New Post: Snitching on Phones That Snitch on You

Or move to the Deep (not Dark) web.

When the 'net first got it’s walking legs, we were “Surfing the Internet Highway” and the panoramic views were wonderful.

Now that “Information highway” is cluttered with so many billboards, roadside snake oil salespeople, hidden police checks, and most pull-outs are rotting and decaying our potties!

Moving to the Deep Web or if you’ve been assimilated, the Dark web, doesn’t mean that the 'net needs to be all bad. A project to let the peeping marketeers pimp out those hanging on, by leaving them behind is not that hard. I think it’s just that too many people are afraid of the ‘deep/dark web’. And I think corporations detest it because they can’t control anything in there. And the spies can’t spy. Awwww!

~s~

1 Like

I like Jitsi, but you should be aware that it links to some Google Servers…


Not sure if it is solved after a year. But i do not like Developers which just copy and paste code from some some sources on the web. Which the client will fetch dynamically

I do not like snitching Phones so i will use a minimal minimal approach.

2 Likes

Good news:

4 Likes

That is indeed very good news.
A have always been using an app firewall on Windws and have never understood why there isn’t one for Linux.
So this is going to change soon. :clap:

1 Like

So would you run this on your network or on each linux device?

1 Like

This runs on each Linux device and monitors traffic leaving the device. The individual using that device would get pop-ups to approve/deny when new traffic occurs that OpenSnitch doesn’t yet have a rule for. After the initial training process the first week or two, this becomes a rarer event, which is good, as you can focus on these exceptions better.

2 Likes

Thanks Kyle that does sound fantastic. Any insight on when it might be available in pureos? I would imagine it may have an impact on network performance tho.

1 Like

Once it is packaged in Debian upstream, we could see about putting it into PureOS. My understanding is that the main challenge is the build dependencies, which the current .deb you can download from the OpenSnitch repo (what I use on my Librem 5) resolves by bundling in libraries.

3 Likes

The thing being discussed just now runs on each individual computer.

However it is legitimate to have a firewall between your network and the internet and a firewall on each device. They serve slightly different purposes and respond to different threats. (In either case, also, the threat from inbound traffic is separate from and additional to the threat from outbound traffic.)

I think the main point being made in the article linked above is that: the firewall that runs on each individual computer can have the subtlety of allowing a connection from one application but disallowing the connection relating to / from the same port number from a different application.

The distinction between applications is difficult to impossible to implement in a firewall somewhere on your network. That is, it needs either to block the port number for a given host or allow the port number for a given host, regardless of which application wants the connection.

On the other hand, the benefit of the network firewall is three-fold (at least)

  • it works even if the software on the individual device is completely compromised
  • it works even if the user of the individual device is socially engineered (tricked) into clicking “OK” or simply doesn’t make good decisions
  • it works for all devices on the network, in particular for those devices where it may be impossible to install a firewall (like a TV or your solar equipment) or less practical to install a firewall (like your Android and Apple phone) - where it’s all blackbox and you need a firewall more than ever :wink:
4 Likes