-
Notifications
You must be signed in to change notification settings - Fork 527
Add timezone and google play market zone spoofing feature #1524
Comments
I'm sorry to butt in here, but Baybal says "Weixin 5.2 checks for timezone and GP market zone to confirm location." That means these features are necessary for him to spoof his location. Spoofing location is certainly related to privacy. If you have other reasons not to implement this, like too complicated with too little benefit, then I'm sure he'd prefer to hear that. |
A time zone is quite large and therefore not a location. |
I suppose he could spoof his location as long as he stays within the same time zone and country? It can still be used to fingerprint people. Then again, so can any bit of information about you or your phone. How do you feel about Xprivacy and fingerprinting in general? Should it help to prevent that, or is it a lost cause? From the ability to spoof user agents, I figured it was a concern and worth the trouble. |
Wherever possible and feasible I will add restrictions to prevent fingerprinting, but it is difficult to prevent. For example the browser can be fingerprinted easily and there is little that can be done to prevent that, since most of the information used for fingerprinting has no public API. So, this is a partially lost cause. Each added hook will result in worse performance. In other words it is not a good idea to hook each and every function. The general rule is that things which are personally identifiable will be restricted. Sometimes I think there should be a new mobile OS developed from the ground up, with not only security, but also privacy in mind. |
For reference, this issue is a near duplicate of #1362 |
I you build it I will buy itRegards, an0n981 -------- Original Message -------- Wherever possible and feasible I will add restrictions to prevent fingerprinting, but it is difficult to prevent. For example the browser can be fingerprinted easily and there is little that can be done to prevent that, since most of the information used for fingerprinting has no public API. So, this is a partially lost cause. Each added hook will result in worse performance. In other words it is not a good idea to hook each and every function. The general rule is that things which are personally identifiable will be restricted. Sometimes I think there should be a new mobile OS developed from the ground up, with not only security, but also privacy in mind. Reply to this email directly or view it on GitHub: |
Lets make it 'If I make it, you will test it', okay? I am currently looking into this and thinking about this, but no promises. |
Right, those are all good arguments. I'd love to see a fork of Android designed more around privacy, if such a thing is at all possible with Android. I hate to admit that I couldn't do without Android applications, though... |
Test version: http://d-h.st/TXA
|
Wow, you did it!! Amazingly fast. P.S. Can we have a setting to change UTC to the pre-1800 time zone used in Tietjerksteradeel? I think it was exactly 27 minuted ahead of Amsterdam Time. Ktxbai. |
Confirmed working, one small suggestion, add an exception for UID 1000, I can foresee this causing a lot of complaints |
Thanks for testing. This is IMHO protected enough by the setting 'restrict system components'. |
Does the server automatically accept new restrictions are you really that fast? |
Both ;-) |
To be honest, I faked my time size to appear so fast ;-) |
https://github.com/blog/1793-timezone-aware-contribution-graphs BTW, this new GitHub feature is not good for privacy ... |
Now I will have an extra hour to keep a streak alive. Very nice |
Although IMHO this seems more like a way to cheat to the system then a privacy enhancement |
That is one of the reasons there will be no setting. |
Nevertheless, the timezone reveals more or less where you are and can be used for fingerprinting. But the way it is now implemented is acceptable to me, unlike #1362 |
This change has been reverted, because it caused boot problems for some. |
My speculation is that some system apps that "require" Timezone access were restricted by those users. But hey, I'm not a dev. So I won't know for sure. I am the boot loop queen and didn't encounter any problem with the 2.0 update on stock SM-N9005. Talk about being lucky >:) Tell me, wouldn't spoofing latitude, longitude, and country be unuseful because my network-provided timezone reveals which specific country I am in? If Timezone is a privacy concern, maybe experimental builds to circumvent the boot issue (if there are other ways to implement it) should be provided, (while checking their current system app restrictions and if they accidentally Greenified anything [that was the answer to my previous Xprivacy problem and the first ever boot loop hell I experienced concerning Google Services and Framework]) to those users willing to risk their phone for another possible boot issue. If it is not, forget what I said ;-) |
This anyway doubtful feature won't come back, else I had chosen another approach. |
Weixin 5.2 checks for timezone and GP market zone to confirm location. It is currently impossible to spoof/block them with XPrivacy,
The text was updated successfully, but these errors were encountered: