• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
UBports Robot Logo UBports Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Security on UT

Scheduled Pinned Locked Moved General
35 Posts 9 Posters 6.1k Views 4 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? Offline
      A Former User
      last edited by 19 Jun 2020, 05:53

      Hi!
      Does anyone knows how UT looks from the security point of view?
      Thanks!

      K 1 Reply Last reply 19 Jun 2020, 06:08 Reply Quote 0
      • K Offline
        Keneda @Guest
        last edited by 19 Jun 2020, 06:08

        @C0n57an71n
        What kind of security do you talk about?
        Network?
        Store?
        File system?
        Device Lock?
        Device encryption?

        2015-2023 : Meizu MX4 ☠️⚰️✝️
        2023-2024 : Nexus 5 ☠️⚰️✝️
        2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
        🇲🇫🇬🇧

        ? 1 Reply Last reply 19 Jun 2020, 06:28 Reply Quote 0
        • ? Offline
          A Former User @Keneda
          last edited by 19 Jun 2020, 06:28

          @Keneda I've did some search and all in all seems like the UT kick asses from the security point of view. Some old articles where mentioning hacked wifi routers and home directory full encryption. How does it look today? But please, use human terms if explaining. I'm not an expert 🙂

          1 Reply Last reply Reply Quote 0
          • K Offline
            kugiigi
            last edited by 19 Jun 2020, 06:34

            I'm not an expert with this as well but I think in terms of sandboxing apps and internal security is pretty good. However, there's no support yet for encryption and such so your device is vulnerable when someone else gets a hold of it.

            ? 1 Reply Last reply 19 Jun 2020, 06:38 Reply Quote 0
            • ? Offline
              A Former User @kugiigi
              last edited by A Former User 19 Jun 2020, 06:38

              @kugiigi That applies everywhere: don't let your stuff be accessed by people you don't trust :))
              And now came to mind another question: why UB ports trust Telegram?

              T 1 Reply Last reply 19 Jun 2020, 19:59 Reply Quote 0
              • A Offline
                arubislander
                last edited by 19 Jun 2020, 07:40

                I don't think there is anymore 'trust' put in Telegram anymore than there is a general 'trust' in the internet at large. Teleports, (the Ubuntu Touch Telegram app) is developed using the official Telegram API implementation library if I am not mistaken. But that does not imply any more 'trust' in the project, or the protocol than would otherwise be the case.

                Or are you referring to something else?

                🇦🇼 🇳🇱 🇺🇸 🇪🇸
                Happily running Ubuntu Touch
                Google Pixel 3a (20.04 DEV)
                JingPad (24.04 preview)
                Meizu Pro 5 (16.04 DEV)

                ? 1 Reply Last reply 19 Jun 2020, 07:45 Reply Quote 0
                • ? Offline
                  A Former User @arubislander
                  last edited by 19 Jun 2020, 07:45

                  @arubislander I was talking about the Telegram servers and how you don't know what happens with your conversations once they reach their servers. As far as I know, Signal (Axolotl) is much trustworthy and I think deserves more attention and work. Invest energy in Teleports might be a dead end since the servers might be compromised.

                  A 1 Reply Last reply 19 Jun 2020, 08:10 Reply Quote 2
                  • A Offline
                    arubislander @Guest
                    last edited by arubislander 19 Jun 2020, 08:10

                    @C0n57an71n Different tools for different purposes. Communication on Telegram should be considered the same as talking to people in a public space. What is shared is not confidential, so it doesn't need to be secure. It should be viewed the same as our communication on this forum.

                    If what is communicated vitally needs to be reliably and verifiably secure, then yes, Telegram might not be the best platform.

                    But then again, what platform really is, unless you are hosting the servers yourself. And even then you need to know what you are doing.

                    The peer-to-peer protocols are better, as there is no server to cache your messages, but even so, the sender or recipient could be compromised without their knowledge ...

                    🇦🇼 🇳🇱 🇺🇸 🇪🇸
                    Happily running Ubuntu Touch
                    Google Pixel 3a (20.04 DEV)
                    JingPad (24.04 preview)
                    Meizu Pro 5 (16.04 DEV)

                    1 Reply Last reply Reply Quote 0
                    • K Offline
                      Keneda
                      last edited by Keneda 19 Jun 2020, 12:27

                      "Trust no one, do nothing"!

                      How can we know ubports devs are trustworthy people, all of them?
                      Maybe one of them just put backdoors everywhere!

                      OPEN SOURCE, is the only answer, and that people of open source community who can read the code are globaly good, not evil.
                      It's because of that i can trust the whole open sourced projects.

                      If telegram is open sourced, then "everybody" can see how its protocol is secured, or not.

                      2015-2023 : Meizu MX4 ☠️⚰️✝️
                      2023-2024 : Nexus 5 ☠️⚰️✝️
                      2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
                      🇲🇫🇬🇧

                      ? 1 Reply Last reply 19 Jun 2020, 12:32 Reply Quote 0
                      • ? Offline
                        A Former User @Keneda
                        last edited by 19 Jun 2020, 12:32

                        @Keneda yes, telegram is open source, but not what whappens in the servers. That is why Axolotl should be pushed forrward. It's better to improve your security than work against it. And about that: is this the reason why now all webapps and links opens in Onion by default?

                        K A M 3 Replies Last reply 19 Jun 2020, 12:39 Reply Quote 2
                        • K Offline
                          Keneda @Guest
                          last edited by Keneda 19 Jun 2020, 12:39

                          @C0n57an71n said in Security on UT:

                          is this the reason why now all webapps and links opens in Onion by default?

                          No, this is an issue, last installed webbrowser becomes the default one.
                          https://forums.ubports.com/topic/3997/links-from-webapps-are-opening-in-onion-browser-default-instead-of-morph/12?_=1592570382834

                          2015-2023 : Meizu MX4 ☠️⚰️✝️
                          2023-2024 : Nexus 5 ☠️⚰️✝️
                          2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
                          🇲🇫🇬🇧

                          ? 1 Reply Last reply 19 Jun 2020, 12:40 Reply Quote 0
                          • ? Offline
                            A Former User @Keneda
                            last edited by 19 Jun 2020, 12:40

                            @Keneda So uninstalling both and reinstalling them backwards will solve it?

                            1 Reply Last reply Reply Quote 0
                            • A Offline
                              arubislander
                              last edited by 19 Jun 2020, 12:42

                              I don't think you can uninstall Morph browser. It comes bundled as a .deb in the root filesystem.

                              🇦🇼 🇳🇱 🇺🇸 🇪🇸
                              Happily running Ubuntu Touch
                              Google Pixel 3a (20.04 DEV)
                              JingPad (24.04 preview)
                              Meizu Pro 5 (16.04 DEV)

                              ? K 2 Replies Last reply 19 Jun 2020, 12:42 Reply Quote 0
                              • ? Offline
                                A Former User @arubislander
                                last edited by 19 Jun 2020, 12:42

                                @arubislander I was thinking the same...

                                1 Reply Last reply Reply Quote 0
                                • K Offline
                                  Keneda @arubislander
                                  last edited by 19 Jun 2020, 12:47

                                  @arubislander said in Security on UT:

                                  I don't think you can uninstall Morph browser. It comes bundled as a .deb in the root filesystem.

                                  Ohhhhh, with a little R/W on the rootfs using UT³ and a little of command line magic, you'd probably can uninstall it, but i don't think that would be a good idea :beaming_face_with_smiling_eyes:

                                  2015-2023 : Meizu MX4 ☠️⚰️✝️
                                  2023-2024 : Nexus 5 ☠️⚰️✝️
                                  2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
                                  🇲🇫🇬🇧

                                  1 Reply Last reply Reply Quote 1
                                  • A Offline
                                    AppLee @Guest
                                    last edited by 19 Jun 2020, 14:15

                                    @C0n57an71n
                                    To answer the why push Telegram instead of Signal ?

                                    There is not really a push. The choice of Telegram was made because people used this platform and it was possible to port it to UT.
                                    That was a choice by opportunity.
                                    Signal is also ported to UT but has less users. The more users, the more interest and the more developers you get...

                                    ? D 2 Replies Last reply 19 Jun 2020, 15:13 Reply Quote 0
                                    • ? Offline
                                      A Former User @AppLee
                                      last edited by 19 Jun 2020, 15:13

                                      @AppLee Always the chicken and egg problem, ain't so?!...

                                      1 Reply Last reply Reply Quote 0
                                      • M Offline
                                        Moem @Guest
                                        last edited by 19 Jun 2020, 15:30

                                        @C0n57an71n said in Security on UT:

                                        @Keneda yes, telegram is open source, but not what whappens in the servers. That is why Axolotl should be pushed forrward.

                                        The two aren't interchangeable. It also depends on whether any of your contacts use it. I happen to use both, for that reason.
                                        I'm eagerly awaiting the further development of Axolotl, but it will not replace Tg for me.

                                        Is currently using an Op5t
                                        Also owns an Op1, a BQ E4.5 and an Xperia X, as well as a BQ tablet and a Pinetab2. Please, someone... make it stop.

                                        1 Reply Last reply Reply Quote 0
                                        • D Offline
                                          dobey @AppLee
                                          last edited by 19 Jun 2020, 15:36

                                          @AppLee Also, with respect to this, people were already using Telegram for group chats (which I think Signal didn't support yet back then), and Matrix was nowhere near usable in ~2015 either.

                                          Telegram and Canonical also had some agreement back in the day, which led to the creation of the old Telegram app on UT.

                                          So less of a push and more of just the way things were at the time, and now we have those.

                                          1 Reply Last reply Reply Quote 0
                                          • T Offline
                                            trainailleur @Guest
                                            last edited by 19 Jun 2020, 19:59

                                            @C0n57an71n said in Security on UT:

                                            @kugiigi said in Security on UT:

                                            However, there's no support yet for encryption and such so your device is vulnerable when someone else gets a hold of it.

                                            @kugiigi That applies everywhere: don't let your stuff be accessed by people you don't trust :))

                                            Even people who are careful not to lose or misplace things cannot guarantee that their phone won't be stolen.

                                            If a modern Iphone or Android is lost or stolen, no one is getting your data off it without a great deal of time, expense, and trouble.

                                            Ubuntu Touch has unencrypted data and adb always on in recovery, so anyone who knows the adb command is going to extract your data quite easily.

                                            Ubuntu Touch is a promising OS and is taking huge strides thanks to the devotion a great group of developers, but I feel that celebrating it for what it is not yet (secure, or any more private than a de-Googled Android phone with carefully selected apps) detracts from celebrating what it is.

                                            D ? 2 Replies Last reply 19 Jun 2020, 21:55 Reply Quote 3
                                            10 out of 35
                                            • First post
                                              10/35
                                              Last post