Daniel

haveaniceday

@domubpkm VPN is already integrated on a system-level in Ubuntu Touch. Unfortunately, tracking is not solely about cookies.

Cookies are the simplest way of tracking, but not the only one. Cookies behave like a name badge, which you can choose to wear or remove any time. Fingerprinting based on characteristics like canvas hashes or installed fonts are inherent to the environment of the browser and cannot be changed as easily. This is analogue to your physical appearance.
A person who has seen you before can recognize you again even if you have removed your name badge.

The group of people using UT is quite small already. User Agent combined with geo ip and screen resolution is probably already enough to distinguish you from every one else on earth.
In contrast, Apple hardware is very uniform: same hardware, same OS, few configuration options, only one browser engine.
The more diverse your browser is, the easier it is to track.

There are two countermeasures:

Camouflage the browser to be part of the largest, indistinguishable group of features. E.g. Behave like a desktop chromium. This rather difficult and a sufficiently motivated fingerprinter will probably circumvent this.
Detecting and blocking known fingerprinting mechanisms. E.g. @mariogrip uAdBlock can block domains which are known to collect such data. It would be lovely if we had domain-wise JavaScript whitelisting (like NoScript) available on Morph.

haveaniceday

Regarding speed
Some time ago I tested this on a BQ Aquaris 4.5 (krillin) and got the following results:
simple write 10 Mb/s, ecryptfs 7.5 Mb/s, luks 6.3 Mb/s
IIRC it was with 500mb of random data in /home/phablet. The BQ 4.5 does not have hardware AES acceleration, which means slow and energy-consuming encryption.
Note: you can check if your device has hw aes with grep aes /proc/cpuinfo - it should be listed under 'Features'.

Regarding Usability / Stability
For some month I used the folders ~/Pictures, ~/Videos, ~/Downloads and ~/Documents with ecryptfs. Let it put me this way: my phone didn't crash more than it did before. It wasn't really stable before ubports' OTA-1. But taking photos, downloading files etc. all worked out fine. Really annoying was that after each crash, I needed to enter the passphrase again.
I did not observed change in energy consumption in standby, probably because then there is not much file access.

Future
A good option would be showing a dialog at boot time that asks for entering the passphrase. Like the first-time installer that asks you for the timezone etc.
Going forward it would be reasonable to look into what TPM capabilities our supported phones have. A good direction would be composite keys between securely stored secrets in the phone and the user's notoriously low-entropy passphrase.

I'd like to continue testing. My new M10 FHD seems to have aes cpu instructions, we'll see how that goes.

haveaniceday

There is a new phone upcoming: the F(x)tec Pro 1
https://www.fxtec.com/pro1/
Shipping is said to start in october.

It has a physical Keyboard, unlocked bootloader, modern hardware and ships with Android 9, Lineage OS as well as Sailfish.
The physical keyboard would be extremely convenient when working with the terminal app and for libertine X11 apps.

Question: Does Sailfish ease the porting process for devices? E.g. with regards to drivers, HAL etc?

The Specs:

DESIGN
Dimensions: 154 x 73.6 x 13.98 mm

DISPLAY
5.99-inch 2160 x 1080 (FHD+) AMOLED with curved edges
Corning Gorilla Glass 3

KEYBOARD
Physical Keyboard layout: 5-row, 64-key, staggered, backlit, landscape QWERTY keyboard
Keyboard mechanism: sliding (angled)

MEMORY
RAM: 6GB LPDDR4
Storage: 128GB, expandable via microSD card up to 2TB

CAMERA
Front Camera: 8MP, fixed focus, f/2.0
Rear Cameras: 12MP (Sony IMX363), f/1.8, 1.4µm pixels + 5MP, fixed focus, f/2.0

VIDEO
Video: capture up to 4K @ 30fps, playback up to [email protected] (supports H264 (AVC), H265 (HEVC),VP9)

PROCESSOR
Qualcomm Snapdragon 835 MSM8998

NETWORK
Global LTE (FDD+TDD), WCDMA/UMTS, CDMA/EVDO, GSM/EDGE
Cellular Bands;
GSM: 2, 3, 5, 8
WCDMA: 1, 2, 4, 5, 8
CDMA/EVDO: BC0, BC1
TD-SCDMA: 34/39
TDD-LTE: 38/39/40/41(100mhz)
FDD-LTE: 1, 2/25, 3, 4, 5/26, 7, 8, 12/17, 13, 20, 28

CONNECTIVITY
WiFi: 802.11a/b/g/n/ac (WiFi 5)
Bluetooth: 5.0 + LE
NFC (supports Google Pay)
USB Type-C with HDMI support

BATTERY
3200 mAh
Talk time 10hrs
Standby time 480hrs
Quick Charge 3.0

SIM
Dual Nano SIM with microSD support (shared with SIM #2),
no SIM tool needed

CUSTOM APPLICATIONS
Landscape-optimized apps: launcher, calendar, email

SOUND
Speakers: dual, stereo
Audio connectivity: 3.5mm TRRS headphone Jack
FM Radio

NOTIFICATION
Flash: dual colour, dual LED
Notification light: Yes (RGB LED)

SENSORS
Fingerprint reader: Yes (side mounted)
GPS/A-GPS, Accelerometer, Magnetometer, Gyroscope, Proximity, Ambient Light, Hall effect

BUTTONS
Power/lock key, Volume rocker, 2-stage camera shutter key

OS
Android 9.0 Pie
Bootloader unlockable, supports other popular OS’s (Lineage, Sailfish etc)

haveaniceday

Currently, the morph browser is very prone to tracking.
For example, check out the tracking test of the Electronic Frontier Foundation. It will tell you in detail, how unique your browser installation is, and why. You can run it in Morph private mode - doesn't really help.
https://panopticlick.eff.org/

How could be combat this? Should we?

haveaniceday

Hello,

there are good news and new challenges.
My Aquaris M10 FHD now automatically mounts a LUKS volume at /home/phablet when booting, without the use of custom scripts.

I achieved this by creating the LUKS volume (based on your previous posts) in a ~3GB file /userdata/luksHome.img, then adding a file with random bytes /userdata/luksHome.key as cryptographic key.

An entry in /etc/crypttab uses this key to decrypt the volume, when the boot order triggers cryptdisk. The option _netdev is necessary, because otherwise /userdata isn't mounted when LUKS tries to access /userdata/luksHome.img. The original purpose of this option is to wait for network devices to start. noearly serves a similar purpose of skipping the first invokation of cryptdisk. We want the second one, where the other mounts are finished.

# <target name>	<source device>		<key file>	<options>
luksHome	/userdata/luksHome.img	/userdata/luksHome.key	luks,noearly,tries=1,_netdev

So now we have the LUKS as a device in /dev/mapper/luksHome, which we mount at /home/phablet.
Unfortunately, we cannot use /etc/fstab as it is created by dark magic (any info about it is appreciated!)
Therefore we append one line to /lib/init/fstab, which is a normal, non-magic file.
Note the _netdev option, otherwise you softbrick your device.

/dev/mapper/luksHome	/home/phablet	ext4	defaults,_netdev	0	0

Now to the challenges:

Storing an unwrapped keyfile next to the cipher is as useless as no encryption at all. An acceptable solution for now would be using a passphrase, which the user must enter each time the device boots. The missing On Screen Keyboard and the Splash-Screen (which hides the passphrase prompt I assume) are obstacles for now. Maybe one can use a USB keyboard as a compromise?
A second option is the keyscript feature of crypttab. This script is called by cryptdisk and returns the key. For example there is a keyscript which receives the key via UDP [1]. Nice would be a keyscript to unwrap a key file using a hardware token like YubiKey.
Lastly, the biggest challenge: encrypting /home/phablet is not sufficient. There are more writable paths. At first I wondered why my wallpaper changes persisted reboots between encrypted <-> unencrypted mode. App (de)installations have persistent effects regardless is /home/phablet is the original folder or the mounted LUKS device, which should be impossible.
My guess is that the bind mounts [2] from the /etc/fstab are the cause of trouble. They happen before /home/phablet is shadowed by the crypto mount. As a result, a bind like /opt/click.ubuntu.com always leads into the unencrypted folder.
Maybe this can be fixed with mount orders. Or maybe the entire partition which gets mounted at /userdata should be encrypted. This way OTAs might still work afterwards. The very challenge is that we can't use /lib/init/fstab because this file is probably located inside the folders we want to encrypt.

What do you think? Do you know how we can receive a passphrase during boot time via user interaction?

@dobey

then brute force the wrapped passphrase for the encryption key, to eventually decrypt

You can brute force every cryptosystem (well, but the OTP). This is not an argument against using wrapped keys, but rather an argument for educating users about strong passphrases. Until we can use secure enclaves, TPMs, vein scanners or similar is a long, long way for UT. For now we need to just raise the base line to a reasonable minimum.
Our attacker model should not be nation-state, but rather the common MTP-/ADB-savy "finder" of your lost phone.

[1] https://github.com/basak/netkeyscript
[2] http://manpages.ubuntu.com/manpages/xenial/man5/writable-paths.5.html

Have a nice day!

haveaniceday

Will UBports be at 35c3 in December?
That's the annual Chaos Computer Congress in Leibzig, Germany. ~15k of exceptionally privacy aware, tech-affine people. Lots of potential new Ubuntu Touch users / contributors

https://events.ccc.de/2018/09/11/35c3-call-for-participation-and-submission-guidelines/

haveaniceday

This Usenix 2018 paper / talk presents an overview on tracking mechanisms and why anti-tracker plugins might make you more trackable.

Abstract/talk/slides:
https://www.usenix.org/conference/usenixsecurity18/presentation/vastel
Paper pdf:
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-vastel.pdf

haveaniceday

Hi Naomi,

you're correct, the answer is quite simple! You see the three little dots above the keyboard, on th left side? Touch them and slide to 'nano'. Then, in the bar above the keyboard, you will find many ctrl key combination, just like ctrl+x. If you touch them, the terminal app will do the keypresses for you.
Here are two screenshots:

haveaniceday

@vandys I just did this on a M10 frieza an it worked like a charm.

sudo -s
dd if=/dev/null of=/userdata/ubuntu.img bs=1M seek=6000 count=0
resize2fs -f /userdata/ubuntu.img                                            
reboot

How I understand it, it writes zero bytes in the image file after skipping 6GB. This leads to growth of the image file. Then resize2fs is used to grow the ext4 to the full extend of this file. The reboot is necessary to make the kernel aware about the changed filesystem.
Now, the root partition is big enough for all the apt goodness:

phablet@ubuntu-phablet:~$ ls -lash /userdata/ubuntu.img 
2.6G -rw------- 2 root root 5.9G Oct 18 09:34 /userdata/ubuntu.img
phablet@ubuntu-phablet:~$ df -h /
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop0      5.8G  2.3G  3.3G  41% /

Warning: could have bad consequences for your phone. Execute the commands without much interruption - especially if your root partition is already mounted rw. You don't want to corrupt your filesystem.

Have fun with it!

haveaniceday

I found a work-around that reverts from the always-open-a-new-window behaviour to the old everything-in-one-single-windows. This way, menus in libertine kinda work again.

Open /usr/bin/libertine-xmir in an editor and change

exec Xmir -rootless $@

into

exec Xmir -rootless -flatten $@

This is the command with which libertine launches the Xmir instance. The -flatten parameter "Flatten(s) rootless X windows into a single surface" (from the Xmir --help). Note that the root partition must be writable, otherwise you can't edit the file.

The best option of course would be a more integrated handling of menus by mir itself. Maybe xwayland will resolve the issue, as @dobey mentioned.

haveaniceday

Hi,

recently I had a problem where I could not take photos, screenshots and more.
Found a fix, thought to share it here.

Symptoms:

try to take photos with camera app - error Capture failed - Restarting your device might fix the problem. (It didn't)
Screenshots don't appear. After searching you will find them in ~/Screenshots instead of ~/Pictures/Screenshots
Gallery is empty
saving images via content hub, e.g. from the web browser, doesn't work

What I did to break it:

connect phone via USB + MTP to a PC, backup content, delete Pictures and Videos folders to free storage
use phone and forget about it, maybe reboot once or twice

Root of the problem:
I deleted the Picture and Video folder via MTP, so they were gone. It did not suffice to simple recreate them with mkdir or via the Files app, it'd still not work.
This was because the reboot has caused the respective entries in ~/.config/user-dirs.dirs to be changed. The entry on my device was XDG_PICTURES_DIR="$HOME/", which misses the trailing Pictures.
This causes AppArmor violation for the camera app. The screenshots have permission to the home folder, which causes those images to be written to he wrong folder.
This is known: https://askubuntu.com/questions/171263/where-can-i-find-the-pictures-music-downloads-folder-icons/171309#171309
Note: the folders are french in this answer and might differ to yours.

Fix:
Make sure the content ~/.config/user-dirs.dirs has correct paths depending on your language / locale. For EN:

XDG_DESKTOP_DIR="$HOME/Desktop"
XDG_DOWNLOAD_DIR="$HOME/Downloads"
XDG_TEMPLATES_DIR="$HOME/Templates"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/Documents"
XDG_MUSIC_DIR="$HOME/Music"
XDG_PICTURES_DIR="$HOME/Pictures"
XDG_VIDEOS_DIR="$HOME/Videos"

and then make sure that all those folder actually exists, e.g. with
mkdir Videos Pictures Music Documents Public Templates Downloads Desktop && chmod 655 * && chown phablet:phablet * (untested command, should work)

Permanent fix proposal:

The user should not be able to accidentally or unknowingly delete important folders, like me via MTP
Check sanity of ~/.config/user-dirs.dirs upon reboot and show a warning / reset it to default when broken

Hope this helps somebody

haveaniceday

Nice Work @kugiigi with the OSK of the current OTA! I really like it!

haveaniceday