Related
First, I'd like to wish happy New Year for everybody!
Second, I have a question to xda's developers: is there a working and non-ugly (without involving WebBrowser window) library for WP7 to access DropBox API version 1 (it's important, new apps can't use ver 0 anymore; all codeplex'es libs are using version 0 and seems like nobody planned to improve their non-working stuff).
I'm also interested in non-ugly (as Microsoft Live SDK) access library to SkyDrive, also without WebBrowser (it's a most stupidest and ugly API I've ever seen!).
If you have your own working code, could you please share with me for my new free app? I don't have much time to write my own implementation, and I hope that someone has already done this job.
Thanks!
I saw already apps, check BoxShot:
Free: http://www.windowsphone.com/en-US/apps/0be109c4-08be-4ac3-a96b-70ef2b0580e3
Pay: http://www.windowsphone.com/en-US/apps/1abb6e8c-d1ca-4209-a7b8-c2d657ffc9b4
Budniu said:
I saw already apps, check BoxShot:
Click to expand...
Click to collapse
Hmm... Seems like you didn't understand me, I need Silverlight library, not an app.
BoxShot is using DropNet library, ver 0 of DropBox API only...
Ok, sr. You're right, I don't understand.
How about this: http://sharpbox.codeplex.com/releases/view/74634
singularity0821 said:
How about this: http://sharpbox.codeplex.com/releases/view/74634
Click to expand...
Click to collapse
Unfortunately, not working at all (for DropBox) even their demo app Also, they are using synchronous http calls and current code just block whole thread execution.
sensboston said:
Unfortunately, not working at all (for DropBox) even their demo app Also, they are using synchronous http calls and current code just block whole thread execution.
Click to expand...
Click to collapse
I'm sure we can figure out how to get it without using the web browser . I'll see what I can figure out if you want.
snickler said:
I'm sure we can figure out how to get it without using the web browser . I'll see what I can figure out if you want.
Click to expand...
Click to collapse
I'm 100% sure it's possible I just don't have time to work with the new API (v 1) specs and OAuth. So if you have time and want to implement - it's really will be great! And of course I can help you with testing (using my project).
P.S. BTW, SharpBox designed to use synchronous calls; I don't like this way. IMHO good implementation should be more "WP7-oriented"...
And how about this: http://dkdevelopment.net/what-im-doing/dropnet/
singularity0821 said:
And how about this: http://dkdevelopment.net/what-im-doing/dropnet/
Click to expand...
Click to collapse
This one is working but it's "lazy" and kinda ugly solution (author is using WebBrowser window to login to Dropbox account). I completely dislike this way. Same ugly as MS SkyDrive API
sensboston said:
This one is working but it's "lazy" and kinda ugly solution (author is using WebBrowser window to login to Dropbox account). I completely dislike this way. Same ugly as MS SkyDrive API
Click to expand...
Click to collapse
Isn't that how most apps that use OAuth work?
PG2G said:
Isn't that how most apps that use OAuth work?
Click to expand...
Click to collapse
I don't know, actually, but all Dropbox access libs (API v. 0) are working without showing browser window.
P.S. I've found on the Dropbox devs forum, it's possible (but not a guaranteed) to ask dropbox support team to change your app and secret keys to API version 0.
sensboston said:
I don't know, actually, but all Dropbox access libs (API v. 0) are working without showing browser window.
P.S. I've found on the Dropbox devs forum, it's possible (but not a guaranteed) to ask dropbox support team to change your app and secret keys to API version 0.
Click to expand...
Click to collapse
Hello,
I'm the developer behind DropNet. Just a bit of background on the change to API v1: Dropbox wanted to support the full oauth spec which actually requires the web login. I know this makes it not as "clean" for the apps but makes it more secure for Dropbox. They have also announced they will be turning off API v0 sometime in the future (Though they have not stated when).
I dont think the authentication is process is too bad, once you get your head around it. Its accepted by users that they will have to login via the website nowadays (Twitter and Facebook do it as well).
d1k_is said:
actually requires the web login
Click to expand...
Click to collapse
What do you mean by that? I don't know term "web login"... If you mean - "I guess it requires a kinda unknown - for me - parameters or headers for HTTP POST/GET request" - I'll agree but it's definitely not a point to display slow loading and ugly web page each time you need an access to your files. Do you know, what is the actual login technique in API 1 (I mean what kind of params , headers, cookies are used, not a "web login" stuff)?
sensboston said:
What do you mean by that? I don't know term "web login"... If you mean - "I guess it requires a kinda unknown - for me - parameters or headers for HTTP POST/GET request" - I'll agree but it's definitely not a point to display slow loading and ugly web page each time you need an access to your files. Do you know, what is the actual login technique in API 1 (I mean what kind of params , headers, cookies are used, not a "web login" stuff)?
Click to expand...
Click to collapse
Hmmm, sounds like you have the wrong idea about the authentication.
First of all the authentication is a 3 step process (for the developer), step 1 is to get a request token from the API, step 2 is to browse to the site (using the request token as page parameters) so the user can login, step 3 is authorizing the request token (changing it to an access token).
Once you get an access token you can save that in your app and use it forever (or until the user removes access from your app) this means the user will only have to login the first time they run the app as you will have their access token saved locally which you can use to access the API functions (but the access token only works with the API Keys it was created with).
For more info check out the DropNet documentation for the Authentication process (http://dkdevelopment.net/what-im-doing/dropnet/) Theres also a sample app in the Github project.
It sound like you have no idea how the browsers works... "Browse", "navigate" - it's good terms for users, not for developers. From a technical point of view, browser makes an HTTP or HTTPS request to the host and receive a response. So, what you (and dropbox dev and marketing team) called "token" is a text/binary data, part of the response.
So, what is preventing you to make a direct call to dropbox web service using WebRequest?
P.S. I definitely don't like the whole idea to use browser cookies (it suppose to be a kind cookie) for authentication: as for dropbox, as for ms skydrive. It's just ugly - period. And about security - I don't think it's a huge improvement.
sensboston said:
It sound like you have no idea how the browsers works... "Browse", "navigate" - it's good terms for users, not for developers. From a technical point of view, browser makes an HTTP or HTTPS request to the host and receive a response. So, what you (and dropbox dev and marketing team) called "token" is a text/binary data, part of the response.
So, what is preventing you to make a direct call to dropbox web service using WebRequest?
P.S. I definitely don't like the whole idea to use browser cookies (it suppose to be a kind cookie) for authentication: as for dropbox, as for ms skydrive. It's just ugly - period. And about security - I don't think it's a huge improvement.
Click to expand...
Click to collapse
Sorry I was only trying to help.
The tokens are string values and you use a GET via HTTPS sending them as page parameters.
You dont use browser cookies as the dropbox API keeps track of the token you are authenticating against.
Just tried your WP7 example app from DropNet. Actually it demonstrates a little bit more than nothing Could you make a real example, with folders browsing and file operations, please?
P.S. You should use mobile version of dropbox - it feets WP7 screen much better than regular desktop.
600 MB additional free storage
Hi all
Just found a smart way to increase your Dropbox account with 600 MB:
1 Sign into your existing Dropbox account (or create a new account)
2 Goto https://www.dropbox.com/free
3 Follow instructions ... and voila 600 MB additional free storage
thx for the tip, I now got 3,12 GB
I tried to go into xda from a PC bookmark, and it redirects to a phishing page... I'm using a bookmark. Made by me at the real site.
I think its an error as it does not allow me to go through by any means.like going to xda and then click on forum...
Now I'm in tapatalk...
Sent from my XT862 using Tapatalk
Me too, no matter where I try to navigate I also get the phishing warning. Was able to get into this because I had this tab open.
gierso said:
I tried to go into xda from a PC bookmark, and it redirects to a phishing page... I'm using a bookmark. Made by me at the real site.
I think its an error as it does not allow me to go through by any means.like going to xda and then click on forum...
Now I'm in tapatalk...
Sent from my XT862 using Tapatalk
Click to expand...
Click to collapse
Thanks for your report, I´ll flag an Admin.
Same here - if I access the forum directly from certain machines (which are going through a proxy, if that helps):
http://forum.xda-developers.com/
by bookmark or typing it in, I get the phishing warning. If I click on the "real" forum link - I get the phishing warning again.
I was able to access this link directly via Google.
On Friday, I also got it if I tried to post - so hopefully this post actually gets posted. (Edit: At least posting is working from this machine again...)
It's working fine for me on OSX and Linux. Haven't had any issues.
More detail:
From Firefox on a Windows 7 machine with an undetermined proxy, I get the phishing warning when I attempt to access:
http://forum.xda-developers.com/
If I instead use:
http://forum.xda-developers.com/index.php
It works fine
Works fine in all situations when I'm at home
Entropy512 said:
More detail:
From Firefox on a Windows 7 machine with an undetermined proxy, I get the phishing warning when I attempt to access:
http://forum.xda-developers.com/
If I instead use:
http://forum.xda-developers.com/index.php
It works fine
Works fine in all situations when I'm at home
Click to expand...
Click to collapse
On the PC that gets the phishing warning, does it only do it on Firefox, or is it all browsers?
This is from our sysadmin:
For those of you who got the phishing page on Friday (27th), it was a configuration error. We apologize and it was corrected within a few hours of us finding out. One of our Senior Mods was also affected, due to being behind a corporate firewall.
@Entropy512, unfortunately we have had phishing attacks against our members from a domain similar to ours and they are using various proxies to proxy our site and evade our detection/blocks. I highly recommend you don't use a proxy when viewing XDA for the safety of your account.
For everyone else, please be aware that you are on *.xda-developers.com, not a domain similar to it. This is the only domain that the official XDA site is served from. There have been phishing attacks against us and our members and we're doing everything we can to mitigate this.
[Petition][Poll] We want Https on XDA!
Three days ago I had a conversation with @benkxda. During that conversation, he pointed out that XDA uses no https encryption. Therefore everybody can read our passwords and PMs when we send them to the server. What if someone replaced our downloadable files with viruses?
Is that really what we want? Neither @benkxda nor I think so. Hence we decided to create this thread.
Now you might ask what you can do to get https on our forum. The first and easiest option is probably the most effective. Vote in the poll at the top of the page.
If you've got some spare time, you can also write a short (or long) post explaining your opinion.
If we get enough votes for this petition, the admins might consider supporting the https protocol.
To ensure that everybody sees this, we want to get this on the portal. Please help us by either clicking this link or by clicking the "Tip us?" button in the right upper corner of this post.
It would also help to spread the word if you put a link to this thread into your signature.
Thanks for reading.
Announcements
4th March 2014: 1000 supporters.
2nd January 2014: bitpushr implemented https for the login form! Thanks to all supporters.
23rd December 2013: And again, doubled. 800 votes now.
1st November 2013: Another announcement by bitpushr: They "have gotten [their] CDN provider to add SSL." Moreover, he will "add this to the forums".
28th September 2013: Doubled, again. 400 now.
31st August 2013: We just hit the 200 voters mark. Thanks.
13th August 2013: We reached 100 supporters. Keep voting.
7th August 2013: bitpushr announced that the admin team is working on https. I want to say thank you to all who have voted yet. But remember, we don't have https yet. So continue to vote.
29th July 2013: This petition was created.
Click to expand...
Click to collapse
Code for the signature
Code:
[SIZE="5"[B][/B]][[B][/B]URL="http://forum.xda-developers.com/showthread.php?t=2383868"][[B][/B]COLOR="Blue"]Vote for a secure XDA: [/[B][/B]COLOR][Petition][Poll] We want Https on XDA![/UR[B][/B]L][/SI[B][/B]ZE]
Well, XDA folks, you have to take the poll serious. In days where secret services all over the world spy almost everything, the poll has two options, a secret service version as well as a normal version :angel:
But to be honest, we are not safe from those spies. Encryption can help much - not only against those spy experts, but also against the administrators in a network, for eg in the company.
Currently, we have no secured connection like SSL/TLS secured HTTPS. Login data can be stolen, every communication is held open. We need a secure connection for the whole XDA website, including linked in scripts and images and not limited to the login sequence. This is state of the art even at Google or Facebook.
benkxda said:
Well, XDA folks, you have to take the poll serious. In days where secret services all over the world spy almost everything, the poll has two options, a secret service version as well as a normal version :angel:
But to be honest, we are not safe from those spies. Encryption can help much - not only against those spy experts, but also against the administrators in a network, for eg in the company.
Currently, we have no secured connection like SSL/TLS secured HTTPS. Login data can be stolen, every communication is held open. We need a secure connection, which is state of the art at Google or Facebook.
Click to expand...
Click to collapse
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.
Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
calisro said:
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.
Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
Click to expand...
Click to collapse
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
calisro said:
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.
Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
Click to expand...
Click to collapse
Of course, it should be added to the entire site. However, I didn't even think about the downloading thing. That's definetly true and I'll add that.
Feel free to spread the word.
Thank you very much. :good:
benkxda said:
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
Click to expand...
Click to collapse
Posted at the same time. :laugh:
benkxda said:
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
Click to expand...
Click to collapse
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Mardon said:
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Click to expand...
Click to collapse
That's right, but our main concern should be the (bad) hackers. It is difficult to stop the NSA, you know.
Mardon said:
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Click to expand...
Click to collapse
This must be verified first, but frankly I really believe, they try to get those master keys. But they would need a master key to get access. At least, an encryption keeps out most assailants.
nikwen said:
That's right, but our main concern should be the (bad) hackers. It is difficult to stop the NSA, you know.
Click to expand...
Click to collapse
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think
Mardon said:
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think
Click to expand...
Click to collapse
Oh yes, indeed I recently thought almost the same. And maybe we are a bit special picky, hope the "normal" users can keep up that indignation or sometimes outrage on these spy stuff. Also true, off topic.
Mardon said:
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think
Click to expand...
Click to collapse
you realize there aren't one set of master keys for all certificates right? lol. Each certificate has a master key owned by the company owning the cert. If facebook gives them their master keys that doesn't mean they can snoop your xda or bank account traffic.
ok back on topic! I digress!
Mardon said:
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Click to expand...
Click to collapse
Just saying, but on HTTPS stuff that we use, we use forward-secret HTTPS. Meaning the "private key" for the site is of no use for decrypting past connections. That's becoming more popular for larger sites these days, but I started looking into it a while ago, and it is ready to use now. Look for a key exchange method of DHE or ECDHE
As such, the only value in obtaining such keys would be to spoof future connections. If someone is that determined to target YOU individually with spoofed or MITM'd connections, you should be worrying about other things (it would be fairly impractical to mount a widescale meaningful attack).
If you are concerned, you should look into the issues with the CA system who issue SSL keys - an SSL certificate can be signed by ANY of them, and there's a number of CAs who are somewhat sketchy in trust... Tl;dr if an active attacker wants a key for your site to spoof it, he can get it. It won't be the same one (cannot decrypt legit traffic), but can be used to impersonate the site.
pulser_g2 said:
Just saying, but on HTTPS stuff that we use, we use forward-secret HTTPS. Meaning the "private key" for the site is of no use for decrypting past connections. That's becoming more popular for larger sites these days, but I started looking into it a while ago, and it is ready to use now. Look for a key exchange method of DHE or ECDHE
As such, the only value in obtaining such keys would be to spoof future connections. If someone is that determined to target YOU individually with spoofed or MITM'd connections, you should be worrying about other things (it would be fairly impractical to mount a widescale meaningful attack).
If you are concerned, you should look into the issues with the CA system who issue SSL keys - an SSL certificate can be signed by ANY of them, and there's a number of CAs who are somewhat sketchy in trust... Tl;dr if an active attacker wants a key for your site to spoof it, he can get it. It won't be the same one (cannot decrypt legit traffic), but can be used to impersonate the site.
Click to expand...
Click to collapse
Thanks for the info. I didn't know that.
Not a techie nor from a part of the world affected by PRISM (?) but still having read all this I'm inclined to say i second this motion
nikufellow said:
Not a techie nor from a part of the world affected by PRISM (?) but still having read all this I'm inclined to say i second this motion
Click to expand...
Click to collapse
Great.
Are you sure that you are not affected? Everyone is, some more, some less.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(http://upload.wikimedia.org/wikipedia/commons/5/5c/Boundless-heatmap-large-001.jpg)
We've reached over 50 votes.
nikwen said:
We've reached over 50 votes.
Click to expand...
Click to collapse
Nice. So, some people know about HTTPS and encryption and prefer that. Not only because of the secret services of the "Five Eyes", but also to protect me from curious network administrators. There are surely more on XDA, who want to support this necessary petition.
EDIT: Oh, please don't misunderstand, I did not want to protect the secret services from other countries, as they might be not better in privacy protection, for eg the German secret service called "BND" seems to be the sixth eye. Again, I did not want to say only those five do bad things.
As lots of users don't know / care about encryption, a secured https connection with XDA might sensibilize at least some.
So, I support your request.
rog_star said:
As lots of users don't know / care about encryption, a secured https connection with XDA might sensibilize at least some.
So, I support your request.
Click to expand...
Click to collapse
Yeah, I hope so.
Thanks for voting.
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
dstarfire said:
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
Click to expand...
Click to collapse
I'm curious what site it was listed on?
Just for anyone who is interested...
As soon as the severity of the flaw was clear, we began updating our machines. Some services use pre-built packages and others use custom-compiled software (using the flawed openssl version). We updated all of our services within 30 minutes or so.
The forum.xda-developers.com hostname uses a 3rd party service who was still vulnerable to heartbeat after we patched our internal services. We opened a ticket with them - I'm sure by that point they were aware of the issue and a fix was already in the works. About an hour after that they had patched their services.
This is definitely one of the worst security flaws in the history of the internet - you pretty much have to assume that any communications thought protected by https have been compromised unless there were other protections in addition to SSL.
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Isriam said:
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Click to expand...
Click to collapse
That list is old... see my statement above.
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Isriam said:
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Click to expand...
Click to collapse
Sure, but not too much I can do about old information.
The link loriam posted is the one I found xda mentioned on. However, before I posted, I also checked a live testing website that showed xda as safe.
If anybody is interested, the url for that site is filippo.io/Heartbleed/
Unless there is updated information that I was unable to see, your SSL certificate is showing as being from 7 months ago. Shouldn't it be updated since that was part of the information that was vulnerable to Heartbleed?
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
wto605 said:
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
Click to expand...
Click to collapse
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
bitpushr said:
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
Click to expand...
Click to collapse
I totally agree (and believe me I'm hating this crap as much as I'm sure you guys are)... I just wanted to make sure it was in progress as I'm waiting to change my password until then.
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Some progress in updating androids vulnerable openssl 1.0.1e ? Heartbleed is disabled (for me) but somehow i imagine unwanted changes like from apps etc
Sent from my GT-I9505 using xda app-developers app
GrammarNazi said:
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Click to expand...
Click to collapse
We would blow up all mobiles they own. Mwahahahah!
Sent from my HTC Explorer A310e using XDA Premium 4 mobile app
Our new SSL certificates are in place.
Glad to hear were safe. Maybe XDA should force all users to change their passwords?? In the security world it's just better off and safer to assume everything was compromised.
Sent from my Galaxy S4 using Tapatalk
bitpushr said:
Our new SSL certificates are in place.
Click to expand...
Click to collapse
Hi bitpushr,
How to use the secured connection when logging in and/or changing password in this forum? I haven't noticed any ssl connection when logging in and/or changing password from the control panel.
Online test for Heartbleed
There are sites that will test for it.
Suggestions other than using blockada app.
adguard, adaway VPN mode or private DNS
I am using next DNS service. It is customizable, so you can turn on or off lists, add things to white list etc.
l_mike said:
I am using next DNS service. It is customizable, so you can turn on or off lists, add things to white list etc.
Click to expand...
Click to collapse
And how to use/enroll that?
Register on nextdns.io, than you can set up which lists you want to enable. In your profile you also get address to use in private DNS option on your phone.
If you use that option all your traffic goes through nextdns, so it blocks out ads and robots on websites, but also on installed apps.
There is one disadvantage - it is free only for limited number of queries - more than enough for me, but some really heavy users may not find it enough. Nevertheless it is so worth to try if it works for you. Even so I have my devices rooted I don't yous Adblock etc, preferring nextdns.
If I helped you, you can use my referral link do register: https://nextdns.io/?from=ydnp2mzn . It doesn't cost you anything
Oh wow, thanks! Will check it out
Why do all forget the most important thing about DNS/VPN? Privacy!
All your traffic is routed over a unknown server. You have no control over your data! If you want use such a service, use your own. If you have a good router at home, you should be able to run a VPN server on it. In combination with Pi Hole, you have your own private and ad free VPN.
Mobile -> VPN -> Home -> PiHole -> Net
l_mike said:
If I helped you, you can use my referral link do register: xxx . It doesn't cost you anything
Click to expand...
Click to collapse
You pay with your privacy/data. NOTHING is "free"
PKkeys said:
Suggestions other than using blockada app.
Click to expand...
Click to collapse
You can use Adaway in VPN mode.
If you're willing to learn, have a look at setting up pihole and pivpn. I route all traffic through my setup.
PKkeys said:
Suggestions other than using blockada app.
Click to expand...
Click to collapse
when did oneplus get ads, you mean google's personalised ads. You can disable that
RheinPirat said:
You pay with your privacy/data. NOTHING is "free"
Click to expand...
Click to collapse
Actually nextdns collects nothing important I should be conserned off.
AndyC76 said:
If you're willing to learn, have a look at setting up pihole and pivpn. I route all traffic through my setup.
Click to expand...
Click to collapse
I second this. I use my pi as a plex server and pihole dns server. I LOVE it. Never found myself freaking the **** out about dns requests until I started looking at traffic statistics
Adaway rooted works a treat...
Set Private DNS to dns.adguard.com