forked from Narsil/hosts
Upload files to 'Google'
This commit is contained in:
parent
7372da87f1
commit
e4e045202a
284
Google/README.md
284
Google/README.md
|
@ -137,12 +137,13 @@ Similarly we will remove the Sim so that it does not take data in the configurat
|
|||
Remember also that most of the apps do not need internet. We can remove it manually in Settings/Applications demarcating both Wifi, mobile and background. If the use is going to be sporadic we will allow it momentarily and then remove it again.
|
||||
|
||||
|
||||
I will divide the guide into two sections, without and with root. The latter will be a bit more comprehensive and restrictive, but neither will have connections to Google or Qualcomm.
|
||||
I will divide the guide into two sections, with and without root.
|
||||
|
||||
|
||||
**-WITH ROOT**
|
||||
|
||||
For this purpose we will install/flash Magisk.
|
||||
|
||||
**-WITHOUT ROOT**
|
||||
|
||||
1.- Before installing/rooting/flashing we export our contacts in .vcf format and we will recover them later by importing the file from the Contacts application. If you want to synchronize later you can use, for example, DAVdroid in Nextcloud/Ownclowd. This file and our photos/videos we take them to the PC and vice versa, that is to say with the cable of all life. In the same way we download the apks of F-Droid, and the NetGuard firewall from the web of the aforementioned F-Droid store. We can place them on the microsd memory or on a USB OTG stick.
|
||||
|
||||
|
@ -155,35 +156,23 @@ In its options we will uncheck Automatic Date/Time.
|
|||
|
||||
|
||||
4.- The next step is to disable the captive portal mode. All Android phones send a ping to www.google.com to verify that the internet is working.
|
||||
We will do it through adb, whose minimum drivers for Windows can be downloaded here:
|
||||
|
||||
https://adb.clockworkmod.com/
|
||||
In Development Options we will enable the local Terminal/Shell. Once done we look for the new app in the application drawer, we open it and to have root access we type:
|
||||
|
||||
_su_
|
||||
|
||||
Or with the adb and fastboot packages on Linux distros.
|
||||
|
||||
The commands are as follows:
|
||||
|
||||
_adb shell_
|
||||
|
||||
_settings put global captive_portal_detection 0_
|
||||
Then we put:
|
||||
|
||||
_settings put global captive_portal_mode 0_
|
||||
|
||||
_reboot_
|
||||
And finally:
|
||||
_reboot_ (also in the terminal, because if we reboot manually it will be activated again)
|
||||
|
||||
|
||||
If we want to change it for another one because we need it to log in to public networks it would be like this:
|
||||
|
||||
_adb shell_
|
||||
However the captive portal mode is necessary to log in to public networks. If you need it, perform the previous steps changing the 0 for 1. Another option is to change the Google web for others like:
|
||||
|
||||
_settings put global captive_portal_https_url https://captiveportal.kuketz.de_ (German web)
|
||||
|
||||
or
|
||||
|
||||
_settings put global captive_portal_https_url https://e.foundation/net_204/_ (web of the creators of /e/ a de-Googled ROM)
|
||||
|
||||
_reboot_
|
||||
_settings put global captive_portal_https_url https://e.foundation/net_204/_ (web of the creators of /e/ a de-Googleized ROM)
|
||||
|
||||
|
||||
5.- If we have Android Pie we change the private DNS (In Settings/Networks and internet/Advanced) from automatic to No and save. In its previous state generated data consumption.
|
||||
|
@ -206,48 +195,58 @@ _Carrier Services (com.google.android.ims)_
|
|||
|
||||
|
||||
|
||||
7.- We install the firewall NetGuard. We will give access only to the apps that we are interested in even if it is in a momentary way so that it does not remain in the background sending data. Do not forget to allow the system application Updater.
|
||||
It is important to uncheck for updates by clicking on the 3 dots, Settings/Options/Check for updates.
|
||||
In the same way clicking in the 3 dots, Settings/Advanced options we will change the predetermined server www.google.com editing the content of "Validate in" for another one that we can make up, type wmm.ehfeyfefyuefyh.com.
|
||||
Now we are going to add some lists to block the NTP servers of Google (time.google.com and time.android.com) and those of Qualcomm (Izat, izatcloud.net) since in spite of blocking them in the firewall, disabling automatic date/time and using only the integrated GPS they will connect as soon as they get connection.
|
||||
7.-
|
||||
a) In this case we will now install the Afwall+ firewall.
|
||||
|
||||
|
||||
To do this we will go to the 3 dots as usual, Settings/Advanced Options and check Filter traffic. Make sure that "Block domain names" is also activated.
|
||||
Subsequently we will go to Settings/Security Copy and we will change manually writing the URL that appears for another one with the purpose of blocking these domains.
|
||||
Specifically the host that I have created for this purpose:
|
||||
https://git.nixnet.services/Narsil/hosts/raw/branch/master/Google/HostsGoogle
|
||||
And finally we can connect to the internet, by clicking on Download hosts file.
|
||||
|
||||
|
||||
The only "but" of this non-root configuration is the Multicast Listener Discovery that will make some local connections.
|
||||
|
||||
|
||||
However, and given that Netguard only supports one list and in Android we cannot have more than one virtual VPN (already used by Netguard), if we need 2 or more hosts lists we would have to replace the firewall with Adaway in non-root mode (see Section root, section 7b) or personalDNSfilter.
|
||||
We will give access only to the apps that we are interested in, even if only momentarily, removing it later if we do not want it to remain sucking data in the background. Let's not forget to allow the system application Update.
|
||||
However there is a "bug" in Android that produces another inevitable data leak for any Firewall. This occurs at system startup where the program is unable because it loads later, and the OS takes advantage to bypass the locks.
|
||||
In your experimental options there is one that controls this behavior. "To let us check the option, which by default will be grayed out, we must point out in the option immediately above "Startup directory path for script", the first one that appears /sbin/.core/img/.core/service.d. If this path does not appear we will choose instead the one that leaves us.
|
||||
On the other hand in its preferences, Rules/connectivity we will mark the compatibility with IPv6 to block the consumption of data due to the Multicast Listener Discovery.
|
||||
|
||||
|
||||
|
||||
8.- Once this step is done we can leave automatic date and time marked, since most of the sims update these values only with coverage and without internet (NITZ). Check, however, that it works with your company. If it doesn't, we can change the Google NTP server (time.android.com) for a different one via adb, like this:
|
||||
adb shell settings put global ntp_server addserverhere (https://www.ntppool.org/en/)
|
||||
It may be necessary to give permission in the firewall to these time servers (NTP).
|
||||
b) We will install AdAway. Now we can connect via wifi to put the lists below and update it. After this it is important to reboot manually. In this way the sending of data will be less in case we do not have a PiHole or similar.
|
||||
In Android 10 it will probably be necessary to check Enable systemless mode (if it is not checked) so that it does not give us an error when applying the hosts. In the same way we will check Enable ipv6.
|
||||
We will block Google servers (time.google.com and time.android.com) and Qualcomm servers (Izat, izatcloud.net) because despite blocking them in the firewall, disabling automatic date/time and using only the integrated GPS will connect as soon as they get connection.
|
||||
When starting the app we will choose the root mode and in its preferences we will look for "iPv4 Redirection" and we will put 0.0.0.0.0 instead of 127.0.0.1, although the latter is not essential.
|
||||
|
||||
To simplify, we add the host that I have created for this purpose (and it is that we can create our own having an account in GitLab)
|
||||
|
||||
Logically we will mark Block and we will choose URL in Type.
|
||||
|
||||
We leave blank, without choosing, "Apply redirected hosts".
|
||||
|
||||
|
||||
|
||||
8.- Idem. Or we can use the Terminal again like this.
|
||||
|
||||
_su_
|
||||
|
||||
_settings put global ntp_server europe.pool.ntp.org_
|
||||
(or whatever we want)
|
||||
|
||||
_reboot_
|
||||
|
||||
It may be necessary to give permission in the firewall to the above mentioned time servers (NTP).
|
||||
On the other hand, if you don't need this I strongly recommend changing it anyway in order to delete Google servers.
|
||||
This way; adb shell settings put global ntp_server about.blank
|
||||
This way; settings put global ntp_server about.blank
|
||||
|
||||
|
||||
9.- Next we install the F-Droid store. This will be our only store. We are going to avoid Aurora Store because it generates too many connections with Google, but you can install/uninstall later if you need any app.
|
||||
However, if you need Aurora keep in mind that one of the most popular trackers is a must for downloading (clients3.google.com) so I recommend removing the Antigoogle list if you want any app. Then put it back and that's it.
|
||||
|
||||
10.- About browsers
|
||||
|
||||
10.-
|
||||
a) Tor Browser. To search for information generally. Fundamental not to enter personal data, log us into websites, banks, etc..
|
||||
It is also essential not to touch their options and leave it as default or our fingerprint will be unique, ie, we will use it without add-ons, without configuring anything and half / fourth screen which is how it opens when we run it.
|
||||
|
||||
b) Mull/Fennec/Iceraven. Browsers: SearX, Whoogle
|
||||
b) Mull/Fennec/Iceraven. Search engines: SearX, Whoogle
|
||||
|
||||
To add them to the browser you have to go to Settings/search and add the search engine manually (Add search engine).
|
||||
|
||||
The reason why I have chosen those Firefox forks is because of its advanced about:config, unparalleled in Chromium derivatives.
|
||||
|
||||
https://github.com/fork-maintainers/...owser/releases
|
||||
https://github.com/fork-maintainers/iceraven-browser/releases/
|
||||
The other two are on F-Droid.
|
||||
The first one has an extensive list of addons available as it has a built-in Collection.
|
||||
If we want to have all of them available, even if some do not work, we will do the following:
|
||||
|
@ -309,11 +308,10 @@ To update the extensions it will be necessary to uninstall the old version and r
|
|||
|
||||
https://addons.mozilla.org/firefox/
|
||||
|
||||
Regarding these I recommend the following to minimize our fingerprinting:
|
||||
c) Addons
|
||||
|
||||
-uBlock Origin
|
||||
|
||||
-Chameleon
|
||||
|
||||
-(Optional on AMOLED screens)Dark Reader or Dark Background and Light Text
|
||||
|
||||
|
@ -332,102 +330,9 @@ Basically a copy of the configuration of our ublock origin (Backup to file).
|
|||
Then uninstall ublock. We go to the mozilla addons page and reinstall it. We enter ublock and click on Restore from the file we saved.
|
||||
|
||||
|
||||
|
||||
Chameleon. Chameleon is a very complete tool loaded with many options to reduce our digital footprint. What interests us most is the ability to generate a different fingerprint every x time, otherwise we will always have the same one.
|
||||
We will leave the real profile.
|
||||
In the Options section, Injection, only the screen size should be checked, choosing 1920x1080.
|
||||
The other options should be marked by the changes of the user.js so we will not touch anything else.
|
||||
If some web gives error, we go to the section of White list, we give to Open in white list and we add this page.
|
||||
|
||||
With this we have finished the antifingerprinting configuration of Iceraven/Fennec/Mull.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
**-WITH ROOT**
|
||||
|
||||
For this purpose we will install/flash Magisk. In settings we will check Systemless hosts and reboot.
|
||||
|
||||
|
||||
|
||||
1, 2 and 3.- Same as without root, but instead of downloading NetGuard we will change it for AfWall+ apks and add AdAway.
|
||||
|
||||
|
||||
|
||||
4.- It can be done in the same way or through the Android console.
|
||||
|
||||
|
||||
|
||||
In Development Options we will enable the local Terminal/Shell. Once done we look for the new app in the application drawer, we open it and to have root access we type:
|
||||
|
||||
_su_
|
||||
|
||||
Then we put:
|
||||
|
||||
_settings put global captive_portal_mode 0_
|
||||
|
||||
And finally:
|
||||
_reboot_ (also in the terminal, because if we reboot manually it will be activated again)
|
||||
|
||||
However the captive portal mode is necessary to log in to public networks. If you need it, perform the previous steps changing the 0 for 1. Another option is to change the Google web for others like:
|
||||
|
||||
_settings put global captive_portal_https_url https://captiveportal.kuketz.de_ (German web)
|
||||
|
||||
_settings put global captive_portal_https_url https://e.foundation/net_204/_ (web of the creators of /e/ a de-Googleized ROM)
|
||||
|
||||
|
||||
|
||||
5 and 6.- Idem.
|
||||
|
||||
|
||||
7.-
|
||||
a) In this case we will now install the Afwall+ firewall.
|
||||
|
||||
We will give access only to the apps that we are interested in, even if only momentarily, removing it later if we do not want it to remain sucking data in the background. Let's not forget to allow the system application Update.
|
||||
However there is a "bug" in Android that produces another inevitable data leak for any Firewall. This occurs at system startup where the program is unable because it loads later, and the OS takes advantage to bypass the locks.
|
||||
In your experimental options there is one that controls this behavior. "To let us check the option, which by default will be grayed out, we must point out in the option immediately above "Startup directory path for script", the first one that appears /sbin/.core/img/.core/service.d. If this path does not appear we will choose instead the one that leaves us.
|
||||
On the other hand in its preferences, Rules/connectivity we will mark the compatibility with IPv6 to block the consumption of data due to the Multicast Listener Discovery.
|
||||
|
||||
|
||||
|
||||
b) We will install AdAway. Now we can connect via wifi to put the lists below and update it. After this it is important to reboot manually. In this way the sending of data will be less in case we do not have a PiHole or similar.
|
||||
In Android 10 it will probably be necessary to check Enable systemless mode (if it is not checked) so that it does not give us an error when applying the hosts. In the same way we will check Enable ipv6.
|
||||
We will block Google servers (time.google.com and time.android.com) and Qualcomm servers (Izat, izatcloud.net) because despite blocking them in the firewall, disabling automatic date/time and using only the integrated GPS will connect as soon as they get connection.
|
||||
When starting the app we will choose the root mode and in its preferences we will look for "iPv4 Redirection" and we will put 0.0.0.0.0 instead of 127.0.0.1, although the latter is not essential.
|
||||
|
||||
To simplify, we add the host that I have created for this purpose (and it is that we can create our own having an account in GitLab)
|
||||
|
||||
Logically we will mark Block and we will choose URL in Type.
|
||||
|
||||
We leave blank, without choosing, "Apply redirected hosts".
|
||||
|
||||
Unfortunately AdAway treats certain Android connections as necessary and will not block them even if we put them in a host list. It must then have a kind of white list (in addition to the own one in the program).
|
||||
Because of this, it will not block "time.android.com" even if this domain is included in the previous lists as I said before.
|
||||
To do so, we will enter Blacklist, add time.android.com and click on Apply (internet connection required).
|
||||
That's it. It will no longer connect to that site.
|
||||
|
||||
If we use Fennec it could also appear "dynamicua.cdn.mozilla.net" and it would be advisable to add it in the same way.
|
||||
|
||||
|
||||
|
||||
8.- Idem. Or we can use the Terminal again like this.
|
||||
|
||||
_su_
|
||||
|
||||
_settings put global ntp_server europe.pool.ntp.org_
|
||||
(or whatever we want)
|
||||
|
||||
_reboot_
|
||||
|
||||
It may be necessary to give permission in the firewall to the above mentioned time servers (NTP).
|
||||
On the other hand, if you don't need this I strongly recommend changing it anyway in order to delete Google servers.
|
||||
This way; settings put global ntp_server about.blank
|
||||
|
||||
|
||||
9 and 10.- Idem.
|
||||
|
||||
|
||||
11.- App Manager (or even MyAndroidTools) and AppWarden.
|
||||
With the first ones we are going to freeze system apps and even suppress tracking permissions of apps, specifically those related to Google. These are boot (autostart), analytics, tracking, firebase and in general those that refer to Google. If the apps contain any of them, we will remove them. I recommend to do it in Services and/or receivers since in the others it could cause an erratic behavior of the app.
|
||||
|
||||
|
@ -450,12 +355,107 @@ However by removing certain trackers/loggers we could make the applications more
|
|||
|
||||
|
||||
|
||||
|
||||
**-WITHOUT ROOT**
|
||||
|
||||
1, 2 and 3.- Same as with root, but instead of downloading Afwall+ we will change it for Netguard apk.
|
||||
|
||||
|
||||
4.- It can be done through adb, whose minimum drivers for Windows can be downloaded here:
|
||||
|
||||
https://adb.clockworkmod.com/
|
||||
|
||||
|
||||
Or with the adb and fastboot packages on Linux distros.
|
||||
|
||||
The commands are as follows:
|
||||
|
||||
_adb shell_
|
||||
|
||||
_settings put global captive_portal_detection 0_
|
||||
|
||||
_settings put global captive_portal_mode 0_
|
||||
|
||||
_reboot_
|
||||
|
||||
|
||||
If we want to change it for another one because we need it to log in to public networks it would be like this:
|
||||
|
||||
_adb shell_
|
||||
|
||||
_settings put global captive_portal_https_url https://captiveportal.kuketz.de_ (German web)
|
||||
|
||||
or
|
||||
|
||||
_settings put global captive_portal_https_url https://e.foundation/net_204/_ (web of the creators of /e/ a de-Googled ROM)
|
||||
|
||||
_reboot_
|
||||
|
||||
|
||||
5 and 6.- Idem.
|
||||
|
||||
|
||||
|
||||
7.- We install the firewall NetGuard. We will give access only to the apps that we are interested in even if it is in a momentary way so that it does not remain in the background sending data. Do not forget to allow the system application Updater.
|
||||
It is important to uncheck for updates by clicking on the 3 dots, Settings/Options/Check for updates.
|
||||
In the same way clicking in the 3 dots, Settings/Advanced options we will change the predetermined server www.google.com editing the content of "Validate in" for another one that we can make up, type wmm.ehfeyfefyuefyh.com.
|
||||
Now we are going to add some lists to block the NTP servers of Google (time.google.com and time.android.com) and those of Qualcomm (Izat, izatcloud.net) since in spite of blocking them in the firewall, disabling automatic date/time and using only the integrated GPS they will connect as soon as they get connection.
|
||||
|
||||
|
||||
To do this we will go to the 3 dots as usual, Settings/Advanced Options and check Filter traffic. Make sure that "Block domain names" is also activated.
|
||||
Subsequently we will go to Settings/Security Copy and we will change manually writing the URL that appears for another one with the purpose of blocking these domains.
|
||||
Specifically the host that I have created for this purpose:
|
||||
https://git.nixnet.services/Narsil/hosts/raw/branch/master/Google/HostsGoogle
|
||||
And finally we can connect to the internet, by clicking on Download hosts file.
|
||||
|
||||
|
||||
The only "but" of this non-root configuration is the Multicast Listener Discovery that will make some local connections.
|
||||
|
||||
|
||||
However, and given that Netguard only supports one list and in Android we cannot have more than one virtual VPN (already used by Netguard), if we need 2 or more hosts lists we would have to replace the firewall with Adaway in non-root mode (see Section root, section 7b) or personalDNSfilter.
|
||||
|
||||
|
||||
|
||||
8.- Once this step is done we can leave automatic date and time marked, since most of the sims update these values only with coverage and without internet (NITZ). Check, however, that it works with your company. If it doesn't, we can change the Google NTP server (time.android.com) for a different one via adb, like this:
|
||||
adb shell settings put global ntp_server addserverhere (https://www.ntppool.org/en/)
|
||||
It may be necessary to give permission in the firewall to these time servers (NTP).
|
||||
On the other hand, if you don't need this I strongly recommend changing it anyway in order to delete Google servers.
|
||||
This way; adb shell settings put global ntp_server about.blank
|
||||
|
||||
|
||||
9.- Idem.
|
||||
|
||||
|
||||
10.- Browsers
|
||||
a) Tor Browser. To search for information generally. Fundamental not to enter personal data, log us into websites, banks, etc..
|
||||
It is also essential not to touch their options and leave it as default or our fingerprint will be unique, ie, we will use it without add-ons, without configuring anything and half / fourth screen which is how it opens when we run it.
|
||||
|
||||
b) Due to we have no root for applying a user.js we will force to use Mull: Search engines: SearX, Whoogle
|
||||
|
||||
To add them to the browser you have to go to Settings/search and add the search engine manually (Add search engine).
|
||||
|
||||
If we want to have all addons available, even if some do not work, we will do the following:
|
||||
We open Mull. Settings, on Mull, tap 5 times on the icon and the debugging mode will be enabled.
|
||||
Now in Settings we can choose a custom Addon Collection. We will add Iceraven Collection, whose 2 values are the following:
|
||||
16201230
|
||||
What-I-want-on-Fenix
|
||||
|
||||
If we need other more specific add-ons, we will have to create an account in Firefox, then a collection and then add the ones that interest us.
|
||||
https://support.mozilla.org/en-US/users/auth
|
||||
Once done, open a new tab in Collections since we are going to create one, as I said before, and there add the addons that we want to have available in the browser.
|
||||
https://addons.mozilla.org/en-US/firefox/collections/
|
||||
Well, what was said; we create one, we give it a name and we will point the following 2 data because we will need them later, the Firefox user ID and in the third value, URL, we will put something like 12345.
|
||||
Once done in the search bar we write the complements and we add them.
|
||||
When we finish we can leave.
|
||||
|
||||
c) Idem
|
||||
|
||||
|
||||
|
||||
|
||||
With this we have finished the initial configuration to avoid, as far as possible, spying on our system.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Common bugs
|
||||
|
||||
-Gps takes time to connect.
|
||||
|
|
Loading…
Reference in New Issue