-
7 votes
-
Tech in the time of COVID-19
3 votes -
Joe Biden’s first virtual town hall was an absolute technical nightmare
12 votes -
How bad is this $20 FATTYDOVE "Racing" 120GB SSD?
6 votes -
The uncensored library: A digital library containing suppressed articles, built inside Minecraft to bypass internet surveillance and censorship
16 votes -
Popular iPhone and iPad apps snooping on the pasteboard
6 votes -
Sharing photos has the potential to reveal a lot of personal information, even if you're careful with removing metadata
9 votes -
CIRA Canadian Shield, DNS Resolution Service
5 votes -
Sweden fines Google $8 million for right-to-be-forgotten violations – a failure to comply with Europe's GDPR after they failed to adequately remove search results
11 votes -
Official Raspberry Pi 4 Desktop Kit - Is it worth the price?
6 votes -
What should be on a QA tester’s résumé? Here's what the recruiters say they want to see
10 votes -
The future will be technical: a modular essay about our optimistic future
4 votes -
Supporting Google's extended workforce through the COVID-19 outbreak
6 votes -
Secret-sharing app Whisper left hundreds of millions of users’ intimate messages, locations, and other data exposed publicly on the web
9 votes -
Brands can now purchase an ad in the #2 slot of Reddit's "Trending" sections in the Popular page and Search dropdown
26 votes -
The prodigal techbro
8 votes -
Trying out a Windows knock-off (ReactOS)
6 votes -
Google tracked his bike ride past a burglarized home. That made him a suspect.
18 votes -
Because of Coronavirus, vendors are offering special videoconferencing deals. Here's a roundup of what's available
11 votes -
Twitter starts testing its own version of Stories, called "Fleets," which disappear after twenty-four hours and can't receive likes, retweets, or replies
10 votes -
EARN IT act is a direct attack on end-to-end encryption
25 votes -
Jailbreaking - How do you know if a tweak is safe?
I've been jailbreaking for years now, and one of the things that have always puzzled me was how the jailbreak community determines whether or not a tweak has malicious code since they aren't...
I've been jailbreaking for years now, and one of the things that have always puzzled me was how the jailbreak community determines whether or not a tweak has malicious code since they aren't always open-sourced. With the latest releases of checkra1n, and unc0ver, I've gotten back into jailbreaking since I wanted to jailbreak my 12.9" iPad Pro. From my understanding, the jailbreak itself (usually) is open-sourced, so it can generally be "vetted" that way. I typically stay away from using too many tweaks and try to stick with those from the "more well-known" developers, but I'm curious how others decide which developers/tweaks to trust and use? Do you strictly base it on "bug-reports" and a developer's reputation? What other factors come into play? There are tweaks like "Compatimark" that helps with compatibility information (but that's not really what I'm talking about).
Edit: First time posting a topic here, so hopefully it isn't breaking any rules.
9 votes -
Libravatar - A free and open source alternative to Gravatar
8 votes -
The history of the URL
9 votes -
Facebook files lawsuit against Namecheap
9 votes -
Bogus automated copyright claims by CBS blocked Super Tuesday speeches by Bernie Sanders, Mike Bloomberg, and Joe Biden
11 votes -
Apple now allows push notification advertising, updates dating app review guidelines and more
11 votes -
switching.software: Ethical, easy-to-use and privacy-conscious alternatives to well-known software
18 votes -
Investigation launched as Lilium Jet prototype is destroyed by fire
3 votes -
WeChat, China’s most popular messaging app, has been censoring keywords relating to the COVID-19 outbreak since at least Jan. 1, according to a new report
10 votes -
The high-tech iBackpack received almost $800,000 from crowdfunding, but backers never received their bags. Now the creator is being sued by the FTC and state of Texas
13 votes -
Here's how Biden and Sanders stack up when it comes to how they would govern the tech industry
6 votes -
The case for limiting your browser extensions
9 votes -
Walmart's $250 laptop review
14 votes -
What happens if (and when) Apple cancels WWDC 2020?
3 votes -
Censored contagion - How information on the coronavirus is managed on Chinese social media
9 votes -
Hidden third party telemetry found in Nokia 6.2, 7.2 smartphones
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it...
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it here.
Original article below:
I have recently purchased Nokia 6.2 and wanted to check if it sends any data somewhere, considering what happened with previous models
First, I noticed approx. daily connection to
dapi.hmdglobal.net
This is a Google Cloud that could belong to a company behind Nokia - HMD Global.
But the Privacy policy in my phone only speaks of "activation" process, not of daily diagnostics data.
So I used developer tools to remove the following packages (warning: this may break your device, I am not responsible for any consequences)com.hmdglobal.enterprise.api com.qualcomm.qti.qms.service.telemetry com.qualcomm.qti.qmmi com.qualcomm.qti.qdma
Before removing them, I used APK Extractor to save APK files just in case it breaks my phone and I may be able to attempt reinstall. This part comes into play later.
The first was my blind guess about what exactly connects todapi.hmdglobal.net
The next 3 I found mentioned in various forums for other devices as "safe to remove", however, I have not seen any telemetry sent to Qualcomm or anywhere else, except what I mention next.After removing these packages, I noticed that there are some remaining unknown connections my device attempts several times per day.
They are all done in same order, one right after the other:www.pppefa.com www.ppmxfa.com www.forcis.claro.com.co
After some investigation, I found that the first two domains point to some Microsoft Cloud servers rented in US.
The last one most probably belongs to Colombian telecom company, and this is where it becomes interesting.
After many hours of fruitless removing of different apps in my attempt so stop it, I suddenly remembered something.
When I used APK Extractor previously, there was an empty first line with some generic icon where an app icon should have been.
I went there again and indeed, this is a hidden system app, that you can not see in the list of all apps in Settings, normally. But it turns out, you can see it in Data usage (after it successfully sends some data using your mobile connection).
The name of the app is deliberately left empty to hide it, but if you click it in Data usage, you can see that this app isco.sitic.pp
, which can receive SMS, can make calls, and has access to internet.
As with all Android apps, you can reverse read the name to guess what it is.
Turns out, http://sitic.com.co is a Colombian company, who "are leaders in innovation and create mobile and WEB applications for new products and services." (credit goes to Google Translate)screenshot of the app with permissions
In other words, this app is a 3rd party telemetry, hidden from user, not mentioned in the Privacy policy, that has access to SMS.
This looks very bad and I really hope this is a malware injected by factory and not something knowingly distributed by Nokia, HMD Global, the EU company.After removing the
co.sitic.pp
app, requests to Microsoft Cloud and Columbia stopped.
I was later pointed to a German forum, where (I believe) it was first found in a Nokia 7.2 device.
So, we have it confirmed in 2 devices in 2 different countries.On German forum they contacted Nokia (I assume support) but got tired exchanging emails for weeks without any result.
On 02/03/2020 I have requested an official reply from Nokia and HMD Global via press.services@nokia.com and press@hmdglobal.com and waiting for reply.
Since I am not a journalist, I may never get one.TLDR: 3rd party telemetry is found in Nokia 6.2 and 7.2 devices, is hidden from user, has access to SMS, and sends data to Microsoft Cloud in US and a server in Columbia.
It is probably supplied by SITIC S.A.S., a Colombian company, and looks more like a malware than a telemetry.28 votes -
Sophos has received an offer to be acquired for $3.9 billion by private-equity firm Thoma Bravo
8 votes -
Tech was supposed to improve caucuses. Instead, it may have doomed them
14 votes -
In search of the full stack testing team: What makes the best QA teams so good
4 votes -
Japanese toilets are marvels of technological innovation. American toilets not so much
7 votes -
How hard will the robots make us work? In warehouses, call centers, and other sectors, intelligent machines are managing humans, and they’re making work more stressful, grueling, and dangerous
18 votes -
Firefox has started enabling DNS-over-HTTPS by default for all US-based users
33 votes -
Smartphones that make good use of physical buttons
I miss buttons on devices. They are durable, reliable, repairable and nice to press. I can find their position without looking, and they work more consistently in different apps. I probably don't...
I miss buttons on devices. They are durable, reliable, repairable and nice to press. I can find their position without looking, and they work more consistently in different apps.
I probably don't need something with a physical QWERTY keyboard, since screen real state might be an issue. And it would have to be an actually viable smartphone, not something from a bygone era (I don't care about camera). But I want (a lot!) more buttons, preferably configurable, with support for custom keybindings, macros, etc.
What are some good options?
15 votes -
[SOLVED] Some of my internet radio stations aren't playing on my computer
EDIT: The problem has been solved. @Sill identified the problem here and @cfabbro found a work-around here. Crisis averted! I listen to some internet radio stations on my computer, but a couple of...
EDIT: The problem has been solved. @Sill identified the problem here and @cfabbro found a work-around here. Crisis averted!
I listen to some internet radio stations on my computer, but a couple of them aren't working any more: they appear to play, but there's no sound coming from my computer's speakers.
It is only two stations. I've tested other internet radio stations I listen to, and they still work: I can hear them. I can play and hear YouTube videos. I can stream Spotify on my computer. I can play and hear my music files stored on my computer's hard drive. So I know my speakers work. I know Chrome works as a music player for other sources, including other internet radio stations. It's just these two radio stations.
One of them is this radio station. Also this radio station. I know their digital streams are working, because I can listen to them via an internet radio app on my phone. So I know their digital signals are being sent out. But, while my phone app can play them, my computer browser can't play them.
I've tested both non-working stations in Chrome and Internet Explorer. They both don't work in Chrome, but this station also doesn't work in IE.
I'm using Chrome 80.0.3987.122. And I'm running Windows 7.
This problem only started a couple of days ago.
What's going on? How do I fix this?
12 votes -
Jam lets you safely share streaming app passwords
9 votes -
Hank Green - The "38% of Americans wouldn't buy Corona beer" reported by CNN is misleading
10 votes -
Arrest warrant issued in the Philippines for Fredrick Brennan, founder of 8chan, under cyberlibel charges brought by the site's current owner
17 votes -
The CED: RCA's Very Late, Very Weird Video Gamble (Pt. 1)
5 votes -
Cameo is the logical endpoint of modern celebrity-obsessed culture and interaction—a perfect storm of convenience, access, and affordability
13 votes