“All internet traffic should be treated equally, without discrimination, restriction or interference, irrespective of its sender, receiver, type, content, device, service or application.”
from the EU Parliament vs. the so called, hardwork-lobbied “Next-Gen Firewall” which in my eyes means extensive censoring of access to the internet. In my opinion, there would be no more regulation needed than letting the employee agree to the fact that it is forbidden to use the internet in a non-work related way during workhours.
And that is why I think that these so called Next-Gen security devices are nothing more than a marketing hype, sold with the promise of total control, which comes handy for weak personalities in powerful positions.
If you buy a smartphone or a tablet (which is basically the same) nowadays and start using it, you are sending out tons of data about what you type, where you are, etc. while most of the time being unable to block, control or even notice any of these data transfers. At the same time, this is vastly contributing to the effort of turning you into a uniquely identifiable individual – transparent for industry, commerce, or who else might be interested 1984-style.
A quick way to take a peek at what data your android device is sending to whom could be using your local wireless network while monitoring all traffic from the android device passing the router (e.g. by BPF filtering “host 10.10.23.42”).
To overcome this inacceptable pity, you are free to root your phone and install a custom operating system (or rather a modification of the stock android). The steps I undertook to transform my device into a rather acceptable (and not bugging-me) device were – amongst others – :
- Flash Clockworkmod Recovery
- Optional: Create backup of (mostly) stock firmware
- Flash Cyanogenmod 11
- Install (some of) Google Apps
- Create backup of CM11 firmware (repeat this after “milestones”)
- Save all the backups on at least one different storage media
- disable everything you do not need (NFC, Bluetooth, autosync features, …)
When it comes to COMSEC/OPSEC, you have quite some options. In general, it is better to use F-Droid than Google Play.
- Advanced Task Killer
- APG (together w/ K9Mail and only via VPN)
- ChatSecure (Jabber + OTR)
- HTTPS Everywhere for Android/Firefox
- Owncloud (as in YOU OWN that cloud)
- think twice before installing an app
- store sensitive data GPG encrypted
Always try to use servers that you – or friends/ppl who you trust – own, control and monitor (e.g. VPN, Mail, Cloud/Hosting. etc.) so that you have an additional layer of security.
A message to the ppl behind Cyanogenmod: Thank you, I have been running your customized android O/S for many years successfully on:
- Google G1
- HTC Desire
- Samsung Galaxy S3 LTE
- Samsung Galaxy S4 LTE+
Some older laptops w/ an ipw2200 wireless adapter have hardware buttons to enable or disable the wireless connection. This button does not work by default in a free operating system, resulting in a non-working wireless adapter.
A while ago, one could manually compile the acerhk.ko kernel module for 2.6 kernels to get around the issue, but since I want to use newer kernels, I had to take a different path to achieve connectivity:
- remove mini-pci wireless adapter
- identify PIN13 (which is PIN7 on the frontside)
- use tesa stripe or similar to isolate and disable the pin
Frontside View of mini-PCI adapter PINs:
L g R
| | a | | | | | |x| <-- diz is it!
1 p 2 3 4 5 6 7
Afterwards, the adapter will no longer be disabled, because the kill switch will naturally be turned off if the PIN is not connected (you can verify this by using rfkill list)