5763
Libreware Software Library 📡 t.me/Libreware ★ Send us your suggestions and menaces here: https://t.me/joinchat/nMOOE4YJPDFhZjZk
A post from the developer of #WireGuard on the severe #security flaws and lack of trustworthiness of #FDroid:
https://bsky.app/profile/grapheneos.org/post/3lgq7wqwzpk26
The Bluesky link has GrapheneOS posts explaining
https://gitlab.com/fdroid/fdroiddata/-/issues/3110#note_1613430404
Stuff here but not to the point like the Bluesky link
https://discuss.grapheneos.org/d/18731-f-droid-vulnerability-allows-bypassing-certificate-pinning/
🚨 Your Android is watching you!
Google has silently installed Android System SafetyCore on your phone without permission, and uninstalling it won’t stop it because it reinstalls automatically.
The only way to stop it is to disable it, preventing Google Play from reinstalling or updating it without your consent.🔍 Why Does This Matter?
It may be scanning all your media files.
Uninstalling is useless.
No transparency from Google.
🔒 How to disable it?ㅤㅤㅤㅤㅤㅤ⭐ Non-Root
🌌 Windows Command Prompt:adb shell pm disable-user --user 0 com.google.android.safetycore
🔟 Windows PowerShell:.\adb shell pm disable-user --user 0 com.google.android.safetycore
🐧 Mac/Linux Terminal:./adb shell pm disable-user --user 0 com.google.android.safetycore
ㅤㅤㅤㅤㅤㅤㅤㅤ🎭 Root
su -c pm disable com.google.android.safetycoreSmartTube
Advanced player for set-top boxes and tvs running Android OS
Features
No Ads
Designed for TV screens
Up to 8K video resolution
Login into your account
Cast from the phone
Support tv box remote controller
Support external software keyboard
Support devices without Google Services
Open source
https://smarttubeapp.github.io
https://github.com/yuliskov/SmartTube
https://github.com/yuliskov/SmartTube/releases
WARNING NOT FULLY OPEN SOURCE
There are at least 5 proprietary libraries in the app.
https://github.com/yuliskov/SmartTube/issues/471
* Crashlytics (/com/crashlytics): Tracking
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeDep
* Firebase (/com/google/firebase): NonFreeNet,NonFreeDep
* Firebase Analytics (/com/google/firebase/analytics): Tracking
IzzySoft:
The 5 offenders are not permitted at F-Droid (and before you ask: I wouldn't take it into my repo either unless at least Crashlytics and Firebase Analytics are removed; 5 non-free libraries is a bit much for free/libre software).
#video #yt #androidtv
kitty
The fast, feature-rich, GPU based #terminal emulator
Uses GPU and SIMD vector CPU instructions for best in class
Uses threaded rendering for absolutely minimal latency
Performance tradeoffs can be tuned
Capable Scriptable Composable Cross-platform Innovative
To get started see Quickstart.
https://sw.kovidgoyal.net/kitty/
#Systemd Adding The Ability to Boot Directly Into A Disk Image Downloaded Via HTTP
https://www.phoronix.com/news/systemd-disk-image-boot-HTTP
#Linux #backdoor
Warning for #Android gapps traitors:
Uninstall the application: Android System SafetyCore, which has been automatically installed on most devices. It is used by Google to scan your data, just like Apple has been doing on iOS, but you have the choice to uninstall it. If you don't have it yet, watch out for it being installed silently over the next few days!
https://play.google.com/store/apps/details?id=com.google.android.safetycore
Be careful on GrapheneOS too if you have Google services installed.
While GrapheneOS will stop it from auto installing, it can nag you about installing it. And it won't tell you what it really is. Nor will most online resources.
Sandboxed Google Play compatibility layer: stop Play Store from attempting to auto-install some system component packages, such as "Android System SafetyCore" (com.google.android.safetycore) and "Android System Key Verifier" (com.google.android.contactkeys)
The phone is asking me to install this app, anyone knows information about if its truly need it or not? Im with the Google Play Services sandbox install
Here are some links about #systemd #alternatives for #Linux in no particular order.
Which are your favorite alternatives and distros?
https://suckless.org/sucks/systemd/
https://unixsheikh.com/articles/the-real-motivation-behind-systemd.html
https://sysdfree.wordpress.com/
https://nosystemd.org/
https://skarnet.org/software/systemd.html
https://the-world-after-systemd.ungleich.ch/
https://ewontfix.com/14/
https://forums.debian.net/viewtopic.php?t=120652
https://www.devuan.org/os/announce/
https://www.devuan.org/os/init-freedom
https://thehackernews.com/2019/01/linux-systemd-exploit.html
https://judecnelson.blogspot.com/2014/09/systemd-biggest-fallacies.html
https://chiefio.wordpress.com/2016/05/18/systemd-it-keeps-getting-worse/
https://systemd-free.artixlinux.org/why.php
Some more added here too: https://start.me/p/Kg8keE/priv-sec
#systemd #Linux
#systemd is a highly complex #Linux #backdoor
https://skarnet.org/software/s6-rc/why.html
IronFox Privacy and security-oriented Firefox-based web browser for Android. https://ironfoxoss.org/ releases new update.
Updated to Firefox 135.0
Updated to Phoenix 2025.02.01.1 - (See changes from the last release of IronFox)
uBlock Origin is now installed by default!
Added a toggle that allow users to spoof their locale to en-US (located under Settings -> Language) for additional fingerprinting protection (using patches from Tor Browser). Users fluent in English are highly recommended to enable this setting.
JavaScript & XFA are now disabled in Firefox's PDF Viewer (PDF.js)
Enabled support for Firefox's tab strip feature on compatible devices - #27
Other minor tweaks & fixes.
https://gitlab.com/ironfox-oss/IronFox/-/releases
DisableGoogleAnalytics
https://gitlab.com/adrian.m.miller/disablegoogleanalytics
Attempts To Disable Common Google Analytics And Ads Receivers In All Affected Packages
What it does/How it works:
On 1st run after rebooting after install the module is assuming you want it to disable the listed analytics and ad receivers, so it will:
Wait till boot is completed
Then sleep for 2 minutes
Then test that cpu usage is under 30% before running
It will then disable the analytics and ad receivers as listed below, and log its progress to /sdcard/fixgoogleanalytics.log
Common Analytics And Ad Recievers:
com.google.android.gms.analytics.AnalyticsJobService com.google.android.gms.analytics.CampaignTrackingService com.google.android.gms.measurement.AppMeasurementService com.google.android.gms.measurement.AppMeasurementJobService com.google.android.gms.analytics.AnalyticsReceiver com.google.android.gms.analytics.CampaignTrackingReceiver com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver com.google.android.gms.measurement.AppMeasurementReceiver com.google.android.gms.measurement.AppMeasurementContentProvider com.crashlytics.android.CrashlyticsInitProvider com.google.android.gms.ads.AdActivity com.google.firebase.iid.FirebaseInstanceIdService
Once complete the service.sh script will delete itself
Once that happens any further interaction is purely via the included dga script as a binary in /system/(x)bin
dga takes 2 arguments, disable or enable, though i doubt too many will be looking to enable analytics and ad receivers, unless the disabling has unwanted effects on their system, which is high time to include the usual disclaimer that you run this at your own risk and not even dga enable is garaunteed to undo the changes
Module Installation:
Download from Releases
Install the module via #Magisk app/Fox Magisk Module Manager/MRepo
Reboot
Usage:
After first run optmization has completed, any further interaction is purely via the included dga script as a binary
in /system/(x)bin:
dga takes 2 arguments, disable or enable, though i doubt too many will be looking to enable
analytics and ad receivers, unless the disabling has unwanted effects on their system, which
is high time to include the usual disclaimer that you run this at your own risk and not even
dga enable is garaunteed to undo the changes
Uninstall Note: Uninstalling the module will not reverse the changes, if your intention is to uninstall the module and re-enable the
analytics and ad receivers, please run dga enable first
Run DeepSeek R1 #AI locally on #Linux with our guide.
https://itsfoss.com/install-deepseek-r1-locally-linux/
the 1.5b model is not that useful, check the other variants here: https://ollama.com/library/deepseek-r1/tags
Up to 14b is recommended for most home computers: https://ollama.com/library/deepseek-r1
@itsfoss_official
#Linux devices have a unique identifier called machine-id. Here is how to change it.
Posted on February 24, 2021
What is a machine-id, and why should you randomize it? From the machine-id man pages, it is defined as:
This ID uniquely identifies the host. It should be considered “confidential”, and must not be exposed in untrusted environments, in particular on the network. If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be used directly.
https://www.man7.org/linux/man-pages/man5/machine-id.5.html
cat /etc/machine-id a9976154f0084a3782892638656ad9fd me@virtbox-testing:~$ cat /etc/machine-id a9976154f0084a3782892638656ad9fd me@virtbox-testing:~$ cat /var/lib/dbus/machine-id a9976154f0084a3782892638656ad9fd sudo rm /etc/machine-id sudo systemd-machine-id-setup cat /etc/machine-id && cat /var/lib/dbus/machine-id me@virtbox-testing:~$ cat /etc/machine-id && cat /var/lib/dbus/machine-id a78badce3e73beced163bbef7e55232a a78badce3e73beced163bbef7e55232a sudo crontab -e */1 * * * * sudo rm /etc/machine-id && sudo systemd-machine-id-setup cat /etc/machine-id && cat /var/lib/dbus/machine-id
#Android #web #browsers
Ungoogled Chromium (forked from cromite) with Bromite patches and additional codecs
https://github.com/macchrome/droidchrome/releases
https://chromium.woolyss.com/#android
Cromite is another example of ungoogled chromium without the extra codecs from the above link, but cromite includes more patches as noted at github.
https://github.com/uazo/cromite
Fdroid repo https://www.cromite.org/fdroid/repo?fingerprint=49f37e74dee483dca2b991334fb5a0200787430d0b5f9a783dd5f13695e9517b
For an Android Firefox based browser, use IronFox
https://gitlab.com/ironfox-oss/IronFox/-/releases
Fdroid repo https://fdroid.ironfoxoss.org/fdroid/repo?fingerprint=c5e291b5a571f9c8cd9a9799c2c94e02ec9703948893f2ca756d67b94204f904
These can be added to Obtainium to download the latest release when they are available
https://github.com/ImranR98/Obtainium
IronFox
IronFox is a fork of DivestOS's Mull Browser based on #Firefox that has been discontinued. Our goal is to continue the legacy of #Mull to provide a secure, hardened and privacy-oriented #browser for daily use.
And add the release link to Obtainium: https://gitlab.com/ironfox-oss/IronFox/-/releases
Don't forget to use extensions uBlock Origin and Libredirect only. Adding more extensions will cause fingerprinting and most are false security.
- uBlock Origin
-- add the ai blocklist to uBO
- LibRedirect
-- setup all the sites you want to redirect to and choose your mirrors for them.
Set your default search to 4get
(Captcha) https://4get.ca/web?s=%s
(No captcha) https://4get.ch/web?s=%s
Finally, go through all the ironfox settings and set them how you would prefer them.
Read the gitlab page. Specifically...
Known Issues
Please see the list of known issues and workarounds before opening an issue!
Issues inherited from Mull that still apply to IronFox *(contents adapted from DivestOS's website)*
microG GMSCore v0.3.6.244735 has been released on 2024-12-23.
UPDATE HIGHLIGHTS:
This is a feature and bugfix/compatibility update. There is at least one report of a new issue with this release.
If you have critical reliance on your device you may want to wait a week or two until more user reports are in before updating to this. (UNLESS you are still on 0.2.27 for UNLP reasons. Scroll to the bottom of this doc for more info before installing.)
New Features Overview
Initial Support for Play Integrity
If you need this, you probably already know what it is. We doubt this is going to be some magic solution as Google is always targeting to block custom ROM users with this tool, but it may improve compatibility for some users. Let us know how it works for you.
Add support in the Self-Check Page to show compatibility with Google’s new app signing regime
Google recently broke compatibility with Google Apps and future apps downloaded from Google Play by changing their app signing scheme.
This requires a change in your app signature spoofing solution, either inside your ROM or in an external add-on. This change will show you if your ROM or signature spoofing solution has updated to support this Google change.
Other improvements
Improve Google Play Games compatibility, general compatibility improvements, various bugfixes, language translation updates.
For a full changelog, see the links below.
Github release page
Includes release notes overview
https://github.com/microg/GmsCore/releases/tag/v0.3.6.244735
DETAILED changelogs with code commits:
0.3.5 —> 0.3.6
https://github.com/microg/GmsCore/compare/v0.3.5.240913...v0.3.6.244735
========
UPDATING:
* This has been flagged as a PREVIEW release on the microG website and F-droid repo.
Since this is a “Preview” release, it will NOT be suggested to you as a new update unless you have your client configured to offer "unstable” software versions, or select the new version manually in the “Versions” dropdown at the bottom of the app page on F-droid.
The most straightforward way to update the microG core module for most people is by using the F-droid client, with the special microG F-droid repo added. (See our “f-droid-repo” group note here)
You can also update microG on an existing installation by downloading the new APK from the official microG Github download page or website, and install it like any other standalone APK.
REMEMBER THAT THERE ARE TWO MAIN MICROG COMPONENTS: GmsCore and microG Companion. Always update both together, and ensure the version numbers match.
If you use a ROM which bundles microG and the above update methods do not work, you may have to wait for your ROM to update to the new microG version. Ask your ROM developer.
For new installs, the 3rd-party installer bundles will be updated as per each developer's workflow.
https://support.google.com/product-documentation/answer/16001929
https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html
Android System SafetyCore (com.google.android.safetycore) provides common infrastructure that apps can use to protect users from unwanted content. The classification of content runs exclusively on your device and the results aren’t shared with Google.
As a system service, SafetyCore is only active when an application integrates with SafetyCore and specifically requests content to be classified. SafetyCore performs the classification on the device itself and doesn’t send identifiable data or any of the classified content or results to Google servers
For now there is no app that uses it. In future any app can use it to avoid setting up his system not on device.
Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and then prompts with a “speed bump” that contains help-finding resources and options, including to view the content.
Also only if you have play store it get installed automatically so is only for people that already trust google and have no problem using it. So far only know use will be an option to keep NSFW images distorted instead of automatically being displayed in messages app, if if the user don't want it can disable the option or change message app.
There is similar feat on TG too, some images are blurred before being manually shown.
GOS team stated they analized it and found out it does nothing more than what is described, for now (local scan, no data sent...).
Also on their sandboxes play services the auto-installation is blocked so is up to the user to choose what to do with it.
Another solution:
Uninstall the app and then install this placeholder app
https://github.com/daboynb/Safetycore-placeholder
ReVanced
https://revanced.app
Download
https://github.com/ReVanced/revanced-manager/releases
ReVanced Documentation
https://github.com/ReVanced/revanced-documentation
Patches
https://revanced.app/patches
https://github.com/revanced
/channel/app_revanced
#revanced #vanced #video #yt #android
Payload-Dumper-Android
A Powerful #OTA Extractor App for #Android
You can extract images (boot, vendor_boot...) from a OTA.zip without a PC, directly on Android, without root access.
https://github.com/rajmani7584/Payload-Dumper-Android
Download
https://github.com/rajmani7584/Payload-Dumper-Android/releases/
Krita
Free and open source digital painting application. It is for artists who want to create professional work from start to end. Krita is used by comic book artists, illustrators, concept artists, matte and texture painters and in the digital VFX industry.
https://krita.org
https://invent.kde.org/graphics/krita
Download
https://cdn.kde.org/ci-builds/graphics/krita/
#image #editor #paint
The functionality provided by Google's new Android System SafetyCore app available through the Play Store is covered here:
https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html
Neither this app or the Google Messages app using it are part of GrapheneOS and neither will be, but GrapheneOS users can choose to install and use both. Google Messages still works without the new app.
The app doesn't provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.
It's unfortunate that it's not open source and released as part of the Android Open Source Project and the models also aren't open let alone open source. It won't be available to GrapheneOS users unless they go out of the way to install it.
We'd have no problem with having local neural network features for users, but they'd have to be open source. We wouldn't want anything saving state by default. It'd have to be open source to be included as a feature in GrapheneOS though, and none of it has been so it's not included.
Google Messages uses this new app to classify messages as spam, malware, nudity, etc. Nudity detection is an optional feature which blurs media detected as having nudity and makes accessing it require going through a dialog.
Apps have been able to ship local AI models to do classification forever. Most apps do it remotely by sharing content with their servers. Many apps have already have client or server side detection of spam, malware, scams, nudity, etc.
Classifying things like this is not the same as trying to detect illegal content and reporting it to a service. That would greatly violate people's privacy in multiple ways and false positives would still exist. It's not what this is and it's not usable for it.
GrapheneOS has all the standard hardware acceleration support for neural networks but we don't have anything using it. All of the features they've used it for in the Pixel OS are in closed source Google apps. A lot is Pixel exclusive. The features work if people install the apps.
https://xcancel.com/GrapheneOS/status/1888280836426084502
USB #WiFi Adapter Information for #Linux
https://github.com/morrownr/USB-WiFi
Lennart Poettering intends to replace "sudo" with #systemd's run0. Here's a quick PoC to demonstrate root permission hijacking by exploiting the fact "systemd-run" (the basis of uid0/run0, the sudo replacer) creates a user owned pty for communication with the new "root" process.
This isn't the only bug of course, it's not possible on Linux to read the environment of a root owned process but as systemd creates a service in the system slice, you can query D-BUS and learn sensitive information passed to the process env, such as API keys or other secrets.
https://fixupx.com/hackerfantastic/status/1785495587514638559
Nitter mirror: https://xcancel.com/hackerfantastic/status/1785495587514638559
Net Switch: Isolate Apps from Internet Access
Net Switch is a Magisk module to isolate apps from accessing the internet on your Android device. This tool gives you complete control over which apps can send or receive data, improving security, privacy, and saving bandwidth.
Fully standalone, Operates fully on iptables.
More info :https://github.com/Rem01Gaming/net-switch
#magisk #firewall #privacy #afwallalterernative
Tiling Shell
Advanced Window Management for #Linux #gnome desktops
https://extensions.gnome.org/extension/7065/tiling-shell
A GNOME extension for advanced window management. It's highly configurable and offers different ways of tiling and managing your windows. The focus is on delivering the best user experience, highest stability, and full customization.
It also works with multiple monitors (even if they use different scaling), comes with a number of tiling layouts built-in but there is a layout editor to allow you to create and save customs layouts.
Tiling Shell also features the Snap Assistant, borrowed from Windows 11: just move a window to the top with your mouse and the Snap Assistant slides in and you can place the window where you want and how you want.
* Automatic tiling
* Fully customizable keyboard shortcuts to tile, move windows, change focus and more
* You can also move the window to the edge of the screen to tile it
* Right click on the window title to place the window where you want and how you want it
* Coming soon this week, Windows Suggestions: after tiling a window you get suggestions for other windows to fill the remaining tiles
...
There are other features https://github.com/domferr/tilingshell
Tiling Shell supports GNOME Shell 40 to 47 on X11 and Wayland.
Cherry Studio
Cherry Studio is a desktop client for Windows, Mac and Linux, which supports many LLM providers, including large cloud services and local models.
Among its main functions is the ability to work with more than 300 pre -designed #AI assistants, the creation of custom assistants, as well as support for various formats of documents, including text, images and office files.
The application offers tools for global search, top management and translating, which significantly improves interaction with the user thanks to the cross -platform and many settings options.
https://github.com/cherryhq/cherry-studio
You’ll see that the command, when ran a minute or more apart, will produce new values now.me@virtbox-testing:~$ cat /etc/machine-id && cat /var/lib/dbus/machine-id b722903d87994e24b6378289262c3021 b722903d87994e24b6378289262c3021 me@virtbox-testing:~$ cat /etc/machine-id && cat /var/lib/dbus/machine-id 4352c41ad7fb4a05a54b0942c5c27cb0 4352c41ad7fb4a05a54b0942c5c27cb0
In closing
Uniquely identifying ID’s are rarely a good thing when you take privacy into consideration, and although these items have their purpose in limited use cases it doesn’t appear that generating a new unique ID every minute has any downsides.
What do you think? Is this a pointless privacy practice or a needed, but often overlooked part in maintaining privacy in the modern age? Let us know in the comments below.
Additional Thoughts
After publishing this article, we received some feedback that I’d like to touch base on here.
Testing the high privacy, pro-anonymity Tails-OS shows that you receive a new machine-id after every reboot. Props to Tails-OS!
Testing the privacy and anonymity promoting Whonix-OS shows that they do not issue a new machine-ID after every reboot.
A commenter on a [RAMBLE] post mentions that MXLinux does not use systemd, and thus does not use a machine-id.
Here is a list of Linux operating systems that do not use systemd. (And will not have a machine-id)
Yes, there are other uniquely identifying aspects on all systems. From device serial numbers to MAC addresses. The purpose of this post was to discuss a lesser discussed unique identifer: machine-id.
https://archive.is/0OLMG
how to change #linux machine-id
Changelog : v4.6.4 (65)
• Fixed issues with shared library installation for apps like Chrome and WebView
• Support for login into personal account using microG
• Fixed an issue with auth verification
• Translation updates; Additional strings localized
Google Apps update
If you're having problems with various Google Apps not working properly starting within the last 2 weeks or so, check this out:
Google recently changed the method used to create app signatures on all Google Apps, and will be rolling these changes out to ALL apps distributed via Google Play starting next year.
This requires all app signature spoofing methods (either embedded within your ROM or used as an external patch) to be updated to continue to support apps distributed via Google Play on a device running microG.
The Github comment linked below contains a list of which ROMs and signature spoofing patches have imported the changes necessary to support the new Google Play app signing mechanism.
We advise you to NOT do any updates of apps sourced from Google Play - especially paid apps or any app that does license-checking - until you have these fixes applied on your devices or those apps may stop working!
(I do not know if the linked post will be continuously updated to reflect news about other ROMs etc but it is correct as of the time of posting. Most ROMs based on LOS should get these patches eventually. Please check with your ROM maintainer.)
https://github.com/microg/GmsCore/issues/2680#issuecomment-2548579352
Very sadly DivestOS come to the end 😱😭
Anniversary and Final Update¶
Notes from Tavi
December marks 10 years of #DivestOS!
There were over 7,000 git commits created in this time.
I believe the projects were highly successful in their goals, however this month will mark the end.
DivestOS and its apps will not receive any further updates.
Hypatia and Carrion will no longer receive database updates.
The non-mobile Divested projects (eg. Brace, D-WRT, real-ucode, and DNS blocklists) will continue to be maintained.
Most of our forum threads will be closed and the DivestOS XMPP chat rooms will also be turned off.
Donations will no longer be accepted and all recurring donations will be cancelled.
Thank you to all the users, contributors, and donors for this time. -Tavi
https://divestos.org/pages/news#end