Stoutner - Redmine: Issueshttps://redmine.stoutner.com/https://redmine.stoutner.com/favicon.ico?16699090422024-03-02T20:58:24ZStoutner - Redmine
Redmine Privacy Cell - Feature #1177 (New): Detecting Silent SMS Attackshttps://redmine.stoutner.com/issues/11772024-03-02T20:58:24ZMark Weston
<p>Both the Android IMSI-Catcher Detector and SnoopSnitch projects have been abandoned:<br /><a class="external" href="https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector">https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector</a><br /><a class="external" href="https://github.com/srlabs/snoopsnitch">https://github.com/srlabs/snoopsnitch</a></p>
<p>As it stands, there are no Android apps to detect when your device has fallen victim to an IMSI Catcher / Stingray. Since this project is well developed and active, I am proposing incorporating some of the features from AIMISCD into this project. Would it be feasible to start with detecting silent SMS which is not as big of an undertaking as detecting an IMSI catcher?</p>
<p>This GPL 3.0 code will be helpful:<br /><a class="external" href="https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/blob/development/AIMSICD/src/main/java/com/secupwn/aimsicd/smsdetection/SmsDetector.java">https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/blob/development/AIMSICD/src/main/java/com/secupwn/aimsicd/smsdetection/SmsDetector.java</a></p> Privacy Browser Android - Feature #1175 (Feedback): Move out Images into the main menuhttps://redmine.stoutner.com/issues/11752024-02-26T06:46:16Zask lowPrivacy Browser Android - Feature #1170 (Feedback): Option to save and add multiple custom user a...https://redmine.stoutner.com/issues/11702024-02-18T22:55:53ZRon Weasley
<p>Hey, I've been really liking your browser so far with all the privacy features. And I think it'll be more privacy friendly if we can store/save multiple custom user agents (You can name using a custom name or using custom user agent 1,2,3..) and change them on the go.</p>
<p>I usually change my user agent between different sites to better obfuscate my identity. But it's hassle to copy and paste everytime, So if it'll be helpful to users like me who changes the user agents often if the browser could store them.</p> Privacy Browser PC - Feature #1016 (In Progress): Remove the separator between Refresh and Reload...https://redmine.stoutner.com/issues/10162023-06-09T21:08:35ZSoren Stoutnersoren@stoutner.com
<p>Currently there is a separator in the View menu between Refresh and Reload and Bypass Cache. This is because KDE's ui_standards.rc file doesn't currently have the option necessary to not insert it.</p>
<p>What is needed is to add <code><MergeLocal name="view_redisplay_merge"/></code> immediately after <code><Action name="view_redisplay"/></code>.</p> Privacy Browser PC - Feature #1007 (In Progress): Domain Settings are not applied when loading a ...https://redmine.stoutner.com/issues/10072023-05-11T06:02:31ZSoren Stoutnersoren@stoutner.com
<p>If you are on a website with domain settings applied and you open a link <strong>to the same domain</strong> in a new tab by using either Ctrl-click or Ctrl-Shift-click domain settings will not be applied in that tab.</p>
<p>However, if you open the new tab using the right-click menu with either "Open link in new tab" or "Open link in new background tab" then the domain settings will be appropriately applied.</p>
<p>If the link opens a different domain this does not manifest. I think this has to do with the current domain being passed to the new tab so that it doesn't think the domain is changing and, therefore, doesn't reapply domain settings so as to not wipe out on-the-fly settings. Somehow this is passed with Ctrl-clicks but not with the context menu.</p> Privacy Browser PC - Feature #1004 (In Progress): Add the option to launch Privacy Browser in a c...https://redmine.stoutner.com/issues/10042023-04-25T21:30:18ZSoren Stoutnersoren@stoutner.com
<p>This would be similar to how Nyxt does it.</p>
<p><a class="external" href="https://github.com/atlas-engineer/nyxt/blob/master/documents/README.org#run-nyxt-in-a-security-sandbox">https://github.com/atlas-engineer/nyxt/blob/master/documents/README.org#run-nyxt-in-a-security-sandbox</a></p> Privacy Browser PC - Feature #967 (In Progress): Disable automatic opening of links in a new tabhttps://redmine.stoutner.com/issues/9672023-02-28T17:57:31ZSoren Stoutnersoren@stoutner.com
<p>This would mirror the behavior of Privacy Browser Android, where a user must choose to open a link in a new tab.</p>
<p>It also fixes a bug where, at least sometimes, links automatically opened in new tabs do not load domain settings. For an example of this, clink on a tracking link in Order History at neweggbusiness.com.</p> Privacy Browser PC - Feature #959 (In Progress): Allow adding spell checking words to a user dict...https://redmine.stoutner.com/issues/9592023-02-08T16:53:56ZSoren Stoutnersoren@stoutner.com
<p>Documentation on this is non-existant, but based on how other programs work, like Chromium, it appears it should be possible.</p> Privacy Browser PC - Feature #845 (In Progress): On-The-Fly Zoom Factor does not display changes ...https://redmine.stoutner.com/issues/8452022-04-29T23:41:13ZSoren Stoutnersoren@stoutner.com
<p>Holding CTRL on the keyboard while scrolling the mouse wheel adjusts the On-The-Fly zoom setting, but it isn't currently reflected in the On-The-Fly menu action.</p>
<p>There might be some signal I can attach to that would update this.</p> Privacy Browser PC - Feature #831 (In Progress): Browser error pages do not display unless JavaSc...https://redmine.stoutner.com/issues/8312022-03-29T19:50:40ZSoren Stoutnersoren@stoutner.com
<p>For example, if an invalid URL is loaded, only the outline of a box is displayed unless JavaScript is enabled.</p> Privacy Browser Android - Feature #721 (Feedback): Consider adding a lock screen on startuphttps://redmine.stoutner.com/issues/7212021-05-27T17:10:43ZSoren Stoutnersoren@stoutner.com
<p>From time to time I receive requests to add a startup lock screen to Privacy Browser. The purpose of this feature request is to document why I consider this to be privacy theater, but I am going to leave it open awaiting feedback. If someone can provide an example of how this would actually be beneficial than I will look into implementing it.</p>
<p>The reasons why I don't think it is useful is broken into two categories based on attack scenarios. In the first scenario, standard Android OS tools already provide as much protection as adding a custom lock screen could do. And I am generally unwilling to replicate tools that already exist in the OS if there isn't any benefit in doing so. Consider the following scenarios.</p>
<p>1. You set your phone down on the table and someone with malicious intent picks it up with the desire to see sensitive information in your browser.</p>
<p>Solution: Use the lock screen functionality available in the OS. You have all the standard options (PIN, pattern, password, fingerprint, etc.). Implementing a specific app version of this provides no additional security beyond what the OS provides.</p>
<p>2. You want to share your phone with someone, like a child, that needs to have limited access to some features, but you don't want them to have access to what is in your browser.</p>
<p>Solution: Use the profiles functionality built into the OS. If you want the person to have ongoing access, setup a profile for their account. If they only need one-time access, they can use the guest profile. <<a class="external" href="https://support.google.com/nexus/answer/2865483">https://support.google.com/nexus/answer/2865483</a>></p>
<p>The second class of attacks has to do with sophisticated hacking devices, like those made by Cellebrite. <<a class="external" href="https://www.cellebrite.com/en/ufed-premium/">https://www.cellebrite.com/en/ufed-premium/</a>> These are designed to bypass the lock screen of the device, so the OS protections described above are insufficient. This is one of the reasons why the Privacy Browser's core privacy principles include storing a minimum of information on the device. <<a class="external" href="https://www.stoutner.com/privacy-browser/core-privacy-principles/">https://www.stoutner.com/privacy-browser/core-privacy-principles/</a>> But there is still some information there, including the list of bookmarks and domain settings.</p>
<p>The first thing that is important to understand about this scenario is that adding a lock screen that displays to the user when they open the app doesn't encrypt or otherwise protect the actual data. All it does is show a screen to the user that is a little difficult to bypass before they can view the unencrypted data that is available in the app's private directory. Because systems like Cellebrite aren't interested in silly screens presented to the user (they are already bypassing the OS lock screens) they also wouldn't even notice that Privacy Browser had a lock screen. They would just bypass it and read the unencrypted app data directly.</p>
<p>Hence, any defense against a Cellebrite attack needs to both implement a lock screen and encrypt the app data at rest.</p>
<p>Before going any further, let me impress upon your mind how incredible difficult this process would be. Android expects the data in an app's directory to not be encrypted. All the standard tools expect to be able to access it directly. Encrypting it is possible, but it would require replacing every standard Android function in Privacy Browser with a custom implementation. The amount of work this would take would be staggering, the number of bugs it would introduce would be enormous, and the ongoing maintenance cost would be excessive.</p>
<p>But lets assume that I become convinced that this feature is worth all the effort and do implement it. What would it look like?</p>
<p>First, users wouldn't be able to use a PIN or a pattern or a fingerprint to open the lock screen. This is because the amount of data contained by any of these is not sufficiently large to provide useful encryption. In typical Android usage, when you enter a PIN or scan your fingerprint, those are checked against what is stored on the system, and, if they match, the actual encryption key is retrieved from Android's Keystore in a hardware security module. <<a class="external" href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">https://developer.android.com/training/articles/keystore#HardwareSecurityModule</a>> These hardware security modules are supposed to be unhackable. But, surprise, surprise, they aren't. <<a class="external" href="https://thehackernews.com/2019/11/qualcomm-android-hacking.html">https://thehackernews.com/2019/11/qualcomm-android-hacking.html</a>> And you better believe that there are a number of 0-day vulnerabilities in these hardware security modules that companies like Cellebrite are actively leveraging in the wild to extract encryption keys. The only way to protect against this level of attack is for the user to manually enter the decryption key every time the app starts. To have any real level of security, the key needs to be really long. Somewhere between 24 and 44 characters, and that is if you are using a random mix of numbers and letters that is difficult for a human to remember or type. <<a class="external" href="https://security.stackexchange.com/questions/45318/how-long-in-letters-are-encryption-keys-for-aes">https://security.stackexchange.com/questions/45318/how-long-in-letters-are-encryption-keys-for-aes</a>></p>
<p>Do you know any user who would be willing to type a 24 character serial number every time they opened Privacy Browser?</p>
<p>Beyond this, Cellebrite devices can also hack information stored in RAM. When Privacy Browser is running, the information in RAM has to be unencrypted. Therefore, to attain any level of security, Privacy Browser would have to clear everything from RAM every time it was paused (another app is displayed on the screen, the screen shuts off, etc.). This means that every time you switched apps, opened a link from another app, shut off your screen, or any similar activity, you would have to type in your 24-44 character encryption key again. Once again, can you imagine any user actually doing this?</p>
<p>So, looking at this, I see a feature that would take tens of thousands of hours to implement in any way that wasn't privacy theater, and that nobody would actually use.</p>
<p>For anyone who is concerned about attackes by Cellebrite or similar devices, I would recommend that you enable Incognito Mode (which wipes the cache and history every time a website loads), run Clear and Exit frequently, and not store anything sensitive in bookmarks or domain settings. This provides you with almost the same level of protection as a fully encryption system described above, and has the added benefit of being something that you would actually be willing to use.</p> Privacy Browser Android - Feature #633 (Feedback): Restore edits in the URL bar when switching tabs.https://redmine.stoutner.com/issues/6332020-10-14T17:35:36ZSoren Stoutnersoren@stoutner.com
<p>Currently, the URL that is loaded in the WebView is restored to the URL bar when a tab is switched. This means that if the user has modified the URL, then switches tabs, then switches back, their edits are lost.</p>
<p>I am not certain I want to change the current behavior. I have created this feature request to see what feedback I receive from users about the issue.</p> Privacy Browser Android - Feature #631 (Feedback): Undo a closed tabhttps://redmine.stoutner.com/issues/6312020-10-08T19:40:08ZGNU User
<p>When closing a tab (which can happen by accident) a message could appear stating "Tab was closed" and have an undo button. Similar to what Firefox has. I didn't find a ticket opened for this, if it's a duplicate I apologize.</p> Privacy Browser Android - Feature #626 (In Progress): Snackbars are too high on the screen if And...https://redmine.stoutner.com/issues/6262020-09-19T03:22:35ZSoren Stoutnersoren@stoutner.com
<p>I expected this to be fixed in Android 11, but it isn't. Perhaps there is something that can be done at the app lever.</p> Privacy Browser Android - Feature #508 (In Progress): Activate Keyboard incognito modehttps://redmine.stoutner.com/issues/5082019-11-05T18:46:39ZLukas ThyWalls
<p>Using Firefox Focus, i realized using this kind of mode (As well as incognito mode in Firefox Android, Firefox Fenix or Chrome) the keyboard enters in some kind of "Incognito mode" that seems to not remember any word (at least), something that happens with GBoard and AnySoftKeyboard as far as i tested it. With both uses this mode automatically with the browser's mode, although with AnySoftKeyboard you can toggle it at any moment.</p>
<p>This doesn't happen in Privacy Browser, with or without incognito mode. The request is activate the virtual keyboards in that mode, if it's posible with an option to make it work "Always" or "Only in incognito mode".</p>
<p>Thanks.</p>