Skip to content
This repository has been archived by the owner on Sep 6, 2019. It is now read-only.

Add timezone and google play market zone spoofing feature #1524

Closed
baybal opened this issue Mar 8, 2014 · 25 comments
Closed

Add timezone and google play market zone spoofing feature #1524

baybal opened this issue Mar 8, 2014 · 25 comments

Comments

@baybal
Copy link

baybal commented Mar 8, 2014

Weixin 5.2 checks for timezone and GP market zone to confirm location. It is currently impossible to spoof/block them with XPrivacy,

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

@M66B M66B closed this as completed Mar 8, 2014
@M66B M66B added the invalid label Mar 8, 2014
@Cerberus-tm
Copy link

I'm sorry to butt in here, but Baybal says "Weixin 5.2 checks for timezone and GP market zone to confirm location." That means these features are necessary for him to spoof his location. Spoofing location is certainly related to privacy. If you have other reasons not to implement this, like too complicated with too little benefit, then I'm sure he'd prefer to hear that.

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

A time zone is quite large and therefore not a location.

@Cerberus-tm
Copy link

I suppose he could spoof his location as long as he stays within the same time zone and country?

It can still be used to fingerprint people. Then again, so can any bit of information about you or your phone. How do you feel about Xprivacy and fingerprinting in general? Should it help to prevent that, or is it a lost cause? From the ability to spoof user agents, I figured it was a concern and worth the trouble.

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

Wherever possible and feasible I will add restrictions to prevent fingerprinting, but it is difficult to prevent. For example the browser can be fingerprinted easily and there is little that can be done to prevent that, since most of the information used for fingerprinting has no public API. So, this is a partially lost cause.

Each added hook will result in worse performance. In other words it is not a good idea to hook each and every function. The general rule is that things which are personally identifiable will be restricted.

Sometimes I think there should be a new mobile OS developed from the ground up, with not only security, but also privacy in mind.

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

For reference, this issue is a near duplicate of #1362

@an0n981
Copy link
Contributor

an0n981 commented Mar 8, 2014

I you build it I will buy it

Regards,

an0n981

-------- Original Message --------
From: Marcel Bokhorst [email protected]
Sent: March 8, 2014 2:45:48 PM CET
To: M66B/XPrivacy [email protected]
Subject: Re: [XPrivacy] Add timezone and google play market zone spoofing feature (#1524)

Wherever possible and feasible I will add restrictions to prevent fingerprinting, but it is difficult to prevent. For example the browser can be fingerprinted easily and there is little that can be done to prevent that, since most of the information used for fingerprinting has no public API. So, this is a partially lost cause.

Each added hook will result in worse performance. In other words it is not a good idea to hook each and every function. The general rule is that things which are personally identifiable will be restricted.

Sometimes I think there should be a new mobile OS developed from the ground up, with not only security, but also privacy in mind.


Reply to this email directly or view it on GitHub:
#1524 (comment)

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

Lets make it 'If I make it, you will test it', okay?
Nevertheless donations are always welcome and not near any compensation for the time I have spent on this project. For reference: http://www.ohloh.net/p/xprivacy/estimated_cost

I am currently looking into this and thinking about this, but no promises.

@M66B M66B reopened this Mar 8, 2014
@M66B
Copy link
Owner

M66B commented Mar 8, 2014

@Cerberus-tm
Copy link

Right, those are all good arguments.

I'd love to see a fork of Android designed more around privacy, if such a thing is at all possible with Android. I hate to admit that I couldn't do without Android applications, though...

@M66B M66B closed this as completed in 6d9cfb6 Mar 8, 2014
@M66B
Copy link
Owner

M66B commented Mar 8, 2014

Test version: http://d-h.st/TXA

  • The restriction is in the system category
  • The restricted time zone is UTC
  • Don't ask me to add a setting for this

@Cerberus-tm
Copy link

Wow, you did it!! Amazingly fast.

P.S. Can we have a setting to change UTC to the pre-1800 time zone used in Tietjerksteradeel? I think it was exactly 27 minuted ahead of Amsterdam Time. Ktxbai.

@an0n981
Copy link
Contributor

an0n981 commented Mar 8, 2014

Confirmed working, one small suggestion, add an exception for UID 1000, I can foresee this causing a lot of complaints

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

Thanks for testing.

This is IMHO protected enough by the setting 'restrict system components'.

@an0n981
Copy link
Contributor

an0n981 commented Mar 8, 2014

Does the server automatically accept new restrictions are you really that fast?

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

Both ;-)

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

To be honest, I faked my time size to appear so fast ;-)

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

https://github.com/blog/1793-timezone-aware-contribution-graphs

BTW, this new GitHub feature is not good for privacy ...

@an0n981
Copy link
Contributor

an0n981 commented Mar 8, 2014

Now I will have an extra hour to keep a streak alive. Very nice

@an0n981
Copy link
Contributor

an0n981 commented Mar 8, 2014

Although IMHO this seems more like a way to cheat to the system then a privacy enhancement

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

That is one of the reasons there will be no setting.

@M66B
Copy link
Owner

M66B commented Mar 8, 2014

Nevertheless, the timezone reveals more or less where you are and can be used for fingerprinting. But the way it is now implemented is acceptable to me, unlike #1362

Phylon pushed a commit to Phylon/XPrivacy that referenced this issue Mar 10, 2014
@M66B
Copy link
Owner

M66B commented Mar 11, 2014

This change has been reverted, because it caused boot problems for some.

@vavavr00m
Copy link

My speculation is that some system apps that "require" Timezone access were restricted by those users. But hey, I'm not a dev. So I won't know for sure. I am the boot loop queen and didn't encounter any problem with the 2.0 update on stock SM-N9005. Talk about being lucky >:) Tell me, wouldn't spoofing latitude, longitude, and country be unuseful because my network-provided timezone reveals which specific country I am in? If Timezone is a privacy concern, maybe experimental builds to circumvent the boot issue (if there are other ways to implement it) should be provided, (while checking their current system app restrictions and if they accidentally Greenified anything [that was the answer to my previous Xprivacy problem and the first ever boot loop hell I experienced concerning Google Services and Framework]) to those users willing to risk their phone for another possible boot issue. If it is not, forget what I said ;-)

@M66B
Copy link
Owner

M66B commented Mar 11, 2014

This anyway doubtful feature won't come back, else I had chosen another approach.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

5 participants