Elementi taggati con: ios
I work in mobile app development and the technology out there to spy on you is pretty insane. There is a whole industry for snooping and reselling data. Here are some examples.#android #ios #programming #development #app #apps #phone #smartphone #sdk #hotjar #facebook #appsee #branch.io #tamoco #surveillance #privacy #encryption
There are several SDKs (software development kits) that offer fingerprinting identity services. Meaning, when someone opens your app, it checks their device ID, IP address, GPS location, email address, etc. and makes a match to an identity. You then use this SDK to track their behavior in your app, such as purchases, interests, demographics, preferences, etc. This data is stored along with all the other apps that use the SDK. Now as an upsell, I can buy all of your behavior data from every other app that uses the same service. From the moment you install the app I know everything about you.
There are SDKs that don’t even offer a service, they just straight up pay the app maker to let their agent sit and collect data and send it up to their servers. Mostly location data.
My favorite is there’s an SDK that actually records the screen while you use the app, and the video gets sent up to the server for the app maker to see how you use their app in real time. It also tracks all of your views, swipes, and button presses tied to the video for analytics.
Basically, you should assume that every moment you are using an internet connected device, you are being observed, scrutinized, and analyzed so that someone can sell you more shit.
They are really good at this, and getting better every year. You think Facebook is listening to your microphone to serve you ads at the moment you are discussing a product? They don’t need to. They know you that well.
Edit: A lot of people are asking for specific examples of this monitoring tech. There are a ton of small players. So an example of location tracking is Tamoco. An example of behavior tracking is Branch.io (they don't advertise the data mining, but it's a back-end deal). And session monitoring is AppSee or HotJar. There are many more that I haven't heard of.
There are a ton of data resellers out there. They're typically small startups who buy and sell data, and they compete on having the most comprehensive and clean data sets. We get approached by a data reseller maybe once a month, either trying to buy our data or sell us data.
Edit: A lot of people are flippant about this idea because you "don't click on ads" or you "don't buy anything". There are people who aren't interested in just selling you products. How about voting for a particular political candidate, or for/against a ballot measure? How about selling you a particular world view? Propaganda is just like advertising, they're just selling you an idea instead of a product.
If you happen to be on the dark side (= Apple):
I have an update on the status of OMEMO in Monal. I’ve completed my spike and have a very rough implementation working. I am able to communicate with Gajim and Chatsecure. I am actually using a lot of the same OMEMO code as Chatsecure using Chris’ cocoapods. The shared code base should reduce duplicated effort and ensure compatibility on the two main Apple platform clients going forward.#omemo #monal #xmpp #apple #ios #macos
The current code isn’t anywhere near production but once I clean it up more, you should start seeing it as an option to turn on in Mac betas in the next month or so. [...]
When I still had a smartphones, long time ago, I liked Xabber more than Conversations, both installable from F-Droid.org. The Xabber UI was easier for me to understand than Conversations, esp. how to work with multiple acconts and roster groups. Nice, that they are creating an iOS client, too! (Not so nice, that people use iOS in the first place, but that's another problem.) Those who like to use OMEMO encryption on iOS, need to stay with ChatSecure, however.
#xmpp #xabber #ios #freesoftware #chatsecure
Note to myself: How to disable OTR in ChatSecure
Some weeks ago, a colleague, who unfortunately uses an iPhone (he is not a completely bad person, though) installed ChatSecure. Immediately, I and others were annoyed by unreadable OTR garbage he sent. It took us a while, but at the end of the day (the whole day!) we found out how to disable OTR. Yesterday, a friend who unfortunately also uses an iPhone (he is not a completely bad person neither), had the same issue and it took me the help of strangers on the internet (here; the Conversations MUC), to remember what to do. For the next time and the benefit of the public:
- One cannot disable OTR globally in ChatSecure, but only contact by contact.
- You need to open the chat of the contact.
- Go to the "contact details".
- Go to "advanced encryption settings" and select "OMEMO", nothing else.
- Close chat with the contact.
- Repeat the last four steps for all your 511 contacts.
Welche Messenger unterstützen schon OMEMO?
#messenger #it-sicherheit #xmpp #omemo #olm #xep0384
OMEMO ist seit Dezember 2016 offiziell XEP-0384 und seit Kurzem für ChatSecure verfügbar.
Wer wissen will, wie es mit anderen Messengern aussieht, kann einen Blick auf die Übersicht „Are we OMEMO yet?“ werfen.
Well, this is going to be another tutorial, but I'm going to try to make it a little bit different. This is an XMPP tutorial from an iOS developer's perspective.
While iOS is not my cup of tea, I find this tutorial interesting and well-written. Worth a read for everyone curious about XMPP!
#xmpp #tutorial #ios
Sander Venema: Why I won’t recommend Signal anymore
One of the things I do is cryptography and infosec training for investigative journalists who have a need to keep either their sources and communications confidential so they can more safely do their work in the public interest. Often they work in places which are heavily surveilled, like Europe, or the United States. Ed Snowden’s documents explain a thing or two about how the US intelligence apparatus goes about its day-to-day business. They sometimes also work in places in the world where rubber hose cryptanalysis is more common than in say the U.S. or Europe. Which is why crypto tools alone are not the Alpha and the Omega of (personal) security. This requires careful consideration of what to use when, and in what situation. One of the things I have recommended in the past for various cases is the OpenWhisperSystems’ app called Signal, available for Android and iOS. In this article, I want to explain my reasons why I won’t be recommending Signal in the future.
To be clear: the reason for this is not security. To the best of my knowledge, the Signal protocol is cryptographically sound, and your communications should still be secure. The reason has much more to do with the way the project is run, the focus and certain dependencies of the official (Android) Signal app, as well as the future of the Internet, and what future we would like to build and live in. This post was mostly sparked by Signal’s Giphy experiment, which shows a direction for the project that I wouldn’t have taken. There are other, bigger issues which deserve our attention.
#signal #voip #privacy #security #cryptography #crypto #google #android #apple #ios