Polyphonicwinter Blog

WhatsApp: The solution?

November 1, 2019

I previously wrote about my strong disliking of Facebook but revealed the “best” way round it. However times have changed and with the audio and broadcast industry defaulting to WhatsApp for communication so must I and this time... I'm almost on board.

UPDATE: Now I must preface by saying I do still have a work Facebook account but I rarely use it. When I do use it, I use the NEW official Tor browser app (Available on: Playstore/F-Droid (Preferred)) or the good ol' desktop Tor browser using Facebook's hidden site facebookcorewwwi.onion. I still recommend using my previous post if you NEED Facebook on your phone!

Also WhatsApp is created by Facebook, so not great but it does have some tasty features...

Features

End-To-End Encryption (e2e) WhatsApp uses Signal's end-to-end encryption algorithm [1]. We can't technically trust Facebook has implemented it correctly but if it has... that's a major Hell Yes!!
Web-view One thing that WhatsApp does that I wished other private messengers did is have a web app. It always asks for permission before accessing the WhatsApp account and allows you to move files from your PC through WhatsApp with ease. It also enables us Linux users to not worry about compatibility issues.You could suggest that this broadens the attack range for malicious actors using WhatsApp.
Doesn't connect to any other accounts WhatApp has been sold as a private messenger and so does not ask for annoying permissions and doesn't connect to other accounts. Nice!

HOWEVER

You can be as secure as you want your end but the issue then becomes the OTHER people in your chat. WhatsApp by default saves a copy of your encrypted messages to Google/Apple/Microsoft's backup service. Ughh! This can be kinda circumvented by...

Disabling backups NOT WhatsApp backups but whatever main backup service you use (presuming it's not a personal server or syncthing or you are using a custom ROM without Google services). This solves the issue for you but NOT for others. You can try (mostly in vain) to get others to do the same but even if you can't it's a step in the right direction.
Deleting your messages Again a pretty bad solution but hey it does work. Simply delete your messages after they've been seen BUT before WhatsApp does a backup. You will be notified that to delete for everyone NOT just you. Just Agree!
Encrypting This doesn't solve the problem with regular messages but for sending files it does. You can use a service like Firefox Send to send files up to 1 GB (2.5 GB if you have a Firefox account) or Tresorit Send with up to 5 GB or even OnionShare with an unlimited file size limit (works over Tor). These services all use end-to-end encryption (unlocked with a password), links expire after a chosen amount of time and much more. Of course you can use regular forms of file encryption like PGP or AES256. [2] But if you are, you probably have better solutions anyway and aren't using WhatsApp. ;)

Overall

WhatsApp is one of the 'best' commonly used messaging apps out there and if you can't use an alternative like Signal or Keybase. It's just a good idea in general to treat whatever you send or post like an open letter. DON'T post anything sensitive on it. It's probably overly paranoid to suggest that Facebook reads all your WhatsApp messages but hey! Also with the recent WhatsApp hacks and exploits [3], it never hurts to be safe!

Liam

[1] https://scontent.whatsapp.net/v/t61/68135620_760356657751682_6212997528851833559_n.pdf/WhatsApp-Security-Whitepaper.pdf?_nc_sid=41cc27&_nc_ohc=NBTA-txayNsAX-xbRaX&_nc_ht=scontent.whatsapp.net&oh=3cd37dbd496d40f6dadd0dd475454681&oe=5E62B5A5 [2] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf [3] https://www.theguardian.com/technology/2019/may/14/whatsapp-hack-have-i-been-affected-and-what-should-i-do

#Facebook #WhatsApp #Privacy #encryption #OnionShare #Tresorit #Firefox #Signal #e2e #Syncthing #PGP #AES256 #TorBrowser #Tor #LineageOS

Why Write.as?

November 1, 2019

Before using Write.as I used to used GitHub for blog posts. It was fine and added customisability this service does not. However I found myself never posting as it involved a lot of unnecessary steps. This is clean and simple. Perfect for my needs.

Markdown

Write.as uses markdown for formatting, which I am already familiar (should probably update my CV) and even if I wasn't I could use this handy cheat sheet. This allows me to very quickly create articles and even show code in a pleasing way.

In comparison I have to write... <h1>This is a Main Heading</h1> in HTML

Where's in markdown it's this # This is a Main Heading

OR FOR A LINK

<a href="https://polyphonicwinter.com">URL NAME</a>

[URL NAME](https://polyphonicwinter.com)

ALSO I CAN EVEN USE HTML IF I PREFER!

Hidden Service

It also has it's own hidden service (writeas7pm7rcdqg.onion) so I can access from anywhere using Tor and not have to worry much. In the past I have hosted my own #tor hidden site (and still do for polyphonicwinter.com, here it is: ~~test.onion~~ but it has come with drawbacks.[^1]

Self Hosting

As Write.as is a federated site and uses open source code, it is possible to be able to self host in the future. Which is preferable.

Viewer Count

Is as it sounds, I can tell when someone has opened this article. Which is nice cause I can tell if anyone is out there or I am in my own 'little internet void'. Either or.

Anyway it's not as big a cop out as you may first think. So please enjoy your stay and I hope you enjoy yourself and maybe learn something new.

Liam

[^1]: Annoyingly all the services I've tried don't support hidden services as URLs. Sorry.

Audio Issues with Linux

February 14, 2019

Unwanted Distortion

The SE215's from Shure are fantastic in ear monitors however like all things they break. Specifically the cable and after it broke. I ordered a replacement, however after I plugged them into my computer for testing I heard a horrible crackling. Damn dodgy cable! Well that's what I thought...

Testing

After testing a different set of headphones (Beyerdynamic DT770's) I quickly realised it was coming from the left channel but the crackling was following the same pattern as the audio file. I tested WAV files, MP3 and Vorbis OGG files. Same thing. Perhaps it's only that specific track or maybe it's the program I am running the file through? Nope! I tried VLC, Spotify and Rhythmbox. Same thing.

Hmm... Maybe it's not the cable and due to my first test I can tell it's not an issue with the left driver in my SE's. Maybe the solder is loose on the headphone jack port? Well I can test that by plugging in my external sound card/audio interface and then my phone, trying both headphones through that. The crackle has gone through the phone but I can still here it through the interface at a high volume.

Drivers

So now I know that it is coming from the laptop not just the port. It must be a software issue. Okay cool, that means I can fix it! Let's think I recently converted from Ubuntu to it's older brother Debian so it's probably whatever audio drivers are installed by default in Debian. Quick search. ALSA and PulseAudio.

ALSA

Is the backbone of the audio in Debian systems. By typing alsamixer into the terminal brings up a terminal “GUI” with a single audio meter but with a searching you are greeted with lot's of meters for: Master, Headphones, Speaker to name but a few. It also gives control of the sensitivity of the input as well (microphone). Alsamixer is very nice but missing a few features in my opinion.

PulseAudio

PulseAudio is what my laptop has defaulted to. It's basically the newer version of ALSA and is very user-friendly with a GUI and the ability to adjust individual programs volumes and routing.

After spending a little while playing with the settings it seems the problem is due to distortion rather than a “crackle”. By turning the audio down it goes away but I like listening loudly ;)

Fixed!

So what to do? By using either the PulseAudio mixer or alsamixer I can see that the headphones output is set to 100% but the main output is only 55%. Aha... So I am causing the headphone to be above 100% causing distortion. So a little more tweaking and the best setting appear to be Headphones set to 100% and Main set to 0 – 35%. These parameters provide enough room to crank it but very little to crackle.

After a little more searching this SOLVES the issue!

#Linux #Debian #Audio #AudioEngineering #ProblemSolving #ALSA #PulseAudio #Fixed

Facebook: Why I hate it!

November 7, 2018

NOTE: THIS POST IS NOW OUT OF DATE! Please refer to this one: WhatsApp: the solution?

I think I joined Facebook when I was 14 years old. I posted pictures of everything. From my friends, food, travel photo's to even some images of myself as a baby. I loved it! I was obsessed. Farmville. All day. Everyday. Constant invites to other games, funny memes, I had loads of friends and (from what I could see) everything was good in the world

Then I found out about the Snowden leaks. I was horrified, scared but above all angry. How could I have been so stupid?! You get nothing for free and yet I just blindly gave Facebook all my data. After reading maybe 3 articles/study's I was convinced that I HAD to delete Facebook. But even as I filled out the deletion page I felt a lump in my chest. Would my friends think I had abandoned them? I organised everything on this site, everyone did. The more I thought about this the worse and worse I felt about deleting my account. But luckily for me my hate for unnecessary hierarchy was more than a match for my guilt. DELETE.

In the coming days I was conflicted. I had lost so many friends from such a simple act. However it opened up a opportunity... how good a friends where they? Some people immediately just asked for a email address or a phone number so we could stay in touch. However most didn't blink an eye at it. My group of friends shrunk from 60 'online friends' to 5 really good friends, friends I'm still in touch with to this day.

It was definitely worth it.

I noticed my concentration improved, my grades went up and overall I felt better. The more I researched the treachery of Facebook and other internet giants the more I felt empowered about what I had done. I felt smart. Ahead of the curve. I started trying to convince other that their cyber footprint mattered, digital hygiene was huge and not to trust anything at face value. My interest in technology grew and I realised above all that I wanted to be an engineer. I didn't feel controlled, I felt free...

Which is why I am so confused about what I am doing. I'm seriously thinking about CREATING a Facebook account.

Why?

I hate Facebook!

I like feeling free!

Answer: The convenience of others.

Let me explain...

I am involved with a lot of group work at University and almost all of that group work is organised over Facebook. Group chats, Pages, you name it are all on Facebook. Now if someone let's me into their group they can no longer use those tools. They have to text, email or God forbid... call. This is “so much” hassle that no one wants to work with me. I have Twitter, Reddit, Signal, XMPP, email, phone numbers, Hell I'll even build my own chat application but NO Facebook. No one is particularly a dick about it they just sort of accept it and move on. Normally in these circumstances I would say fuck'em. We all have email and text. Create a group in that, Setup your phone so you get Uni email. Sorted. Right?

But in this case, wrong. If I can't work in a group then I will struggle to get good grades and at this point in my life that is vital. Vital enough to sacrifice my online freedom a bit?...

~~Probably, Yeah.~~ (UPDATE: NO!)

Okay if I'm gonna create a Facebook account lets do it as anonymously as possible. So question 1...

Torify

When you think of anonymity, one of the first things that comes to mind should be Tor. Nicely for us Facebook (ironically) has it's own Tor hidden service facebookcorewwwi.onion which is even certified by Digicert, so using this a must. On a PC/laptop we can access this with the brilliant Tor Browser Bundle. On a mobile device you can either use Orbot and Orfox combo for android (Available from both Google Play Store and F-droid) or either Red Onion or VPN + TOR Browser Private Web on an apple device (although the android is considerably better and has actually been verified by torproject).

UPDATE: The Tor Project has released it's own Tor Browser for Android (Available on: Playstore/F-Droid (Preferred)). Use that instead of Orbot and Orfox.

But...

What device am I going to use to access Facebook? Well I need it specifically for group pages and group chats, so it would be preferable to be on my phone. There's no point have it if I don't get notifications at decent speed. Let's look at some Android apps.

Application Choices

Regular Facebook app The app that most people are talking about when they say Facebook. It allows me to use Facebook messenger for group chats and also access Facebook pages. However it is a big application and I would prefer to work with the minimal amount of scripts as possible to avoid as many Facebook trackers as possible. On the subject of trackers unlike if we ran Facebook though a browser we can't use plug-ins to control what it can and can't see and do. Because of this I don't want to use this option.
Facebook messenger (FML) A sleek alternative to the regular Facebook app you can simply sign up with a phone number and we are golden. We CAN route it through Tor (all though not natively) and we can get the LITE version, which is only 9 MB and has less bloat. It even tests (at the time of posting) clean with Exodus!

UPDATE: It NO LONGER reads clean!

SlimSocial Is a Facebook wrapper, meaning it runs in it's own browser so as not to gather data from my normal browsing. Nice! It has the ability to receive messages and I can see a nice slimed down version of the timeline. Group chats work! Looks like we have a winner

Hmm...

So SlimSocial should be our winner but after testing for a few weeks. Sadly it isn't meant to be. At the time of posting it has major flaws in consistency in receiving and notifying me of messages and updates. I tried multiple wrappers and apps from F-droid (Frost, Tinfoil for Facebook, Faceslim) to no avail. So what to do but claim the winner as...

Facebook Messenger Lite!

Okay so route FML through Tor (Orbot) and access the main page/s with Tor Browser Bundle and ~~Orfox~~ Tor Browser for Android!

WAIT!

We are not done yet! Unlike the wrappers from Lite still collects data from our device and asks for all sorts of permissions I don't want to give. Damn! If only there was a application that isolated 'big brother' apps...

Enter SHELTER!

Isolate

Shelter is an open source version of Island by OsasisFeng and “leverages the “Work Profile” feature of Android to provide an isolated space that you can install or clone apps into.”[1] Awesome we can simply install Shelter, install FML into our Shelter profile and we are good to go.

UPDATE: It is important to install Orbot or a VPN in the Shelter profile as well. Set it to 'Connected, Always-on active'. You will be running two VPN's at once. It will eat you battery life, but the privacy is worth it!

Closing remarks

Hopefully you can replicate these steps and have at least a 'slightly' more private time using the parasite that is Facebook. Enjoy!

Liam

[1] https://f-droid.org/en/packages/net.typeblog.shelter/

#Facebook #Privacy #ProblemSolving #Tor #TorProject #Shelter