Blog: TTTThis

Reviewing Apps and Services with a security and privacy lens

2021-08-31 by TTTThis

Encryption is not enough. Relationship maps (identity derived from who you're associated with). Signal, Telegram, WhatsApp uses your phone number for this association. They also have access to your contact list. Protonmail and Tutanota use your email for this.

WhatsApp uses device fingerprint, so its the same to parent company FB if user is using WhatsApp, Messenger, or FB, or is using whatever login name. It's obvious to them because the device is the same. Also crowd-verified by family all in same location, and who tag people, intersecting locations. WhatsApp may be e2e encrypted.

Signal Has phone number and contact list, so not as much info as WhatsApp perhaps.

Telegram Like Signal.

Protonmail Lots of metadata available. Non-encrypted mail can be read, from insurance agents, schools, utilities, etc. Some people publicize their email address. Interdomain email. (Security people suggest using a protonmail account for only intra-domain [specific purpose] conversation, not for everything, although data-contamination happens from what your contacts are doing).

Tutanota Another email like Protonmail.

Suggestions by security people: Use something like Signal, but only with family (no concern over establishing a relationship map). Have a private email server and use in a limited way, for intradomain conversations. Use 'noIdentity.'

TTTThis

deGoogled phone (Graphene, Lineage OS, AOSP)

2021-08-31 by TTTThis

DO NOT ALLOW UPDATES. These can make the internet stop working (and other problems are possible) as has happened. (Or this could just be you selected the wrong type of package, such as Data instead of All Included)

2021: Braxman says older Pixels are now being unsupported by some US carriers (Pixel 1 and 2 are spotty for this)

Difference between Graphene and LineageOS, according to people online:

(Too many to list, but shorthand overview)

Graphene focussed on real security work, so for people who care about security, but is mostly just for Google Pixel phones of a few editions. Harder to mess up the security, for the regular nontechnical user. Supports verified boot. Can relock the bootloader after installing it. 'AOSP with more hardened privacy.' Now has sandboxed GooglePlay services if you want to use Play (still unstable). Community has been said to be a bit toxic (I have no first hand with this).

Lineage designed for powerUsers who want to tweak it and have bells and whistles, and is available for lots of phones. Targets support. Is effectively the same as flashing AOSP on an out-of-support ROM but less breakage. 'AOSP without Google.'

Calyx, a third OS people online recommend sometimes. Is fully deGoogled. 'AOSP with some additional privacy features.' Works only on Pixels (like Graphene).

If you want to use any of these, before you buy a phone make sure it has an unlocked OEM. Go to Phone and make yourself Developer, then go to settings and unlock OEM. If you can't unlock OEM, you can't install any of these.

Check if an app will work on a deGoogled device with https://plexus.techlore.tech/ On left is Graphene and on right is Calyx and Lineage. It is color coded for if it works.

CONSIDERATIONS:

These limit Google's ability to spy, and that ability for the companies who own any apps you might want to install. These still leave hardware vulnerabilities. You're still vulnerable to tracking by the carrier and government creeping. But you can remove or turn off physically the SIM modem.

Some have noted that tracking is so offensive to people because it's become so precise (6 feet). But if tracking is made less precise it offends people less, while allowing them to use geolocation for convenience (maps, finding locations near them). So if they can be located within a block or two, for example, it's less offensive than 6 feet.

Advantages of using a deGoogled phone over a LinuxPhone: Can use newer, faster phones. Can use all apps (compromising to various levels on your security/privacy).

The reason using a deGoogled phone is better even if you want some apps. Using the PlayStore means the apps use Google's code (connects to Google, even to get notifications for the apps I've heard, but also databases I've heard). A deGoogled phone, even if it connects to Google to use PlayStore, doesn't usually have an id (has a spoofed id), ie the owner doesn't sign in (it does get a device fingerprint and will know what apps the phone has installed from Play, but it won't have access to users financial records), and wifi scanning is disabled, limiting a main tracking means. Some deGoogled phone users uninstall PlayStore after then install their apps.

DeGoogled phones use apps from Fdroid, which are opensource. But for many commonly uses apps which are considered spyware but are used by everyone, people compromise and install them to varying degrees. They use Aurora Store to use apps from the Play store but logs in with a spoofed ID. Or users can download apps from other stores online and install them.

When not using GooglePlay services (which handle notifications for apps on the phones most people are familiar with), deGoogled phones use MicroG (a Google service emulator, simulates Google so apps think they're talking to Google, and it communicates with Google to get notifications but Google doesn't actually see the phone because MicroG is in the middle handling the interaction).

Paid apps don't work on deGoogled phones people say, because you need the PlayStore for that.

People say in the future security people will possibly just switch from phones to computers.

APPS LIST:

  • CNBC
  • Spanish Verbs
  • Bank App
  • Authenticator
  • Music
  • Wire
  • Signal
  • Notepad Free
  • Facebook
  • Messenger
  • Currency Plus
  • Easy Voice Recorder
  • Firefox, Falcon, Chromium

APP LIST 2 (F-Droid which you get from their website, internet apks)

  • ImagePipe
  • Track & Graph
  • MoneyWallet
  • Voice Recorder
  • Markor (text)
  • Jitsi Meet (video meetings)
  • Wire, Briar
  • NewPipe (view YouTube)
  • Currencies
  • Aurora Store
  • CalyxVPN
  • Shelter (blocks app permissions for whatever apps)
  • Termux (terminal)

GRAPHENE

  • SDK Platform tools
  • open that
  • identify device
  • unlock flashing
  • get factory images (from graphene releases pages)
  • copy stuff into platform tools
  • click 'flash-all'

Steps:

sdk tools didn't work, so I went to https://developer.android.com/studio/releases/platform-tools and downloaded the file

sudo thunar to move the file into the usr/local/bin

plug in, boot into fastboot (with down button and power)

sudo fastboot flashing unlocked, and then selected unlock on my phone

download os from https://grapheneos.org/releases#blueline-stable

extract and open terminal in that folder

sudo ./flash-all.sh

check connecting cable

dont touch, it will reboot some times and stuff

TTTThis

PineTime Watch

2021-08-02 by TTTThis

Suggestions:

  • Dictionary, which works with text imput (somehow) or with voice. Does not require internet connection to work
  • Translator, same

These are two things a watch would be better suited for than a phone or other device. You have a watch handy while you're reading books, when you're on the street (some streets you might not want to take your phone out if there are thieves there), during lectures

TTTThis

PinePhones

2021-08-02 by TTTThis

Suggestions for improvement, hardware:

  • Two microSD card slots. Since users often run their OS with one, how are they to move documents to their PinePhone. Currently, they would have to take their OS microSD out, plug it into a computer, and put the files on, or transfer over internet. Better solution is a second microSD, so they can add to their mp3s, pdfs, etc.

Suggestions for improvement, software:

  • shortcut for screen resolution. Currently, if you want to switch to 100% from the 200% resolution best for apps designed for the phone screen, you have to go through Settings etc. But this is a task you want to just click a button. A toggle could be added to the top of screen menu. Ideally, you should be able to make shortcuts in the top slidedown screen for anything you want (more or less)
  • Processing indicator animation icon. On PinePhone, sometime things seem to be taking a long time, and you don't know if the machine or process is frozen. Even on Terminal. It would be better to have some kind of indicator to show things were still happening and it's not frozen.
  • Image viewer should hold the 'left' and 'right' icons for longer. It currently displays them for like 2 seconds before they disappear, and you have to click twice to scroll to next image. It should hold for 15 or 30 seconds, and/or should be an option users can set. Also currently to swipe to next image, you have to place your finger basically off the screen and swipe. You should be able to place your finder on the left 5 or 10% of the screen and swipe.

PINEPHONE - INSTALLING AN OS

https://wiki.mobian-project.org/doku.php?id=install-linux (this also shows how to check the .img is authentic)

Method1 (boot from microUSB): use a microSD and put an OS on it and boot from it on your PinePhone (PinePhones boot from microSDs inserted in them before they boot from the internal (eMMC) memory, so anytime there's a microSD in them they'll try to boot from that first.

Method2 (install on phone): use a microSD and put the 'jumpdrive' on it, which allows you to then plug in your PinePhone to your computer with a USB and treat the PinePhone internale (eMMC) memory as a drive (then you write an OS onto that drive).

Method2 directions:

If you make a folder in your Downloads folder and name it PinePhoneStuff (you can do it otherwise, but this will make it easier to follow the code below). When you enter lsblk you can see by the size of the 'drives' that sda is my PinePhone and sdb is the sd card inside my PinePhone right now (an 8gb microSD). Therefore, I'm going to target sda when I do the dd command below (to write the .img file to the drive.

Download the jumpdrive from the internet onto your computer (mine looks like mobian-installer-pinephone-phosh-20210516.img) and then unzip it into a folder on your computer (I used a folder inside Downloads called PinePhoneStuff, as you can see in the code below). Put your microSD into your computer, delete any partitions and content on it (using Disks), and use Disk Writer to write the mobian-installer-pinephone-phosh-20210516.img to the microSD (right click on mobian-installer-pinephone-phosh-20210516.img then select Disk Writer (program), then (BE CAREFUL YOU CAN DESTROY YOUR COMPUTER HERE IF YOU SELECT YOUR COMPUTER'S HARDDRIVE) select the microSD from the dropdown be looking at the size). It will take seconds to write because it's small. Now put the microSD into your PinePhone and start your PinePhone. You will see 'Jumpdrive is running' if everything is working so far.

Now you can plug your PinePhone into your computer with a USB. Open Gparted and select your PinePhone from the dropdown (select by size again BE CAREFUL YOU CAN DESTROY YOUR COMPUTER IF YOU SELECT THE WRONG ONE). You'll probably see 2 partitions now. Delete them each (you might have to unlock them first, which probably means just going to your folder view and right-click unmount them). Once deleted, you can proceed (because you have nothing on your PinePhone's internal (eMMC) memory now. So open Terminal and type lsblk. (Notice that I put 'computername' and 'username' but yours will say something specific to your computer.) ANOTHER TIME it showed a Fat32 partition which had no 'delete' option (greyed out), but I just wrote to it anyway with Disk Image Writer.

computername:~$ lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 1 14.5G 0 disk
sdb 8:16 1 7.5G 0 disk
└─sdb1 8:17 1 49M 0 part /media/username/SDNAME nvme0n1 259:0 0 238.5G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /boot/efi ├─nvme0n1p2 259:2 0 732M 0 part /boot └─nvme0n1p3 259:3 0 237.3G 0 part
└─sda3_crypt 253:0 0 237.2G 0 crypt ├─vgubuntu--studio-root │ 253:1 0 236.3G 0 lvm / └─vgubuntu--studio-swap_1 253:2 0 976M 0 lvm [SWAP]

username@computername:~$ sudo dd bs=64k if=~/Downloads/PinePhoneStuff/mobian-installer-pinephone-phosh-20210516.img of=/dev/sda status=progress

(note that it might be sda, sdb, sdc, depending where your phone is mounted. Run lsblk without the phone plugged in, look at the sizes of the media, then plug in and do the same. Don't forget that your microSD that you have in your phone for JumpDrive will be found as yet another drive by lsblk.)

[sudo] password for username:

(wait a while, maybe 5 minutes ... then see:)

7997816832 bytes (8.0 GB, 7.4 GiB) copied, 404 s, 19.8 MB/s 122070+1 records in 122070+1 records out 8000000000 bytes (8.0 GB, 7.5 GiB) copied, 619.432 s, 12.9 MB/s

Then it'll return to the ready to accept a command state (Terminal will, I mean). Unplug your phone, remove the microSD, reboot the phone (by holding down the power button for several seconds each way). It should now bot into a Mobian screen (it might show a screen asking for a password, but just wait a bit and I think it'll just bypass that). You can select you install options. Then it will 'unpack' which takes about 15 or 20 minutes I think.

AFTER INSTALLATION of OS

Blinking blue light? Known issue. Turn it off:

echo '0' > /sys/class/leds/blue:indicator/brightness

(replace 0 with 1 to turn it on)

Install:

  • nautilus (maybe not necessary if using Thunar. I forget why I installed it)
  • musescore or musescore3
  • musescore3: sid (unstable), bullseye (testing/Debian 11), buster-backports (stable/Debian 10), stretch-backports-sloppy (oldstable/Debian 9)
  • musescore: buster (stable/Debian 10), stretch-backports (oldstable/Debian 9), jessie-backports-sloppy (oldoldstable/Debian 8)
  • mpv
  • ddgr (duckduckgobrowser)
  • falkon browser (for direct connection)
  • firefox (torified browser with settings set to minimize stuff)
  • wipri mac address-anonymizer
  • firejail sandboxing (easy to use configurator)
  • inkscape
  • lmms
  • featherpad
  • Kden
  • Thunar
  • GNU
  • Featherpad
  • Hydrogen H2

Instructions (more condensed). Put jumpdrive .img on microSD and Mobian OS .img file on computer. And open a text editor to paste the below code and edit it with your specific Mobian .img)

  1. microSD in computer. format it and write the jumpdrive .img onto it
  2. microSD into phone and start phone (it says 'Jumpdrive is running')
  3. format the phone's harddrive with Disks or Gparted. Actually, it didn't work for me with Disks but then it did with only using Gparted to delete the eMMC contents - I didn't format it)
  4. open Terminal and type in lsblk to double check which drive is your PinePhone (probably sda and sdb might be your 8gb microSD running Jumpdrive)
  5. Assuming it is sda and assuming you have a folder called 'PinePhoneStuff' in your Downloads folder, paste the below command in a text editor and replace mobian-pinephone-phosh-20210517.img with the one you have, then:

sudo dd bs=64k if=~/Downloads/PinePhoneStuff/mobian-pinephone-phosh-20210517.img of=/dev/sda status=progress

  1. Now it installs. Leave it for 5 minutes or whatever. Then Terminal will complete its task. Take the microSD out and restart your PinePhone by holding down the power and down-volume buttons for several seconds. Done.
  2. You might need to reboot the PinePhone, or you might need to give it time to boot up.
TTTThis

Studies in Comparative Law

2021-06-17 by TTTThis

Books (from https://www.nyulawglobal.org/globalex/Comparative_Law1.html )

  • The main classic European theoretical works on comparative law are: David, R., Jauffret-Spinosi, C., and Gore, M., Les grands systèmes de droit contemporains, 12e éd. Paris, Dalloz, 2016. The book has been translated into numerous languages. An English version of the 6th edition of 1974 was published by Sweet and Maxwell as Major legal systems in the world today, 3rd edition in 1985 (out of print).
  • Zweigert, K. and Kötz, H., Einführung in die Rechtsvergleichung, 3e Aufl. Tübingen, Mohr, 1996. English translation: Introduction to comparative law, translated from the German by Tony Weir. Oxford, Oxford University Press, 1998.
  • Breda, V., ed. Legal transplants in East Asia and Oceania,Cambridge University Press, 2019.
  • De Cruz, P. Comparative law in a changing world, 3rd. Routledge-Cavendish, 2007.
  • Glendon, M., et al, Comparative legal traditions: text, materials, and cases on western law, 4th ed. West Academic, 2015.
  • Glenn, H P. Legal traditions of the world: sustainable diversity in law, 5th ed. Oxford University Press, 2014 (1st edition gained the Canada Prize, International Academy of Comparative Law, 1998).
  • Harding, A. and Örücü, E. (eds.) Comparative law in the 21st Century. Kluwer Law International, 2002.
  • Legrand, P. and Munday, R. (eds.) Comparative legal studies: traditions and transitions. Cambridge University Press, 2003.
  • (Want to read) Menski, W., Comparative law in a global context: the legal systems of Asia and Africa, 2nd ed. Cambridge University Press, 2006.
  • Merryman, J.H. and Pérez-Perdomo, R. The civil law tradition: an introduction to the legal systems of Europe and Latin America, 4th ed. Stanford University Press, 2018.
  • Palmer, V., ed., Mixed jurisdictions worldwide: the third legal family. 2nd ed., Cambridge University Press, 2012.
  • Riles, A. Rethinking the masters of comparative law. Hart Publishing, 2001.
  • Varga, C. European legal cultures.Dartmouth Publishing, 1997.
  • Zimmermann, R. Mixed legal systems in comparative perspective: property and obligations in Scotland and South Africa. Oxford University Press, 2003.
  • Zimmermann, R. and Reimann, M. The Oxford handbook of comparative law, 2nd ed.,Oxford University Press, 2019.
TTTThis