diff --git a/Google/README.md b/Google/README.md index 1d7b9fa..4a94d7c 100644 --- a/Google/README.md +++ b/Google/README.md @@ -6,12 +6,14 @@ The most effective way would be to flash a clean ROM like LineageOS without gapp Unfortunately many people do not have the possibility to do so (non-unlockable phones) However all is not lost for these terminals. It is possible to regain some of our privacy by disabling the aforementioned Services via ADB: + https://www.droidwin.com/remove-uninstall-bloatware-apps-from-android-via-adb-commands/ We will have to do the same even with the Play Store. Once we have crushed the Google applications we can download our apps, even the paid ones through the Aurora Store (by entering our Google account), which is available on F-Droid, another store where there are only open source apps. We will try whenever possible to choose our popular apps from there. Download from Aurora Store: + https://f-droid.org/en/packages/com.aurora.store/ However, the ideal would be to start with a ROM already clean of these programs, and the most popular, with more terminals available is undoubtedly LineageOS. @@ -28,17 +30,26 @@ time.android.com/time3.android.com. time.google.com -GPS servers. By default, Izatcloud. Even if GPS is disabled, it will automatically connect to the internet to download the Almanacs. + xtra1.gpsonextra.net + xtra2.gpsonextra.net + xtra3.gpsonextra.net + izatcloud.net + supl.google.com. + -Connection with stats.lineageos.org for statistical purposes. -When we open an app, Intent Filter Verification securization servers. By default: + play.googleapis.com + Amazon servers + This application can be disabled without consequence. There is virtually no information on the internet about this tool. Our main purpose will be that there will be no background or automatic connections of any kind every time we connect to the internet, be it to Google or anywhere else. @@ -50,30 +61,53 @@ The exception to all this would supposedly be Replicant, but it supports few dev To prevent the computer from making unwanted connections while we prepare the system is highly recommended (but not essential) a computer that provides us with wifi with PiHole, router with domain blocking integrated in its options or with openwrt (and adblock), or a mobile with AdAway sharing data. All of them must have these domains blocked: https://time.android.com + https://time1.android.com + https://time2.android.com + https://time3.android.com + https://time4.android.com + https://time.google.com + https://time1.google.com + https://time2.google.com + https://time3.google.com + https://time4.google.com + https://connectivitycheck.gstatic.com + https://xtra1.gpsonextra.net + https://xtra2.gpsonextra.net + https://xtra3.gpsonextra.net + https://izatcloud.net + https://gpsonextra.net + https://time.izatcloud.net + https://xtrapath1.izatcloud.net + https://xtrapath2.izatcloud.net + https://xtrapath3.izatcloud.net + https://gtpma1.izatcloud.net + https://play.googleapis.com + https://supl.google.com + To alleviate the Google spying we will follow the following steps highlighting not to connect to the Internet until it is specifically marked. Similarly we will remove the Sim so that it does not take data in the configuration process. @@ -93,19 +127,28 @@ In its options we will uncheck Automatic Date/Time. The next step is to disable the captive portal mode. All Android phones send a ping to www.google.com to verify that the internet is working. We will do it through adb, whose minimum drivers for Windows can be downloaded here: + https://adb.clockworkmod.com/ + Or with the adb and fastboot packages on Linux distros. The commands are as follows: + adb shell + adb shell settings put global captive_portal_detection 0 + adb shell settings put global captive_portal_mode 0 + adb shell reboot If we want to change it for another one because we need it to log in to public networks it would be like this: + adb shell + adb shell settings put global captive_portal_https_url https://captiveportal.kuketz.de (German web) -o +or adb shell settings put global captive_portal_https_url https://e.foundation/net_204/ (web of the creators of /e/ a de-Googled ROM) + reboot 5.- If we have Android Pie we change the private DNS (In Settings/Networks and internet/Advanced) from automatic to No and save. In its previous state generated data consumption. @@ -144,7 +187,9 @@ a) Tor Browser. To search for information generally. Fundamental not to enter pe It is also essential not to touch their options and leave it as default or our fingerprint will be unique, ie, we will use it without add-ons, without configuring anything and half / fourth screen which is how it opens when we run it. b) Iceraven browser (Fennec does not support all addons yet). Browsers: Qwant, SearX, Metager, Swisscows, runnaroo, etc. + https://github.com/fork-maintainers/...owser/releases + To add them to the browser you have to go to Settings/search and add the search engine manually (Add search engine). For example, for Qwant it would be like this: https://www.qwant.com/?q=%s @@ -173,6 +218,7 @@ Assuming that the TWRP is in English we do the following: We reboot and we can use the browser. Link to the user.js file: + https://git.nixnet.xyz/Narsil/mobile_user.js I recommend the first one. The less connections is so that it makes as few connections as possible and that implies that neither the addons are updated... *Important to do this before installing the addons or they can break. We will click in the icon that is more to the right, the one of the little arrow, and after .zip @@ -181,13 +227,19 @@ We will click in the icon that is more to the right, the one of the little arrow -And for the most scrupulous with the automatic connections, killing all connection by means of another host list: Mozilla To update the extensions it will be necessary to uninstall the old version and reinstall the new one. To check for actus we can perform this task once a month or so. We can also compare with the versions of Firefox for Pc. + https://addons.mozilla.org/firefox/ Regarding these I recommend the following to minimize our digital footprint: + -uBlock Origin + -LocalCDN (or Decentraleyes in Fennec) + -Cookie AutoDelete + -Chameleon + -(Optional on AMOLED screens)Dark Reader or Dark Background and Light Text uBlock Origin. If you want to avoid web crawling by Google we must block their domains with the aforementioned plugin. @@ -227,11 +279,15 @@ For this purpose we will install/flash Magisk. In settings we will check Systeml 4.- It can be done in the same way or through the Android console. In Development Options we will enable the local Terminal/Shell. Once done we look for the new app in the application drawer, we open it and to have root access we type: + su + Then we put: + settings put global captive_portal_mode 0 + And finally: -reboot (also in the terminal, because if we reboot manually it will be activated again). +reboot (also in the terminal, because if we reboot manually it will be activated again) However the captive portal mode is necessary to log in to public networks. If you need it, perform the previous steps changing the 0 for 1. Another option is to change the Google web for others like: settings put global captive_portal_https_url https://captiveportal.kuketz.de (German web) settings put global captive_portal_https_url https://e.foundation/net_204/ (web of the creators of /e/ a de-Googleized ROM) @@ -251,9 +307,10 @@ In Android 10 it will probably be necessary to check Enable systemless mode (if We will block Google servers (time.google.com and time.android.com) and Qualcomm servers (Izat, izatcloud.net) because despite blocking them in the firewall, disabling automatic date/time and using only the integrated GPS will connect as soon as they get connection. When starting the app we will choose the root mode and in its preferences we will look for "iPv4 Redirection" and we will put 0.0.0.0.0 instead of 127.0.0.1, although the latter is not essential. -To simplify, we add the host that I have created for this purpose (and it is that we can create our own having an account in GitLab): -HostsGoogle +To simplify, we add the host that I have created for this purpose (and it is that we can create our own having an account in GitLab) + Logically we will mark Block and we will choose URL in Type. + We leave blank, without choosing, "Apply redirected hosts". Unfortunately AdAway treats certain Android connections as necessary and will not block them even if we put them in a host list. It must then have a kind of white list (in addition to the own one in the program). @@ -263,9 +320,13 @@ That's it. It will no longer connect to that site. If we use Fennec it could also appear "dynamicua.cdn.mozilla.net" and it would be advisable to add it in the same way. 8.- Idem. Or we can use the Terminal again like this. + su + settings put global ntp_server europe.pool.ntp.org (or whatever we want) + reboot + It may be necessary to give permission in the firewall to the above mentioned time servers (NTP). 9 and 10.- Idem. @@ -279,7 +340,6 @@ Clicking on the applications we will give Disable to freeze and Force Stop to ki In the same way and for security reasons in old sims we will disable the system application "SIM Services". As before, Disable and Force Stop. If we are only interested in the trackers we can skip the above and look at AppWarden (root required) -AppWarden Download from XDA (is in the process of admission in F-Droid) When we run it and use it will ask for superuser permissions (Magisk) and access to use as above. We will give to allow in both cases. Once we run it we will give Scan now. When it finishes View Report and we will see a circle with the trackers and loggers (by default marking the trackers, but below the circle we can see the loggers by clicking on it) Clicking on the colored sections, which mark each tracker or logger will tell us the apps that contain it. We click on these apps and we give to Trackers and / or loggers and when it finishes the scan at the bottom will appear Components. Pressing it will let us uncheck the trackers and loggers. We will repeat these processes until we finish deactivating all the ones that it leaves us.