-
Notifications
You must be signed in to change notification settings - Fork 527
Ability to fake time #1362
Comments
I don't see what this would add to all other restrictions. It should suffice to restrict personally identifiable information, do you think otherwise, and so yes, why? |
What if you want to use an app where you are identifiable, because for instance you are using a license or an account that is related to your name? |
Ive thought about this, and i know it might sound out there, but wouldnt knowing a devices timeZONE be a form of knowing ones location albeit very roughly, but still, its a potential location leak no? I dont know how dependant all apps are on having the "time", maybe many dont need nor call, but it would be nice to have this angle covered none the less well thats just my thoughts on the matter |
I think Hawaii Kasper has a good point: if you need for an application to know your identity, and the application doesn't have to connect to the Internet all the time, the time data could give it lots of behavioural information. Perhaps this should not be top priority, but it would be useful for our privacy if we could some day spoof time. |
There are different sorts of time On the other hand being able to set a time zone and have the other time functions adjust time accordingly would be much more doable. |
Maybe all we need to do is to call TimeZone.setTimeZone( defaced timezone ) early in the apps startup On the other hand, this is something that will have a direct effect on the users experience. Much less than changing the locale and thus the translation used in apps. XPrivacy currently doesn't have any notion of optional restrictions - for things like the locale or the timezone that vaguely help identify the user, but that most people will prefer not to use because of the effect on the user experience. So I vote against. |
@jpeg729 So what potentially negative effects do you foresee for spoofing time? If an application thinks it's 13.34 instead of 6.02, what would happen? |
It is the user experience I'm worried about, because restriction will be enabled by default, users would have to turn it off for apps that display time annoyingly incorrectly. Of which to be honest there aren't that many. I'll change my vote. |
How about this option will be first marked red (is dangerous, restricting may cause problems)? So it won't be enabled by default. On February 17, 2014 4:39:15 AM CET, jpeg729 [email protected] wrote:
|
Adding this feature is simple, but the problem I have with this feature, is that it can be misused and that privacy is just served a little. |
i know what you mean, but if everyone starts taking that stance, an understandable stance, then inevitably, folks will figure out that is is a consistant way to, for whatever reason, find a rough estimation of location This probably is a bigger debate, but personally, i dont relish the idea that users might not get certain restrictions that would protect their privacy, because of those that might misuse it..... |
The reasoning is not that I don't want to add it just because it can be used in a malicious way, but that the minimal added privacy does not outweights that problem. |
If an app doesn't use internet, the importance of restricting is mitigated, The only way to get round that is to use a vpn and I doubt many users will |
@jpeg729 I thought the way Google knew your location based on Wifi was because they have a database connecting each Wifi access point with GPS data directly (collected automatically all the time on millions of devices and possibly Street View cars in order to populate the database), not because they link you to your IP address? Mozilla's new alternative location service will work the same way; you can help them collect data by downloading Moz Stumbler on your phone and setting it to "scan" once in a while. "If an app doesn't use internet, the importance of restricting is mitigated," @M66B Our of curiosity, how could spoofing the time be "misused"? |
That is the usual way, but not the only way. See this page |
@jpeg729 I know this is possible, but I did not think Google was using this method in Android. The reason I assumed to be threefold:
Either way, I don't think spoofing time should be high priority: I'm just defending the merits of the idea in general. |
As far as I know google don't, but an app that connects to a dedicated server could easily do that. |
I am not convinced that the advantages outweighs the disadvantages, so I am closing this request. |
I agree that this would be of lesser usefulness. And I can understand if this is not worth the effort. But, by "disadvantages", do you mean the effort it would take to create this category, or something else? |
I think time is a privacy critical information as well, because some apps use it for collecting behavioral statistics.
The module "PerAppHacking" (https://github.com/t2k269/PerAppHacking) already makes use of this feature, there it's called TimeMachine.
It would be great to be able to set a static time, randomize on boot and randomize on access.
More info:
https://github.com/t2k269/PerAppHacking/blob/master/src/org/t2k269/perapphacking/HackService.java
The text was updated successfully, but these errors were encountered: