Jump to content
Not connected, Your IP: 52.87.176.39

Search the Community

Showing results for tags 'Android'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Frequently asked questions
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP
    • Mirrors
    • Net Neutrality Monitor

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 69 results

  1. Hello. I’m trying to figure out how to import and use SSL or SSH on iOS and Android using the OpenVPN client. I’m not sure what I’m doing wrong but I can’t even get a connection to any server. any ideas on how to get this working?
  2. Hello, I recently installed Antergos Linux (Arch Linux) on my main Computer and my Laptop. So I downloaded the Config files and tried to run them with the default openvpn. I cannot establish a connection. The resulting error is: Thu Feb 1 12:47:55 2018 OpenVPN 2.4.4 x86_64-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017 Thu Feb 1 12:47:55 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.10 Thu Feb 1 12:47:55 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 1 12:47:55 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 1 12:47:55 2018 RESOLVE: Cannot resolve host address: switzerland.vpn.airdns.org:443 (Name or service not known) Thu Feb 1 12:47:55 2018 RESOLVE: Cannot resolve host address: switzerland.vpn.airdns.org:443 (Name or service not known) Thu Feb 1 12:47:55 2018 Could not determine IPv4/IPv6 protocol Thu Feb 1 12:47:55 2018 SIGUSR1[soft,init_instance] received, process restarting Thu Feb 1 12:47:55 2018 Restart pause, 5 second(s) I tried it on my Android device where I also have the config files from before a month. The old ones are working, the new ones don't. Maybe someone has the same problem or a solution? The Problem occurs also when I download another protocol-config or change the Server/State. Thanks
  3. I installed OpenVPN and downloaded the connection info for a variety of locations and installed them per the instructions. I am using a Samsung Chromebook Pro. When I run OpenVPN and choose a location it appears to connect correctly and I see a "success" message with an IP address. However, when I check to see what my IP address is, it is not the one that OpenVPN is showing me, instead it is for the local ISP here where I am traveling (in this case Prague). I can't access a number of website for sports streaming apps because they claim I am outside of the territorial restrictions, which technically I guess I am, but that's the point of using the VPN. I never had an problems on my old Windows laptop. Is this just some weird Chromebook issue? It seems strange that OpenVPN is showing me success and an IP connection but my traffic doesn't seem to be using it.
  4. SOLVED. Hi all, I'm trying to connect my Android phone over SSL using this well written guide https://airvpn.org/topic/24349-how-to-airvpn-via-sslstunnel-on-android-678/ Stunnel fires up fine but VPN does not. Log file attached. Air log SSL Android.txt Thanks.
  5. First of all, I would like to declare that I read and implemented this post: https://airvpn.org/topic/11476-using-airvpn-with-openvpn-for-android/ On OpenVPN, I imported the config file that I generated through AirVPN, and when it comes to activating that config file, I just cannot confirm the dialogue box showing up. It is displaying that there is a connection request and OpenVPN for android wants to set up a VPN connection that allows it to monitor network traffic. I just cannot click OK when this dialogue box pops up... I tried all kinds of things that I thought would affect the result without any success such as giving storage permission to OpenVPN, generating the config file as both UDP and TCP, selecting platform as both Android and Linux, as well as selecting various servers. Don't know what else I can do. I even tried to directly connect to VPN without OpenVPN through Android VPN settings. Your help would be greatly appreciated. Thanks
  6. Hello everybody, i am using Eddi on my Computer and everything works fine. But on my mobile phone, the conections takes sometimes a lot of time. I saved 2 files via the config generator (one is all of Asia nd one is all of Europe), so I guess openvpn tests each server as long as it finds a one which works and connects, nevertheless if its a good (fast) one or not. Is there a better way to find a decent server and maybe keep that one for long time? Thank you very much for your help!
  7. I just installed OpenVPN for Android on my phone today. After some phone buggy-ness and fiddling, I got it all working. Cool. But I noticed that when connecting to AirVPN, I was never asked for my login+pw. Hmmm... Ok, I now figure the .ovpn files I generated and imported have some keys/certificates embedded that authenticate me personally as the user who needs to login/connect to AirVPN. If that's true, and if my phone is stolen, how can I invalidate those credentials of mine so the thief can't login to AirVPN as me? Will a simple password change on the AirVPN website do the trick? (Thanks, everyone.)
  8. Hello! I am having troubles trying to connect with openvpn (Android ) It worked fine until today....(I am not tech-savy at all) I already tried to uncheck the bypass option...And both TCP and UDP protocols. https://airvpn.org/topic/19934-openvpn-for-android-connection-refused/?hl=+connection%20+refused%20+code Thank you. EDIT: seems to work now....
  9. Hello, after a lot of trying around I am still having problems using AirVPN on my Phone. I get disconnected after maybe a minute and have to manually reconnect every time. I wish I could keep using AirVPN, but I need to use a VPN on my phone a lot and it's just too annoying to keep reconnecting every minute. Now I am wondering if anyone else is having problems like that? I believe I am not one of few people who need to use a VPN on their phone on a daily basis. Also, are there any plans of building an app? I don't want to sound arrogant or anything, neither am I afraid of some manual configurations, but is it technically that difficult for the AirVPN team to put up an app (that matches its standards)? Cheers
  10. Hey, So today I notice that my connection through Android devices has stopped working. (Open vpn for android) It says it's connected but no data is being passed through so a Web page will eventually get a timed out error. Only happens on Android, the Windows client works as it should. Screenshot. 1st is initial connection the 2nd is after disconnection.
  11. I'm running into some difficulties setting up Air VPN on my Android 6 phone. Following the directions detailed here https://airvpn.org/topic/11476-using-airvpn-with-openvpn-for-android/ I installed OpenVPN for Android, and created a config file from the Air VPN config generator, on Chrome. I created both UDP and TCP versions of the .ovpn files. However, when I opened OpenVPN for Android and attempted to import a VPN profile, the ovpn files in my downloads folder were grayed out. Also, it's been suggested that I append my logfiles, but I'm not sure how this is done. Anyone have any suggestions? I'd be grateful for any help anyone can give
  12. I've noticed that the number of public WiFi operators making AirVPN unuseable is increasing. To be honest, I don't think it is specifically AirVPN being targeted. I can establish an outbound tunnel quickly and easily, but am then unable to connect to anything via the tunnel. When I look at the stats, the packet counters just stop incrementing. So far I've seen this behaviour with: BT WiFi (any flavour) - Never workedO2 WiFi (certain branded outlets, including Sainsbury, Asda)The Cloud (just started recently).Other providers (including my home broadband, guest wireless at work and (I think) IKEA) work fine so I think the config which comes directly from OpenVPN anyway is OK. Are they likely to be inspecting the traffic and discarding it because it's encrypted, or can it be resolved by reducing frame size, and/or using a different AirVPN transport?
  13. I am trying to follow the Android instructions but they are not working and some of the options are different than what is listed in the tutorial. When I click import - I am presented with 4 options to import a file - which one is correct? I made an assumption and selected Import Profile from SD card. The file is imported but there is no "trusted software" warning like in the tutorial. When I click the connect button, absolutely nothing happens. I appreciate any help you can offer.
  14. Was anyone surprised that this would eventually happen? Apple warned the public that such a tool if created would be leaked to the public and used in malicious activities Now that it has happened, has anyone learned their lesson? Doubtful. What are your thoughts on the subject?
  15. Hello, I've recently installed OpenVPN for Android (the open-source recommended choice) but I'm concerned about different issues. For instance, this app doesn't autostart at boot / reboot but has to be manually started. BTW Android uses wifi's previous state after reboot : when Wifi was "on" our real IP is visible until OpenVPN is manually started. When it crashes (it happens with the latest version) our real IP gets exposed too. I wonder if it could be possible to configure a firewall (AfWall+ or Droidwall) to block all the traffic excepting the one which transits through OpenVPN for both Wifi and data (3G/4G) ? These two apps are using iptables but I don't know how to write the custom rules matching my requirements. The help and knowledge of some computer savvy members would be appreciated. If it works we could maybe create a tutorial for the "How to" section of this forum ? I've collected several articles regarding Android and iptables but I've no idea how I could adapt all this for AirVPN .ovpn default config file (Europe). https://android.stackexchange.com/questions/14455/how-can-i-block-the-traffic-outside-the-vpn-even-if-the-vpn-is-down https://github.com/ukanth/afwall/wiki/Apps-leak-private-user-data-during-boot https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy https://droidvpn.com/page/stopping-leaks-with-droidwall-when-using-droidvpn-8/ https://airvpn.org/faq/software_lock/ Any idea ? Thanks
  16. Very interesting paper here: ​ ​ http://blog.csiro.au/tinker-torrentor-streamer-spy-vpn-privacy-alert/ ​ ​No mention of AirVPN, though.
  17. It would be nice to see a mobile app of Eddie for Android/IOS. The OpenVPN app is not really easy to use for non technical people. Air did make a great job to make a simple manual, but altough people with less technical skills only want to push a button to connect. Some friends of mine even don't have a computer and use only tabelts and there smartphones. Because they don't understand how the Openvpn app works and don't want to read a manual they use other VPN vproviders like Nordvpn, ipvanish or even betternet because it's free an simple to use. Has Air any plans to develop a mobile app?
  18. Hello, I'm using "OpenVPN Settings" on Android, because of an unfixed bug of Android which completely prevents me from using OpenVPN for Android. So I am sorry that I cannot use the recommended app. I created an "Android" config file in the client area, but my first problem is that "/sbin/ip" was not found: iproute was at "/system/bin/ip" instead. I figured out that adding `iproute /system/bin/ip` to my ovpn config file fixed this. Now the openvpn successfully connects either from terminal using `openvpn <filename.ovpn` or using OpenVPN Settings app. But, my browser is still going straight to the web from my mobile network. My IP address is still my normal IP address when I look it up, though OpenVPN logs appear normal and successfully connected. I have tried adding 'redirect-gateway' to the config file but it doesn't work. I would love some support making this connection successful and secure as I would like to use my phone through VPN only for some tasks. I have attached my logs. Thanks!
  19. My phone is connected to AirVPN via OpenVPN for Android. Most websites are fooled by the VPN, but when I ask google directly (OK Google), it shows my actual IP address. I do not have this issue on my PC. What can I do about this? Thanks in advance.
  20. Hi, I am having trouble getting AirVPN running on: - Samsung Galaxy S5 (SM-G900F) - Android 6.0.1 - rooted using OpenVPN for Android by Arne Schwabe. I have created a .ovpn file using Chrome Android (creating such a file in Firefox Android also gives this problem) and followed the instructions here: https://airvpn.org/topic/11476-using-airvpn-with-openvpn-for-android/ When I try to start the newly made profile in OpenVPN for Android, I can see a dialog appearing for a split second, before seeing it disappear. Log: VPN API permission dialog cancelled My question is: How can I remedy this issue and connect to AirVPN on my Android device? Thanks in advance, Arceon
  21. Staff

    Xabber

    Android XMPP (Jabber) client with OTR http://www.xabber.org/ Menu -> Settings -> XMPP accounts -> Add account Account type: XMPP Username: @xmpp.airvpn.org Password: Chat through TOR anonymity network and force TLS cryptographic protocol: if you wish so. By default it uses TLS if enabled. Click the created account, search TLS/SSL usage and force Require TLS.
  22. Droid-Break extends the Android section of prism-break.org and includes a more up-to-date collection of apps. I already replaced a few of my apps with those on this list, a few more are considered. Which apps are you using? Share your app lists and recommendations here. Stories about what drove you to replace certain apps are welcome, too. As a side note, there's also a subreddit devoted to open source software for Android.
  23. Hello everyone. I am entirely new to Android devices and am rather perplexed by what I am seeing. Allow me to explain. I bought a ARM S905 based Android device to replace basic cable television for my elderly mother. I then had the good sense to try to install OpenVPN on it. First problem was that Google Play required a login, and I could not find a working way to generate a fake login. So I gave up and used a real one. (My only gmail account as well.) But then in a minute I had OpenVPN installed and imported the configuration I made here according to the instructions. It connected fast and here is where I am utterly unable to fathom what happened. It *NEVER* asked me for my username or password... It seems to be working fine, but I worry that it is not actually using the VPN since I never gave it proper credentials. Am I misunderstanding and the config generator imported my username and password as one of the huge blocks of hashed text like the "Static Key" or "Private Key"? Thanks in advance for anyone able to explain this to me. And in addition, if anyone knows a way to make a gmail account not linked directly to me, and without a telephone, I would be very thankful. I have never owned a mobile phone, and my home phone is VoIP and does not seem to accept SMS messages, so I cannot seem to get Google to accept it. I am not about to waste money buying a mobile phone I will never use just so I can make a gmail account to make this device work. Good day everyone. Thanks for reading.
  24. RESOURCES* schneier.com eff.org securityinabox.org prism-break.org * Large segments of text cut and pasted from the above sites - thank you to the experts for sharing your knowledge! INTRODUCTORY COMMENTS The General Problem with Mobile Phones Problem Statement: - Two parties (Adam and Eve) need to communicate via SMS in a confidential manner - Confidential means no one other than the two parties can decipher (or de-steganogriphise) the message Constraints: The users have no exclusive control over the smart phone, meaning: - The carrier can update it any time they like - The user has little to no control on what happens at the low levels of the stack (below kernel), or separate firmware running on CPUs, such as the modem - The chip manufacturer may introduce back doors - There are third party solutions that are integrated in the ROM image of the smart phone which are not easy to detect, let alone disable. Even if disabled, the carrier can detect the change and deprive the phone of service or update the phone with a new image either over the air, or other mechanisms, for example a backup persistent image that reinstalls the “spyware”. The only possible way to ensure security on the device would be to have total assured control and complete awareness, which is not present. The same problems are generally present for computers too i.e. we trust firmware, O/S, all kinds of third parties and so on that are responsible for supposed security. Interception of Calls Typically, encryption of voice communications (and of text messages) that travel through the mobile phone network is relatively weak. There are inexpensive techniques which third parties can use to intercept your written communications, or to listen to your calls, if they are in proximity to the phone and can receive transmissions from it. And of course, mobile phone providers have access to all your voice and text communications. It is currently expensive and/or somewhat technically cumbersome to encrypt phone calls so that even the mobile phone provider can't eavesdrop - however, these tools are expected to become cheaper soon. To deploy the encryption you would first have to install an encryption application on your phone, as well as on the device of the person with whom you plan to communicate. Then you would use this application to send and receive encrypted calls and/or messages. Encryption software is currently only supported on a few models of so-called 'smart' phones. Conversations between Skype and mobile phones are not encrypted either, since at some point, the signal will move to the mobile network, where encryption is NOT in place. Text-based Communications: SMS Text Messages You should not rely on text message services to transmit sensitive information securely. The messages exchanged are in plain text which makes them inappropriate for confidential transactions (we'll come to encrypted apps below). Sent SMS messages can be intercepted by the service operator or by third parties with inexpensive equipment. Those messages will carry the phone numbers of the sender and recipient as well as the content of the message. What's more, SMS messages can easily be altered or forged by third parties. Consider establishing a code system between you and your recipients. Codes may make your communication more secure and may provide an additional way of confirming the identity of the person you're communicating with. Code systems need to be secure and change frequently. SMS messages are available after transmission: - In many countries, legislation (or other influences) requires the network providers to keep a long-term record of all text messages sent by their customers. In most cases SMS messages are kept by the providers for business, accounting or dispute purposes. - Saved messages on your phone can easily be accessed by anybody who gets hold of your phone. Consider deleting all received and sent messages straightaway. - Some phones have the facility to disable the logging of phone-call or text-message history. This would be especially useful for people doing more sensitive work. You should also make sure that you are familiar with what your phone is capable of. Various anonymity/privcy options are available depending on how badly you don't want the feds to listen in to your conversations and/or work out your identity. Other Smartphone Risks A typical smartphone user may find some of the above in higher quantities, and in some cases much more valuable items: - Pictures of loved ones (~100 pictures) - Email applications and their passwords - Emails (~500 emails) - Videos (~50 videos) - Social networking applications and their passwords - Banking applications (with access to the bank accounts) - Sensitive documents - Sensitive communication records - A live connection to your sensitive information Therefore, you should take the following actions to reduce your risk: - Do not store confidential files and photos on your mobile phone. Move them, as soon as you can, to a safe location - Frequently erase your phone call records, messages, address book entries, photos, etc - If you use your phone to browse the internet, follow safe practices similar to those you use when you are on the computer (e.g. always send information over encrypted connection like HTTPS) - Connect your phone to a computer only if you are sure it is malware free - Do not accept and install unknown and unverified programmes on your phone, including ring tones, wallpaper, java applications or any others that originate from an unwanted and unexpected source. They may contain viruses, malicious software or spying programmes - Observe your phone's behaviour and functioning. Look out for unknown programmes and running processes, strange messages and unstable operation. If you don't know or use some of the features and applications on your phone, disable or uninstall them if you can - Be wary when connecting to WiFi access points that don't provide passwords, just as you would when using your computer and connecting to WiFi access points. The mobile phone is essentially like a computer and thus shares the vulnerabilities and insecurities that affect computers and the internet - Make sure communication channels like Infrared (IrDA), Bluetooth and Wireless Internet (WiFi) on your phone are switched off and disabled if you are not using them. Switch them on only when they are required. Use them only in trusted situations and locations. Consider not using Bluetooth, as it is relatively easy to eavesdrop on this form of communication. Instead, transfer data using a cable connection from the phone to handsfree headphones or to a computer Risks of Emailing from Smartphones In the first instance, consider if you really need to use your smartphone to access your email. Securing a computer and its content is generally simpler than doing so for a mobile device such as a smartphone. A smartphone is more susceptible to theft, monitoring and intrusion. If it is absolutely vital that you access your email on your smartphone, there are actions you can take to minimize the risks: - Do not rely on smartphone as your primary means for accessing your email. Downloading (and removing) emails from an email server and storing them only on your smartphone is not advised. You can set up your email application to use only copies of emails - If you use email encryption with some of your contacts, consider installing it on your smartphone, too. The additional benefit is that encrypted emails will remain secret if the phone falls into wrong hands Storing your private encryption key on your mobile device may seem risky. But the benefit of being able to send and store emails securely encrypted on the mobile device might outweigh the risks. Consider creating a mobile-only encryption key-pair (using APG - see further below) for your use on your smartphone, so you do not copy your encryption private key from your computer to the mobile device. Note that this requires that you ask people you communicate with to also encrypt emails using your mobile-only encryption key. STEPS TO CREATING A MORE SECURE MOBILE PHONE PLATFORM If you are faced with the purchase of a mobile peripheral and security is essential, then you face many problems. The most common smartphones in use are Apple's iPhone and Google's Android, followed by Blackberry and Windows phones. The key difference between Android and other operating systems is that Android is, mostly, an Open Source (FOSS) system, which allows the operating system to be audited independently to verify if it properly protects users' information and communication. It also facilitates development of security applications for this platform. Many security-aware programmers develop Android applications with user safety and security in mind. Based on the fact that Blackberry runs proprietary code (ditto for the iPhone) - they can't be trusted due to no independent verification of the code. Blackberry phones have been presented as “secure” messaging and email devices. This is because messages and emails are securely channeled through Blackberry servers, out of the reach of potential eavesdroppers. Unfortunately, more and more governments are demanding access to these communications, citing need for guarding against potential terrorism and organised crime. India, United Arab Emirates, Saudi Arabia, Indonesia and Lebanon are examples of governments which have scrutinized the use of Blackberry devices and demanded access to user data in their countries. Also, encrypted messaging and other apps available on Blackberry platforms fail the EFF security test. Therefore, an Android phone may be the best option if you must own a mobile - running a version of GNU/Linux and allowing for the phone to be 'rooted' (the setting of root administration level access). With root access, you can remove bloatware that came on your phone, use an app permissions manager, run a firewall, enabling tethering even if your carrier is blocking it, manually back up your installed app settings, and use a variety of other tweaks that require low-level system access. Apps that require root aren’t hard to find — they’re available in Google Play, but they won’t work until you gain root access. Some essential apps for privacy and security have features that only work on a rooted device (see further below). Risks with Rooting an Android Phone Rooting either requires taking advantage of “exploits” in a device or unlocking its bootloader and modifying your system partition. It’s not officially supported. You could also install a custom ROM that comes rooted — again, this isn’t officially supported. For instance if you’re already using a custom ROM, this may be integrated directly into your device’s settings e.g. the popular CyanogenMod is often used by many people to get an up-to-date Android operating system on devices no longer updated by their manufacturers — has this built in. There are several downsides to this approach: - Security: rooting breaks apps out of Android’s normal security sandbox. Apps could abuse root privileges you’ve granted and snoop on other apps, something which isn’t normally possible. In the past, Google has recommended against using the Google Wallet mobile payments app on a rooted device for this reason - Warranty: Some manufacturers assert that rooting voids your device’s warranty. However, rooting will not actually damage your hardware. You can “unroot” your device and manufacturers won’t be able to tell if it’s been rooted - Bricking: As usual, you do this at your own risk. Rooting should generally be a very safe process, but you’re on your own here. If you mess something up, you can’t just expect free warranty service to fix it. If you’re worried, do a bit of research first and see if other people report success rooting your device with the tool you’re planning on using WARNING: In the following discussion, never assume that successful attacks are impossible. For instance, even encrypted end-to-end apps only protect you against passive eavesdroppers, and you hope no successful attacks on your Android or other hand-set, your firmware or your hardware are made. That's a considerable number of threats ranging from low to medium talent. Based on Snowden disclosures we know that all good smart phones are easily subverted by government level agencies at the firmware level and/or use plenty of 0-days (unpatched vulnerabilities) in the source code that isn't written with highest security standards in mind. The NSA slides confirm they could own every type of phone, typically via 0-days, subversion, or physical attacks. The thing to remember is that this isn't just an NSA thing. NSA mostly buys their 0-days from private parties that produce them by digging into code for the mistakes. There are both black hats and defense contractors doing this. Still, security experts seem to favour the Android phone as a least-worst option, but nothing is "NSA-proof" as even Blackberry admits. STEPS FOR LOW-MODERATE LEVEL MOBILE/CELL PHONE SECURITY 1. Using Cyanogenmod as Alternative Android Firmware Consider Cyanogenmod as a firmware alternative to further enhance your control of the phone. Note that in order to install alternative firmware, you need to root your phone. Cyanogenmod allows, for example, the uninstallation of applications at the system level of your phone i.e. those installed by the phone's manufacturer or your mobile network operator. By doing so, you can reduce the number of ways in which your device can be monitored, such as data that is sent to your service provider without your knowledge. In addition, Cyanogenmod ships by default with an OpenVPN application, which can be tedious to install otherwise. VPN (Virtual Private Network) is one of the ways to securely proxy your internet communication (also possible through Firefox settings). Cyanogenmod also offers an Incognito browsing mode in which history of your communication is not recorded on your smartphone. Cyanogenmod comes with many other features. However, it is not supported by all Android devices, so before proceeding, check out the list of supported devices. 2. Branded Versus Unlocked Smartphones Smartphones are usually sold branded or locked. Locking smartphones means that the device can only be operated with one carrier, whose SIM card is the only one that will work in the device. Mobile network operators usually brand a phone by installing their own firmware or software. They may also disable some functionalities or add others. Branding is a means for companies to increase revenue by channelling your smartphone use, often also collecting data about how you are using the phone or by enabling remote access to your smartphone. For these reasons, it is recommended that you buy an unbranded smartphone if you can. A locked phone poses a higher risk since all your data is routed through one carrier, which centralises your data streams and makes it impossible to change SIM cards to disseminate the data over different carriers. If your phone is locked, ask someone you trust about unlocking it. 3. Suitable Network/Messaging/Chat/VOIP apps Firstly, install OpenVPN for Android, which requires the phoneset be rooted. This will allow you to tunnel your apps that connect to the internet over OpenVPN based VPNs, protecting you from monitoring i.e. you can use an AirVPN account, as 3 devices can be simultaneously connected for each account. This wil be automatically achieved by replacing the firmware with the alternative outlined above. Next, install Orbit and Orweb which when used in combination will send all your web browsing and internet activity over the Tor network. You now have VPN + Tor for mobile browsing - awesome! Thirdly, we utilise the EFF guidelines with respect to suitable messaging/VOIP applications. Only applications which meet all 7 critieria are recommended below (Blackberry's apps fail BTW): ​ Suitable applications that meet the entire EFF checklist: - Chat Secure + Orbot: An Instant Messaging client that lets you organize and manage your different Instant Messaging (IM) accounts using a single interface. It will also attempt to encrypt your conversations using OTR when chatting with contacts who also use IM clients that support OTR. - Cryptocat: Encrypted instant messaging within your web browser. - OTR: Off The Record Messaging allows you to have private conversations over instant messaging by providing encryption (no one else can read your instant messages); authentication (you are assured the correspondent is who you think it is); deniability (the messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified); and perfect forward secrecy (if you lose control of your private keys, no previous conversation is compromised). - Signal/RedPhone: Allows you to make encrypted phone calls over the internet. A valid phone number is required to register. - Silent Phone/Text: Calls and texts made from one Silent Phone user to another are fully encrypted, whether they're on iOS, Android, or Silent OS. Encryption keys are stored only on the users' devices (not on any central server) and are destroyed at the end of each call, ensuring complete privacy, every time. Silent Phone includes features such as video chat and conference calling capability as well as unlimited encrypted texts with burn self-destruct functionality on any Silent OS, iOS or Android device, - TextSecure: An app to send encrypted text messages (SMS) via your phone provider and encrypted messages over WiFi and your phones internet connection as well as storing all SMS and messages in an encrypted container on your phone. 4. Optional Apps for Privacy/Security Seriously consider installing one or more of the following apps: * = Requires rooted Android device. - APG: Lets you encrypt and decrypt single files or emails, for personal use or to share with others, using either public key cryptography or a passphrase. - K9: K-9 Mail is a mail client that integrates with APG to allow you easily send and receive GnuPG encrypted emails. - KeePassDroid: A secure and easy-to-use password management tool which will store your passwords in an encrypted database on your phone. - Obscuracam: A free camera application for Android devices that has the ability to recognize and hide faces. It allows you to blur or delete the faces of those you photograph in order to protect their identities. - AfWall+: A firewall for your android device that allows you to control what apps can access the internet.* - CryptFS: Lets you to change your Android disk encryption password meaning you can have a one passphrase to decrypt the phone when you turn it on and a different one to unlock the phone during normal use.* - Cryptonite: Allows you to create encrypted, passphrase protected, containers on your Android device that you can store sensitive files in.* - SnoopSnitch: An Android app that collects and analyses mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates.* - X-Privacy: An app that will prevent your Android device from leaking sensitive information (such as your phone number, contacts, location, etc) to other installed apps on your phone.* - LUKS Manager: Allows easy, on-the-fly strong encryption of volumes with an user-friendly interface. You should install this tool before you start storing important data on your Android device and use the encrypted volumes that the Luks Manager provides to store all your data.* 5. General Android Security Settings Access to your Phone: - Enable Lock SIM card, found under Settings -> Personal -> Security -> Set up SIM card lock. This will mean that you must enter a PIN number in order to unlock your SIM card each time your phone is switched on, with out the PIN no phone calls can be made - Set up a Screen Lock, found under Settings -> Personal -> Security -> Screen Lock, which will ensure that a code, pattern or password needs to be entered in order to unlock the screen once it has been locked. We recommended using the PIN or Password option, as these are not restricted by length. You can find more information on creating strong passwords in How to create and maintain secure passwords - Set the security lock timer, which will automatically lock your phone after a specified time. You can specify a value which suits you, depending on how regularly you are willing to have to unlock your phone Device Encryption: - If your device uses Android version 4.0 or newer, you should turn on device encryption. This can be done in Settings -> Personal -> Security -> Encryption. Before you can utilise device encryption, however, you will be required to set a screen lock password (described above) - Note: Before starting the encryption process, ensure the phone is fully charged and plugged into a power source Network Settings: - Turn off Wi-Fi and Bluetooth by default. Ensure that Tethering and Portable Hotspots, under Wireless and Network Settings, are switched off when not in use. Settings -> Wireless & Networks -> More -> Tethering & Mobile hotspot - If your device supports Near Field Communication (NFC), this will be switched on by default, and so must be switched off manually Location settings: - Switch off Wireless and GPS location (under Location Services) and mobile data (this can be found under Settings -> Personal -> Location) - Note: Only turn on location settings as you need them. It is important not have these services running by default in the background as it reduces the risk of location tracking, saves battery power and reduces unwanted data streams initiated by applications running in the background or remotely by your mobile carrier Caller Identity: - If you want to hide your caller-ID, go to Phone Dialler -> settings -> Additional Settings -> Caller ID -> hide number Software Updates: To ensure that you phone remains secure it is strongly recommended to keep your software updated. There are two types of updates that need to be checked: - The phone operating system: go to: settings -> About phone -> updates -> check for updates - Apps you have installed: Open the Play store app, from the side menu select My Apps - Note: When updating your phones software it is important to do it from a trusted location such as your internet connection at home instead of somewhere like an internet cafe or coffee shop HIGH LEVEL MOBILE SECURITY - IS IT EVEN POSSIBLE? Yes. It all depends on on how badly you want it and how critical your communications are. However, be aware that some of these measures may actually erode your operational security (see further below). OPTION A - Communicating Critical Information Securely with a Burner Phone - the Easy Way: There are plenty of little shops filled with "second hand" units, that nobody is going to blink twice at you paying cash for an older phone and one of those pre-pay cards. When buying the burner phone, do like the drug dealers do and have someone do it for you to avoid showing up on the security tapes. A kid or a homeless person would do it if you paid them double what the phone cost (so a $10 prepaid phone will set you back $30) and not be able to provide much help to investigators. Use it once or twice (nowhere near your house, business, normal places you visit), wipe it down for fingerprints and touch DNA, and either chuck it in the street trash or leave it on a public transport or pub/bar seat/bench. There is a high chance it will be used by either the person that finds it or someone they know till the credit's gone, and then it'll probably end up in another shop to be sold on again "no questions asked". It might even end up in Africa, the Middle East or west Asia... Why go to the grief and hassle of buying a new phone which requires CC/Photo ID/Address? Even if they are "legally required" in most places, this requirement is only enforced so they can sell your details on for $10 to the personal data aggregators... There are multiple places in any city where "cash no questions" pre pay phone cards were on sale, and most of those places had or could get second hand phones, do repairs and unlocking. Further, the ratio of cameras in stores falls dramatically in these areas. OPTION B - Communicating Critical Information Securely with a Burner Phone - the Hard Clandestine Way: 1. Analyze your daily movements, paying special attention to anchor points (basis of operation like home or work) and dormant periods in schedules (8-12 p.m. or when cell phones aren't changing locations); 2. Leave your daily cell phone behind during dormant periods and purchase a prepaid no-contract cell phone ("burner phone"); 3. After storing burner phone in a Faraday bag, activate it using a clean computer connected to a public Wi-Fi network; 4. Encrypt the cell phone number using a onetime pad (OTP) system and rename an image file with the encrypted code. Using Tor to hide your web traffic, post the image to an agreed upon anonymous Twitter account, which signals a communications request to your partner; 5. Leave cell phone behind, avoid anchor points, and receive phone call from partner on burner phone at 9:30 p.m.­ -- or another pre-arranged "dormant" time­ -- on the following day; 6. Wipe down and destroy handset. WARNING: Even if you use the above measures, be aware that intelligence and police agencies have mass surveillance voice print recognition systems in operation (for all phone/VOIP). Therefore, unless the voice channels are encrypted you could still theoretically be identified in spite of your attempts to obscure your identity. If you can't get a hold of a machine to distort your voice-print, then a clandestine network would be better off texting each other over OTR/TextSecure etc using pre-arranged code words to verify each other's identity. The "one time use" of phones is considered particularly suspicious by authorities, as is using phones with odd electronic ID numbers (SIM or hardware phone serials). Therefore, electronic systems ARE ALREADY IN PLACE to search for this behaviour and mark it as a red flag. Tracing is fairly simply - using the databases telcos are required to keep by law - to find phones that have not been moving, or where calls are placed/network connected for the past few hours/days/weeks etc. Therefore, it can be concluded that use of burner phones may potentially reduce your OpSec. CONCLUSION A 'rooted', non-branded Android phone running Cyanogenmod with a host of security/privacy apps installed will put you miles ahead of the i-phone dummies (PS is there an i-dildo yet for the i-zombies?). Nevertheless, mobiles remain hopelessly compromised and insecure. They are best thought of as a glorified tracker/mobile voice-video recorder/general snooper which also happen to make phone calls (bonus!). In the final solution, it is best not to play the game and feed the Borg. Simply put, ditch this horrible peripheral and remember how you lived 20 years ago before techno-narcissism became a societal virtue.
  25. I've got OpenVPN for Android running on my Android smartphone & successfully connected to AirVPN. However my devices which are tethered to the smartphone do not seem to be passing their internet traffic thru AirVPN even though the phone does pass internet traffic thru the VPN. Is there a way I can set this up? I've searched on these forums and online as well but couldn't find much help. Thanks in advance.
×
×
  • Create New...