Forwarded from cRyPtHoN™ INFOSEC (EN)
4 Malicious Adware apps Discovered on Google Play With More than 16,100,000 Installs
The adware programs will tend to serve unwanted advertisements on your mobile phone and computer. The adware can be included with some apps in a legitimate way to generate revenue.
By clicking the ads it directs the users to the malicious pages which collect the user information and use it for advertising purposes.
https://gbhackers.com/adware-apps-on-google-play/
https://twitter.com/sh1shk0va
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
The adware programs will tend to serve unwanted advertisements on your mobile phone and computer. The adware can be included with some apps in a legitimate way to generate revenue.
By clicking the ads it directs the users to the malicious pages which collect the user information and use it for advertising purposes.
https://gbhackers.com/adware-apps-on-google-play/
https://twitter.com/sh1shk0va
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
Forwarded from /r/privacy
Google tricking you to turn on location services
On an Android phone, turn off location services and then in chrome do a Google search.
Notice it'll pop up a message saying results would be better if location services were turned on. You press ok to dismiss.
Surprise! You just turned on location services and sent a load of saved GPS data to Google.
https://redd.it/ebfwzp
@r_privacy
On an Android phone, turn off location services and then in chrome do a Google search.
Notice it'll pop up a message saying results would be better if location services were turned on. You press ok to dismiss.
Surprise! You just turned on location services and sent a load of saved GPS data to Google.
https://redd.it/ebfwzp
@r_privacy
reddit
Google tricking you to turn on location services
The intersection of technology, privacy, and freedom in a digital world.
Forwarded from cRyPtHoN™ INFOSEC (EN)
Police get “unprecedented” data haul from Google with geofence warrants
Before you commit arson, do you leave your phone at home?
If not, you’re not a subtle arsonist. If you own an Android device, and if you happen to be behind any of the arsons carried out across the city of Milwaukee, in the US state of Wisconsin in 2018 and 2019, there’s a good chance that Google has handed over your location history to police.
https://nakedsecurity.sophos.com/2019/12/16/police-get-unprecedented-data-haul-from-google-with-geofence-warrants/
Read Via Telegram
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
Before you commit arson, do you leave your phone at home?
If not, you’re not a subtle arsonist. If you own an Android device, and if you happen to be behind any of the arsons carried out across the city of Milwaukee, in the US state of Wisconsin in 2018 and 2019, there’s a good chance that Google has handed over your location history to police.
https://nakedsecurity.sophos.com/2019/12/16/police-get-unprecedented-data-haul-from-google-with-geofence-warrants/
Read Via Telegram
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
Forwarded from cRyPtHoN™ INFOSEC (EN)
This media is not supported in your browser
VIEW IN TELEGRAM
Bug Sent WhatsApp Into Crash Loop, Caused Chat History Loss
Security researchers found a bug in WhatsApp that could be used to crash the messaging app in a loop on the phone of every member of a group.
The effect could be obtained by modifying a participant's phone number and sending out a message. As a result, members would no longer be able to access the group or conversation history.
https://www.bleepingcomputer.com/news/security/bug-sent-whatsapp-into-crash-loop-caused-chat-history-loss/
Read Via Telegram
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag
Security researchers found a bug in WhatsApp that could be used to crash the messaging app in a loop on the phone of every member of a group.
The effect could be obtained by modifying a participant's phone number and sending out a message. As a result, members would no longer be able to access the group or conversation history.
https://www.bleepingcomputer.com/news/security/bug-sent-whatsapp-into-crash-loop-caused-chat-history-loss/
Read Via Telegram
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag
Forwarded from cRyPtHoN™ INFOSEC (EN)
UK opens inquiry into Google’s takeover of data company
LONDON (AP) — Britain’s competition watchdog said Tuesday it launched a formal inquiry into Google’s takeover of cloud data analytics company Looker Data Sciences, as it intensifies scrutiny of technology deals.
The Competition and Markets Authority said it had notified the two companies on Monday that it was opening an initial inquiry and would decide on Feb. 13 whether to escalate it to a more in-depth investigation.
https://apnews.com/2d7c2913f7ad71ff9331544b9e8edcd2
Read Via Telegram
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag
LONDON (AP) — Britain’s competition watchdog said Tuesday it launched a formal inquiry into Google’s takeover of cloud data analytics company Looker Data Sciences, as it intensifies scrutiny of technology deals.
The Competition and Markets Authority said it had notified the two companies on Monday that it was opening an initial inquiry and would decide on Feb. 13 whether to escalate it to a more in-depth investigation.
https://apnews.com/2d7c2913f7ad71ff9331544b9e8edcd2
Read Via Telegram
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag
YouTube2PeerTube
YouTube2PeerTube is a bot written in Python3 that mirrors YouTube channels to PeerTube channels as videos are released in a YouTube channel.
It checks YouTube channels periodically, when new videos are found, it mirrors them with metadata to PeerTube corresponding peertube channels.
This tool supports multiple channels, and supports mirroring each YouTube channel to a user defined PeerTube channel and instance that can be different for each YouTube channel being mirrored.
This tool does not use YouTube APIs. Instead, it subscribes to channels via RSS. This is a primary feature, this tool will always avoid the YouTube API, and no features will be implemented that require the YouTube API.
If you need to archive a YouTube channel with lots of existing videos, this tool is not for you. This tool starts mirroring channels from the time they are added to the config and will not mirror all historical videos that exist in a YouTube channel. A tool that provides this functionality is available https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/tools.md#peertube-import-videosjs
📡 @NoGoolag 📡 @Libreware
#peertube #yt #youtube #import #alternatives
YouTube2PeerTube is a bot written in Python3 that mirrors YouTube channels to PeerTube channels as videos are released in a YouTube channel.
It checks YouTube channels periodically, when new videos are found, it mirrors them with metadata to PeerTube corresponding peertube channels.
This tool supports multiple channels, and supports mirroring each YouTube channel to a user defined PeerTube channel and instance that can be different for each YouTube channel being mirrored.
This tool does not use YouTube APIs. Instead, it subscribes to channels via RSS. This is a primary feature, this tool will always avoid the YouTube API, and no features will be implemented that require the YouTube API.
If you need to archive a YouTube channel with lots of existing videos, this tool is not for you. This tool starts mirroring channels from the time they are added to the config and will not mirror all historical videos that exist in a YouTube channel. A tool that provides this functionality is available https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/tools.md#peertube-import-videosjs
📡 @NoGoolag 📡 @Libreware
#peertube #yt #youtube #import #alternatives
GitHub
PeerTube/support/doc/tools.md at develop · Chocobozzz/PeerTube
ActivityPub-federated video streaming platform using P2P directly in your web browser - Chocobozzz/PeerTube
Pi-Hole
Network-wide ad blocking via your own Linux hardware
The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.
✅ Easy-to-install: our versatile installer walks you through the process, and takes less than ten minutes
✅ Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart TVs
✅ Responsive: seamlessly speeds up the feel of everyday browsing by caching DNS queries
✅ Lightweight: runs smoothly with minimal hardware and software requirements
✅ Robust: a command line interface that is quality assured for interoperability
✅ Insightful: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
✅ Versatile: can optionally function as a DHCP server, ensuring all your devices are protected automatically
✅ Scalable: capable of handling hundreds of millions of queries when installed on server-grade hardware
✅ Modern: blocks ads over both IPv4 and IPv6
✅ Free: open source software which helps ensure you are the sole person in control of your privacy
Pihole Info:
https://pi-hole.net
https://pi-hole.net/blog
https://docs.pi-hole.net
https://github.com/pi-hole/pi-hole/#one-step-automated-install
r/pihole
📡 @NoGoolag 📡 @Libreware
#pihole #pi-hole #block #ads
Network-wide ad blocking via your own Linux hardware
The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.
✅ Easy-to-install: our versatile installer walks you through the process, and takes less than ten minutes
✅ Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart TVs
✅ Responsive: seamlessly speeds up the feel of everyday browsing by caching DNS queries
✅ Lightweight: runs smoothly with minimal hardware and software requirements
✅ Robust: a command line interface that is quality assured for interoperability
✅ Insightful: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
✅ Versatile: can optionally function as a DHCP server, ensuring all your devices are protected automatically
✅ Scalable: capable of handling hundreds of millions of queries when installed on server-grade hardware
✅ Modern: blocks ads over both IPv4 and IPv6
✅ Free: open source software which helps ensure you are the sole person in control of your privacy
Pihole Info:
https://pi-hole.net
https://pi-hole.net/blog
https://docs.pi-hole.net
https://github.com/pi-hole/pi-hole/#one-step-automated-install
r/pihole
📡 @NoGoolag 📡 @Libreware
#pihole #pi-hole #block #ads
Wikipedia
DNS sinkhole
DNS server that points a domain to bogus internet addresses
Dropkick Google with Pi-Hole On Your Network
Resource
from https://www.old.reddit.com/r/degoogle/comments/e9ryy0/dropkick_google_with_pihole_on_your_network/
Greetings fellow De-Googlers. Today, as we crest over the 20k mark in membership, I’d like to talk about a tool you can use in your fight against intrusive corporations like Google. I’m talking about a great project called Pi-Hole. Some of you may be familiar with Pi-Hole, while to others this may be new information. If it’s new information, I’m happy to report there is a sub right here on Reddit just for Pi-Hole ( r/pihole ). The mods there are very helpful with any problems you may encounter along the way with this project.
Before I go any further, I’d like to point out that Pi-Hole is open source software, available for free on their website at https://pi-hole.net/. However, I would like to encourage users to donate to this worthy cause and become a Patron of the project.
In a nutshell, Pi-Hole is a Raspberry PI project that acts as an ad blocker. Unlike browser based ad blockers that you may be used to such as uBlockOrigin, Pi-Hole works at the DNS level.
You can run Pi-Hole in a Docker container, deploy directly in conjunction with Raspbian on a Raspberry Pi Zero W, or deploy in conjunction with Centos, Fedora, or Debian or an old desktop running Ubuntu. There are even some folks running Pi-Hole on an old laptop. For all the features of Pi-hole and for what it does, it doesn’t require a lot of overhead to run.
I won’t go into recreating the installation procedures, but I can tell you that with limited tech savvy, anyone can have this set up and running in an afternoon.
So how does this all tie into De-Googling I hear you ask. One of the great features of Pi-Hole is it’s ability to use custom block lists. These block lists contain hundreds of domain names that you don’t want accessing your network. Here is one such list that completely blocks Google and it’s many domains from your network:
• https://raw.githubusercontent.com/nickspaargaren/pihole-google/master/pihole-google.txt
Nick Spaargaren maintains this list and his GitHub is located at:
• https://github.com/nickspaargaren/pihole-google
If we were to take a peek inside this particular block list, we can see all the domains it will block from your network:
www.googleanalytics.com
click.googleanalytics.com
ssl.googleanalytics.com
www.google-analytics.com
cctldtest.google-analytics.com
click.google-analytics.com
…..and hundreds more! With a couple clicks of the mouse, you can just about eradicate Google from your network as if it didn’t exist. There are tons of other lists that are available for Pi-Hole that will block all manner of things from your network. For now we are concentrating on the Google aspect.
In closing, I will leave you guys with some links to get you started on your way to a Google free, intrusion free network using Pi-Hole.
#pihole #pi-hole #block #ads
Resource
from https://www.old.reddit.com/r/degoogle/comments/e9ryy0/dropkick_google_with_pihole_on_your_network/
Greetings fellow De-Googlers. Today, as we crest over the 20k mark in membership, I’d like to talk about a tool you can use in your fight against intrusive corporations like Google. I’m talking about a great project called Pi-Hole. Some of you may be familiar with Pi-Hole, while to others this may be new information. If it’s new information, I’m happy to report there is a sub right here on Reddit just for Pi-Hole ( r/pihole ). The mods there are very helpful with any problems you may encounter along the way with this project.
Before I go any further, I’d like to point out that Pi-Hole is open source software, available for free on their website at https://pi-hole.net/. However, I would like to encourage users to donate to this worthy cause and become a Patron of the project.
In a nutshell, Pi-Hole is a Raspberry PI project that acts as an ad blocker. Unlike browser based ad blockers that you may be used to such as uBlockOrigin, Pi-Hole works at the DNS level.
You can run Pi-Hole in a Docker container, deploy directly in conjunction with Raspbian on a Raspberry Pi Zero W, or deploy in conjunction with Centos, Fedora, or Debian or an old desktop running Ubuntu. There are even some folks running Pi-Hole on an old laptop. For all the features of Pi-hole and for what it does, it doesn’t require a lot of overhead to run.
I won’t go into recreating the installation procedures, but I can tell you that with limited tech savvy, anyone can have this set up and running in an afternoon.
So how does this all tie into De-Googling I hear you ask. One of the great features of Pi-Hole is it’s ability to use custom block lists. These block lists contain hundreds of domain names that you don’t want accessing your network. Here is one such list that completely blocks Google and it’s many domains from your network:
• https://raw.githubusercontent.com/nickspaargaren/pihole-google/master/pihole-google.txt
Nick Spaargaren maintains this list and his GitHub is located at:
• https://github.com/nickspaargaren/pihole-google
If we were to take a peek inside this particular block list, we can see all the domains it will block from your network:
www.googleanalytics.com
click.googleanalytics.com
ssl.googleanalytics.com
www.google-analytics.com
cctldtest.google-analytics.com
click.google-analytics.com
…..and hundreds more! With a couple clicks of the mouse, you can just about eradicate Google from your network as if it didn’t exist. There are tons of other lists that are available for Pi-Hole that will block all manner of things from your network. For now we are concentrating on the Google aspect.
In closing, I will leave you guys with some links to get you started on your way to a Google free, intrusion free network using Pi-Hole.
#pihole #pi-hole #block #ads
reddit
Dropkick Google with Pi-Hole On Your Network
Greetings fellow De-Googlers. Today, as we crest over the 20k mark in membership, I’d like to talk about a tool you can use in your fight against...
Forwarded from BlackBox (Security) Archiv
Data octopuses: Not only Google wants to know where you are and what you do
Google's location tracking on Android devices is legendary. Privacy is almost always a huge problem. Data protectors regularly go to the barricades. Law enforcement agencies are rubbing their hands more and more often. What's more, the largest data octopus of all has created an "unprecedented" data collection system for law enforcement agencies. A data collection that we usually always and mostly unknowingly agree to. But our Android smartphone or iPhone also reveals a lot about us. And that regardless of whether we want it or not.
Why do we unknowingly agree with the passion for data collection, some readers will surely ask. You can turn off location tracking in the settings. Or I simply switch to the so-called "aircraft mode", or alternatively take my SIM card out of the mobile phone. Then Google can no longer track my location and everything is fine, you think. Why this is not quite right and what our android or iPhone and others collect so much data about us, we want to take a closer look at today in this article.
Location tracking: Google doesn't do things by halves
Even if we deactivate the "location history" or "location history" for iPhones and Android smartphones, the data octopus Google continues to locate its users. Even if the function "location history" is switched off, Google or Apps, which we have installed on our Android, evaluates the user's location and saves it locally on the respective device. If we open certain apps or services, the data is then transferred. Even in "airplane mode" or without a SIM card, Google collects location data for each of our steps in the background, i.e. indirectly. As soon as our smartphone has access to the Internet again, the data collected about us in the meantime is automatically uploaded to Google's Sensorvault database.
📺 Video:
https://news.1rj.ru/str/NoGoolag/76
👉🏽 Google is Malware
https://www.gnu.org/proprietary/malware-google.html
👉🏽 Read more:
https://tarnkappe.info/datenkraken-nicht-nur-google-moechte-immer-wissen-wo-ihr-seid/
#DeleteGoogle #GoogleMalware #DataStealers #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Google's location tracking on Android devices is legendary. Privacy is almost always a huge problem. Data protectors regularly go to the barricades. Law enforcement agencies are rubbing their hands more and more often. What's more, the largest data octopus of all has created an "unprecedented" data collection system for law enforcement agencies. A data collection that we usually always and mostly unknowingly agree to. But our Android smartphone or iPhone also reveals a lot about us. And that regardless of whether we want it or not.
Why do we unknowingly agree with the passion for data collection, some readers will surely ask. You can turn off location tracking in the settings. Or I simply switch to the so-called "aircraft mode", or alternatively take my SIM card out of the mobile phone. Then Google can no longer track my location and everything is fine, you think. Why this is not quite right and what our android or iPhone and others collect so much data about us, we want to take a closer look at today in this article.
Location tracking: Google doesn't do things by halves
Even if we deactivate the "location history" or "location history" for iPhones and Android smartphones, the data octopus Google continues to locate its users. Even if the function "location history" is switched off, Google or Apps, which we have installed on our Android, evaluates the user's location and saves it locally on the respective device. If we open certain apps or services, the data is then transferred. Even in "airplane mode" or without a SIM card, Google collects location data for each of our steps in the background, i.e. indirectly. As soon as our smartphone has access to the Internet again, the data collected about us in the meantime is automatically uploaded to Google's Sensorvault database.
📺 Video:
https://news.1rj.ru/str/NoGoolag/76
👉🏽 Google is Malware
https://www.gnu.org/proprietary/malware-google.html
👉🏽 Read more:
https://tarnkappe.info/datenkraken-nicht-nur-google-moechte-immer-wissen-wo-ihr-seid/
#DeleteGoogle #GoogleMalware #DataStealers #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Forwarded from /r/privacy
Your annual reminder that Facebook tracks your location after you opt out
https://thenextweb.com/facebook/2019/12/18/your-annual-reminder-that-facebook-tracks-you-even-with-location-settings-turned-off/
https://redd.it/ec9y1i
@r_privacy
https://thenextweb.com/facebook/2019/12/18/your-annual-reminder-that-facebook-tracks-you-even-with-location-settings-turned-off/
https://redd.it/ec9y1i
@r_privacy
The Next Web
Your annual reminder that Facebook tracks you even with location settings turned off
Facebook told US senators it tracks users' location even after they've turned those settings off. Don't be shocked, we learned this exactly a year ago.
Forwarded from cRyPtHoN™ INFOSEC (EN)
Facebook admits it can track your movements and bombard you with adverts even if users turn OFF location settings
🔵 Facebook sent a letter to two US senators which contained the admission
🔵 It can piece together a person's location based on various available information
🔵 Facebook says there are many advantages to knowing where people are
🔵 Tagged pictures, IP addresses and purchasing on Facebook Shopping provide clues to a person's location
https://www.dailymail.co.uk/sciencetech/article-7804121/Facebook-says-locate-users-opt-tracking.html
Read Via Telegram
FACEBOOK'S PRIVACY DISASTERS
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag
🔵 Facebook sent a letter to two US senators which contained the admission
🔵 It can piece together a person's location based on various available information
🔵 Facebook says there are many advantages to knowing where people are
🔵 Tagged pictures, IP addresses and purchasing on Facebook Shopping provide clues to a person's location
https://www.dailymail.co.uk/sciencetech/article-7804121/Facebook-says-locate-users-opt-tracking.html
Read Via Telegram
FACEBOOK'S PRIVACY DISASTERS
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag
Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users
https://blog.mozilla.org/blog/2019/12/17/firefox-announces-new-partner-in-delivering-private-and-secure-dns-services-to-users/
#firefox #ff #dns
https://blog.mozilla.org/blog/2019/12/17/firefox-announces-new-partner-in-delivering-private-and-secure-dns-services-to-users/
#firefox #ff #dns
The Mozilla Blog
Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users
NextDNS Joins Firefox’s Trusted Recursive Resolver Program Committing to Data Retention and Transparency Requirements that Respect User Privacy Firefox announced a new partnership with NextDNS to provide Firefox users with ...
Minimal MicroG Installer V2.4
18 december, 2019
By MOVZX and FatherJony and FriendlyNeighborhoodShane
A simple, flexible MicroG Installer
-- Changelog:
+ Update all APKs
+ Fix Standard bootloop on Q
+ Added AuroraServices only pack
For y'all younglings that don't know what MinMicroG is, check readme.md inside or https://news.1rj.ru/str/NoGoolag/202
📡 @NoGoolag
#microg #minmicrog
18 december, 2019
By MOVZX and FatherJony and FriendlyNeighborhoodShane
A simple, flexible MicroG Installer
-- Changelog:
+ Update all APKs
+ Fix Standard bootloop on Q
+ Added AuroraServices only pack
For y'all younglings that don't know what MinMicroG is, check readme.md inside or https://news.1rj.ru/str/NoGoolag/202
📡 @NoGoolag
#microg #minmicrog
This media is not supported in your browser
VIEW IN TELEGRAM
Browser activating the front-facing camera: Big Brother or just a bug?
This post is about a disturbing (in terms of privacy) situation that we have recently encountered.
Here’s what happened: we were approached by one of our readers, who claimed that when he was reading our website (which, ironically, has the BanCam anti-facial recognition campaign banner on a main page), the front-facing camera was activated.
📺 https://youtu.be/JVrfUhc6l0M
👉🏽 Read more:
https://medium.com/@mva.name/browser-activating-the-front-facing-camera-big-brother-or-just-a-bug-e7a2ff9d6856
#Google #camera #popup #DeleteGoogle #PoC #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
This post is about a disturbing (in terms of privacy) situation that we have recently encountered.
Here’s what happened: we were approached by one of our readers, who claimed that when he was reading our website (which, ironically, has the BanCam anti-facial recognition campaign banner on a main page), the front-facing camera was activated.
📺 https://youtu.be/JVrfUhc6l0M
👉🏽 Read more:
https://medium.com/@mva.name/browser-activating-the-front-facing-camera-big-brother-or-just-a-bug-e7a2ff9d6856
#Google #camera #popup #DeleteGoogle #PoC #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Trannoscription (read: copy paste):
Hi, everyone!
My name is Vadim, I am a tech consultant and a system administrator at RosKomSvoboda.
This post is about a disturbing (in terms of privacy) situation that we have recently encountered.
It could have been in a “A-a-a-a-a-a-a-a-a! Look, Big Brother (Google) is watching us” style, but I will rather try to do some analysis and make some assumptions about why this might have happened.
Here’s what happened: we were approached by one of our readers, who claimed that when he was reading our website (which, ironically, has the BanCam anti-facial recognition campaign banner on a main page), the front-facing camera was activated.
He owns a phone with a sliding front camera. So it slid out right after loading the page as shown on a video.
Big Brother?
As you probably have guessed, at first I thought, that despite all the security measures I have taken for the website, we were hacked and “trojanized”.
However, the investigation has shown, that our site was fine.
After discussing the investigation’s findings with my colleagues from RosKomSvoboda, I remembered that I had came across several forum posts before, which were describing how “Trojan” apk-packages were distributed through the ad networks (when opening the forum from an Android phone) (The idea is that a user would install them, thinking that it is the official forum client).
I suggested checking the list of ad trackers which were allowed on that page (the reader uses Firefox and the uBlock addon with it).
A couple of hours of experiments have shown that the camera stops activating only when the google.com domain access in being blocked in the addon’s settings. Around this time the user told us, that the website “kod.ru” was also activating the camera (before that, we considered the problem to be only on our website).
After digging a little deeper, I found out, that requests to google.com are made not only by Google trackers (aka analytics), but even by the YouTube video iframe module on that page. Same thing occurring at kod.ru also fitted this theory. As it turned out, that page had also had an embedded YouTube video in it.
In order to once again check my theory, I Googled a random blog post with a built-in video in it. The camera opened again.
To sum up, what we have discovered: the presence of built-in YouTube video on a page triggers the loading of some noscripts from google.com, and those, in turn, trigger the camera.
Okay, let’s keep digging.
Having gone through all the browser debugging tools, I found out, that a highly obfuscated noscript, which even has an obfuscated name, is loaded via www.google.com domain whenever a user accesses the page. None of the de-obfuscation tools I tried could deal with it.
Considering that it is Google, I can assume that soon this noscript will disappear, and will be replaced with a different (but equally unreadable) one. So, here’s it’s code, just in case.
A brief overview of the noscript didn’t show any camera mentions, but you can try to do it yourself.
Let’s now look at it this way:
My own phone has no sliding camera, so I could not see a camera sliding out, but I can connect it via USB and use “adb logcat | grep -i -C5 camer” (I’ve used grep because otherwise there is too much irrelevant info) command. So I did it…
First try: Loading the test sites and… nothing!
Starting to think that this issue is on a client’s side.
In the same time we are discussing the situation in the aforementioned RosKomSvoboda technical chat room. After a while, one of the participants said, that mobile browsers can sometimes be tricky: they don’t always ask for a global camera access permissions, because if they know there is none they may not ask for them!
I check the application’s settings and see, that Firefox has no camera permission. I turn it on, check once again, and see a bunch of camera related info popping up in the console like that:
adb logcat | grep -i -C5 camer
Hi, everyone!
My name is Vadim, I am a tech consultant and a system administrator at RosKomSvoboda.
This post is about a disturbing (in terms of privacy) situation that we have recently encountered.
It could have been in a “A-a-a-a-a-a-a-a-a! Look, Big Brother (Google) is watching us” style, but I will rather try to do some analysis and make some assumptions about why this might have happened.
Here’s what happened: we were approached by one of our readers, who claimed that when he was reading our website (which, ironically, has the BanCam anti-facial recognition campaign banner on a main page), the front-facing camera was activated.
He owns a phone with a sliding front camera. So it slid out right after loading the page as shown on a video.
Big Brother?
As you probably have guessed, at first I thought, that despite all the security measures I have taken for the website, we were hacked and “trojanized”.
However, the investigation has shown, that our site was fine.
After discussing the investigation’s findings with my colleagues from RosKomSvoboda, I remembered that I had came across several forum posts before, which were describing how “Trojan” apk-packages were distributed through the ad networks (when opening the forum from an Android phone) (The idea is that a user would install them, thinking that it is the official forum client).
I suggested checking the list of ad trackers which were allowed on that page (the reader uses Firefox and the uBlock addon with it).
A couple of hours of experiments have shown that the camera stops activating only when the google.com domain access in being blocked in the addon’s settings. Around this time the user told us, that the website “kod.ru” was also activating the camera (before that, we considered the problem to be only on our website).
After digging a little deeper, I found out, that requests to google.com are made not only by Google trackers (aka analytics), but even by the YouTube video iframe module on that page. Same thing occurring at kod.ru also fitted this theory. As it turned out, that page had also had an embedded YouTube video in it.
In order to once again check my theory, I Googled a random blog post with a built-in video in it. The camera opened again.
To sum up, what we have discovered: the presence of built-in YouTube video on a page triggers the loading of some noscripts from google.com, and those, in turn, trigger the camera.
Okay, let’s keep digging.
Having gone through all the browser debugging tools, I found out, that a highly obfuscated noscript, which even has an obfuscated name, is loaded via www.google.com domain whenever a user accesses the page. None of the de-obfuscation tools I tried could deal with it.
Considering that it is Google, I can assume that soon this noscript will disappear, and will be replaced with a different (but equally unreadable) one. So, here’s it’s code, just in case.
A brief overview of the noscript didn’t show any camera mentions, but you can try to do it yourself.
Let’s now look at it this way:
My own phone has no sliding camera, so I could not see a camera sliding out, but I can connect it via USB and use “adb logcat | grep -i -C5 camer” (I’ve used grep because otherwise there is too much irrelevant info) command. So I did it…
First try: Loading the test sites and… nothing!
Starting to think that this issue is on a client’s side.
In the same time we are discussing the situation in the aforementioned RosKomSvoboda technical chat room. After a while, one of the participants said, that mobile browsers can sometimes be tricky: they don’t always ask for a global camera access permissions, because if they know there is none they may not ask for them!
I check the application’s settings and see, that Firefox has no camera permission. I turn it on, check once again, and see a bunch of camera related info popping up in the console like that:
adb logcat | grep -i -C5 camer
Gotcha! A request!
Moreover, right after the “get device info” line there is an explicit opening of the camera device:
12–12 17:10:14.734 751 6924 I QCamera : <HAL><INFO> int qcamera::QCamera2Factory::cameraDeviceOpen(int, struct hw_device_t **): 405: Open camera id 0 API version 256
I check it once again with Chrome, and everything looks the same: if you take away the camera permission — nothing is in the log, and if you allow the app to access the camera — same logs appear.
Turns out that:
а) problem is not local
b) problem is not browser-specific.
What is interesting about that, is the fact that none of these browsers have ever requested a camera permission for any of the sites that participated in the test (and, however, for YouTube and google.com — too).
Taking all this discoveries into consideration I came up with two versions:
1) Either Big Brother is really watching us or
2) that oddly obfuscated noscript from Google triggers Camera API in browsers in order to fingerprint the user, but avoids accessing camera directly. That’s why there is no permission request popping up (however, if you look at the video at the beginning of the article closely, you can see how an LED blinks between opening and closing the camera, which raises certain concerns).
Browser’s logic here is simple: When initializing the Camera API, if there is no camera permission — do not do anything (do not even ask for it until there is a real necessity) and if there is one — initialize the cameras and check what kind of modules are there and what are they capable of (might be the reason why the camera slides out).
The user’s phone vendor, as it seems, programmed the camera software simply: whenever the camera is accessed — it slides out.
Afterall, turns out the issue is not as serious, as it seemed to be in the beginning and I’d like to believe that no photos are taken (anyway I’m not qualified enough neither to prove nor disprove that, maybe one of you, the readers, could do that).
However, the very fact that opening any webpage that has an embedded YouTube video iframe in it leads to a camera request (and even some communication with the module) is pretty sad and disturbing in terms of privacy and I think it’s worth the community’s attention.
What is your opinion?
Russian version: https://habr.com/ru/company/roskomsvoboda/blog/480056/
WRITTEN BY
Vadim Misbakh-Soloviov
Moreover, right after the “get device info” line there is an explicit opening of the camera device:
12–12 17:10:14.734 751 6924 I QCamera : <HAL><INFO> int qcamera::QCamera2Factory::cameraDeviceOpen(int, struct hw_device_t **): 405: Open camera id 0 API version 256
I check it once again with Chrome, and everything looks the same: if you take away the camera permission — nothing is in the log, and if you allow the app to access the camera — same logs appear.
Turns out that:
а) problem is not local
b) problem is not browser-specific.
What is interesting about that, is the fact that none of these browsers have ever requested a camera permission for any of the sites that participated in the test (and, however, for YouTube and google.com — too).
Taking all this discoveries into consideration I came up with two versions:
1) Either Big Brother is really watching us or
2) that oddly obfuscated noscript from Google triggers Camera API in browsers in order to fingerprint the user, but avoids accessing camera directly. That’s why there is no permission request popping up (however, if you look at the video at the beginning of the article closely, you can see how an LED blinks between opening and closing the camera, which raises certain concerns).
Browser’s logic here is simple: When initializing the Camera API, if there is no camera permission — do not do anything (do not even ask for it until there is a real necessity) and if there is one — initialize the cameras and check what kind of modules are there and what are they capable of (might be the reason why the camera slides out).
The user’s phone vendor, as it seems, programmed the camera software simply: whenever the camera is accessed — it slides out.
Afterall, turns out the issue is not as serious, as it seemed to be in the beginning and I’d like to believe that no photos are taken (anyway I’m not qualified enough neither to prove nor disprove that, maybe one of you, the readers, could do that).
However, the very fact that opening any webpage that has an embedded YouTube video iframe in it leads to a camera request (and even some communication with the module) is pretty sad and disturbing in terms of privacy and I think it’s worth the community’s attention.
What is your opinion?
Russian version: https://habr.com/ru/company/roskomsvoboda/blog/480056/
WRITTEN BY
Vadim Misbakh-Soloviov