Episode 081 - Infinite anonymity glitch
Added 2022-11-25 15:53:01 +0000 UTCIn this episode, I'll guide you step-by-step on how to create an infinite number of anonymous and secure Google accounts.
Comments
Couldn’t get the “skip”
Richard G.
2022-12-11 22:22:11 +0000 UTCI got it on Pocketcast! YAY!!
2022-12-10 03:52:25 +0000 UTCHow do I "paste" this podcast link to.. spotify? I tried it in the Search, but of course it doesn't work. Can I use it with spotify?
2022-12-10 03:47:31 +0000 UTCI don't know much more than that, unfortunately.
asterisk2
2022-12-08 19:22:51 +0000 UTCI was made aware of possible attacks on these salting and hashing techniques from breached/exposed databases. I am vague on the details so but if you know more feel free to add.
The Hated One
2022-12-02 18:04:21 +0000 UTCI think on Android, sensors can be disabled in developer mode but it's not available in stock. Fingerprinting can also be done by requesting app lists or fingerprinting user-specific configurations.
The Hated One
2022-12-02 17:59:55 +0000 UTCYes, there has been a change in how keys are handled, but I haven't followed in depth so I don't the exact details. I've had this debate in my podcast with a research from privacyguides.org. https://www.patreon.com/posts/how-end-to-end-65507237
The Hated One
2022-12-02 17:57:49 +0000 UTCI don't know how... is that even an option on Patreon? I don't see it in when uploading. Sorry for being such a noob.
The Hated One
2022-12-02 17:51:57 +0000 UTCLastly, there is also the concern that google owns the signing keys of applications. I haven't dug too deep into this, but I recall this was a controversy around 1 year ago: https://www.thetechherald.com/tech-news/google-is-asking-developers-to-hand-over-their-app-signing-keys-will-app-creators-lose-ability-to-sign-their-own-apps/
asterisk2
2022-12-01 20:38:04 +0000 UTCAnother aspect to consider is the fingerprintability of devices. Device sensors can uniquely fingerprint them: consider for example, the level of battery wear, volume rocker position, gait recognition (through gyroscope), behavior fingerprinting (typing speed) etc. On grapheneOS these can be disabled with a permission, but not on other android ROMs. Even in Graphene, through side-channels I bet they can still fingerprint the devices, but I don't assume they go that far. We know these companies do fingerprinting on the web. So can we assume they don't do it on devices?
asterisk2
2022-12-01 19:37:43 +0000 UTCAt around 26m10s you mention that we shouldn't use the same password as for other services as that could identify us. They probably send the password plaintext (through HTTPs) and hash it on the server. The password is not only hashed but hashed and salted. The "salt" is stored on the server's database and never leaves that. If the passwords were to be hashed and salted on the client, then password correlation wouldn't be a problem because same passwords with different salts would yield different hashes. Anyways, just a minor correction :)
asterisk2
2022-12-01 18:59:11 +0000 UTCPerfect. Thanks
Richard G.
2022-11-26 01:16:08 +0000 UTCGo to the Membership tab of THO's patreon, you can find an RSS feed link for any podcast player
David Love
2022-11-26 00:22:58 +0000 UTCCan you put closed captions on your episodes ???
2022-11-25 17:57:04 +0000 UTCThis is why I only install apps in a different container with a gmail burner on GrapheneOS because though I’m using a throwaway gmail I don’t use it for anything else and I know I’m getting the apps directly from the google play store.
Urban Armed
2022-11-25 17:05:22 +0000 UTCIt would be awesome if we could download and listen off line. Love what you are doing
Richard G.
2022-11-25 16:08:05 +0000 UTC