Active Topics
-
Porting apps to Leste (32)
to Maemo 7 / Leste by Arno_11 - 3 days, 17 hrs ago -
[ANNOUNCE] CSSU-thumb thread - stable Thumb2 on N900 (2,264)
to Maemo 5 / Fremantle by panjgoori - 5 days, 11 hrs ago -
Full linux distros on Sailfish OS (254)
to SailfishOS by qoh - 6 days, 9 hrs ago - more...
jbscurtis |
2010-06-04
, 21:16
|
|
Posts: 36 |
Thanked: 9 times |
Joined on Apr 2010
@ Phoenix, Arizona
|
#171
|
Originally Posted by gwj
Yes it is. My T-Mob bill said the outgoing went to Denmark and the return came from Germany.
|
|
2010-06-04
, 22:29
|
|
Posts: 539 |
Thanked: 165 times |
Joined on Feb 2010
@ Berlin, Germany
|
#172
|
Originally Posted by pelago
I guess there are many more points they can chack out. Probably they are just comparing the ip adress of the client with a set of known mobile networks. In that case one should be able to get it with a laptop connected via the n900. Can anyone try that? Or try to get that file when connected via WLAN? I can test neither of them.
I've tried wget from a couple of different normal Linux desktops (not SDK), and I get a 403 forbidden. I don't know why wget from the N900 works. Strange, isn't it?
It's not really important but now I'm curious ...
I don't really know enough about deb packaging, but would it theoretically be possible to create a .deb that overwrote or deleted /etc/X11/Xsession.d/34cherry, /usr/bin/cherry, libcpcherry.so (the hildon-control-panel plugin) etc?
I guess maemo.org Extras won't host it, but it could be hosted elsewhere.
My aim is to find the most user-friendly way for people to avoid this.
|
|
2010-06-05
, 00:16
|
|
Posts: 116 |
Thanked: 156 times |
Joined on Sep 2009
@ North Yorkshire
|
#173
|
Originally Posted by pelago
This is just a wild, stab in the dark guess (I haven't checked). Are there client side certificates in use?
I've tried wget from a couple of different normal Linux desktops (not SDK), and I get a 403 forbidden. I don't know why wget from the N900 works. Strange, isn't it?
__________________
mSideShow
mSideShow
 |
|
2010-06-06
, 19:22
|
|
Posts: 2,121 |
Thanked: 1,540 times |
Joined on Mar 2008
@ Oxford, UK
|
#174
|
Originally Posted by x-lette
When I could wget it via the N900 this was via Wi-Fi behind a NATting router, so the exact same external IP as my Ubuntu desktop machine that couldn't wget the file, so it won't be an IP check for sure.
I guess there are many more points they can chack out. Probably they are just comparing the ip adress of the client with a set of known mobile networks. In that case one should be able to get it with a laptop connected via the n900. Can anyone try that? Or try to get that file when connected via WLAN? I can test neither of them.
It's not really important but now I'm curious ...
|
|
2010-06-06
, 19:37
|
|
Posts: 198 |
Thanked: 76 times |
Joined on Mar 2010
|
#175
|
a link like
is already unique, b/c nokia generates it individually for each device. it allows nokia to track your upgrades/installations frome their repository already -- meaning, there's no need for an sms to check if people upgrade to pr1.2 (and i don't think My Nokia was created for only that purpose).
since all inet access on the n900 is done through the system, there's no reason, why nokia should not hook in somewhere between your request and the network interfaces, doing some black magic with your request (would be interesting to see, what a network sniffer makes of the url).
after all
- nokia individualizes apt-lines to track your activity in their repository (since you can access those repos via web interface after accepting the tos, "password protection" is no explantion and unneccesary) [edit: username and password seem to be the very same for all devices, not individual. see below.]
- nokia sends sms w/o informing you what information is send, very often w/o even asking you and subscribes you to a service you have no information of
- the eula or terms of service are invalid since they need to be available _before_ you are installing something (that's why the ms windows eula is invalid, at least in germany, since it only pops up while installing, "unexpectedly" as the law calls it), they need to be easily read (not a small window with much scrolling), they need to be there at once, no "check this link for full version" allowed
Last edited by arne.anka; 2010-06-06 at 21:39.
Code:
https://qa9recEP:Pat2UGuP@downloads.maemo.nokia.com/
since all inet access on the n900 is done through the system, there's no reason, why nokia should not hook in somewhere between your request and the network interfaces, doing some black magic with your request (would be interesting to see, what a network sniffer makes of the url).
after all
- nokia individualizes apt-lines to track your activity in their repository (since you can access those repos via web interface after accepting the tos, "password protection" is no explantion and unneccesary) [edit: username and password seem to be the very same for all devices, not individual. see below.]
- nokia sends sms w/o informing you what information is send, very often w/o even asking you and subscribes you to a service you have no information of
- the eula or terms of service are invalid since they need to be available _before_ you are installing something (that's why the ms windows eula is invalid, at least in germany, since it only pops up while installing, "unexpectedly" as the law calls it), they need to be easily read (not a small window with much scrolling), they need to be there at once, no "check this link for full version" allowed
Last edited by arne.anka; 2010-06-06 at 21:39.
| The Following User Says Thank You to arne.anka For This Useful Post: | ||
|
|
2010-06-06
, 21:30
|
|
Posts: 2,121 |
Thanked: 1,540 times |
Joined on Mar 2008
@ Oxford, UK
|
#176
|
Originally Posted by arne.anka
Actually, I'm pretty sure all N900s use the same username and password. See thread http://talk.maemo.org/showthread.php?t=49021
a link like
is already unique, b/c nokia generates it individually for each device.Code:https://qa9recEP:Pat2UGuP@downloads.maemo.nokia.com/
|
|
2010-06-06
, 21:37
|
|
Posts: 198 |
Thanked: 76 times |
Joined on Mar 2010
|
#177
|
Originally Posted by pelago
interesting.
Actually, I'm pretty sure all N900s use the same username and password. See thread http://talk.maemo.org/showthread.php?t=49021
i was infering from the procedure when configuring sbox, where the apt-line apparently was generated with a unique key in it.
and more interesting: why a username/password at all? if we all share the same, how sensible is it to have username/password protection?
 |
|
2010-06-08
, 17:42
|
|
Posts: 2,050 |
Thanked: 1,425 times |
Joined on Dec 2009
@ Bucharest
|
#178
|
Originally Posted by arne.anka
Could be per device, to track future devices. Could be to separate test devices from the real ones by changing the user/pass without using a different link that might actually work.
interesting.
i was infering from the procedure when configuring sbox, where the apt-line apparently was generated with a unique key in it.
and more interesting: why a username/password at all? if we all share the same, how sensible is it to have username/password protection?
Besides, as each user has a separate access to repositories from Nokia (as per purchasing), activity is already tracked. My Stuff in the store knows what I installed.
But no number.
__________________
N900 dead and Nokia no longer replaces them. Thanks for all the fish.
Keep the forums clean: use "Thanks" button instead of the thank you post.
N900 dead and Nokia no longer replaces them. Thanks for all the fish.
Keep the forums clean: use "Thanks" button instead of the thank you post.
|
|
2010-06-09
, 09:43
|
|
Posts: 198 |
Thanked: 76 times |
Joined on Mar 2010
|
#179
|
Originally Posted by ndi
store and normal repositories are different.
Besides, as each user has a separate access to repositories from Nokia (as per purchasing), activity is already tracked. My Stuff in the store knows what I installed.
But no number.
at the store i am sure, they log my purchases (that's why i don't even dream of using the store), and i guess they somehow point that logging out to you.
being tracked when doing normal operation like updating or installing software through the repos is a) not made clear somewhere (some tos safely tucked away in the bowls of the os are not binding) and b) imo illegal at least in the eu.
| The Following User Says Thank You to arne.anka For This Useful Post: | ||
|
|
2010-06-09
, 10:05
|
|
Posts: 508 |
Thanked: 130 times |
Joined on Sep 2009
|
#180
|
When you flash to 1.2 with the flasher you dont get a warning. you just receive the sms. so it indeed is a privacy breach. and it indeed sends an sms with your number right to them.
I dont like it and i think if you sue nokia they are gonna loose this fight too! ou cant just send an sms from host without asking it first! thats ridiculous!
I dont like it and i think if you sue nokia they are gonna loose this fight too! ou cant just send an sms from host without asking it first! thats ridiculous!