Possible to become a Mac user after a lifetime of PCs?
#61
Join Date: Jan 2015
Posts: 2,918
Exactly! I'm used to having complete control over everything and on this I just don't. For example No Root Firewall offers you a list of apps, system, preloaded and downloaded.
By default apps are blocked until you make a decision on them, see the first panel below. From that pending list (or from the full apps list) you can select individual apps and then allow them access to cellular, wifi or both. You can block individual IP addresses or a range for just that app or globally. See the second and third panels.
By default apps are blocked until you make a decision on them, see the first panel below. From that pending list (or from the full apps list) you can select individual apps and then allow them access to cellular, wifi or both. You can block individual IP addresses or a range for just that app or globally. See the second and third panels.
- It's not open source. This in and of itself isn't necessarily a bad thing, but linked to the next point, raises some questions...
- It's free. So what does the author have to gain? There is a bit of a credibility issue as well since it's "closed source". What is there to gain to maintain an app that could earn you a lot of unpaid work (and the abuses that come along with this)
- What data is it (potentially) gathering on you? As a chokepoint for inbound and outbound data, it has the potential to gather *A LOT* of information. App intelligence, user intelligence, etc. The specs on the app also raise suspicions... "varies with device"
- As a VPN, it could potentially redirect data without you knowing. If it includes an SPI module, it could easily redirect data under a given condition
- Information in the app store is suspicious... free email provider (created before gmail required phone verification).... free easy-to-host website... yes, there are over 5mil downloads, but just because it does what it says it does doesn't mean it doesn't do other things as well (say that five times fast)
Yup. I deny it all but the network connection and I kill the app when not using it (I use it to collect points and pre-order). Sure it can track me by IP address and where I pick up, but not when I am asleep or moving around. Haven't found it active otherwise, but it's something to keep in mind.
#62
FlyerTalk Evangelist
Join Date: Jun 2004
Location: LON, ACK, BOS..... (Not necessarily in that order)
Programs: **Mucci Diamond Hairbrush** - compared to that nothing else matters (+BA Bronze)
Posts: 15,136
Ok, so I wasn't about NRF, but now I have some concerns after doing some quick research about it. Apparently it creates a quasi-VPN interface to control the data. I had originally thought "ok, it's blocking stuff at the system level... not sure how it works without rooting, but sure". If it creates a VPN interface to manage the data, there are quite a few concerns, many that have been expressed in a couple of forums...
- It's not open source. This in and of itself isn't necessarily a bad thing, but linked to the next point, raises some questions...
- It's free. So what does the author have to gain? There is a bit of a credibility issue as well since it's "closed source". What is there to gain to maintain an app that could earn you a lot of unpaid work (and the abuses that come along with this)
- What data is it (potentially) gathering on you? As a chokepoint for inbound and outbound data, it has the potential to gather *A LOT* of information. App intelligence, user intelligence, etc. The specs on the app also raise suspicions... "varies with device"
- As a VPN, it could potentially redirect data without you knowing. If it includes an SPI module, it could easily redirect data under a given condition
- Information in the app store is suspicious... free email provider (created before gmail required phone verification).... free easy-to-host website... yes, there are over 5mil downloads, but just because it does what it says it does doesn't mean it doesn't do other things as well (say that five times fast)
Last edited by Jimmie76; Dec 29, 2021 at 6:24 pm
#63
Join Date: Jan 2015
Posts: 2,918
Actually the person who recommended it said they'd tested it before suggesting it to anyone else. They'd used it (on an old mobile) and their pi hole on a closed circuit wifi and blocking all outgoing traffic via the app. They said that the mobile they were using didn't have any outgoing network traffic when the app was running. They may have also said they'd taken the APK apart to check I can't remember. I might have a look at doing that one of these days. I also use it to block itself from connecting. That's not the only one of these apps by the way there are others such as Netguard etc.
As for the others, it depends on how they do things. If they raise red flags, then question them as well.
#64
FlyerTalk Evangelist
Join Date: Jun 2004
Location: LON, ACK, BOS..... (Not necessarily in that order)
Programs: **Mucci Diamond Hairbrush** - compared to that nothing else matters (+BA Bronze)
Posts: 15,136
Oh, I'm not saying it's not legit or it doesn't work as advertised. I'm just saying be skeptical due to x and y factors. One other thing... metadata doesn't necessarily have to be sent immediately. If it's been fingerprinted, then it can be sent at any given time. It doesn't take a lot of code to (for example) say wait until it detects the LTE modem activate before sending the data or at pre-determined intervals that might not easily be detected. I'm not trying to raise the paranoia level... just saying it's raised enough red flags for me to be concerned before using it.
As for the others, it depends on how they do things. If they raise red flags, then question them as well.
As for the others, it depends on how they do things. If they raise red flags, then question them as well.
#65
Join Date: Jan 2015
Posts: 2,918
Keep in mind, technically this applies to all apps, not just what you find for mac or windows or linux (or their mobile equivalents). Think about it this way. Earlier this year, password managers were under the spotlight as well. Most were called out as they were sending out metadata (granted they didn't breach passwords, but that's not necessarily the point). If you can ID the fingerprint of a specific user you are looking for, you can now track them... and this is likely happening with many of the world's governments right now (as well as some people who have the funds to do this).