UB Touch and privacy/security

Pulsar33 · 2 May 2019, 06:02

Hello,
Facebook ... or simply the web browser ...
Not a full answer but a first tip : you can be root with UBports
As root, you can modifiy the hosts file using this "must have" solution :
http://winhelp2002.mvps.org/hosts.htm
Best regards
Pulsar33

MK73 · 2 May 2019, 08:46

Hi, there are several points you should realize:

Ubuntu Touch OS is build with the VISION to help you get back control about your digital life rights. There are two blobs that make this difficult to reach:

proprietary hardware
proprietary software

The problem of proprietary software especially with facebook business model is they track you using browser and even more using their native apps. The only way how to avoid today any tracking would be not to use internet at all, but there is still one issue, the rest of the society and your loved ones do so.

The second option is to leave minimum surfing trace. Using the right hardware and software and especially conduct precautions! as described in blogs.

Using the HTML, or standard web app in Ubuntu Touch you leave less trace, they cannot see what else you are doing, looking at, talking to, ... etc. These apps are under confinement environment. This means they do not have out-access of the confinement and if so, than only to confinement content hub, when you temporarily allow it: to upload some file, image. Once done, the access is closed again, and the cache deleted. As you see, this is a completely different approach compared to the android model.

Once logged in social service, like the one you ask about, they still can see what you think, write, who are your friends, where you work, live, what would you like to buy, who do you love and who not, what do you read, ... all that because you are using their service and sharing, talking about it there. But with UT they do not see where you are, cannot extract anything from your device, unless you explicitly allow it, like the GPS, ... but even there still the confinement model is active.

Also before anything, check, verify the downloaded app is confined and also what are app permissions granted by the app developer. Sometimes it is better to use the browser directly instead.

In that case have generally always also activated the adblocks, do not tracking protocols whenever you are using any browser, and also have firewall activated, do not accept GPS access using social services ...

In the end the best would be to stop using such services as they can really compromise you and ugly impact your and your loved ones entire future life: perhaps having problems at your job because of any of your even of fun made society views and comments.

Best regards. milkor73

domubpkm · 2 May 2019, 10:07

Currently, two very useful tools so as to improve security on UT phone :

uAbblock (i expect it will become better and better )
vpn editor

and to navigate in private mode (not cookies for browser).

malditobastardo · 2 May 2019, 10:08

@MK73 This should be sticky

trainailleur · 5 Feb 2019, 14:20

Generally I'm inclined against using do-not-track in browsers. It is widely disregarded so has limited effect, yet being also used by relatively few people, it makes them easier to fingerprint.

On Ubuntu Touch, however, we have to accept that we are highly fingerprintable simply because of the platform that we use. Therefore there might be little harm in enabling do-not-track.

That said, I've never found a do-not-track setting in UT. Does one exist?

Another consideration is physical security. With an unlocked bootloader and no local data encryption*, in this area the platform currently lags far behind Android and Ios, as anyone with physical possession of the phone can extract user data simply by flashing an Android recovery like TWRP, regardless of any screen lock PIN or password the user might have set.

(* There is a terminal workaround discussed elsewhere on this forum that allows encrypting /home/phablet, but it's not for the faint of heart, is liable to break with large updates, and is not supported by the UBPorts developers.)

Lakotaubp · 5 Feb 2019, 14:39

You may also find these three Why Ubuntu Touch Matters blogs of interest on general ways to keep things safe online.

https://ubports.com/blog/ubports-blog-1/post/why-i-am-fan-of-ubuntu-touch-os-201

https://ubports.com/blog/ubports-blog-1/post/internet-and-some-precautions-we-can-take-205

https://ubports.com/blog/ubports-blog-1/post/ubuntu-touch-safety-architecture-208

dobey · 3 May 2019, 00:54

@trainailleur Even with encryption, there's no real protection, as we cannot re-lock the bootloader. It is unfortunate, but it is what it is.

As for the encrypting of home directory data only with ecryptfs, it should be noted that ecryptfs is deprecated, and no longer used in upstream Ubuntu either.

trainailleur · 5 Dec 2019, 16:06

@dobey said in UB Touch and privacy/security:

@trainailleur Even with encryption, there's no real protection, as we cannot re-lock the bootloader. It is unfortunate, but it is what it is.

Someone with physical access who flashed a recovery could indeed copy an encrypted file or partition. At that point they still have to crack the encryption though. I would agree that's not absolute protection, but very little is (even a hardware keystore on a phone not captured live for a cold boot attack is likely vulnerable to an electron microscopy attack). How many people are going to be up to cracking luks encryptiion compared to simply flashing recovery and seeing what data can be copied from an unencrypted device?

Basically I don't want to lose sleep over a B-grade criminal pawing through my private data on a lost or stolen device. If a state intelligence agency wants what's on my phone, I have to assume they have it already.

And if the phone is turned on but locked and developer options aren't turned on, is the phone any more vulnerable than any other turned on, locked smartphone?

As for the encrypting of home directory data only with ecryptfs, it should be noted that ecryptfs is deprecated, and no longer used in upstream Ubuntu either.

Those whom I know are doing it are encrypting a file with luks, then mounting the mapper device of the unlocked file on top of /home/phablet. Not perfect, but better than nothing, and luks/cryptsetup doesn't appear to be going anywhere. If it did, I seem to recall from many years ago that it's not too hard to compile.

Long-belated edit correcting description of the mount (I had described it initially in the wrong direction).

dln949 · 12 May 2019, 07:10

@MK73 So, for example, can I safely assume that none of the apps or webapps on an Ubuntu Touch device can use the camera and/or microphone to "spy" on me or record activity without my knowledge (as can and has happened on android devices)?

hummlbach · 5 Dec 2019, 16:08

@dln949 you can pretty safely assume that UT apps don't spy on you while they are not focused/actively in use by you as long as they are confined, as they get suspended (given you haven't deactivated it for the app) as soon as you have another app in the foreground or you turn off the screen. When it comes to unconfined apps: they all have to be opensource (their source code has to be publicly available) and have been reviewed if they are in openstore, so everyone can check what the app does in the background (if at all). The apps could still spy on you while in foreground/in use (if they announced to use camera/mic). But also most most of the (native) apps in the openstore are opensource anyway. So you can never be 100% sure, but its very very unlikely.