Twitter is ok with doxing!

It’s been a while since I last posted anything here, but to be fair, it’s been a while since I had anything I would like to write about. My last post was a rant over Intel because of Spectre/Meltdown vulnerabilities. A lot things happened since then.

I’m back to talk about many things. Today, the important thing, is about how twitter does not enforce their own rules.

Here is the example. Today, a user named @generalissima_ exposed personal data from epik.com‘s owner Rob Monster:

 

Now, what does Twitter’s Rules and Policy have to say about this? This is taken from Twitter’s rules about Private Information:


Twitter Rules: You may not publish or post other people’s private information without their express authorization and permission. Definitions of private information may vary depending on local laws.

Rationale

Posting someone’s private information online may pose serious safety and security risks for the person whose information is shared. As such, this is considered one of the most serious violations of the Twitter Rules.

When this applies

Some examples of private information include (but may not be limited to) private contact or financial information, such as:

  • credit card information
  • social security or other national identity numbers
  • private residences, personal home addresses, or other locations that are considered private
  • non-public, personal phone numbers
  • non-public, personal email addresses

 

So, the information posted is the private/home address of Rob. That is disgusting!

What did Twitter had to say about it?

Screenshot 2018-11-06 01.51.02

 

Guess who does enforce its rules and will ban anyone for doxing? gab.com does!

Stop buying Intel!

During 2017, hackers found that the Intel ME – a Minix OS running on ring 0 of CPU, with a web server, its own file system and unlimited access to everything you do in your computer – and showed the world how this could be exploited.

Intel just release a fix, which is a merely band-aid for a bleeding-hole. By January 9th they announced the world that they knew, all along, for months, that they found two vulnerabilities that could be exploited and grant access to your data and compromise your computer security. That is Meltdown and Spectre.

I am pretty sure you can find may guides over the internet explaining what they are – but I doubt you will find a better explanation than this 3-minute video from RedHat:

I have no intention to discuss Spectre or Meltdown. There are hundreds if not thousands of people doing this already. I am concerned about what are we doing to repeal Intel and make them pay for their failed product.

First of all, you cannot pay the same price for any product shipped with Intel after January 9th. In fact, I wouldn’t pay the same price for any product shipped with Intel after the first Intel ME exploit known after November, 2017. The product price should be lowered, by at least 40%. That is a little compensation for the performance loss and for buying a product with known failure.

Are companies doing this? Lenovo? Dell? Apple?

Of course not.

It fall to us to stop buying their products. I was dying to buy an XPS13 for me, but I won’t do that until they have an AMD version or Intel release a new product without failure.

That is my advice: boycott Intel and whomever is selling you shitty products. Or would you buy a car, for the same price, after learning that the car would consume 2 times more gas?

How did I get rid of Apple and Google (or almost did)

On December 22th it will complete 1 month that I sold my Apple devices (iPhone and Apple Watch Series2) because I was concerned about my privacy and the fact that Apple had control over my devices and therefore, my data, location and so on.

My only viable option would be going back to Android device, and that means, deal with Google, which is ten thousand times worse than Apple in regards of privacy and control over your phone. So, I decided that if I was going to use an Android phone, it had to do NOTHING with Google, so I would be fine.

My first decision was about the device. I did my shenanigans and end up buying a Samsung Galaxy S7 32GB. For me that device was perfect and fine:

  • Good storage (come on, 32GB);

  • Storage can be expanded by SD card;

  • Battery duration (it can last 1 and ½ day, 3000mAh);

  • It CAN be rooted;

  • There is an AOSP rom for it (Lineage OS).

There are many tutorials on how to “root” your device and install a boot loader (which is required to install a new operating system, or “rom” as everyone calls (even though “ROM” means read only memory).

I will share my experience doing it with Galaxy S7, so you can try this with your device as well.

1) Get to XDA Forum for your device. In my case, Galaxy S7:

https://forum.xda-developers.com/galaxy-s7

There, spend some time reading the guides and information about your phone. It is very important to read as much as you can (If you are doing this yourself, I would recommend plan this ahead, watch some tutorials, ask for help!).

2) Find a guide to root and install a boot loader in your phone!

https://forum.xda-developers.com/galaxy-s7/how-to/modem-samsung-galaxy-s7-sm-g930f-t3379596

3) Find a Lineage OS release to your phone!

https://download.lineageos.org/

Lineage OS is the continuation of the old CyanogenMod (if you have some spare time or interested about the story, check this).

Once you complete the root + boot loader, it is time for installing the Android. You will notice, after the installation, that it is totally pure. There is no Google software at all on it!

But I need banking software, Uber, etc. What can I do?

You can use Yalp Store to get Aps from Google Play, without having or using Google Play at all. You can download Yalp store direct or use the F-Droid store to install and keep it updated (I recommend using F-Droid and installing Yalp later).

Good thing: I could get all Apps I needed without much effort. Yalp does what it promises: It allows you to download the apps and install, it will allow you to update the Apps.

Bad thing: almost all of them required Google Play Services for GSF (Google Services Framework), and we don’t have anything from Google installed, right?

Bad with Google, worse without it.

I tried as much to replace GSF with something that would do the same job, but the Apps are built with GSF and depend on it. So, there is no workaround.

Luckily, you can yet install the minimal version of Google Play (what wait) in your phone, with open GApps, using the “Pico” package: https://github.com/opengapps/opengapps/wiki/Pico-Package. It contains only Google Play and Google Play services, which are required by almost all apps.

I disabled completely Google Play app, and left with the Google Play Services only. I  removed all the authorizations it had (you will see only Location enabled, but you can get it disabled by turning off the location services).

screenshot_google_play_services

Now here is the explanation: you can block all the authorizations that Google Play Services request: they won’t be taking your data, accessing your microphone, contacts, etc. The only exception is the Location, which you have to disable manually in the device (if you don’t need location services at the moment, you can simply disable it).

Control the authorizations over all other Apps you have installed. Don’t let them have any authorization you don’t want. Most of the Apps you are used to do not respect your privacy and freedom of choice. We shouldn’t be obligated to have Google software to run any App that doesn’t belong to Google.

Example of Apps that do not require GSF (and can be downloaded as .apk):

From Yalp, you can get more information from the App you want to install, whether it has Ads, requires GSF, etc:

screenshot_yalp

 

This is how I got rid of Apple and have the least from Google, on leash, in my device.

Nothing goes on and off without my consent. Nothing will activate my microphone without I accepting it. There is no app hearing whatever I’m talking when I am not explicitly talking on the phone or using its microphone.

If you want some help or need some advice, you can message on Gab.

What is Google doing in your Smartphone?

Recently I decided to move away from iOS and Apple. I really like the iPhone but recently privacy concerns regarding information being collected without my consent (which I will blog later about) made me reconsider using their products.

I decided to buy an Android device but install a clean Android ROM without Google Apps.  Turns out almost apps I need running (like Uber for example), needs Google Play Services.

I installed the Open GApps – Pico Package, and disabled every access to the Google Play Services. Turns out all Apps are running great, with except one (food delivery) which surprisingly raises a very intriguing message when I try to run it:

Screenshot_20171126-194943

Why GSF wants to access my Calendar, Camera, Contacts, Microphone, Phone, Body Sensors, SMS and Storage? I thought it could be ONLY this App, but then I downloaded a Tetris game (God I love Tetris), and guess what?

 

Screenshot_20171125-232817

 

Why does a TETRIS game needs to GSF to have access to my microphone? Body Sensors? Come on, it makes no sense.

Unless it makes for Google. Well, I’m not giving that up.

If you have an Android device, you should consider removing the carrier/factory ROM and install a new one, clean and start managing the authorizations your Apps have in your phone.