SamSuka
The Hated One
The Hated One

patreon


Episode 081 - Infinite anonymity glitch

In this episode, I'll guide you step-by-step on how to create an infinite number of anonymous and secure Google accounts. 

Comments

Couldn’t get the “skip”

Richard G.

I got it on Pocketcast! YAY!!

How do I "paste" this podcast link to.. spotify? I tried it in the Search, but of course it doesn't work. Can I use it with spotify?

I don't know much more than that, unfortunately.

asterisk2

I was made aware of possible attacks on these salting and hashing techniques from breached/exposed databases. I am vague on the details so but if you know more feel free to add.

The Hated One

I think on Android, sensors can be disabled in developer mode but it's not available in stock. Fingerprinting can also be done by requesting app lists or fingerprinting user-specific configurations.

The Hated One

Yes, there has been a change in how keys are handled, but I haven't followed in depth so I don't the exact details. I've had this debate in my podcast with a research from privacyguides.org. https://www.patreon.com/posts/how-end-to-end-65507237

The Hated One

I don't know how... is that even an option on Patreon? I don't see it in when uploading. Sorry for being such a noob.

The Hated One

Lastly, there is also the concern that google owns the signing keys of applications. I haven't dug too deep into this, but I recall this was a controversy around 1 year ago: https://www.thetechherald.com/tech-news/google-is-asking-developers-to-hand-over-their-app-signing-keys-will-app-creators-lose-ability-to-sign-their-own-apps/

asterisk2

Another aspect to consider is the fingerprintability of devices. Device sensors can uniquely fingerprint them: consider for example, the level of battery wear, volume rocker position, gait recognition (through gyroscope), behavior fingerprinting (typing speed) etc. On grapheneOS these can be disabled with a permission, but not on other android ROMs. Even in Graphene, through side-channels I bet they can still fingerprint the devices, but I don't assume they go that far. We know these companies do fingerprinting on the web. So can we assume they don't do it on devices?

asterisk2

At around 26m10s you mention that we shouldn't use the same password as for other services as that could identify us. They probably send the password plaintext (through HTTPs) and hash it on the server. The password is not only hashed but hashed and salted. The "salt" is stored on the server's database and never leaves that. If the passwords were to be hashed and salted on the client, then password correlation wouldn't be a problem because same passwords with different salts would yield different hashes. Anyways, just a minor correction :)

asterisk2

Perfect. Thanks

Richard G.

Go to the Membership tab of THO's patreon, you can find an RSS feed link for any podcast player

David Love

Can you put closed captions on your episodes ???

This is why I only install apps in a different container with a gmail burner on GrapheneOS because though I’m using a throwaway gmail I don’t use it for anything else and I know I’m getting the apps directly from the google play store.

Urban Armed

It would be awesome if we could download and listen off line. Love what you are doing

Richard G.


More Creators