-
18 votes
-
Investigation launched as Lilium Jet prototype is destroyed by fire
3 votes -
WeChat, China’s most popular messaging app, has been censoring keywords relating to the COVID-19 outbreak since at least Jan. 1, according to a new report
10 votes -
The high-tech iBackpack received almost $800,000 from crowdfunding, but backers never received their bags. Now the creator is being sued by the FTC and state of Texas
13 votes -
Here's how Biden and Sanders stack up when it comes to how they would govern the tech industry
6 votes -
The case for limiting your browser extensions
9 votes -
Walmart's $250 laptop review
14 votes -
What happens if (and when) Apple cancels WWDC 2020?
3 votes -
Censored contagion - How information on the coronavirus is managed on Chinese social media
9 votes -
Hidden third party telemetry found in Nokia 6.2, 7.2 smartphones
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it...
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it here.
Original article below:
I have recently purchased Nokia 6.2 and wanted to check if it sends any data somewhere, considering what happened with previous models
First, I noticed approx. daily connection to
dapi.hmdglobal.net
This is a Google Cloud that could belong to a company behind Nokia - HMD Global.
But the Privacy policy in my phone only speaks of "activation" process, not of daily diagnostics data.
So I used developer tools to remove the following packages (warning: this may break your device, I am not responsible for any consequences)com.hmdglobal.enterprise.api com.qualcomm.qti.qms.service.telemetry com.qualcomm.qti.qmmi com.qualcomm.qti.qdma
Before removing them, I used APK Extractor to save APK files just in case it breaks my phone and I may be able to attempt reinstall. This part comes into play later.
The first was my blind guess about what exactly connects todapi.hmdglobal.net
The next 3 I found mentioned in various forums for other devices as "safe to remove", however, I have not seen any telemetry sent to Qualcomm or anywhere else, except what I mention next.After removing these packages, I noticed that there are some remaining unknown connections my device attempts several times per day.
They are all done in same order, one right after the other:www.pppefa.com www.ppmxfa.com www.forcis.claro.com.co
After some investigation, I found that the first two domains point to some Microsoft Cloud servers rented in US.
The last one most probably belongs to Colombian telecom company, and this is where it becomes interesting.
After many hours of fruitless removing of different apps in my attempt so stop it, I suddenly remembered something.
When I used APK Extractor previously, there was an empty first line with some generic icon where an app icon should have been.
I went there again and indeed, this is a hidden system app, that you can not see in the list of all apps in Settings, normally. But it turns out, you can see it in Data usage (after it successfully sends some data using your mobile connection).
The name of the app is deliberately left empty to hide it, but if you click it in Data usage, you can see that this app isco.sitic.pp
, which can receive SMS, can make calls, and has access to internet.
As with all Android apps, you can reverse read the name to guess what it is.
Turns out, http://sitic.com.co is a Colombian company, who "are leaders in innovation and create mobile and WEB applications for new products and services." (credit goes to Google Translate)screenshot of the app with permissions
In other words, this app is a 3rd party telemetry, hidden from user, not mentioned in the Privacy policy, that has access to SMS.
This looks very bad and I really hope this is a malware injected by factory and not something knowingly distributed by Nokia, HMD Global, the EU company.After removing the
co.sitic.pp
app, requests to Microsoft Cloud and Columbia stopped.
I was later pointed to a German forum, where (I believe) it was first found in a Nokia 7.2 device.
So, we have it confirmed in 2 devices in 2 different countries.On German forum they contacted Nokia (I assume support) but got tired exchanging emails for weeks without any result.
On 02/03/2020 I have requested an official reply from Nokia and HMD Global via press.services@nokia.com and press@hmdglobal.com and waiting for reply.
Since I am not a journalist, I may never get one.TLDR: 3rd party telemetry is found in Nokia 6.2 and 7.2 devices, is hidden from user, has access to SMS, and sends data to Microsoft Cloud in US and a server in Columbia.
It is probably supplied by SITIC S.A.S., a Colombian company, and looks more like a malware than a telemetry.28 votes -
Sophos has received an offer to be acquired for $3.9 billion by private-equity firm Thoma Bravo
8 votes -
Tech was supposed to improve caucuses. Instead, it may have doomed them
14 votes -
In search of the full stack testing team: What makes the best QA teams so good
4 votes -
Japanese toilets are marvels of technological innovation. American toilets not so much
7 votes -
How hard will the robots make us work? In warehouses, call centers, and other sectors, intelligent machines are managing humans, and they’re making work more stressful, grueling, and dangerous
18 votes -
Firefox has started enabling DNS-over-HTTPS by default for all US-based users
33 votes -
Smartphones that make good use of physical buttons
I miss buttons on devices. They are durable, reliable, repairable and nice to press. I can find their position without looking, and they work more consistently in different apps. I probably don't...
I miss buttons on devices. They are durable, reliable, repairable and nice to press. I can find their position without looking, and they work more consistently in different apps.
I probably don't need something with a physical QWERTY keyboard, since screen real state might be an issue. And it would have to be an actually viable smartphone, not something from a bygone era (I don't care about camera). But I want (a lot!) more buttons, preferably configurable, with support for custom keybindings, macros, etc.
What are some good options?
15 votes -
[SOLVED] Some of my internet radio stations aren't playing on my computer
EDIT: The problem has been solved. @Sill identified the problem here and @cfabbro found a work-around here. Crisis averted! I listen to some internet radio stations on my computer, but a couple of...
EDIT: The problem has been solved. @Sill identified the problem here and @cfabbro found a work-around here. Crisis averted!
I listen to some internet radio stations on my computer, but a couple of them aren't working any more: they appear to play, but there's no sound coming from my computer's speakers.
It is only two stations. I've tested other internet radio stations I listen to, and they still work: I can hear them. I can play and hear YouTube videos. I can stream Spotify on my computer. I can play and hear my music files stored on my computer's hard drive. So I know my speakers work. I know Chrome works as a music player for other sources, including other internet radio stations. It's just these two radio stations.
One of them is this radio station. Also this radio station. I know their digital streams are working, because I can listen to them via an internet radio app on my phone. So I know their digital signals are being sent out. But, while my phone app can play them, my computer browser can't play them.
I've tested both non-working stations in Chrome and Internet Explorer. They both don't work in Chrome, but this station also doesn't work in IE.
I'm using Chrome 80.0.3987.122. And I'm running Windows 7.
This problem only started a couple of days ago.
What's going on? How do I fix this?
12 votes -
Jam lets you safely share streaming app passwords
9 votes -
Hank Green - The "38% of Americans wouldn't buy Corona beer" reported by CNN is misleading
10 votes -
Arrest warrant issued in the Philippines for Fredrick Brennan, founder of 8chan, under cyberlibel charges brought by the site's current owner
17 votes -
The CED: RCA's Very Late, Very Weird Video Gamble (Pt. 1)
5 votes -
Cameo is the logical endpoint of modern celebrity-obsessed culture and interaction—a perfect storm of convenience, access, and affordability
13 votes -
Are social networks polarizing? A Q&A with Ezra Klein | The Interface with Casey Newton, Issue #464, Feb 27
5 votes -
Printing’s not dead: The $35 billion fight over ink cartridges
5 votes -
Changing e-mail and cleaning up my Internet presence
I'm trying to clean up my internet presence and move away from at least Facebook and Google. I've come a long way with deleting my Facebook and it's now basically an empty shell for messaging....
I'm trying to clean up my internet presence and move away from at least Facebook and Google. I've come a long way with deleting my Facebook and it's now basically an empty shell for messaging. I've installed Signal and will start the grooming process with my friends and family now. If you have some solid arguments for the change regular ol' folks can understand please share them with me because as we all know "privacy" just isn't enough.
Next phase is the big one...Google or basically G-mail.
1. Is there any way to get an complete overview of where you've used your e-mail for a service online?
2. What e-mail would you recommend?
2a. I'm OK with paying a bit for overall quality, security and equally important UX!
2b. I don't use any other relevant Google products like Drive etc. It's just regular e-mail and sign in credentials for other services I basically need3. I use a Mac, iPhone and iCloud. Is iCloud a problem? IF this needs to change it HAS to be an "easy" switch and not like setting up a server for myself. Because it won't happen and I'm not skilled enough.
I would very much appreciate your input :)
EDIT: Thank you all for your thorough comments!
22 votes -
Reddit's 2019 Transparency Report
15 votes -
Five things QA testers wish programmers understood
6 votes -
The IOTA cryptocurrency network has been completely shut down for over 5 days while an exploit in the official wallet is investigated
7 votes -
All processing bends towards AI
4 votes -
To rein in traffic-snarling new mobility modes, LA needed digital savvy. Then came a privacy uproar, a murky cast of consultants, and a legal crusade by Uber.
3 votes -
New ThinkPads with Ryzen 4000 announced
13 votes -
In smart apartments, is tenants’ privacy for rent?
13 votes -
EU Commission to staff: Switch to Signal messaging app
14 votes -
Removing a GPS tracking device from your car isn’t theft, Indiana Supreme Court rules
13 votes -
Exploring Transfer Learning with T5: the Text-To-Text Transfer Transformer
8 votes -
Policy vs technology
15 votes -
The laptop market is in an atrocious state
27 votes -
US FCC forced by court to ask the public (again) if they think tearing up net neutrality was a really good idea or not
26 votes -
Twitter is suspending 70 pro-Bloomberg accounts, citing ‘platform manipulation’
19 votes -
Why Amazon knows so much about you
18 votes -
Prompted by Brexit, Google will move UK users' data out of Irish jurisdiction so they are no longer covered by EU privacy rules
21 votes -
I spoke out against sexual harassment at Uber. The aftermath was more terrifying than anything I faced before
16 votes -
EFF calls for disclosure of secret financing details behind $1.1 billion .ORG sale including $360 million loan, and asks FTC to scrutinize deal
20 votes -
Gopher: When adversarial interoperability burrowed under the gatekeepers' fortresses
8 votes -
Lambda School's misleading promises
8 votes -
An app can be a home-cooked meal
12 votes -
I got a Ring doorbell camera. It scared the hell out of me.
11 votes -
The Great Google Revolt: Some of its employees tried to stop their company from doing work they saw as unethical. It blew up in their faces.
18 votes -
The story of how Saudia Arabia influenced two well-liked Twitter employees to access thousands of users' private information and pass it to the Saudi Royal Family
10 votes