Tools and Apps for enhanced privacy

[I actually wrote this in the [old forum]1 but wanted to have the discussion reloaded, so I just copied the stuff here. Don’t be confused: In the first version of this topic I had to reply to myself because this forum only allows two links each post but now I gained enough trust level to through it all together…]

One of the reasons I bought the FP was because it’s rooted by default. This allowes us, the users, to enhance the privacy settings easily.

I did so by installing xprivacy, a programm that runs in the background and works like a huge gatekeeper. Every app that wants access to your contacts, calendar, system, phoneID etc. has to pass this gatekeeper. By this you can make sure, your flashlight app doesn’t send your location and contact-data to its servers.
It seems a little complicated at the start, but once you understand it, it’s easy to use and pretty handy.
You can get xprivacy here.
Before installing it, you have to install the xposed-framework, that can be found here.
If you need help, use the special Fairphone-section on their website.

Furthermore I can recommend (for less adventuresomely users) this rather simple firewall app that blocks the internet-access for selected apps: Android Firewall

For those of you who don’t want to sync their contacts and callenders via google I recommend a small OwnCloud Server (http://owncloud.org/). You might want to check if your smaller independent mail-provider offers a secure synchronisation of contacts and calendar (e.g. posteo.eu has this feature). If you have a server you still need these two little apps:
CalDAV-Sync
CardDAV-Sync beta
You can now sync your contacts and calendar data between your PC/Mac and your Fairphone automatically.

Other interesting apps: You might also want to check out the stuff the PRISMbreak-crew put together for android phones.

Even though they don’t recommend Threema (an easy to use instant messaging app using end-to-end encryption much like WhatsApp) because it’s not open source, you might wanna give it a try. If you understand German, listen to this podcast interview with the developers.

Any other useful suggetions concerning privacy matters?

2 Likes

Thank you for these links

You may want to look into this:

https://f-droid.org/ as a replacement for google play store if you are concerned about goolge spying on you
the apps on f-droid since they are free software instead of closed source app that may spy on you (is the app financed by charity donation ? developed by volontering developper? did you buy it ?) If you say no to these three questions there is a good chance that the app actually monetize your data as its business model.

the xposed module CrappaLink help removing tracking from links

the following add-on for firefox (dont use chrome)
-https-everywhere
-self-destructing cookies
-ghostery (not really sure about this addon as it is owned by an advertising compagny)

use a privacy friendly search engine (e.g. duckduckgo), social network (easier said that done ;)) and so one.

the Disconnect Mobile app looked promising but is having some issue getting release on google play store, (it is worth looking after it though)

You may want to look into encrypted sms, VOIP and mail in prism break

If you want to go further (but at the cost of a certain confort) you can use tor and other app from the exellent prism break website you mentionned. Another website worth checking is https://guardianproject.info/

Also the firefox add-on “adblock edge” and the app AdAway are very nice against advertisement.

Also you can stack these apps, I have xprivacy and a F-droid (an open source firewall) on my fairphone, so if one is not setted well or have a security flaw, hopefully the other will work :slight_smile: (and a firewall cost little to no ressources)

2 Likes

Replace your current messaging App with TextSecure ( https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms ) It locally encrypts your text messages, shields access to your messages with a password you can set and protects itself from screenshots (common spyware tactic) plus you can send encrypted SMS or IM to other TextSecure users and cyanogenmod users, which also uses the whisperpush protocol . Free + Open Source.
It currently still requires Google Services to run if you want to send encrypted IM to others and there is no IOS Version out (yet). But instead of Threema it is free and open source and already widely distributed (11 million + users just by cyanogenmod alone) Plus, as it is only a replacement for the messaging app, you don’t have yet another messenger to use.

Another recommendation would be Redphone by the same developers. With that app you can have encrypted telephone calls with other Redphone / Signal (IOS) users.
https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone

1 Like

I’m using TextSecure as the standard text-messaging-app, too, however when composing a message for several persons it sended these via MMS – a standard not all of my friends phones can cope with. So far I’m always changing to the onboard SMS-App to write to several persons.
Is that nessesary or can I do something about it or did an update even correct this?

I think i have seen this issue on github once, but I can’t recall what the soultion was. I have never encountered that problem so far. Maybe you can open up a new tiket here? https://github.com/WhisperSystems/TextSecure/issues

Cheers!

Thanks for the tip.
It’s already beeing discussed. Seems as if I have to live with the workaround for a little longer.


I suggest using XMPP/Jabber instead of Whatsapp or Facebook. There are some free clients for android. XMPP is open and decentral, what do you want more? Also, Google and Privacy are no friends. So better do without it, there is a thread where I and many others recommend lots of free alternatives which are too cool to collect your data.
If you need Hardcore privacy you can disguise yourself with the tor network using the apps of the guardian project.
Have a nice day!

1 Like

I have moved this topic to the Fairphone Café.

After these findings with faked surveillance cell towers, it might be interesting to try out tools like the IMSI catcher detector