a simple matter to uncheck the "This network uses a proxy server to connect to the Internet" box.
On the Tilt 2, however, I can't see where to give that a try because all I see is a message that says, "This connection is pre-configured. It cannot be modified."
Am I looking in the wrong place, or what? Or is that unlikely to be a problem on the Tilt 2?
I will greatly greatly appreciate any suggestions to try!
TIA
My first question is, are your WiFi router and the wifil on the TP2/Tilt the same? If the router is g and phone is N, they won't communicate.
That's a good question, and one I'd not thought of. My WAP supports B, G, & N & is operating in B/G/N mixed mode-- I don't know what the Tilt 2 is, but I'd think one of the three would cover it, yes?
Try going to this thread and downloading the files in post #13. Run the remove hidden proxy cab and see if that works, that will remove the hidden AT&T proxy server setting that often can't be disabled otherwise. The Tilt2 supports 802.11 b/g, so a router in mixed mode should have no trouble with that. You might try playing around with the network adapters again; I'd personally take another stab at the DHD adapter you tried earlier, since that is the one used on wlan connections. Also, you should probably make sure that the box which says: "My network card connects to:" is set to The Internet, and not work (this setting can be found on the Network Adapters tab of the Wi-Fi applet.
And while a bit off topic, you might want to consider adding additional security on your router (such as WPA2 encryption) if MAC filtering and static IP addresses are your only security; it's quite easy to grab both using free tools like aircrack-ng.
I want to thank you for your suggestions, but I'm not having any luck so far.
Scratch that -- things seem to be working . . . kind of. All I did was keep redoing the same things over & over, and suddenly, things are working.
I'm starting to think, though, that there's something wrong with this particular phone. Seriously -- I did nothing different tonight to get wi-fi working . . . encouraged by your comments, I just kept doing the same things over & over & over that I did last night.
Last night, running the removeHiddenProxy4CWS cab (it's in the Tools folder) resulted in not being able to connect to the Internet via 3G or wi-fi. Tonight, the results are different: I'm able to connect to the Internet via both after having run for the umteenth time the removeHiddenProxy4CWS file.
Further, while I've read many comments that the Internet is really slow on the Tilt 2, I'm thinking mine is abnormally slow & seems to hang up even via wi-fi. Now, I'll admit that perhaps my expectations are different coming back from an iPhone, but I charged up my old 8525, turned off the phone on the Tilt 2 to make sure I was connecting via wi-fi, and we are talking agonizingly slow on the Tilt 2 -- I was able to browse to six different Web pages on the 8525 in the time it took the Tilt 2 to partially bring up the first page (I used the same starting page on both). And, I say "partially" because it seemed to hang up at only partially displaying the Web site until I eventually hit the little circle in the bottom right of the screen. It does that on lots of pages -- is that the way things usually work on the Tilt 2?
Also, after my last soft reset just before things started working, I got a memory error message after I turned on wi-fi & when I hit the Internet button -- I should have written it down, but it said something about being out of memory on line 2. Any suggestions about that?
If the above are normal experiences for the Tilt 2, then I'll start learning about the tweaks to improve speed & such. If not, then I guess I need to try to exchange this phone. <sigh>
I also really appreciate your a bit off topic comment because I'm a security freak but not sure I understand much! My WAP uses WEP 64-bit encryption in addition to the MAC filtering & static IP addresses, and my wired router has a firewall -- does that sound sufficient. None of my neighbors can "see" my network, and it can't be seen from the nearest public road -- does that sound relatively secure?
Most of your Tilt2 problems could be fixed by flashing a custom ROM. If the phone is a business phone (as in it belongs to your company) or you otherwise can't void the warranty, a custom ROM sounds about right. It will improve the device's speed on all fronts, and will also have more available memory on bootup (mine had 25% less RAM in use on startup with a custom ROM). On my Tilt2, using a custom ROM with the latest Manila 2.5 build, things are still quite snappy, and pages load quickly on 3G and EDGE. If you'd like to know how to put a custom ROM on your device, this link will tell you everything you need to know. If you decide to put a custom ROM on your device, keep in mind you'll lose all the data on your device if you don't back it up.
As for the wireless security: WEP is extremely insecure. It has been proven insecure for many years, and has been replaced with the WPA (okay but obsolete now) and WPA2 (best current router security) protocols. Cracking WPA/WPA2 is much more difficult, as it requires a password cracking program and a wordlist to crack downloaded traffic obtained from the network, which can take days of cracking, sometimes ending in failure regardless. Unlike WPA/WPA2, WEP is much more vulnerable to many different attacks, from programs like aircrack-ng, which are free and readily available. If you don't believe me, check out this video of WEP being cracked on a test router, with the Backtrack 4 Beta security Linux distro, in as little as 2 minutes. MAC addresses and IP addresses can also be grabbed with many readily available tools, and the MAC can then be spoofed quite easily with free programs. And even a hidden SSID can be grabbed with a program like Kismet, which scans all wireless network traffic in an area (regardless of the network it's on) and can grab the hidden router's SSID during the handshaking process (when a client computer connects to the router). If you're absolutely positive that your network can't be detected from any public road (as in, there's no signal whatsoever), you're probably okay and can probably sleep safe at night. But, unless you have old equipment/software which doesn't support WPA2 or WPA, I'd recommend upgrading to the latest WPA2 security (if you're really concerned about security/privacy).
I really appreciate your help!
The Tilt 2 is a week old -- it was a birthday present. Am I correctly understanding that I could flash a custom ROM & then flash back the original if I don't want to void the warranty?
If so, playing with different ROMs would be something I'd be interested in doing . . . I just don't want to void the warranty in case there is something wrong with the phone. I had lunch with a friend with an AT&T stock Fuse (I think) Thursday, and we were playing with each other's phones. I can't say that I noticed her Internet was any faster (I wasn't really paying attention), but she was quite surprised that both IE & Opera failed to display a complete page until the screen was touched. On my end with her Fuse, Web pages opened completely with no fuss.
So, the whole "hang" thing makes me very nervous, particularly with the "out of memory" error message with nothing other than Contacts on the phone yet -- I've not even bothered to configure email (my lifeline). I was hoping the Web interface (I have IMAP) would work OK since that was one of my big beefs with the iPhone -- the onscreen keyboard just didn't work for me. But, with The Tilt 2 taking over 60 seconds to even get to my web-based Inbox, the Tilt 2 is gonna be a problem unless I can get that resolved. Hence my concern about not voiding the warranty.
You are correct: I do have older equipment that only supports WEP. My PDA & my old 8525. If I can get the Tilt 2 working well enough for me, I can rotate the older stuff out and go with stronger wireless security. I know my neighbors can't "see" my network, but I've never tested from the street behind my house since the closest neighbor behind can't see the network. However, due to the configuration of my neighborhood, I'd best check that street. <gulp>
Thanks again -- I really appreciate the help.
sslund said:
The Tilt 2 is a week old -- it was a birthday present. Am I correctly understanding that I could flash a custom ROM & then flash back the original if I don't want to void the warranty?
If so, playing with different ROMs would be something I'd be interested in doing . . . I just don't want to void the warranty in case there is something wrong with the phone. I had lunch with a friend with an AT&T stock Fuse (I think) Thursday, and we were playing with each other's phones. I can't say that I noticed her Internet was any faster (I wasn't really paying attention), but she was quite surprised that both IE & Opera failed to display a complete page until the screen was touched. On my end with her Fuse, Web pages opened completely with no fuss.
So, the whole "hang" thing makes me very nervous, particularly with the "out of memory" error message with nothing other than Contacts on the phone yet -- I've not even bothered to configure email (my lifeline). I was hoping the Web interface (I have IMAP) would work OK since that was one of my big beefs with the iPhone -- the onscreen keyboard just didn't work for me. But, with The Tilt 2 taking over 60 seconds to even get to my web-based Inbox, the Tilt 2 is gonna be a problem unless I can get that resolved. Hence my concern about not voiding the warranty.
-snip-
Thanks again -- I really appreciate the help.
Click to expand...
Click to collapse
Sure, I'm glad I can help. Well, you're partially correct about the whole ROM thing. The deal is, your warranty is only voided if they know you put a custom ROM on it. If they don't find out (ie, you restore the ROM and SPL to their stock counterparts) you're good to go. However, you do technically void the warranty because you put a third party ROM. However, you can take it from me when I say it's almost 100% safe when you follow instructions and it's completely worth it. You get more features and stability with less bloat while using an unofficial ROM. Keep in mind that if the USB port goes bad, you can't restore the device to stock configuration, and you'll have to pay full price for repairs (unless you dispute the warranty violation in court, and try to prove that there's no way an unauthorized ROM broke the USB port). Otherwise, a custom/cooked ROM is completely worth it, and will greatly improve your whole experience over the stock ROM.
Dear kernel developer,
do you have a firewall on your destop computer?
I think, the answer is "yes, of course!"
Why don't you wan't a firewall for your phone?
Your answere: "It is linux, we don't need it!"
Sure?
In contrast to the "safe a.p.p.l.e market" we are free to get our application from everywhere...
But every person with minimum programming skills is able to use tools like "apktool", "smali/baksmali" to modify existing applications.
Why not integrate some spy functions (send private photos, use camera and microphone, send phonebook and email-adresses).
Solution:
There is always a FREE program to disallow or allow applications the use of wifi or mobile data connections:
DROIDWALL ( h ttp://code.google.com/p/droidwall/ )
But this superb program need some special compiling parameters in the kernel compilation process.
(Something like 'iptables', 'multiport', 'iprange' and 'ipowner')
I found only one working kernel+rom, which is DroidWall compatible: "Six O´Clock A.M." from user 'oclock',
( h ttp://android.modaco.com/content/htc-desire-desire-modaco-com/312051/oclock-custom-rom/ )
This is a fine and stable release, but it is a v2.1 rom (not froyo).
Please, please froyo-kernel-developer: get the right parameters for kernel compilation, so we can use DroidWall.
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
Kind Regards
i knew linux didnt need an antivirus, thought it still needed a firewall...
since ive always had one set up on my linux installs... but then again, im a linux noob.
What about using the phone as a hardware firewall for your laptop when on public wifi?
I'd have no use for it personally but I am sure others might.
You do not NEED a firewall on your computer. You need a firewall between your computer and the internet. If your computer has a public routable IP then you need a software firewall. If you have a hardware firewall that is a good known brand and it is not OLD then this will be fine providing you do not illegally download software - generally. And therefore there is no requirement for a software firewall.
You need a firewall to deny traffic to port's (and IP addresses) that are not closed by default. These open ports potentially open a security risk providing there is an exploit for said port.
Please inform us of which ports are open on our Android phones? I mean open for inbound communication of which did not get opened due to software making an outbound connection.
I can do an NMAP to my desire over wifi sometime this week to discover... But right now I can pretty much say you do not need a firewall on your phone. It will only cause you problems with software needing the internet. And besides, our phone ISPs put us on a private network - they dont usually allow connections between hosts / customers, and we sit behind a corporate type hardware firewall...
iptables
Actually Andorid has a Firewall installed, its called iptables.
It's not a personal firewall... but thous are just to get money from PPL without any advanced security... Linux does, by design not have open ports... like windows where you need a program to close what shouldn't be open anyway... And when you Install an APP you see what the APP wants to do, if it wants access to your contacts or internet or what else... so there is absolutely no need for a user scaring Personal Firewall
kuhine said:
So everybody can decide by himself, which application is allowed to send data to wifi or mobile data connection.
WiHerr
Click to expand...
Click to collapse
OK, a classic firewall is looking only to the used network-ports and allow or disallow the communication: this type of firewall can not make a difference between a good and bad data transmission (for example the firewall built-in in our wifi-routers).
But extented versions of firewalls have a built-in behavior control of applications:
I want to decide, which application is allowed to communicate WITHOUT ANY USERCONTROL over Wifi or a mobile data connection and which one not.
- I want to stop (possible) spyware from sending my private data out
- I want to stop software looking to their developers server an stop working when the developer say "stop, buy the new the new version - the old one is out of order yet"
And in linux there is a system function, which has the information, which network sockets are owned by which application (ipuser?).
There are only a few parameters to set when compiling a new kernel, to activate these functions
Please look to the Droidwall site and the screenshot of the software.
Regards
safttuete said:
Actually Andorid has a Firewall installed, its called iptables.
Click to expand...
Click to collapse
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
@kuhine
I think nearly every custom ROM has iptables, CM has it for sure. I don't know about ipuser though.
uTauro said:
I think an app that can edit the given permissions would be much more useful than a firewall. But I haven't found something like that yet.
Click to expand...
Click to collapse
It's impossible for now. Android convention is to give all required permissions to an app or don't install it at all, so apps aren't designed to support lack of permissions. Most of them will probably FC, even if you will block out some minor feature.
Hello all,
today I saw the message, that a wallpaper app sent private information to their server in china:
h t t p ://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/
In the meantime I choose this rom with "DROIDWALL" firewall support:
[ROM-FroYo AOSP] OpenDesire v2.3a
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
kuhine said:
And I found a new free firewall program named "ANDFIRE", but I didn't test it yet.
WiHerr
Click to expand...
Click to collapse
Checked ANDFIRE out. Seems to work fine on my DeFrost 2.2c release. Will check it out further. Interface looks very similar to DroidWall and that also seems to work fine on my device.
Will have to investigate further, but it's a good idea to get it working.
suffer not adware to live
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms.
Click to expand...
Click to collapse
If the kernel features you need are not an option consider a less horrible option:
LBE privacy guard
kuhine said:
That is the point, but IPTABLES is not working on allmost all android kernels, except the oclock roms. Or am I wrong?
Droidwall is only a graphical frontend for iptables! Not more.
Everytime when we install new software (i.e. out of the android market), we get a list displayed of what the program likes to do. And there is allmost "unrestrictive network use" for even the smallest witgets... I want to decline this network use, but it is a "take all or nothing" thing.
I'm not a modern facebook/twitter user: take all my data... here a some more private details... and here are photos and addresses from all my friends, too.
What is so scary to select out some applications from sending data?
And with a working iptables we can do so.
WiHerr
Dramatical continuance...
the real reason could be: there are some application installed on the phone, which must not re-check their licenses on every use...
(only to save mobile data volume... without switching to flight mode)
Click to expand...
Click to collapse
May be you should have a look for LBE privacy....
I was a bit confused about how to use OpenVPN on an Android device because there was so little information around. I thought I'd post this to make it easy for others. It turns out to be very simple. I have an Android phone (Note 2, Jellybean) rooted and Busybox installed, but neither is necessary.
The following steps relate to using an Android device with a commercial vpn service (like an anonymizing service amoung others), but they should help clarify in other situations.
Step 1: download the OpenVPN config files from your vpn provider.
Step 2: download, install and start "OpenVPN for Android by Arne Schwabe" (O4A) (get it from any android app source, it's free, but donation to the author is optional and its a great app).
Step 3: on the "VPN Profiles" page of O4A, use the folder icon upper right to browse to the .ovpn config file for a server, select, and save it on the following page. The server name will appear on the Profiles page.
Note: Sometimes the server config files include a .p12 file which O4A will want to import, then require a password to decrypt...just uncheck that file (upper left) before saving; later O4A will ask for a password, just leave it blank and hit "OK", it will connect just fine (at least with my vpn provider).
Step 4: open the settings for the server you just imported (icon to the right of the server name), navigate to the "Basic" page, and enter your username and password at the bottom of the page (if your provider uses the u/p type connection). YOU ARE DONE (but, you will need to repeat this for each server you want to use).
Step 5: tap on the server name on the "Profiles" page, O4A will open the log file and you will see it going through the steps of the connection process in both the log and the notification bar . When it's finished successfully, you'll see "connected". You can check the connection in the log file. Also depending on your device the connection will show in the notification bar for as long as its connected. You can disconnect by tapping the notification.
The correct configuration settings for OpenVPN are usually included in the .ovpn file, so you likely won't need to change any config setting in O4A. However, you can add the line "auth-nocache" to the .ovpn file manually or add it on the O4A page "Advanced -> Custom Options". This will prevent the username/password from being cached if that's important to you.
NOTE: Using dnsleaktest.com I have noticed that google dsn servers appear sometimes as a dns server. This might represent a dns leak as there would seem to be no reason, for example, for a European located server to use a U.S. located google dns server. I'm not clear about why the google servers are showing up, maybe someone can verify/clarify.
However, you can force a dns server of your choosing by going to the "IP and DNS" page of the server config settings in O4A, and select "Override DNS Setting by Server". You can then use the default dns servers chosen by the author or enter your own.
Enjoy!
What is your choice server? I see free and fee ones, but wondering about true encryption security too.
I'm just now looking into this, and am curious at what point vpn should be considered or if it's overkill for me.
Sent from my SGH-T889 using xda app-developers app
lyinelriche said:
What is your choice server? I see free and fee ones, but wondering about true encryption security too.
I'm just now looking into this, and am curious at what point vpn should be considered or if it's overkill for me.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
IMHO, anyone who cares about their privacy should use a vpn. It does give you privacy on the web. Otherwise all your net activity, email, messaging, etc.are recorded by your ISP as well as snooped by various international TLAs (three letter organizations i.e. FBI, NSA, CIA, GRU, etc) and commercial entities seeking to monetize your information.
There are many vpn services around, some good, some very bad. After doing some research, I've been using Perfect-Privacy.com for a few years. Some of the things I like about them are: you can sign up and pay anonymously, They have over 40 servers in some 20 countries. You can switch between servers from your machine in seconds. You can chain 2 or more servers for even stronger privacy (though you probably don't need that). They have free port forwarding (needed for some p2p progs). They do not log anything anytime. They donate part of their server bandwidth to the TOR project. Their servers are fast (I can dl at my ISP's cap speed (@12 mb/s) but PP's bandwidth is much higher if you can use it). There's no limit on your traffic. Their up time is very good...occasionally a server goes down, but they get it fixed timely and with 40 servers to choose from its not a problem. Their staff is friendly and responsive (though you should plan on following instructions for setup...pretty easy). They use OpenVpn with AES-256 bit encryption which is currently unbreakable (PPTP and L2TP are hackable) (they also provide access via SSH2, Socks 5, Squid, PPTP and L2TP). My take is that they are very committed to privacy; Overall I think the quality of their service is excellent. All that said, they are a bit more expensive than some vpns, but worth it IMO. You can sign up for one month to try it out, then apply that to a cheaper longer time if you like it.
BTW, you could use TOR (The Onion Router) to check out using a vpn. Its a great project, open-source and free! Its a bit slow because it chains through three servers and all the nodes/bandwidth are donated. But it works well and is a great great service to those who understand that privacy is important. Be aware that the TOR admins ask people not to use it for p2p because that lags down the system.
Hope that helps. Good luck
I am not going to pretend that I understand everything you wrote, but I think I know what you mean by P2P, and that is exactly the reason why I'm considering Vpn in the first place. That being said, I really appreciate you letting me pick your brain about it.
Sent from my SGH-T889 using xda app-developers app
lyinelriche said:
I am not going to pretend that I understand everything you wrote, but I think I know what you mean by P2P, and that is exactly the reason why I'm considering Vpn in the first place. That being said, I really appreciate you letting me pick your brain about it.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Glad to help. BTW TOR has a free web browser package with the TOR function already built in. Just download it, install and you're up and ready to browse anonymously. Easier than that it doesn't get Search for TOR, you'll find it.
Looking for things you can do to reduce your exposure...
- dnscrypt seems like a no brainer - install via adb.
- se linux also seems like a no brainer despite being created by the NSA
- limit the rights that applications have
- standard phone encryption - yes google will hand over the keys if asked but TrueCrypt for android doesn't appear to exist.
- tor/vpn/proxies.
- restrict application rights
- leave the gps off unless you need it.
Additions? Thoughts? Improvements?
RobertFontaine said:
- standard phone encryption - yes google will hand over the keys if asked but TrueCrypt for android doesn't appear to exist.
Click to expand...
Click to collapse
You sure about that? Source?
If you're also concerned with what people can do when they have physical access to your phone - Make sure you have a lock on it and disable USB debugging when you're not actually using ADB
Jaspah said:
You sure about that? Source?
Click to expand...
Click to collapse
No... I'm not sure... While google is my friend there seems to be more opinions and less fact...
Encryption based on dm crypt. Encryption key tied to screen unlock key (16 characters or less).
The is an app in Play Store that will separate the two on rooted phones.
http://www.guyrutenberg.com/2012/06/29/some-thoughts-about-androids-full-disk-encryption/
The best solution is a vpn such as hideman. It uses 256 bit encryption. You get 5 free hours a week. The mobile subscription is only 4-5 bucks a month with unlimited use and over 20 different countries ip address to choice from.
Wireratt said:
The best solution is a vpn such as hideman. It uses 256 bit encryption. You get 5 free hours a week. The mobile subscription is only 4-5 bucks a month with unlimited use and over 20 different countries ip address to choice from.
Click to expand...
Click to collapse
A VPN is only as secure as its endpoint. What's stopping some company or government entity from shutting these guys down or paying them off for your logs?
Jaspah said:
A VPN is only as secure as its endpoint. What's stopping some company or government entity from shutting these guys down or paying them off for your logs?
Click to expand...
Click to collapse
Nothing but that applies to any ISP as well. I like controlling who has logs and not leaving it completely up to my ISP. If they want you bad enough there is nothing to secure you.
source: I was tech on a sply plane that's capable of intercepting SMS and email right out the air. This thing could record 1 sec of a persons voice and scan for it until that persons makes a phone call and then get exact location.
The gov is not the only one who might be listening.
A vpn secures you from anyone who is sharing your wifi or listening for your passwords ( key loggers).
Wireratt said:
Nothing but that applies to any ISP as well. I like controlling who has logs and not leaving it completely up to my ISP. If they want you bad enough there is nothing to secure you.
source: I was tech on a sply plane that's capable of intercepting SMS and email right out the air. This thing could record 1 sec of a persons voice and scan for it until that persons makes a phone call and then get exact location.
The gov is not the only one who might be listening.
A vpn secures you from anyone who is sharing your wifi or listening for your passwords ( key loggers).
Click to expand...
Click to collapse
+1 In pure terms, anything connected isn't secure in one way or the other. We only try to get what's the best available of the lot, and VPN is one of the best ways available.
I have been searching for how to install dnscrypt on android, if you will please explain the steps I need to take to install via adb...