omicron-b's recent activity

  1. Comment on Tech people of Tildes, what have you automated in your life? in ~tech

    omicron-b
    Link
    Great topic! There is a webcam somewhere in the city that tracks something I'm interested in, so I automated taking a shot every 5 mins and save it to my server, to make a video later. It's been a...

    Great topic!

    • There is a webcam somewhere in the city that tracks something I'm interested in, so I automated taking a shot every 5 mins and save it to my server, to make a video later. It's been a year and a half, so I have quite some photos already.
    • I don't like having separate apps for RSS and calendar, also I don't need much from a calendar app, so I automated both with emails. I get an email every morning with my tasks for the day (if any), it supports weekly, monthly and yearly events too. I also get an email every 40 minutes if a certain website or forum I'm interested in has a new article or post.
    4 votes

  2. Ubuntu sends http requests to Google cloud, here’s a fix

    ~tech Text 237 words
    Ubuntu has this package installed by default: network-manager-config-connectivity-ubuntu It's only purpose is to provide settings for NetworkManager to send requests to...

    Ubuntu has this package installed by default:
    network-manager-config-connectivity-ubuntu

    It's only purpose is to provide settings for NetworkManager to send requests to connectivity-check.ubuntu.com , and based on the result (AFAIK) detect redirection by captive portals and open an ISP's page (think public WiFi, or hotel rooms, where you need to authorize to access the net).

    Well, connectivity-check.ubuntu.com is hosted on Google cloud (you can check that by running:

    dig connectivity-check.ubuntu.com
whois [the IP from previous query]

    ), so by default Ubuntu sends requests to a Google cloud page.
    I don't say Google counts daily active Ubuntu users (because many of those have the same IP), or that Google actively logs and analyzes that data. But some of you guys may not like that behavior.

    So what's the fix?

    Purge the package

    sudo apt purge network-manager-config-connectivity-ubuntu

    If you do need a captive portal detection, create your own config file to query some HTTP (not HTTPS) page of your choice, in the example below I have a Debian page used for the same purpose. Use your favorite text editor to create and edit /etc/NetworkManager/conf.d/90-connectivity-custom.conf :

    [connectivity]
uri=http://network-test.debian.org/nm

    Restart NetworkManager

    sudo systemctl restart NetworkManager

    If you run an Ubuntu derivative, please report if you have network-manager-config-connectivity-ubuntu installed in the comments.

    11 votes

  3. Comment on Are you open about your gaming? in ~games

    omicron-b
    (edited )
    Link
    I don't put it into my list of hobbies on resume (because there are different types of games, and different types of people reading my resume), but otherwise no, I don't hide it. Yes, but it's...
    • I don't put it into my list of hobbies on resume (because there are different types of games, and different types of people reading my resume), but otherwise no, I don't hide it.
    • Yes, but it's very rare to talk about games with non-gamers for me.
    • Yes, partly because I myself look down on mobile games and MMOs, and I understand that some people consider all games an addiction or an escape from reality, because they are just not familiar with good games.
    • Yes and no. I only game on Linux, I only play singleplayer games (I like to enjoy a story or a gameplay with no distractions), and I never buy games on release for a full price, so this leaves me a few options to engage with a community, but I still feel myself part of a culture, because I enjoy learning PC gaming history, I play PC classics and there are some favourites there for me.
    4 votes

  4. Comment on OpenMW 0.46.0 released (FOSS engine for TES:III Morrowind) in ~games

    omicron-b
    Link
    A pretty big release: real-time shadows improved AI navigation native graphic herbalism support native weapon and shield sheathing support and more! This motivated me for a second play-through,...

    A pretty big release:
    real-time shadows
    improved AI navigation
    native graphic herbalism support
    native weapon and shield sheathing support
    and more!

    This motivated me for a second play-through, the game looks gorgeous.

    3 votes

  6. Comment on How important is protecting our data from companies like Google? in ~tech

    omicron-b
    Link Parent
    I would not say Google has a good security. In November 2019 they shared your private videos with random people I personally found too many usability issues in their Drive, one of the reasons I...

    I would not say Google has a good security.
    In November 2019 they shared your private videos with random people

    I personally found too many usability issues in their Drive, one of the reasons I switched to Nextcloud.

    /u/Crocodile

    3 votes

  7. Comment on Hidden third party telemetry found in Nokia 6.2, 7.2 smartphones in ~tech

    omicron-b
    Link Parent
    Thanks! Any suggestions on where to post it? This stuff is totally new to me and also English is not my native language.

    Thanks! Any suggestions on where to post it? This stuff is totally new to me and also English is not my native language.

    6 votes

  8. Hidden third party telemetry found in Nokia 6.2, 7.2 smartphones

    ~tech Text 700 words
    Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it...

    Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it here.

    Original article below:

    I have recently purchased Nokia 6.2 and wanted to check if it sends any data somewhere, considering what happened with previous models

    First, I noticed approx. daily connection to dapi.hmdglobal.net
    This is a Google Cloud that could belong to a company behind Nokia - HMD Global.
    But the Privacy policy in my phone only speaks of "activation" process, not of daily diagnostics data.
    So I used developer tools to remove the following packages (warning: this may break your device, I am not responsible for any consequences)

        com.hmdglobal.enterprise.api
    com.qualcomm.qti.qms.service.telemetry
    com.qualcomm.qti.qmmi
    com.qualcomm.qti.qdma

    Before removing them, I used APK Extractor to save APK files just in case it breaks my phone and I may be able to attempt reinstall. This part comes into play later.
    The first was my blind guess about what exactly connects to dapi.hmdglobal.net
    The next 3 I found mentioned in various forums for other devices as "safe to remove", however, I have not seen any telemetry sent to Qualcomm or anywhere else, except what I mention next.

    After removing these packages, I noticed that there are some remaining unknown connections my device attempts several times per day.
    They are all done in same order, one right after the other:

        www.pppefa.com
    www.ppmxfa.com
    www.forcis.claro.com.co

    After some investigation, I found that the first two domains point to some Microsoft Cloud servers rented in US.
    The last one most probably belongs to Colombian telecom company, and this is where it becomes interesting.
    After many hours of fruitless removing of different apps in my attempt so stop it, I suddenly remembered something.
    When I used APK Extractor previously, there was an empty first line with some generic icon where an app icon should have been.
    I went there again and indeed, this is a hidden system app, that you can not see in the list of all apps in Settings, normally. But it turns out, you can see it in Data usage (after it successfully sends some data using your mobile connection).
    The name of the app is deliberately left empty to hide it, but if you click it in Data usage, you can see that this app is co.sitic.pp , which can receive SMS, can make calls, and has access to internet.
    As with all Android apps, you can reverse read the name to guess what it is.
    Turns out, http://sitic.com.co is a Colombian company, who "are leaders in innovation and create mobile and WEB applications for new products and services." (credit goes to Google Translate)

    screenshot of the app with permissions

    In other words, this app is a 3rd party telemetry, hidden from user, not mentioned in the Privacy policy, that has access to SMS.
    This looks very bad and I really hope this is a malware injected by factory and not something knowingly distributed by Nokia, HMD Global, the EU company.

    After removing the co.sitic.pp app, requests to Microsoft Cloud and Columbia stopped.
    I was later pointed to a German forum, where (I believe) it was first found in a Nokia 7.2 device.
    So, we have it confirmed in 2 devices in 2 different countries.

    On German forum they contacted Nokia (I assume support) but got tired exchanging emails for weeks without any result.
    On 02/03/2020 I have requested an official reply from Nokia and HMD Global via press.services@nokia.com and press@hmdglobal.com and waiting for reply.
    Since I am not a journalist, I may never get one.

    TLDR: 3rd party telemetry is found in Nokia 6.2 and 7.2 devices, is hidden from user, has access to SMS, and sends data to Microsoft Cloud in US and a server in Columbia.
    It is probably supplied by SITIC S.A.S., a Colombian company, and looks more like a malware than a telemetry.

    28 votes