Advanced Privacy - know all about it

advanced privacy mockup
Illustration: Advanced Privacy on the Murena One smartphone

Advanced Privacy is a specific tool we have developed to limit your data exposure once you have installed third party apps.

When an application snoops in the background, it will use trackers to log your activity even if you are not using the app. It will also collect the IP address, so it can potentially link internet activity to a specific device and to a persona, and finally it will try to pinpoint your exact location.

Advanced Privacy lets you manage in app trackers, IP address and location. It’s available as a widget and within the operating system settings.

Trackers blockers


Illustration: Trackers manager

What are we talking about ?

A typical tracker consists of a software initiating requests from the device to send personal data to specific endpoints, or APIs which collect connections’ metadata while providing a service. The collection and aggregation of these data are used to track users’ activity and behavior.

Tracing a tracker means having a look at which applications (or system components) are connecting to which endpoints (when, how much data, which data, …).

How does it work

Trackers blockers detect and block trackers when they perform DNS (Domain Name System) requests. The DNS is the first step of an Internet request: it transforms the name of a service (for instance e.foundation), to its current real address on the internet (for instance: 157.90.154.178).

We build and maintain a list of all URLs used by trackers, merging Exodus list, Adaway list and a set of custom /e/OS rules. Adaway list is used to establish a list of domains to block, Exodus to identify those domains with a clean name. Then, the low level DNS service of /e/OS sends each requested URL to Advanced Privacy. Advanced Privacy then logs each request to URL in the trackers list, and blocks them if the user required to block trackers in Advanced Privacy settings.

Side effects

Some trackers URL could be mandatory to use services. In order to solve potential issues, we provide the ability to whitelist any tracker individually for any application.

There are more and more innovations around the DNS technology, like DoH (DNS Over HTTPS) or DoT (DNS Over TLS) which can bypass the low level DNS service of the system, and then be ignored by the trackers manager.

Hide My IP


Illustration: Manage my Internet address

What are we talking about ?

IP (Internet Protocol) addresses are the origin and destination addresses of the communications performed between clients and servers on the internet.

A smartphone device is practically never directly connected to internet, with “its” IP address. Its visible IP address on internet is the one actually attributed by the cellular provider, the one of the home internet connection, or the one of the current Wi-Fi hotspot. In each of these situations, the same IP address may be used by many users at a same time (using the Network Address Translation protocol — NAT) and many IP addresses may be used the same day by one device just because the user has moved.

IP addresses are the way to link the internet activity to an individual in the real world, for including for legal purposes. For example, leaving a comment on a forum:

  • The forum’s hosting service has to store the IP address of who has posted the comment (for a legal period of time)
  • The Internet Service Provider (ISP) has to store the IP address (also IMEI, cell ID) and to which customer it is linked (for a legal period of time)

In the end, the customer potentially becomes a well identified person.

Typical legal uses of the IP addresses:

  • Find back an illegal torrent user,
  • Find back authors of unappropriate contents on the web, …

IP addresses generally are very volatile in mobile use. In other situations, they can be very stable: many ISP provide a fixed IP address to their customers (home connection), so that an IP address can potentially become another user identifier. They are used in various cases like:

  • Tracking users for profiling them and delivering ads
  • Preventing identity theft: blocking connections to personal accounts from unexpected IP addresses,
  • Restricting contents delivery based on Geographic information,
  • Banning user for game server, or from Wikipedia, for instance, after vandalization,

Internet users use IP scrambling for years to bypass those strategies.

How does it work

Advanced Privacy is using an implementation of the Tor project. We extracted the core functionality from the Orbot application, and added a user interface on the top of it.

Tor directs Internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, to conceal a user’s location and usage from anyone performing network surveillance or traffic analysis. Wikipedia

When Hide My IP is activated, all the device’s internet traffic, or just the one of some selected app, is redirected through the Tor network. In the end, the user’s primary (and read) IP address is masked by a random IP address that belongs to the TOR network.

Side effects

The implementation of Orbot bridges all the devices’s Internet traffic through the Tor network. This was initially designed for VPN Services. That’s why Hide My IP appears as a VPN in /e/OS. We are working on another solution to route the devices’s traffic directly through Tor, to avoid this confusion.

Hide My IP also reduces bandwidth and increases latency (like 200ms — 500ms). This is a side effect of the Tor network architecture and behavior. Each Internet request goes through many Tor relays through the Internet to reach the final server, and also to come back to the device. Wandering on the internet makes them anonymous, but it also takes some time.

Some Internet services can detect traffic coming from Tor, and block it. That’s why users may face some strange behaviors or non-working features while using Hide My IP.

Finally, some services are using the IP address to compute users location. The user experience may be affected using those services, considering they will use the Tor output node IP address, and not the real one from users, as the Tor output node may be located anywhere in the world.

Fake My Location

Illustration: Manage my location

Smartphones provide technical tools to compute their geographical position, using satellite-based radio navigation systems such as GPS, Galileo…, or by mapping visible networks (cell network, Wi-Fi networks, …). This is a key feature of smartphones that provides users with the ability to use maps applications and services.

But it is also used to track users: to know where they live, which store they go to, in which area they work and so to have precise profiles to push targeted advertising to them. Some other digital services can also use the location to limit the functionality against the location of users.

How does it work

In Advanced Privacy, Fake my location takes advantage of existing low-level operating system features that we have connected to the Advanced Privacy User Interface to make it easy to use and hidden from applications. Fake my location bypasses the real location provided by the satellite radio navigation system or the network, and instead sends the one set by users to applications that are requiring location.

Side effects

After enabling Fake my location, users may face some unexpected behavior:

  1. the Weather widget data will be based on the fake location, not the real one. A workaround could be to define manually a fake location, not so far away from the real one.
  2. the navigation applications (MagicEarth, OsmAnd, Maps.ME, Waze…) will use the fake location. In order to users properly those applications, the users have to temporarily disable Fake my location.
  3. We use Mapbox in order to display a map to the users while they play with location configuration. It will be detected as a tracker by the Tracker blocker feature. We are looking for an alternative.

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

24 Likes

Please allow me a french translation attempt.


Exemple : Advanced Privacy sur un appareil utilisant /e/ OS 1.0-r

Advanced Privacy est un outil spécifique que nous avons développé pour limiter l’exposition de vos données une fois que vous avez installé des applications tierces.

Lorsqu’une application tourne en arrière-plan, elle utilise des pisteurs pour enregistrer votre activité, même si vous n’utilisez pas l’application. Elle collecte également l’adresse IP, ce qui lui permet de relier potentiellement l’activité Internet à un appareil spécifique et à une personne, et enfin, elle essaie de déterminer votre emplacement exact.

Advanced Privacy vous permet de gérer les pisteurs dans l’application, l’adresse IP et la localisation. Elle est disponible sous forme de widget et dans les paramètres du système d’exploitation.

Bloqueur de pisteurs


Exemple : gestionnaire de pisteurs

De quoi s’agit-t’il ?

Un pisteur typique consiste en un logiciel qui lance des requêtes depuis l’appareil pour envoyer des données personnelles à des destinations spécifiques, ou à des API qui collectent les métadonnées des connexions tout en fournissant un service. La collecte et l’agrégation de ces données sont utilisées pour suivre l’activité et le comportement des utilisateurs.

Le suivi d’un pisteur consiste à examiner quelles applications (ou composants du système) se connectent à quelles destinations (quand, combien de données, quelles données, …).

Comment ça marche

Les bloqueurs de pisteurs détectent et bloquent les pisteurs lorsqu’ils effectuent des requêtes DNS (Domain Name System). Le DNS est la première étape d’une requête Internet : il transforme le nom d’un service (par exemple e.foundation), en son adresse réelle actuelle sur Internet (par exemple : 157.90.154.178).

Nous construisons et maintenons une liste de toutes les URLs utilisées par les pisteurs, en fusionnant la liste Exodus, la liste Adaway et un ensemble de règles /e/OS personnalisées. La liste Adaway est utilisée pour établir une liste de domaines à bloquer, Exodus pour identifier les domaines avec un nom propre. Ensuite, le service DNS de bas niveau de /e/OS envoie chaque URL demandée à Advanced Privacy. Advanced Privacy enregistre alors chaque demande d’URL dans la liste des pisteurs, et les bloque si l’utilisateur a demandé le blocage des pisteurs dans les paramètres d’Advanced Privacy.

Effets de bord

Certaines adresses (URL) de pisteurs pourraient être obligatoires pour utiliser les services. Afin de résoudre les problèmes potentiels, nous offrons la possibilité de mettre sur liste blanche tout pisteur individuellement pour toute application.

Il y a de plus en plus d’innovations autour de la technologie DNS, comme DoH (DNS Over HTTPS) ou DoT (DNS Over TLS) qui peuvent contourner le service DNS de bas niveau du système, et être ignorées par le gestionnaire de pisteurs.

Cacher mon adresse Internet


Exemple : gérer mon adresse internet

De quoi s’agit-t’il ?

Les adresses IP (Internet Protocol) sont les adresses d’origine et de destination des communications effectuées entre les clients et les serveurs sur l’internet.

Un smartphone n’est pratiquement jamais connecté directement à l’internet, avec “son” adresse IP. L’adresse IP visible sur l’internet est celle attribuée par le fournisseur de téléphonie mobile, celle de la connexion internet domestique ou celle du hotspot Wi-Fi actuel. Dans chacune de ces situations, la même adresse IP peut être utilisée par plusieurs utilisateurs en même temps (grâce au protocole de traduction d’adresses réseau - NAT) et plusieurs adresses IP peuvent être utilisées le même jour par un appareil, simplement parce que l’utilisateur s’est déplacé.

Les adresses IP sont le moyen de relier l’activité Internet à un individu dans le monde réel, notamment à des fins juridiques. Par exemple, laisser un commentaire sur un forum :

  • Le service d’hĂ©bergement du forum doit stocker l’adresse IP de la personne qui a postĂ© le commentaire (pendant une pĂ©riode lĂ©gale).
  • Le fournisseur d’accès Ă  Internet (FAI) doit stocker l’adresse IP (ainsi que l’IMEI, le numĂ©ro du portable) et le client auquel elle est liĂ©e (pendant une pĂ©riode lĂ©gale).

Au final, le client devient potentiellement une personne bien identifiée.

Utilisations légales typiques des adresses IP :

  • Retrouver un utilisateur de torrent illĂ©gal,
  • Retrouver les auteurs de contenus inappropriĂ©s sur le web, …

Les adresses IP sont généralement très volatiles dans le cadre d’une utilisation mobile. Dans d’autres situations, elles peuvent être très stables : de nombreux FAI fournissent une adresse IP fixe à leurs clients (connexion domestique), de sorte qu’une adresse IP peut potentiellement devenir un autre identifiant d’utilisateur. Ils sont utilisés dans divers cas, notamment :

  • Suivre les utilisateurs pour les caractĂ©riser et diffuser des publicitĂ©s ciblĂ©es,
  • PrĂ©vention de l’usurpation d’identitĂ© : blocage des connexions aux comptes personnels Ă  partir d’adresses IP inattendues,
  • Restreindre la diffusion de contenus sur la base d’informations gĂ©ographiques,
  • Bannir un utilisateur d’un serveur de jeux ou de Wikipedia, par exemple, après un acte de vandalisme

Les internautes utilisent le brouillage d’adresses IP depuis des années pour contourner ces stratégies.

Comment ça marche

Advanced Privacy utilise une implémentation du projet Tor. Nous avons extrait la fonctionnalité principale de l’application Orbot, et ajouté une interface utilisateur par-dessus.

Tor dirige le trafic Internet à travers un réseau libre, mondial et bénévole, composé de plus de sept mille relais, afin de dissimuler la localisation et l’utilisation d’un utilisateur à toute personne effectuant une surveillance du réseau ou une analyse du trafic. Wikipedia

Lorsque Cacher ma véritable adresse IP est activé, tout le trafic Internet de l’appareil, ou seulement celui d’une application sélectionnée, est redirigé à travers le réseau Tor. Au final, l’adresse IP primaire (et réelle) de l’utilisateur est masquée par une adresse IP aléatoire appartenant au réseau TOR.

Effets de bord

L’implémentation d’Orbot fait passer tout le trafic Internet des appareils par le réseau Tor. Cela a été initialement conçu pour les services VPN. C’est pourquoi Cacher mon adresse IP apparaît comme un VPN dans /e/OS. Nous travaillons sur une solution alternative pour acheminer le trafic des appareils directement à travers Tor, pour éviter cette confusion.

Cacher mon adresse IP réduit également la bande passante et augmente la latence (environ 200ms - 500ms). C’est un effet secondaire de l’architecture et du comportement du réseau Tor. Chaque requête Internet passe par de nombreux relais Tor à travers l’Internet pour atteindre le serveur final, et aussi pour revenir vers l’appareil. Ces rebonds sur Internet rend ces requêtes anonymes, mais cela prend aussi du temps.

Certains services Internet peuvent détecter le trafic provenant de Tor, et le bloquer. C’est pourquoi les utilisateurs peuvent être confrontés à des comportements étranges ou à des fonctionnalités qui ne fonctionnent pas lorsqu’ils utilisent Cacher mon adresse IP.

Enfin, certains services utilisent l’adresse IP pour calculer la localisation des utilisateurs. L’expérience de l’utilisateur peut être affectée en utilisant ces services, étant donné qu’ils utilisent l’adresse IP du nœud de sortie de Tor et non l’adresse réelle des utilisateurs, car le nœud de sortie de Tor peut être situé n’importe où dans le monde.

Cacher ma position


Exemple : gérer ma localisation

Les smartphones fournissent des outils techniques permettant de calculer leur position géographique, en utilisant des systèmes de radionavigation par satellite tels que GPS, Galileo…, ou en cartographiant les réseaux visibles (réseau cellulaire, réseaux Wi-Fi, …). Il s’agit d’une caractéristique essentielle des smartphones qui offre aux utilisateurs la possibilité d’utiliser des applications et des services de cartographie.

Mais elle est aussi utilisée pour suivre les utilisateurs : savoir où ils habitent, dans quel magasin ils vont, dans quel quartier ils travaillent et ainsi obtenir des profils précis pour leur pousser des publicités ciblées. Certains autres services numériques peuvent également utiliser la localisation pour limiter la fonctionnalité en fonction de la position géographique des utilisateurs.

Comment ça marche

Dans Advanced Privacy, Cacher ma position profite des fonctions de bas niveau du système d’exploitation que nous avons connectées à l’interface utilisateur d’Advanced Privacy pour la rendre facile à utiliser et cachée des applications. Cacher ma position contourne l’emplacement réel fourni par le système de radionavigation par satellite ou le réseau, et envoie à la place celui défini par les utilisateurs aux applications qui demandent une localisation.

Effets de bord

Après avoir activé Cacher ma position, les utilisateurs peuvent être confrontés à un comportement inattendu :

  1. les données du widget Météo seront basées sur le faux emplacement, et non sur le vrai. Une solution de contournement pourrait être de définir manuellement une fausse position, moins éloignée de la vraie.
  2. les applications de navigation (MagicEarth, OsmAnd, Maps.ME, Waze…) utiliseront le faux emplacement. Afin d’utiliser correctement ces applications, les utilisateurs doivent désactiver temporairement Cacher ma position.
  3. nous utilisons Mapbox afin d’afficher une carte aux utilisateurs pendant qu’ils configurent leur localisation. Il sera détecté comme un pisteur par la fonction de blocage des pisteurs. Nous sommes à la recherche d’une alternative.

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services phone

12 Likes

When will /e/ team stop shipping an end of life version of Tor? build.gradle · e1cc6aef65eb646f347d28174a6b00840c1cb94d · e / os / orbotservice · GitLab

We use Mapbox […] It will be detected as a tracker by the Tracker

Why glance over the fact that it is proprietary?

1 Like

How about:

3 Likes

Why you glance over the fact “We are looking for an alternative.”? ;- )

Checked with the team reg Tor …the response was that the latest version does not work with /e/OS. The team will work on it and then release it as part of the future releases of Advanced Privacy. No ETA as yet.

7 Likes

Un autre effet indésirable (pardon, “de bord”) c’est le risque réputationnel associé en cas d’IP masquée. En effet l’usager final n’a aucun contrôle sur le comportement des autres personnes utilisant le VPN ni sur la politique éventuellement drastique de ses autres fournisseurs de services, qui peuvent aussi choisir de bloquer préventivement tout usager connecté via un VPN. Deux exemples : l’application SNCF Connect est en mode bloqué avec le VPN d’advanced privacy ; le fournisseur d’accès internet Free Telecom lui désactive carrément les comptes de courrier électronique qui se connectent à travers ce VPN.

3 Likes

@Manoj I think if you do videos on the “deep dive” / “know all about it” posts you’ll have a wider reach.

For another thread where a person with dyslexia sought concise answers I looked for one on Advanced Privacy, but it is to new to find presentations on it.

We are looking into creating videos explaining basic concepts. Will share details once there is some positive to report.

1 Like

I can try voiceovers in american english if theres interest…

Hello, I confirm that free.fr email addresses are instantly blocked as soon as it is reached through e os “tor” VPN.
This might not appear as a big issue but it is, especially knowing the user friendly view of /e/ OS development.
A warning or a default deactivation of the VPN for the email app should be set up as soon as possible to avoid normal users loosing access to their main email address which is a HUGE problem because it will happen at the first use of advanced privacy (maybe it is even set on by default on /e/ OS !).

free.fr says that the IPs used by this VPN are used for attacks against their client’s email addresses.

Anyway, thanks for those amazing tools, especially trackers blocker (helpful for work apps) and geolocation spoofing that works well.

this is a grave problem, can you raise it on the gitlab backlog? if you haven’t got an account yet, write to helpdesk@e.email (explained at Report an issue)

A solution would be to allow for selective disabling the Tor Route for Apps - Mail in this case. Runs counter to some “no-leakage” network guarantees though.

Hello, I have raised an issue on the gitlab backlog.
TOR VPN is a verypowerful tool, it is well implemented though in the state of development it is contradictory to /e/ OS easy-to-use and all-users view. I think that is should be kept be rendered harder to activate with more warnings.

2 Likes

Hello,

I recently installed a few PWA (Twitter lite no to mention it) with Advanced Privacy on and Hide my IP activated. I connected to my Twitter account through the PWA and was very surprised to get an email from Twitter giving me my exact location obtained with my IP address.

Aren’t PWA supposed to be shortcuts using the default browser? If that’s the case the IP should be hidden. I checked that the Hide my IP feature works well on a random website with my default browser (Bromite), so no problem regarding AP.

In Settings, PWA do not even appear on the app list where you can select/unselect apps from using the Hide my IP feature.

In a nutshell, AP and PWA do not seem to work together well…

Thanks for your insights.

Just to be clear, the Twitter email showed the IP address provided by your carrier or the one from Hide My IP?
If the former: That’s a problem.
If the latter: Not a problem.

The Twitter email showed a location based on my IP address without showing the IP address. The location was correct, even though Hide My IP is supposed to modify it (if I understand this feature correctly).

Hmm, I don’t use Advanced Privacy. Only tested it a time or two as I use other tools. But how is your “Manage my location” set up. Is that being used also?

It’s been awhile since I’ve routed traffic through Tor but I do remember that my location would be wherever the exit node was. I’m in the U.S. but my location would be shown half a world away. So yeah, your location should(?) be tied to wherever the assigned IP is located.

In the “Manage my IP address” settings you can tell it which country you want to appear from. Even if it’s set to your current country your actual location (city, state, prefecture) still shouldn’t be known I’d think.

I think I’ll try and reproduce your situation and see what happens.

I’m not using Manage my location, but it’s a different matter to me. Like you said, location based on my IP should be the one that’s passing through Tor with Hide my IP, whatever the Manage my location settings.

Instead of PWA, if I use direct shortcuts from Bromite it seems to work correctly. For instance the Twitter shortcut shows me German ads, and I’m in France (Hide my IP is set with a random country). This is the expected behavior. If I use PWA I get only French ads, in addition to this email with the exact location.

Thanks for trying to reproduce my problem, if confirmed I should probably file a gitlab issue.

I couldn’t test the PWA. Keeps churning and gives errors when I try to login.

So I have AP active with hide my IP. The IP assigned was in Kansas, U.S. (I live in Los Angeles area, California). In Browser I went to Google Maps. It initially put me in Kansas but a few seconds later, wait for it… I wasn’t in Kansas anymore (sorry, couldn’t resist). It switched to my real location. Went to OpenStreetMap and it took me to Kansas and stayed there. In Iceraven (Firefox fork) OpenStreetMap immediately went to my real location.

Hiding an IP essentially does only one thing, hides your carrier-assigned IP. Actual location is determined by other means. GPS, location backends (of which I have several), location settings, and whether an app or browser can make use of those.

In a repeated round of testing with location changed to random (in Manage my location), my IP address is a Calyx server in New York. Google Maps and OpenStreetMap in both browsers puts me in Abu Dhabi with no changing to my real location.

So I’d say that one should not assume that hiding the IP would also hide one’s location.

6 Likes

I think there is room in AP to adjust the warnings/settings.

For example, I use an always-on, block-all-traffic-if-not-working VPN at all times on my phone, so the warning that my real IP address is visible, while technically correct (in that the VPN provider knows it), in practical terms is overstating the risk. Switching to use anonymous IP sends traffic out via Tor, which might not play nice with a VPN, but I’ve not tested this systematically.

For Location, I always turn it OFF unless I actually need it during actual navigation, and deny access to all apps that I can deny it to, except Maps (and then only while using it). As a failsafe (in case of nosy browser queries) I set it to a fake location somewhere else in my city, which is also the city I choose for the VPN’s public-facing IP address. The reason is that Location can be determined from GPS or other network-based means, independent of IP-address based geolocation. I like to ensure these match up. I set Weather manually, including when travelling, so as to not require device-based geolocation, which is a potential leak.

Where I think AP really shines is in the tracker detection & blocking. By default, I deny all trackers. Since I only load apps that have no trackers found by Exodus Privacy, this provides a first line of defence. But even these apps can do call-outs using code not known to EP. For example, F-Droid has no known trackers according to EP, but AP shows three (have a look). Even DuckDuckGo, which shows none for EP, shows 33 according to AP (at least some of which will probably be due to the call-outs from web sites that are trying to be creepy). Lesson: use multiple levels of privacy, and be aware that there may be aspects of tracking that may elude the efforts of Exodus.

4 Likes