Since I run TOR on my computer I figured I'd check into it for Android and wouldn't you know, it exists. In this age of tracking and privacy going out the door, it's nice to still be able to retain a bit of anonymity.
EDIT: I figured I'd add a small explanation for anyone that's interested in this and doesn't know what TOR is.
Without getting into great detail, some of which I'd have no clue what the hell I'm talking about, it's a way to be anonymous. If you do it correctly no longer will your IP address show up as you current IP which can be used to spy, hack, trace, ad target, and so on. Your IP will show up as something else. e.g. My current location is Overland Park, KS - my IP will reflect this, my ISP also knows my exact address from that IP. With TOR my IP shows up as being located in say, Russia. Problem solved, no more tacking and other bs.
This isn't a pass to do what you want online, you're still a human so act like it. It's just a take back a little bit of privacy and anonymity.
theSpam said:
To simplify things, TOR does onion routing which involves routing your traffic through a number of hosts to final host called the exit node. Exit nodes directly communicate with other hosts on the Internet. The use of exit nodes and encryption throughout this process provides anonymity. See this for more info: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
Click to expand...
Click to collapse
Thanks theSpam
UPDATE: I fixed the issue of Orbot not connecting me to the TOR network. There are more in depth methods but I'll just give the quick and dirty version. After installing Orbot make sure everything is unchecked in setting except: start on boot, transparent proxying, tor everything.
Download ProxyDroid and in setting:
proxy host: 127.0.0.1
Port: 8118
Proxy type: HTTP
Auto connect: check
Global Proxy: check
don't mess with anything else unless you know what you're doing.
Now you can check your IP or use Orbot to check if you're on the TOR network. Enjoy.
Tor? I'm curious
dont send me pm's crying about how i hurt your feelings in a thread
So you know what Tor is then?
Well I installed it and so far it's working aside from not actually connecting me to the network. My IP stays the same so I guess I have to do a few things manually, oh well. When you first boot up and it's starting it eats the processor like a fat lady eats cake but that goes away after 15-20 seconds. On the plus side it doesn't start loading until after the system has finished loading completely so boot times aren't effected.
No sir I'm not sure what TOR is. Was hoping you might shed a lil light on the subject.
dont send me pm's crying about how i hurt your feelings in a thread
OK I updated the OP for you. Hopefully I got it right. I'm not a network genius so I may be a little off.
To simplify things, TOR does onion routing which involves routing your traffic through a number of hosts to final host called the exit node. Exit nodes directly communicate with other hosts on the Internet. The use of exit nodes and encryption throughout this process provides anonymity. See this for more info: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
My main concern with this app is with how TOR works. Does anyone know if Orbot will turn your phone into node used for intermediary routing? (the desktop version does this)
theSpam said:
To simplify things, TOR does onion routing which involves routing your traffic through a number of hosts to final host called the exit node. Exit nodes directly communicate with other hosts on the Internet. The use of exit nodes and encryption throughout this process provides anonymity. See this for more info: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
My main concern with this app is with how TOR works. Does anyone know if Orbot will turn your phone into node used for intermediary routing? (the desktop version does this)
Click to expand...
Click to collapse
There's an option in the settings for it but it's not activated by default. I couldn't imagine switching that option on while using 4G
Related
I was a bit confused about how to use OpenVPN on an Android device because there was so little information around. I thought I'd post this to make it easy for others. It turns out to be very simple. I have an Android phone (Note 2, Jellybean) rooted and Busybox installed, but neither is necessary.
The following steps relate to using an Android device with a commercial vpn service (like an anonymizing service amoung others), but they should help clarify in other situations.
Step 1: download the OpenVPN config files from your vpn provider.
Step 2: download, install and start "OpenVPN for Android by Arne Schwabe" (O4A) (get it from any android app source, it's free, but donation to the author is optional and its a great app).
Step 3: on the "VPN Profiles" page of O4A, use the folder icon upper right to browse to the .ovpn config file for a server, select, and save it on the following page. The server name will appear on the Profiles page.
Note: Sometimes the server config files include a .p12 file which O4A will want to import, then require a password to decrypt...just uncheck that file (upper left) before saving; later O4A will ask for a password, just leave it blank and hit "OK", it will connect just fine (at least with my vpn provider).
Step 4: open the settings for the server you just imported (icon to the right of the server name), navigate to the "Basic" page, and enter your username and password at the bottom of the page (if your provider uses the u/p type connection). YOU ARE DONE (but, you will need to repeat this for each server you want to use).
Step 5: tap on the server name on the "Profiles" page, O4A will open the log file and you will see it going through the steps of the connection process in both the log and the notification bar . When it's finished successfully, you'll see "connected". You can check the connection in the log file. Also depending on your device the connection will show in the notification bar for as long as its connected. You can disconnect by tapping the notification.
The correct configuration settings for OpenVPN are usually included in the .ovpn file, so you likely won't need to change any config setting in O4A. However, you can add the line "auth-nocache" to the .ovpn file manually or add it on the O4A page "Advanced -> Custom Options". This will prevent the username/password from being cached if that's important to you.
NOTE: Using dnsleaktest.com I have noticed that google dsn servers appear sometimes as a dns server. This might represent a dns leak as there would seem to be no reason, for example, for a European located server to use a U.S. located google dns server. I'm not clear about why the google servers are showing up, maybe someone can verify/clarify.
However, you can force a dns server of your choosing by going to the "IP and DNS" page of the server config settings in O4A, and select "Override DNS Setting by Server". You can then use the default dns servers chosen by the author or enter your own.
Enjoy!
What is your choice server? I see free and fee ones, but wondering about true encryption security too.
I'm just now looking into this, and am curious at what point vpn should be considered or if it's overkill for me.
Sent from my SGH-T889 using xda app-developers app
lyinelriche said:
What is your choice server? I see free and fee ones, but wondering about true encryption security too.
I'm just now looking into this, and am curious at what point vpn should be considered or if it's overkill for me.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
IMHO, anyone who cares about their privacy should use a vpn. It does give you privacy on the web. Otherwise all your net activity, email, messaging, etc.are recorded by your ISP as well as snooped by various international TLAs (three letter organizations i.e. FBI, NSA, CIA, GRU, etc) and commercial entities seeking to monetize your information.
There are many vpn services around, some good, some very bad. After doing some research, I've been using Perfect-Privacy.com for a few years. Some of the things I like about them are: you can sign up and pay anonymously, They have over 40 servers in some 20 countries. You can switch between servers from your machine in seconds. You can chain 2 or more servers for even stronger privacy (though you probably don't need that). They have free port forwarding (needed for some p2p progs). They do not log anything anytime. They donate part of their server bandwidth to the TOR project. Their servers are fast (I can dl at my ISP's cap speed (@12 mb/s) but PP's bandwidth is much higher if you can use it). There's no limit on your traffic. Their up time is very good...occasionally a server goes down, but they get it fixed timely and with 40 servers to choose from its not a problem. Their staff is friendly and responsive (though you should plan on following instructions for setup...pretty easy). They use OpenVpn with AES-256 bit encryption which is currently unbreakable (PPTP and L2TP are hackable) (they also provide access via SSH2, Socks 5, Squid, PPTP and L2TP). My take is that they are very committed to privacy; Overall I think the quality of their service is excellent. All that said, they are a bit more expensive than some vpns, but worth it IMO. You can sign up for one month to try it out, then apply that to a cheaper longer time if you like it.
BTW, you could use TOR (The Onion Router) to check out using a vpn. Its a great project, open-source and free! Its a bit slow because it chains through three servers and all the nodes/bandwidth are donated. But it works well and is a great great service to those who understand that privacy is important. Be aware that the TOR admins ask people not to use it for p2p because that lags down the system.
Hope that helps. Good luck
I am not going to pretend that I understand everything you wrote, but I think I know what you mean by P2P, and that is exactly the reason why I'm considering Vpn in the first place. That being said, I really appreciate you letting me pick your brain about it.
Sent from my SGH-T889 using xda app-developers app
lyinelriche said:
I am not going to pretend that I understand everything you wrote, but I think I know what you mean by P2P, and that is exactly the reason why I'm considering Vpn in the first place. That being said, I really appreciate you letting me pick your brain about it.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Glad to help. BTW TOR has a free web browser package with the TOR function already built in. Just download it, install and you're up and ready to browse anonymously. Easier than that it doesn't get Search for TOR, you'll find it.
Hi, first of all, I have no idea where I am supposed to post this.
Anyway, I have a Nexus 7 FHD, and have been using it at school. My school has its own wifi, and I used to be able to connect to it perfectly fine, as I knew the password. It doesn't have any of that wifi login stuff. Recently, however, I think I've been blocked or something from it. I go to WiFi settings, and then my N7 sees the network. I know I have the correct password as my phone (d2vzw) can still connect to it. I click on it to connect, and then the network says connecting... but then after a while it goes back to the Saved, Secured with ... etc. This has been bothering me a lot, as I often need to research topics at school. I've tried spoofing my MAC address, but I don't think it works. If somebody could please help me solve this issue, it would be greatly appreciated!
P.S.- My friend also had this issue, and he's more tech savvy than I am. He was also blocked on his N7 (first gen) and tried changing his device name and mac, but I'm not sure either of us actually spoofed our mac addresses. The first time, both of us were blocked. Then, the wifi crashed, and we both regained access. Now, only I'm blocked, and then only reason I can think of for actually being blocked is attempting to start up orbot... which incidentally failed. Please help! Thanks!
The proper course of action would be to contact your network's admin and request that you be unblocked and take the lumps that come with the actions that caused you to be blocked. Trust me when I say that most system and network admins look very negatively on attempts to get around the security. (you'll only be digging your hole deeper)
Not all admins are the same but I base my opinion on my experiences as a network admin on a .mil network for 7 years YMMV but I know the mentality intimately.
You could use Bluetooth tethering to share the phones WIFI connection with the N7. Use the phone for the WIFI connection and then enable Bluetooth tethering. (If you don't know how, google 'android bluetooth tethering'.)
BTW, the DHCP requests on the WIFI to get your IP address contain a hostname besides the MAC address. You can change that using an adb shell or root terminal and running:
setprop net.hostname HOST_NAME_YOU_WANT
oldsoldier2003 said:
The proper course of action would be to contact your network's admin and request that you be unblocked and take the lumps that come with the actions that caused you to be blocked. Trust me when I say that most system and network admins look very negatively on attempts to get around the security. (you'll only be digging your hole deeper)
Not all admins are the same but I base my opinion on my experiences as a network admin on a .mil network for 7 years YMMV but I know the mentality intimately.
Click to expand...
Click to collapse
Thanks for the advice! But the thing is, I don't think students are supposed to be on the WiFi anyway lol. Someone found out the password, and now I guess close to 97% of the student body uses the WiFi. The teachers definitely know, but they haven't taken any action, so who knows. Anyway, I don't know who the admin is or have any clue how to contact him... soooo I'm out of luck haha.
tni.andro said:
You could use Bluetooth tethering to share the phones WIFI connection with the N7. Use the phone for the WIFI connection and then enable Bluetooth tethering. (If you don't know how, google 'android bluetooth tethering'.)
BTW, the DHCP requests on the WIFI to get your IP address contain a hostname besides the MAC address. You can change that using an adb shell or root terminal and running:
setprop net.hostname HOST_NAME_YOU_WANT
Click to expand...
Click to collapse
Hm, this sounds pretty interesting. Could you explain a little more in depth? or point me to a website or whatnot? That would be greatly appreciated, as I'm not that knowledgeable in the networking area. Would this "fix" be reversible?
Hey guys. I flashed android lollipop 2 nights ago with fastboot. I am very happy with it so far but there is one major annoyance about it. I can't change DNS.
When I try to modify network settings after I change from to "DHCP" to "Static IP" I can't click save button. I also tried a few applications and all of them gave error.
The only thing I can think about while I was flashing the image I got boot.sig and recovery.sig errors but the guide video was telling to ignore those errors.
I am wondering if rooting the device would help me. I am open to any kind of suggestions.
Thanks a lot.
Might be a dumb answer, but I had that issue as well. Make sure when you fill out the info for static you actually type in ALL information. After I filled out each section manually the save button was lit and I was able to save changes. Not sure though if it worked, ipleak is telling me I still have a bunch of google dns's from around the country. Settings were saved though.
If you want to use dhcp but change the DNS server, this seems to be an open problem.
Can you change the DNS on your router instead of the device? On my Netgear I changed it so all devices use Google DNS (8.8.8.8 and 8.8.4.4) instead of Comcast DNS. Works great, and covers everything connected to it either wired or wireless.
I know that isn't really a solution for the problem, but it might help in the meantime.
I did have to use a static IP. My router is set to use different DNS servers though.
[Q] how hide apps in start menu of Windows 10 Mobile "or" add whitelist to Edge?
Hi,
is it possible to "hide" an app from the W10M start menu? And I don't refer to the home screen, I mean the full list of apps.
Or would there be a way to let the browser only work with a whitelist? .. No, Microsoft Family does not work properly on W10M.
Background - feel free to call me soft:
- Bought a Lumia 640 XL for my wife and a 2nd hand Lumia 535 for my daughter (to be her first smartphone, getting 9 end of the month) so that they could "share" the same experience, more or less.
- Played around with the "Microsoft Family" feature, and, to make it short, it doesn't work properly, not nearly close to what was expected or advertised. That might change ... in a few months. Maybe.
At least the URL filtering does not work "at all".
- So, in short, in order not to instantly fall back to pick an Android based device for my daughter (one beloved Razr i still in close range...), I was wondering if it was possible to "hide" one or the other thing from the start menu instead, the Edge browser in particular. Uninstallation I don't expect to be possible, probably being a deeper chunk of the OS, but only touching the start menu I concluded "should" be possible, one way or the other. At least I hope so.
Would I start to deal with the "full file system access" approach or rather try to dive into registry fiddling? Any help or maybe clear hint would be highly appreciated.
By now I did not find anything related to this. Neither here at xda or somewhere else. Probably no one considers doing something like that for his kids on Windows 10 Mobile ...
Who would want to hide a browser on a smartphone, anyway? .. yeah, I can't keep my kids "off" of the bad Internet, but I can at least keep an eye upon as long as possible.
Thanks in advance,
regards,...
bloodot
additional remark:
... after adding "a few" URLs to Microsoft's web interface for blocking URLs (via a web automation tool, yeah, I'm lazy...) it stopped working at 1003 regitered URLs. So, as long as they don't come up with something that works (whitlist... external service for checking URLs... whatever...) any help on this matter would be highly appreciated.
You want to keep her off the "web," correct?
Change your Mobile Data & Wifi DNS to 127.0.01
(You will need interop/FS access: )
Create a hosts file in C://Windows/system32/drivers/etc
Determine what sites you want to *allow* and find their IP. For example, if you want to whitelist Facebook, open cmd.exe from your PC and type:
Code:
ping facebook.com
You'll see:
Code:
C:\WINDOWS\system32>ping facebook.com
Pinging facebook.com [31.13.76.68] with 32 bytes of data:
Reply from 31.13.76.68: bytes=32 time=75ms TTL=82
Reply from 31.13.76.68: bytes=32 time=76ms TTL=82
Reply from 31.13.76.68: bytes=32 time=79ms TTL=82
Reply from 31.13.76.68: bytes=32 time=74ms TTL=82
Ping statistics for 31.13.76.68:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 79ms, Average = 76ms
C:\WINDOWS\system32>
So, you'd add:
Code:
31.13.76.68 facebook.com
31.13.76.68 www.facebook.com
to your phone's host file.
If you can create profiles on your router, you can also do the same (DNS to 127.0.01 for her phone's MAC address)
Doing this would make all of the web unresolvable, except facebook.com
To change the Wifi DNS:
Settings -> Network & Wireless -> Wi-fi -> Static IP -> fill your info
*If your router doesn't support static IP, you should check and see if your router supports profiles, and build one to target her phone mac address.* (If you don't target her mac address/other phone identifier and set your router to 127.0.01, all of the devices on your network will encounter blocked access to the web)
For Mobile Data:
I don't see an immediate switch for this (at least with my provider), it's routed through a network port on their servers. Unless something changes in future builds, it's probably best to just turn mobile data off and use the Wifi/hosts to keep control of what sites she can access.
Thank you very much!
Point is, I don't want to keep her off completely, and the major issue would be to keep control once she's "not" inside our home network but on cellular.
So I think I need to start investigating on my own whether I can manipulate the start menu or even the browser itself.
The local DNS lookup, which would only work on WiFi anyhow, would also result in me analyzing all communcation end points for "any" kind of
app I'd like her to use. Doable, but still the mobile part would be open. Beyond that I cannot block here "re-enabling" the cellular data connection,
the system isn't that strict in that matter. Would be nice, though, ...
@home I already use OpenDNS, probably should have mentioned that, so that's more or less under control.
Let's see if some other ideas or approached pop up from xda; I'm actually trying to get in direct contact with one of the Microsoft Family team
as, on a business level, we're currently working closely with some of the Microsoft 10 teams.
If they, if connected that is, tell me that they're aware of the bugs and that they're actually part of a road map, I'd be happy, too.
However, for the time being I expect I have to sort it on my own.
I'll give it a go with interop and see what I can find to deal with.
So, any other ideas?
Regards,..
bloodot
How about interopunlock and use your own hosts file?
How about App corner inside settings?
augustinionut said:
How about interopunlock and use your own hosts file?
How about App corner inside settings?
Click to expand...
Click to collapse
... the hostsfile will only work via WiFi, at least that's my current understanding as for cellular one cannot change the DNS settings, meaning, you can't make them point towards 127.0.0.1.
App Corner I already "played" around with - it has some other issues
- it's buggy, sometimes it doesn't even start.
- can be bypassed by just restarting the device
- everything "allowed" is available to public, more or less.
- the App Corner does not allow "games" to be made available ...
... hey, so what about the kids' corner?
- well, that doesn't allow the phone app... but still, that would also be a half-baked approach again.
I hope it were at least three different teams designing those packages, the kids' corner, the app corner and the family safety integration.
As a whole, NONE of them delivers what a parent needs when actually "permanently" giving a Windows based phone to one of his children.
bloodot said:
... the hostsfile will only work via WiFi, at least that's my current understanding as for cellular one cannot change the DNS settings, meaning, you can't make them point towards 127.0.0.1.
App Corner I already "played" around with - it has some other issues
- it's buggy, sometimes it doesn't even start.
- can be bypassed by just restarting the device
- everything "allowed" is available to public, more or less.
- the App Corner does not allow "games" to be made available ...
... hey, so what about the kids' corner?
- well, that doesn't allow the phone app... but still, that would also be a half-baked approach again.
I hope it were at least three different teams designing those packages, the kids' corner, the app corner and the family safety integration.
As a whole, NONE of them delivers what a parent needs when actually "permanently" giving a Windows based phone to one of his children.
Click to expand...
Click to collapse
PIN + kids corner. Can't bypass it.
-W_O_L_F- said:
PIN + kids corner. Can't bypass it.
Click to expand...
Click to collapse
... it's not my phone she should use. She should be able to use her own phone.
That includes calling her mum or me.
"Phone" is not an allowed app for the kids corner, it ain't listed when setting that up.
And even if it was, it would allow "anyone" who would steal that phone to directly use it's SIM card hazzle free.
And, as a minor annoyance, anything else that would be allowed via that mechanism.
It's just the current truth to deal with, W10M is not child-ready by any means.
If I want more control, I need to switch the phone.
Or start trusting a 9year-ish old girl to deal with the Internet without restrictions.
... so fiddled around with a few things, though interop is active according to the tool itself after sideloading it, wconnect won't work at all (crashes, no proper error given and before that IpOverUsbInstaller won't finish installation), so I can't get that key to get the SSH connection done and therefore I can't get full file access.
I think I'm done with this now. Selling the phone, using the Razr I instead, already have the proper system locking tools in place for that, bye bye Lumia 535. I would have loved to see my child deal with such an "easy" OS interface for getting used to smartphones, but I can't let her have access to the Internet while "not at home" without restrictions. No way.
... went so far and tried miradore to restrict the system via MDM. And guess what ... the f'n browser CANNOT be blocked via MDM. At least miradore has a free trial of 14 days. I was even willing to pay the damn 2$ per month for that service. *sigh* MAYBE it has a URL filter SOMEWHERE ...
... however, at least one can disallow the "usage" of the browser. MAYBE that works. Trying...
Yes. Works. JESUS ... what a mess. Let's see if I can get that done somewhere / somehow via MDM "without" another monthly fee ...
yeah, worked. Pitty though, they want "10$" minimum fee per month.
BUT: ... I stumbled over https://www.manageengine.com/mobile-device-management/
Free for up to 25 devices. Either cloud based (not supporting W10M for now) or Windows based installation (supporting W10M, more up2date...).
And it works. Thank you very much. Case closed.
Though I cannot restrict the URLs ... I can blog the Edge browser. And the Microsoft Store. Happy bunny.
I recently considered completely degoogling lineageos and i succeeded partly.
1. Changed the system webview to bromite webview.
2. Changed the captive portals to
https://e.foundation/net_204/
http://204.ecloud.global
3. And finally changed the timeserver to pool.ntp.org
One of these steps happened to screw up things with the wifi and mobile data.
Wifi works just fine but has a "Limited connection" label on it.
And mobile data doesnt seem to work at all.
Has anyone experienced something similar or knows the solution?
Thanks in advance for your help.
When you are on wifi, are you connecting to a router that has a custom DNS server? I get the same thing, works just fine. Scroll through your router logs and device logs to see what is times out and adjust accordingly.
I lost mobile data on a previous device (LG v20) when I moved over to LOS and was messing around with APN. Given that mobile data runs through provider's server, it might be that the server it being blocked by a content filter or similar. Also, it might be that LOS's list of default APN are not updated with current information required by your provider.
My device uses nextdns through private dns.
I was using vanilla lineageos with microg and mobile data worked fine, after these steps something seemed to have messed up. I have tried resetting APNs too, didnt work.
DNS of wifi doesnt typically affect that of LTE, but might be different in your flavor of LOS.
Look at your logs on router and device.
Private dns is DNS over TLS implementation of android, it works on both wifi and mobile data. I havent changed anything related to dns for a long time. DNS doesnt seem to be the problem.
systool sntpc -sntpRequest
I can see simple ntp client requests like this, should i be looking for something else?
I'm curious as to how many requests you are seeing. I seem to recall android should only check every few days. Hmm.
Checked logs on a rooted v20 stock N7.1 that I keep around for tv and Roku and Plex control. I wasn't able to find a ntp or sntp entry in last 7 days, the length of my log. Firewall did not report any port 123 traffic either.
Incidentally, I am using 3.android.pool.ntp.org to sync with. Not sure where that came from, I don't remember it as being such as I prefer time.nist.gov.
I don't know what could be going sideways with data other than perhaps dns not working ( does ip# work on mobile?) on mobile and degraded showing on wifi.
This may be pointless, but if wifi is turned off, are you able to send/receive a mms? I ask because mms traffic to your phone is based on IP#, but mms traffic from phone has to (typically) resolve name of mms server.
I am just about out of ideas / suggestions.
Thank you for our help mate, i fixed the issue.
Everything is back to normal after changing the captive portal to
http://captiveportal.kuketz.de
https://captiveportal.kuketz.de
The one from e foundation seemed to be the problem. This one is from a security researcher Mike Kuketz.
The captive portal wrecked mobile data too? That is surprising and interesting.
Glad to see you are up and running.
Side note, do you still see same amount of sntp activity now?
deleted