Sometimes the autosubstitution feature when I text a message
is helpful, but often it is very annoying, when it
repeatedly wants to substitute something I don't want to
write.
How do I turn it off?
Sometimes the autosubstitution feature when I text a message
is helpful, but often it is very annoying, when it
repeatedly wants to substitute something I don't want to
write.
How do I turn it off?
Sometimes the autosubstitution feature when I text a message
is helpful, but often it is very annoying, when it
repeatedly wants to substitute something I don't want to
write.
How do I turn it off?
From what I can from my settings, looks
like the Gboard is only used when speaking (speech to text) into a voice-capable input. Possibly Gboard is more aggressive than LG.
That's how it has been on my Moto 100, but the other day I had to
repeat a word three times before I got my wish, and it sometimes
substitutes nonsense. Lately, it adds "ng" as a new word.
db <dieterhansbritz@gmail.com> wrote:
That's how it has been on my Moto 100, but the other day I had to
repeat a word three times before I got my wish, and it sometimes
substitutes nonsense. Lately, it adds "ng" as a new word.
You might try resetting the learned/history predictions to start afresh.
https://www.google.com/search?q=android+reset+prediction+keyboard+moto+100
ai.type is free
The Real Bev wrote:
ai.type is free
Has ads though. https://play.google.com/store/apps/details?id=com.aitype.android.f
How bad are the ads?
And where do its ads show up when the app is a keyboard which
underlies almost everything you type on the phone, including your
email and messages?
I'd never identified ai. as the source of the occasional ads == which
seem to be for some game. Hunt for the x, make it go away, get on with
life.
VanguardLH wrote:appeals ___/
Larry Wolff <larrywolff@larrywolff.net> wrote:
The Real Bev wrote:
ai.type is free
Has ads though.
https://play.google.com/store/apps/details?id=com.aitype.android.f
How bad are the ads?
And where do its ads show up when the app is a keyboard which
underlies almost everything you type on the phone, including your
email and messages?
The first and second screenshots look like fullscreen ads which means
they interfere with the use of both the app and your phone. Apps that
shove fullscreen ads onto the phone screen are malware. Seems its big
"feature" is the support of emojis which appears to the kiddies;
however, it also says "To get the new emojis, You must download latest
"ai.type Emoji Keyboard plugin". The app's title is "ai.type Keyboard &
Emoji 2022". Geez, what a bunch of childish shit.
The plus version costs $3, but is older (May 2020) than the non-paid
version (Sep 2023). No info on how the plus version is more than the
non-paid version, like if ads are removed in the paid version. The
download links at their web site (http://aitype.com/) point to 2018
web.archive.org copies of the iOS and Android pages.
The free version offers more options than I want to even think about.
You can add rows of special keys and/or make the rows offer different
sets of characters. You can add keys. I especially like the
unobtrusive spellcheck function.
I'd never identified ai. as the source of the occasional ads == which
seem to be for some game. Hunt for the x, make it go away, get on with
life.
Emojis are a sign of the collapse of civilization. Exception for
these, called SMILEYs, of course: :-( and :-)
https://forums.appleinsider.com/discussion/203091/data-of-31-million-users-of-iphone-add-on-keyboard-ai-type-potentially-leaks
It is abandonware. It is spyware. It is crapware. It appeals to the
inane. I wouldn't trust them with a vial of my piss.
VanguardLH wrote on Mon, 22 Jan 2024 11:19:42 -0600 :
https://forums.appleinsider.com/discussion/203091/data-of-31-million-users-of-iphone-add-on-keyboard-ai-type-potentially-leaks
You did a good job showing WHY you do not want to have your contacts
exposed because apps that don't even need them are storing them on the net.
https://forums.appleinsider.com/discussion/203091/data-of-31-million-users-of-iphone-add-on-keyboard-ai-type-potentially-leaks
"Conflicting accounts have emerged about a security breach involving the ai.type add-on keyboard for iOS and Android, with researchers claiming that 31 million people's data has been compromised -- with a user's contacts
also potentially included in the leak."
That is why you should keep your default Android contacts completely empty. Each app you use should be chosen to maintain its own private contacts db.
That is why you should keep your default Android contacts completely empty. >> Each app you use should be chosen to maintain its own private contacts db.
Bollocks.
That's nuts.
Very inconvenient and cumbersome.
Carlos E. R. wrote on Wed, 24 Jan 2024 12:31:13 +0100 :
Andrew:
That is why you should keep your default Android contacts completely
empty. Each app you use should be chosen to maintain its own
private contacts db.
Bollocks. That's nuts. Very inconvenient and cumbersome.
Nobody ever said staying private wasn't "very inconvenient &
cumbersome". So your feeling it's too hard for you to remain private
is likely correct.
The people who take your contacts make it very convenient to upload
them. Did you ever stop to wonder why they make it so easy to get
your contacts?
Carlos E. R. wrote on Wed, 24 Jan 2024 12:31:13 +0100 :
That is why you should keep your default Android contacts completely empty. >>> Each app you use should be chosen to maintain its own private contacts db. >>Bollocks.
That's nuts.
Very inconvenient and cumbersome.
Nobody ever said staying private wasn't "very inconvenient & cumbersome".
So your feeling it's too hard for you to remain private is likely correct.
The people who take your contacts make it very convenient to upload them.
Did you ever stop to wonder why they make it so easy to get your contacts?
Andrew, what is YOUR method of toting contact records between hosts?
VanguardLH wrote on Wed, 24 Jan 2024 12:13:47 -0600 :
Andrew, what is YOUR method of toting contact records between hosts?
It's so simple that it's obvious. Elegant. Efficient. Private. Secure.
My master contacts database file has over three hundred entrees.
Yet Windows 10 Thunderbird handles it (import/export).
And Android handles it (import/export).
Microsoft Office handles it too (Excel merges fields & removes duplicates).
I keep one master contacts database, which all the other applications use. Oddly enough, it's called contacts.vcs <https://fileinfo.com/extension/vcf>
VanguardLH wrote on Wed, 24 Jan 2024 12:13:47 -0600 :
Andrew, what is YOUR method of toting contact records between hosts?
It's so simple that it's obvious. Elegant. Efficient. Private. Secure.
My master contacts database file has over three hundred entrees.
Yet Windows 10 Thunderbird handles it (import/export).
And Android handles it (import/export).
Microsoft Office handles it too (Excel merges fields & removes duplicates).
I keep one master contacts database, which all the other applications use. Oddly enough, it's called contacts.vcs <https://fileinfo.com/extension/vcf>
I keep one master contacts database, which all the other applications use. >> Oddly enough, it's called contacts.vcs <https://fileinfo.com/extension/vcf>
When you import the .vcs file
to get all your contact records into your
e-mail client, doesn't that mean those contacts are then synchronized to
your online account? Maybe not with Thunderbird since I don't think it synchronizes anywhere, even if you have a Mozilla account to use when synchronizing config data in Firefox across multiple instances of
Firefox.
However, which Android contacts apps are you using that don't
use an online account?
If they are just VCS viewers, how does seeing a
contact let you use it to initiate, say, writing an e-mail?
Which Android e-mail apps [that you use] have no sync function to an
online account?
Or, which Android contacts apps [that you use] have to
option to sync to an online account?
Sounds like you employ sneakernet: toting around a USB drive from
computer to computer expecting each computer to have USB ports (and they
are enabled in BIOS rather than locked out, like at schools, libraries, cafes, etc) where you can then import a .vsc file into some non-web
centric contacts app.
Why do you even need to import anywhere? The .vcs file is a text file.
You could open it with a text editor, copy an e-mail address for a
contact, and then paste in a new compose window when sending e-mail.
However, as noted, that doesn't prevent data breaches or hacking to get
at your sent e-mails, or those you received, to harvest e-mail address
from those sources. Instead of a list of contacts, you still have a
list of messages with all those e-mail addresses.
It's really that simple, so it was odd that a person said it was too
hard for him because all he needed to do was use good apps instead of
bad ones.
Sounds like you employ sneakernet: toting around a USB drive from
computer to computer expecting each computer to have USB ports (and they
are enabled in BIOS rather than locked out, like at schools, libraries,
cafes, etc) where you can then import a .vsc file into some non-web
centric contacts app.
Are you crazy?
What do you think a LAN does?
Have you never heard of Wi-Fi? Routers? APs? NAS?
What century are you living in anyway when you speak of sneakernet?
I'm not forcing you to set up your Android phone using only good apps.
If you want to use lousy apps that steal all your privacy, have fun at it.
Just remember everyone in your contacts list also loses their privacy.
Why do you even need to import anywhere? The .vcs file is a text file.
You could open it with a text editor, copy an e-mail address for a
contact, and then paste in a new compose window when sending e-mail.
The guy who said his brain hurt, I think, complained that some apps require you to manually enter the contacts, one by one, which is a valid concern.
Based on your questions, the amount that you do not know about this topic
is so huge that there's no way I'm going to teach you what you can't learn.
You can either accept the point that the safest way to keep your contacts
out of the hands of the harvesters is to not store them in the default db.
If you're the type of person like that other guy who said his brain hurt
when he had to think, then you're going to reject privacy every time.
Why do you think all the default Google apps don't respect your privacy?
Why do you think the good apps respect you privacy and the bad apps don't?
If that concept is too difficult for you, then I can't fix that problem.
It's really that simple, so it was odd that a person said it was too
hard for him because all he needed to do was use good apps instead of
bad ones.
Yeah, I get simple. I understand why many users want convenience.
Security and convenience are the anti-thesis of each other: get more of
one, lose more of the other.
Are you crazy?
Nope. Apparently you've never left home to do e-mail, even when on
vacation. Maybe you tote along a laptop or netbook, and I have also,
but sometimes they don't work when on vacation. I've also lost my
smartphone both literally and via damage. When those personal devices
aren't available, I have to use someone else's host, so I use the
webmail clients to my accounts, and I need my contacts there (unless I'm
only replying to e-mails and not originating them).
What do you think a LAN does?
That only works on your intranet hosts. You never need to do e-mail
away from home?
Have you never heard of Wi-Fi? Routers? APs? NAS?
Yeah, still all part of your LAN. Unavailable when away from home.
What century are you living in anyway when you speak of sneakernet?
Because I wanted to find out how *you* were transporting your contact
records from host to host.
I'll look at your suggestions, but I suspect they'll be onerous when
away from home. At home, I use an e-mail client on my desktop, and it doesn't sync contacts anywhere. I hate using my phone for anything
regarding docs, e-mail, or anything I have to read with my old eyes, but
that may be the device I'm stuck using when away from home. So knowing
what would be more private on the smartphone is interesting.
Just remember everyone in your contacts list also loses their privacy.
Just where is this privacy being intruded? Not on my phone. Would have
to be with the e-mail service. Any hacking into my account, or data
breach, or employee data theft would render availability of all my
e-mails with all those e-mail addresses in From, To, and CC headers (and others, too, like Sender). Even if my online account had no contact
records, all my e-mails do.
Why do you even need to import anywhere? The .vcs file is a text file.
You could open it with a text editor, copy an e-mail address for a
contact, and then paste in a new compose window when sending e-mail.
The guy who said his brain hurt, I think, complained that some apps require >> you to manually enter the contacts, one by one, which is a valid concern.
If I was using text files to carry contact records, I'd probably have
them on encrypt-protected USB drives (hoping that USB ports were
available at other hosts). Yes, I'd have to copy e-mail addresses, but
I don't originate that many e-mails. Most of e-mails are replies, and
the sender's e-mail address gets used for the reply.
You can either accept the point that the safest way to keep your contacts
out of the hands of the harvesters is to not store them in the default db.
I wanted to see how *you* do it.
I was not rejecting your premise, but I was contending
its level of privacy, especially since all your e-mails stored in your
online account have addresses to which you sent, and addresses from
received e-mails. You also don't keep any e-mails on the server? I
quit using POP decades ago, because IMAP lets me keep multiple local
e-mail clients in sync with each other.
Besides your intranet hosts at home using a LAN to pass around a text
file with contact records, how do you use those contact records
elsewhere? You mention using a .vcf file, but not how that keep its
content private when importing into apps.
Your generic advice is don't
import into an e-mail app that syncs online. Okay, I'll look at some of those, but still how am I going to get all e-mail clients I use on
different hosts all sync'ed on contacts? For my own mobile devices,
that's doable although perhaps not desirable.
When I'm not using hosts under my control to configure how I want, how
do I get my contacts for use there? You have limited access to specify
hosts under your control. Not everyone does e-mail that way.
Andrew <andrew@spam.net> wrote:[...]
However, which Android contacts apps are you using that don't
use an online account?
Andrew <andrew@spam.net> wrote:[...]
Are you crazy?
Nope. Apparently you've never left home to do e-mail, even when on
vacation. Maybe you tote along a laptop or netbook, and I have also,
but sometimes they don't work when on vacation. I've also lost my
smartphone both literally and via damage. When those personal devices
aren't available, I have to use someone else's host, so I use the
webmail clients to my accounts, and I need my contacts there (unless I'm
only replying to e-mails and not originating them).
I've never needed to use "someone else's host", but if I needed that contingency plan, I would store my contacts in encrypted form in 'the
cloud' (which I do anyway for some important files).
But if "someone else's host" only gives you web access, you probably
have no way to decrypt the contacts (or use some on-line decrypting
service, which needs you to trust that service).
If you have a mail provider which you trust, you could store your
contacts there, not neccessarily in their contacts facility, but just in
a file.
VanguardLH <V@nguard.lh> wrote:
However, which Android contacts apps are you using that don't use an
online account?
The default Contacts apps I've used sofar, always had an option to
store each individual contact on the phone (and - with less
capability - on the SIM). Of course this isn't good enough for
'Arlen', but probably good enough for most people.
VanguardLH wrote on Wed, 24 Jan 2024 22:41:26 -0600 :
It's really that simple, so it was odd that a person said it was too
hard for him because all he needed to do was use good apps instead of
bad ones.
Yeah, I get simple. I understand why many users want convenience.
Security and convenience are the anti-thesis of each other: get more of
one, lose more of the other.
I agree with you, and I think everyone would agree with what you said.
People who don't want to think because it hurts their brain to think will always use whatever apps Google and the carrier or phone maker give them.
Not only will those (bad) apps store all your contacts in the default
Android database, but they'll also upload your contacts to their servers.
The good apps won't do either of those two things.
Are you crazy?
Nope. Apparently you've never left home to do e-mail, even when on
vacation. Maybe you tote along a laptop or netbook, and I have also,
but sometimes they don't work when on vacation. I've also lost my
smartphone both literally and via damage. When those personal devices
aren't available, I have to use someone else's host, so I use the
webmail clients to my accounts, and I need my contacts there (unless I'm
only replying to e-mails and not originating them).
Let's agree to stop talking about sneakerneet and USB sticks, OK?
The only difference between the privacy aware setup I had patiently
explained to you & your setup is I use good apps that don't expect contacts to be in the default contacts database and you use bad apps that do.
I just don't put them in the default Android database, and I don't upload them to the Google or WhatsApp servers, that's all.
The difference is you upload contacts to Google servers. I don't.
And you store contacts in the default contacts database. I don't.
Did you hear about the huge privacy breach that was reported just today? https://9to5mac.com/2024/01/23/trello-data-breach/
That breach isn't important other than to point out that EVERYTHING you upload to the Internet WILL BE HACKED INTO bar none. Accept that concept.
If you upload all your contacts, they will be obtained by the hackers.
The solution to that problem is not to upload your contacts at all.
You can either accept the point that the safest way to keep your contacts >>> out of the hands of the harvesters is to not store them in the default db. >>I wanted to see how *you* do it.
It's simple. Elegant. Private.
My contacts don't change every minute of the day so I don't need to put
them on my flash drive stuck into the back of my router which is available anywhere in the world over a static IP address - but I could if I want.
In that case, I'd put the contacts.vcf in an encrypted container file.
You seem to think your system is drastically different from mine.
It's not.
The difference is only three things but the use model is exactly the same.
1. You store contacts in the default Android database. I don't.
2. You upload contacts to the Google servers. I don't.
3. You use bad apps that can't import/export from a VCARD file. I don't.
The only difference between the privacy aware setup I had patiently
explained to you & your setup is I use good apps that don't expect contacts >> to be in the default contacts database and you use bad apps that do.
Oh, you carefully explained before what you next mention about using a
NAS drive back in your intranet which means granting external access to
your home network?
Your NAS drive operates within a DMZ, right?
Explain, without tossing insults, how you access your NAS drive when
away from home which makes all of its content secure. Is the NAS drive itself constrained with a DMZ, and mandates strong login credentials to access from outside your home network?
I just don't put them in the default Android database, and I don't upload
them to the Google or WhatsApp servers, that's all.
Please explain, and actually explain rather than imply, and without
insult, how you get your contact records synchronized across multiple smartphones, tablets, desktops, etc.
The difference is you upload contacts to Google servers. I don't.
And you store contacts in the default contacts database. I don't.
No, the real difference is between using apps that employ cloud sync
versus having to setup local resources that are securely accessed from outside your home network. That latter is possible, but how many
smartphone users would go through all that setup, and make it secure?
Did you hear about the huge privacy breach that was reported just today?
https://9to5mac.com/2024/01/23/trello-data-breach/
Just recently my ISP got hacked, and their customer records stolen.
I use e-mail with them although they are not my primary e-mail service.
ANY e-mail provider I use can breached. Please explain how a hacker
with access to all my e-mails with their From, To, CC, Sender, and other headers with e-mail addresses as value are not just as accessible as my contact records at the same e-mail provider? A contacts list would be
easier to steal, but a hacker can still harvest e-mail addresses from e-mails. Once your online account has been compromised, ALL your online
data is in peril.
Yes, I could register my own domain, setup my own nameserver, add all
the SPF, DKIM, and MX records in the DNS table, get the site
certificates, and run my own IMAP and SMTP server hoping the other
servers will cooperate with mine in order to ensure that e-mail
providers that get breached won't have either my contact records nor my e-mails from which to harvest e-mail addresses. Um, no thanks. Way too
much work just to do e-mail.
That breach isn't important other than to point out that EVERYTHING you
upload to the Internet WILL BE HACKED INTO bar none. Accept that concept.
Will is different than can. Your statement is saying that I will be
infected by every malware rather than it is vulnerable *if* attacked.
You've protected your contacts. How are you protecting your e-mails?
If you upload all your contacts, they will be obtained by the hackers.
The solution to that problem is not to upload your contacts at all.
And have all my e-mails both encrypted in-transit and in-situ. The
first is easy. All e-mail clients and webmail clients can use encrypted traffic between client and server. The second depends on your e-mail provider. Not many provide in-site encryption of your e-mails.
Somehow you managed to secure your contact records while
still providing access to multiple hosts and doing it all securely, but
it seems you closed the barn door but left open the hay loft door.
My contacts don't change every minute of the day so I don't need to put
them on my flash drive stuck into the back of my router which is available >> anywhere in the world over a static IP address - but I could if I want.
Since, as you claim, everything in Internet is hackable, why can't a
hacker get at your contact records residing in your home network that
you opened to the Internet?
If you can access your files from outside
your network, why can't someone else?
Regardless of all the security
you put in accessing that device in your intranetwork, so did all the
ISPs, e-mail providers, and companies that attempted to secure their
data, but they got breached, so there is no perfect security. Nothing
you do cannot be impossible to hack.
You opened access to your contact
records to the outside, so you can access them from the outside.
In that case, I'd put the contacts.vcf in an encrypted container file.
Won't protect against keyloggers to get the password. The point is you
can try to increase security, but it will never be absolute.
You seem to think your system is drastically different from mine.
It's not.
The difference is only three things but the use model is exactly the same. >> 1. You store contacts in the default Android database. I don't.
2. You upload contacts to the Google servers. I don't.
3. You use bad apps that can't import/export from a VCARD file. I don't.
Understood. But how is access to the .vcf file obtained to each host
(phone, tablet, laptop, desktop, netbook, and even hosts you don't own
but have to use when travelling) while ensuring the records are secure?
You could encrypt the file, but failing that just how do you get the
data to each host to share that data? And how is whatever method you
used completely unhackable or non-breachable?
You raised the bar to make hackers hurdle higher, so less of them can
make it over the bar. Understood. Security is about finding a
comfortable medium between protection and usability.
No, I'm not wasting time, money, and resources on setting up a NAS drive within a DMZ that I have to punch holes in the router's firewall which I
can access via a DNS lookup on a hostname that I can remember using a
service that provides the lookup to convert from name to IP address nor
pay extra to get a static IP address from my ISP where the .vcf file is encrypted, so I can transfer the file to multiple hosts to sync my
contact records. What I might do, however, is use an encrypted .vcf
that is stored in a folder sync'ed by OneDrive or Google Drive which
lets me access the .vcf file on each host where the OneDrive or Google
Drive clients are installed, but I'd still need the decrypter on each
host to use the contents of the .vcf file. I can figure out easier machinations on providing remote access to files that are encrypted and
the means to decrypt on each host. But none of that is going to stop
theft of e-mail addresses from e-mails I receive and send that are up on
the mail server that a hacker could get at. I cannot further secure my e-mail provider's service.
Google offers encryption in-transit and in-situ, but requires using
their Workspace accounts which means you pay for those. Proton Mail
does in-transit and in-situ encryption, but its quotas might be too
small on their free accounts for some users.
Their quotas are fine for
my personal use, but it seems most users have far more e-mail volume
than do I, and a company would have even more e-mail volume. You can
protect your contact records up the wazoo, but all that effort is wasted
if your e-mails are unprotected.
Oh, and as far as storing your contacts online at Google, Microsoft,
Yahoo, other other e-mail providers, please provide evidence that those providers are harvesting e-mail address from contacts lists. Google
settled a $5 billion lawsuit over its non-disclosure regarding its
incognito web browsing mode. Google is big, but more billion dollar
lawsuits on user data theft or misuse would eventually mean Google disappears. It would be self-destructive for e-mail providers to
harvest their customers' contacts. I've not seen reports of Google
stealing contacts from their users, nor of Microsoft, nor of any other
e-mail provider. There is a huge difference between what they could do versus what they actually do. Oh yes, there could be data breaches, and hackers can get into accounts, but which is more valuable: the contacts,
or the content of the e-mails? Not only might there be valuable info in
the e-mails, those also have all the contacts that sent you e-mail and
to whom you sent e-mail. Protecting one with protecting the other means
both are unprotected.
A padlock on the front door of your house but leaving unlocked your back
door means you have an insecure home. Protecting contacts is only part
of protecting your data. It's worthless without protecting the e-mails.
To me, your privacy scheme(s) handle one side of the coin while ignoring
the other side. Protecting contacts is a start, but an incomplete
solution.
Understood. But how is access to the .vcf file obtained to each host
(phone, tablet, laptop, desktop, netbook, and even hosts you don't own
but have to use when travelling) while ensuring the records are secure?
It's simple. I said it already but you seem to want me to repeat it.
a. You put contacts.vcf inside an encrypted file container
b. You put that encrypted file container on a USB drive
c. You stick that USB drive into your router's USB port made for that
On 25/1/2024, Andrew wrote:
Understood. But how is access to the .vcf file obtained to each host
(phone, tablet, laptop, desktop, netbook, and even hosts you don't own
but have to use when travelling) while ensuring the records are secure?
It's simple. I said it already but you seem to want me to repeat it.
a. You put contacts.vcf inside an encrypted file container
b. You put that encrypted file container on a USB drive
c. You stick that USB drive into your router's USB port made for that
I think you're doing a great job answering the inane questions he's asking but I think VanguardLH doesn't realize that all your contacts are always on the Android phone all of the time already so there's no need for the Internet. VanguardLH thinks there are no contacts on the phone. I think VanguardLH doesn't want to understand you when you say you don't put
contacts in the *default* location. He thinks not putting them in the
default location means they're not anywhere, when they're clearly there.
He doesn't understand what "default" means.
He doesn't understand what "default" means.
Thanks for clarifying what I assumed ... but did not.
On 25/1/2024, VanguardLH wrote:
He doesn't understand what "default" means.
Thanks for clarifying what I assumed ... but did not.
Then why do you need the net to use contacts already on the phone?
Then why do you need the net to use contacts already on the phone?
Guess you completely missed synchronizing contacts between devices, and
why I wondered how Andrew did it. Here we go again.
Frank Slootweg wrote on 25 Jan 2024 15:17:28 GMT :
I've never needed to use "someone else's host", but if I needed that contingency plan, I would store my contacts in encrypted form in 'the cloud' (which I do anyway for some important files).
It's not hard to store contacts in a plain file in an encrypted container. https://play.google.com/store/apps/details?id=com.sovworks.edslite
But if "someone else's host" only gives you web access, you probably
have no way to decrypt the contacts (or use some on-line decrypting service, which needs you to trust that service).
If they're in an encrypted container, you decrypt on the Android device.
If you have a mail provider which you trust, you could store your contacts there, not neccessarily in their contacts facility, but just in
a file.
You could store master contacts in an encrypted container on your LAN. https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt/
If you have a static IP address, you can access a USB stick in your router from the middle of Antarctica if you lose your phone & suddenly need them.
Frank Slootweg <this@ddress.is.invalid> wrote:[...]
That's where storing an encrypted
file in a folder included in sync for OneDrive or Google Drive might
work, but I'd need a decrypter on each host. I could use cloud file
storage for transfer between hosts, but I'd want sensitive data
encrypted which also means it's of no value if there is no means to
decrypt.
I like using TrueCrypt on my home desktop for encrypted containers.
There is no TrueCrypt app for mobile (Android or iOS), so I'd have to
invest time to research, test, and use a different encryptor for which
there is a matching app on my mobile devices.
I have Peazip (a fork of 7-zip) on my home desktop which can encrypt,
too (and NOT use the vulnerable PKZIP encryption scheme). Again, no
mobile app version of either Peazip or 7-zip, so I'd have to invest in
using a different compressible archiver with encryption.
[1] <https://play.google.com/store/apps/details?id=com.pkware.android>"Updated on Jul 28, 2015". Tis possible nothing needs changing in the
[2] <https://play.google.com/store/apps/details?id=com.rarlab.rar>
[3] <https://play.google.com/store/apps/details?id=nextapp.fx>
Andrew <andrew@spam.net> wrote:
Frank Slootweg wrote on 25 Jan 2024 15:17:28 GMT :
I've never needed to use "someone else's host", but if I needed that
contingency plan, I would store my contacts in encrypted form in 'the
cloud' (which I do anyway for some important files).
It's not hard to store contacts in a plain file in an encrypted container. >> https://play.google.com/store/apps/details?id=com.sovworks.edslite
But if "someone else's host" only gives you web access, you probably
have no way to decrypt the contacts (or use some on-line decrypting
service, which needs you to trust that service).
If they're in an encrypted container, you decrypt on the Android device.
Please read the context before snipping it.
In VanguardLH's scenario there is no Android device, because he's on vacation and he lost it, "both literally and via damage".
If you have a mail provider which you trust, you could store your
contacts there, not neccessarily in their contacts facility, but just in >>> a file.
You could store master contacts in an encrypted container on your LAN.
https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt/
If you have a static IP address, you can access a USB stick in your router >> from the middle of Antarctica if you lose your phone & suddenly need them.
On vacation, hence no LAN.
If you have a static IP address, you can access a USB stick in your router >>> from the middle of Antarctica if you lose your phone & suddenly need them. >>On vacation, hence no LAN.
Sounds like he is toting or transferring a .vcf file.
Until I mentioned it, encrypting the file wasn't indicated.
He mentions using a NAS drive
in his intranet, but he'd have to punch a hole in his router's firewall (point to which host a connected goes without blocking), put the NAS in
a DMZ, setup up something to do the file transfer, like FTPS, and either
pay for a static IP address, or use a DNS lookup service, like OpenDNS,
where you run a dynamic IP updater client on a host inside your intranet
that reports back to the service what is your current WAN-side IP
address of your router (since most users get dynamically assigned IP addresses). You use the hostname that points at OpenDNS which redirects
to whatever is your current WAN-side IP address with the router
redirecting the traffic to the appropriate intranet host. Another
method would be to replace FTPS with VNC for remote access to his
intranet to get at the file on his NAS drive. I used the above setup
with the OpenDNS client to access my home computer from home via VNC (I forget which variant since I have up on that long ago to do newsgroups
from home while on vacation). Another possibility is using TeamViewer,
but you have to run their server on one of your intranet hosts.
He gave generalities and possibilities when asked how he did it (get all
his hosts/devices using the same contact records).
Then it was he only
updates his contacts maybe once per year as though that is typical of
other users. I probably change (edit, delete, create) contacts about 3
to 4 times per month, but I recognize that my e-mail volume is very low.
With such infrequent updates, I mentioned Sneakernet (toting around a
locked USB drive with the .vcf file) whereupon I was lambasted for the
old method that still works today, but geez I must be ancient or stupid
to think of that. I gave up on what might be done versus solid
instructions on how he did it. There was some description, but nothing anyone could replicate except at the client end regarding which apps to
use where contacts got imported (but no mention of which contact apps he uses).
All his focus is on keeping his contacts private. Okay, that's part of securing his contacts. The other part is securing his e-mails, so
contacts cannot get harvested from there. Even if forcing encryption of
your e-mails (you always send encrypted, and you don't accept
non-encrypted) using x.509 or PGP certs, that doesn't secure the headers where contacts are defined. Google Workspaces (paid service) makes
claims about securing your e-mails, but I don't see they are in-situ encrypted to prevent theft from breach or employees. ProtonMail claims in-situ encryption, but not sure how they handle IMAP clients since I
don't want to use their webmail client every time I want to do e-mail,
plus I like getting notifications with a local client of new mails. You
have to pay ProtonMail to get IMAP access along with using their local
proxy (bridge) to handle decrypting the retrieved e-mails to view in an
IMAP client. So, they have a means of keeping e-mails encrypted on
their server, so even they cannot look at them, and no breach is going
to expose your contacts specified in e-mails, but IMAP access and the
bridge costs $4/mo or $48/yr. Too much to pay for peace of mind on a nebulous attack vector for personal use with low e-mail volume.
I'm not wasting my time, effort, and experimentation on various setups
to protect my contacts when my e-mails remain unprotected. My needs
would differ for business contacts and e-mails, not for my personal use contacts and e-mail services. I could also enclose my home in a
100-foot reinforced concrete enclose trying to survive a meteor hit.
There is no TrueCrypt app for mobile (Android or iOS), so I'd have to
invest time to research, test, and use a different encryptor for which
there is a matching app on my mobile devices.
I indeed also had to do quite some searching to find a decryptor on Android. My need was/is for unpacking/decrypting archives, possibly only
one file from that archive, but possibly more, so my needs are more than
for a single (contacts) file.
If they're in an encrypted container, you decrypt on the Android device.
Please read the context before snipping it.
In VanguardLH's scenario there is no Android device, because he's on vacation and he lost it, "both literally and via damage".
[1] <https://play.google.com/store/apps/details?id=com.pkware.android>"Updated on Jul 28, 2015".
https://www.pkware.com/products/securezip
Where it mentions "Try It Free", but also mentions having to buy it.
[2] <https://play.google.com/store/apps/details?id=com.rarlab.rar>"Updated on Oct 5, 2023", so better maintained.
"Syndoc supports cloud management and also has its own storage space
as "My drive" providing 10 GB free space." https://play.google.com/store/apps/details?id=com.syndoc.merlin
"Syndoc supports cloud management and also has its own storage space
as "My drive" providing 10 GB free space." https://play.google.com/store/apps/details?id=com.syndoc.merlin
Frank Slootweg wrote on 26 Jan 2024 15:46:43 GMT :
There is no TrueCrypt app for mobile (Android or iOS), so I'd have to
invest time to research, test, and use a different encryptor for which
there is a matching app on my mobile devices.
I indeed also had to do quite some searching to find a decryptor on
Android. My need was/is for unpacking/decrypting archives, possibly only
one file from that archive, but possibly more, so my needs are more than
for a single (contacts) file.
This has been discussed something like a thousand times on this
newsgroup so I'll just say that Truecrypt/Veracrypt containers
decrypt just fine on Android. It has already been stated in this
thread which free app to use.
The page for the free version doesn't mention the 10 GB cloud quota.
Thanks for the info on Syndoc. Don't yet need nor want a cloud storage consolidator. Encrypt/decrypt looks to be through their web UI. Only AES-256 is supported, but that's still pretty good. I'd look more into Syndoc if I need another 10 GB of cloud storage to add to my existing
mix.
Must be in those thousands of other discussions where a TrueCrypt-
compatible Android app was mentioned. Wasn't mentioned in this thread.
I indeed also had to do quite some searching to find a decryptor on Android.
My need was/is for unpacking/decrypting archives, possibly only
one file from that archive, but possibly more, so my needs are more than
for a single (contacts) file.
That said: I use 7-Zip on the Windows side. On the Android side, the standard Samsung 'My Files' can extract an encrypted .zip file (I just
use plain zip archive with ZipCrypto encryption), but it can only
extract the whole archive, not individual files/folders.
So I searched Google Play for something better, amongst them
'SecureZIP Reader' (by PKWARE!) [1] and 'RAR' [2], but ended up with 'FX
File Explorer' [3]. For decrypting single files, FX is probably over the
top and probably not very handy, but since I needed a 'better'/other
file manager anyway, that's what I ended up with.
Frank Slootweg <this@ddress.is.invalid> wrote:
[1] <https://play.google.com/store/apps/details?id=com.pkware.android>"Updated on Jul 28, 2015". Tis possible nothing needs changing in the
last 8 years over 9 Android versions. Went to:
https://www.pkware.com/products/securezip
Where it mentions "Try It Free", but also mentions having to buy it. It
is 30-day trialware, so it might cripple itself therafter.
[2] <https://play.google.com/store/apps/details?id=com.rarlab.rar>
"Updated on Oct 5, 2023", so better maintained. As I recall, RARlabs
allowed you to extract for free, but you had to buy it to create .rar
files. That's why other archivers can read/extract from .rar files, but
they can't write/create .rar archive files. Despite the app page shows
a RAR app for Android, https://www.rarlab.com/shoprarlab.php does not.
I did find a link on their home page (https://www.rarlab.com/) to their Android app, but no info at their own site about it.
[3] <https://play.google.com/store/apps/details?id=nextapp.fx>
Created a shortcut to the app page to look at this one later.
Carlos E. R. wrote on Wed, 24 Jan 2024 12:31:13 +0100 :
That is why you should keep your default Android contacts completely empty. >>> Each app you use should be chosen to maintain its own private contacts db. >>Bollocks.
That's nuts.
Very inconvenient and cumbersome.
Nobody ever said staying private wasn't "very inconvenient & cumbersome".
So your feeling it's too hard for you to remain private is likely correct.
The people who take your contacts make it very convenient to upload them.
Did you ever stop to wonder why they make it so easy to get your contacts?
On 26/1/2024, VanguardLH wrote:
Then why do you need the net to use contacts already on the phone?
Guess you completely missed synchronizing contacts between devices, and
why I wondered how Andrew did it. Here we go again.
You're making this about a million times harder than it really is.
Have you never used Microsoft Office not even once in your life?
How much trouble can you have synchronizing a simple MS Office file?
The people who take your contacts make it very convenient to upload them.
Did you ever stop to wonder why they make it so easy to get your contacts?
I don't upload them.
And WhatsApp doesn't upload them either, AFAIK.
I can not have one contact list for phones, another for street
addresses, another for whatsap, another for mail addresses. I don't do
it, and I refuse to do it, period.
You have a problem with that, then design some other ecosystem different
than Android, cheap and popular. Or change the laws, internationally,
and make them be obeyed.
You're making this about a million times harder than it really is.
Have you never used Microsoft Office not even once in your life?
How much trouble can you have synchronizing a simple MS Office file?
I don't use MS Office, ever.
Carlos E.R. wrote on Sat, 27 Jan 2024 22:30:50 +0100 :
The people who take your contacts make it very convenient to upload them. >>> Did you ever stop to wonder why they make it so easy to get your contacts? >>I don't upload them.
Google does.
And WhatsApp doesn't upload them either, AFAIK.
How does WhatsApp know who in your contacts is a WhatsApp subscriber?
I can not have one contact list for phones, another for street
addresses, another for whatsap, another for mail addresses. I don't do
it, and I refuse to do it, period.
I agreed that it's too much work for people like you to be private.
You have a problem with that, then design some other ecosystem different
than Android, cheap and popular. Or change the laws, internationally,
and make them be obeyed.
It's easier than that as I've already designed it & explained how.
1. Don't store your contacts in the default Android contacts database.
2. Use (good) apps that respect that.
There are plenty of those app which we've already discussed in this thread.
<https://play.google.com/store/apps/details?id=com.rarlab.rar>
While the app is *named* "RAR", it can handle many other archive
formats, including ZIP, which was the topic of this subthread.
On 27/1/2024, Carlos E.R. wrote:
You're making this about a million times harder than it really is.
Have you never used Microsoft Office not even once in your life?
How much trouble can you have synchronizing a simple MS Office file?
I don't use MS Office, ever.
What kind of absurd argument do you have which is that you have to upload your contacts to Google servers because you don't know how to sync files?
VanguardLH wrote on Fri, 26 Jan 2024 20:37:50 -0600 :
Thanks for the info on Syndoc. Don't yet need nor want a cloud
storage consolidator. Encrypt/decrypt looks to be through their web
UI. Only AES-256 is supported, but that's still pretty good. I'd
look more into Syndoc if I need another 10 GB of cloud storage to
add to my existing mix.
Thanks for looking at it as the reason I pointed it out is because if
you really wanted to store your contacts encrypted on the cloud, that
app would do it easily for you with more control than you would have otherwise.
I found it because I use the best Google Play Store search engine in
the world (which has been discussed many times on this newsgroup in
the past).
If it's out there, it will find it. Since you wanted freeware without
ads that had been updated recently, I set the search filters on that,
plus I noticed you wanted recent updates, so I had it sort by recent
updates.
That's where ZArchive showed up on top of the list for the encryption
and decryption of 7-zip archives that Frank Slootweg was discussing
with you.
There were 70 other apps which showed up in my search of a free
archiver without ads and without any in-app purchases so there are
too many of them.
Some were special purpose archivers, such as this one which shares
files.
https://play.google.com/store/apps/details?id=shareit.lite
Others were file managers, such as this one which handles encrypted
zips.
https://play.google.com/store/apps/details?id=com.lenovo.FileBrowser2
There were quite a few zip decryptors/encryptors but with only a few downloads, and sensing you are risk adverse, I didn't mention them,
such as https://play.google.com/store/apps/details?id=com.extractor.easyextractfile.zipper.filezipper
That app does what I think Frank Slootweg had asked it to do, which is:
"Easy Unzipper enables archived content display without decompression."
Carlos E.R. wrote on Sat, 27 Jan 2024 22:30:50 +0100 :
The people who take your contacts make it very convenient to upload them. >>> Did you ever stop to wonder why they make it so easy to get your contacts? >>I don't upload them.
Google does.
Apple let's you upload your contacts...
...but they're encrypted:
'End-to-end encrypted data can be decrypted only on your trusted devices where you’re signed in with your Apple ID. No one else can access your end-to-end encrypted data — not even Apple'
<https://support.apple.com/en-us/102651>
Carlos E.R. wrote:
And WhatsApp doesn't upload them either, AFAIK.
How does WhatsApp know who in your contacts is a WhatsApp subscriber?
How does WhatsApp know who in your contacts is a WhatsApp subscriber?
WhatsApp claims end-to-end encryption: from client to client, and what's
on the server remains encrypted (in-situ on server).
However, while
they do end-to-end encryption on messages, I cannot find specific
reference to encrypting contacts at the server. Also, even with
end-to-end encryption, that doesn't mean the data is encrypted at an
endpoint (client device). Malware or a hacker can still get at your
data if they get on your phone. End-to-end encryption is in-transit protection, not necessarily in-situ protection at the clients, but it
looks like the WhatsApp server sees only encrypted data.
There is the Whatsapp.com web site, but you cannot log into an account
to look at your contacts. I didn't see a Login button or web form to
enter login credentials. Seems you must use their apps which employ end-to-end (in-transit) encryption. The server would have the encrypted data. However, I don't know their clients keep the data encrypted
in-situ.
In-transit encryption, and no means to decrypt at the server
using a web site, means your data is as secure as how well you secure
your phone.
I was looking at AxCrypt, because it is cross-platform: Windows,
Android, and iOS. Alas, a bit more reading shows you can view (read) encrypted files, but to create them requires a subscription. No thanks.
Syndoc claims to do both encrypt and decrypt; however, that requires
using their web site. Yuck!
They only have Android and iOS clients, no Windows client.
10 GB of cloud storage is nice, but unneeded in my
scenario with 32 GB in a OneDrive, GoogleDrive, and Dropbox scenario
(all free). Syndoc's free version has limited features and throttled bandwidth (so there is a lure to pay for their Pro version). No thanks
to Syndoc mostly from having to use their web site to do encrypt/decrypt.
Zarchiver has no network access, so I would have to incorporate the use
of the OneDrive, Google Drive, or Dropbox clients to perform cloud sync between devices.
Zarchive doesn't list .pea as supported, but .7s is
supported, so perhaps the TOC can be encrypted, too.
I didn't find
Windows or iOS versions of Zarchiver. I'd be using Peazip on my Windows hosts, and Zarchiver on my Android phones.
.7z (7-Zip) can include encrypting the file and folder names in the
hierarchy of objects (TOC - Table of Contents) contained in the
compressed archive file. Filenames often reflect their content. A file names "2012-01-27 Bahama vacation" is probably not about you having to chainsaw a tree downed from your neighbor's yard during a tornado that smashed your fence. A folder named "Credit cards" with files underneath named "MasterCharge", "Visa", "Home Depot", etc would be something that pique's the interest of an attacker. A file named "Contacts" would be
more intersting than your vacation pics. Showing file and folder names
(TOC) leaks info to an attacker. The only other archive formats I know
of that let you encrypt the TOC is .rar and .arc. RAR format requires a license to RARlabs to create .rar archives which means free apps won't
create .rar files. There is a RAR Android app which can read and create
.rar archives, but then RARlabs doesn't have to license to itself. I
rarely run across .rar files. Their Android app can read and create
.rar files, but I'd need a matching archiver on other platforms, and I haven't seen an archiver that was free and created .rar files. WinRAR
costs $30.
.pea (Peazip) and ZPAQ, by design, have the files and folders (TOC)
remain hidden until the correct password is used to open them. For that added security, you would need a decrypter that supports .7z and .pea archives. I've never used ZPAQ (incremental journaling backup utility
and archiver) which seems more oriented to saving [incremental] backups
in compressed archives, and never seen anyone using it.
It's been decades since I last looked at SEA's ARC format, and don't
relish having to open a command shell to run its SQ and LU programs.
PKARC and PKXARC from Katz are for Windows: no mobile versions.
Archivers highly popular on Windows don't seem to have variants
available on mobile platforms, so I'd likely end up with a mixed app
setup: using Peazip on Windows, and something else on mobile platforms.
I do use Microsoft's OneNote which can encrypt sections in a notebook.
It is available on Windows, Android, and iOS, but not Linux (might be
usable under WINE, but probably has lots of .NET dependencies), and is
free. Like Syndoc, I could access OneNote using a web client on any platform, but I'd rather not. While it integrates with OneDrive, files
could also be saved in folders monitored by the Google Drive and Dropbox clients for cloud sync. However, OneNote uses AES 128 for encryption.
AES 128 is still secure, efficient, and fast, but AES 256 is more
resilient against brute force attacks. I was surprised, thought, that Microsoft only used AES 128 encryption in their OneNote product.
Hackers would have to get past my online account's password, and then
past the encryption of protected sections in a OneNote notebook.
https://www.clickssl.net/blog/128-bit-ssl-encryption-vs-256-bit-ssl-encryption
Key size Time to crack
56 bit 399 seconds
128 bit 1.02 x 10^18 years
192 bit 1.872 x 10^37 years
256 bit 3.31 x 10^56 years
Then add the time to crack my account login password (13+ chars with no words, just random chars, digits, and punctuation chars to avoid
dictionary attack), along with sites that throttle access on too many
failed password attempts. However, remember that the first guess in a
brute force attack could match the key. It could happen.
So, with OneNote available on multiple platforms, I have both a note organizer (more than just text) and a decrypter on each platform. As
for my phones, I don't leave them unlocked. I use them, then lock them,
or rely on the 1-minute timeout to lock.
There were 70 other apps which showed up in my search of a free
archiver without ads and without any in-app purchases so there are
too many of them.
Some were special purpose archivers, such as this one which shares
files.
https://play.google.com/store/apps/details?id=shareit.lite
"We transfer absolutely without mobile data usage." So what's left?
Wifi, Bluetooth, and NFC. My phone is configured to prefer wifi over
data, but that's mostly for when I'm at home and the phone connects to
the wifi router. While there are lots of open wifi hotspots, I rarely
use those except when at a resort while on vacation. They say their app doesn't use cellular data, but they don't say what it uses instead.
Maybe it parallels Tesla's attempt to pass electrical power through the Earth. From https://www.ushareit.com/help/, file transfers are by wifi.
That severely limits when and where I can do transfers. I'd need access
to an open/public wifi hotspot.
Others were file managers, such as this one which handles encrypted
zips.
https://play.google.com/store/apps/details?id=com.lenovo.FileBrowser2
Just a file manager that adds .zip support (and only .zip format). No network access to do file transfers, so I'd have to incorporate with
cloud clients (OneDrive, Google Drive, Dropbox). With having to
integrate parts into a total solution, I'd probably go with Zarchiver
that supports more archive formats, the cloud clients, and the file
manager already bundled on the phone.
There were quite a few zip decryptors/encryptors but with only a few
downloads, and sensing you are risk averse, I didn't mention them,
such as
https://play.google.com/store/apps/details?id=com.extractor.easyextractfile.zipper.filezipper
Says it is free, but also says it can create .rar files. Either they
didn't pay the license fee to RARlabs, or they're misleading with a
claim to create RAR archives.
App pages says "Prep Apps" is the author,
but the description says "KGapps". No web site to get further info.
Their telephone number is in Pakistan. Calls itself Easy Unzip,
Unzipper, Easy Unzipper, Unzipper Master. No network access, so another offline app that could be integrated in my cloud setup; however, I don't trust this app.
That app does what I think Frank Slootweg had asked it to do, which is:
"Easy Unzipper enables archived content display without decompression."
That could be simply looking at the TOC showing files and folders. Most archive formats don't hide that info. .7z, .pea, and ZPAQ will hide the
TOC, by design. Some archives add the option to hide/encrypt the TOC,
but they don't do anything unless one of the above archive formats.
I'm still looking, so thanks for the suggestions.
I did give you a few other apps that do both archival and network access,
but ZArchiver solves a _different_ problem set. I mentioned ZArchiver
mostly to solve all the problems that Frank Slootweg said he wanted solved.
Frank hasn't responded, but I think ZArchiver solved all his stated needs. https://play.google.com/store/apps/details?id=ru.zdevs.zarchiver
Frank Slootweg <this@ddress.is.invalid> wrote:
<https://play.google.com/store/apps/details?id=com.rarlab.rar>
While the app is *named* "RAR", it can handle many other archive
formats, including ZIP, which was the topic of this subthread.
Yep. I was surprised it was free since they license their lib/tool to
create .rar files; however, they don't need to license to themself.
That one went on my short list of candidates.
On 2024-01-27 22:54, Andrew wrote:
Carlos E.R. wrote on Sat, 27 Jan 2024 22:30:50 +0100 :
The people who take your contacts make it very convenient to upload them. >>> Did you ever stop to wonder why they make it so easy to get your contacts?
I don't upload them.
Google does.
So?
Andrew <andrew@spam.net> wrote:
Carlos E.R. wrote:
And WhatsApp doesn't upload them either, AFAIK.
How does WhatsApp know who in your contacts is a WhatsApp subscriber?
WhatsApp claims end-to-end encryption: from client to client, and what's
on the server remains encrypted (in-situ on server). However, while
they do end-to-end encryption on messages, I cannot find specific
reference to encrypting contacts at the server.
VanguardLH wrote on Sat, 27 Jan 2024 17:25:27 -0600 :
How does WhatsApp know who in your contacts is a WhatsApp subscriber?
WhatsApp claims end-to-end encryption: from client to client, and what's
on the server remains encrypted (in-situ on server).
I know how WhatsApp says they do it but that wasn't his (Carlos) objection. He said "And WhatsApp doesn't upload them either, AFAIK", which is wrong.
If you store your contacts in the default location, WhatsApp uploads them.
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2024-01-27 22:54, Andrew wrote:
Carlos E.R. wrote on Sat, 27 Jan 2024 22:30:50 +0100 :
The people who take your contacts make it very convenient to upload them. >>>>> Did you ever stop to wonder why they make it so easy to get your contacts?
I don't upload them.
Google does.
So?
Indeed. And "Google does" [upload your contacts] is also misleading, because Google only does that if you - implicitly or explicitly -
tell/ask them to do so. You can select to not sync contacts or/and other parts of your Google Accounts.
The wording also - dishonestly - implies that you give your contacts
to Google and that 'hence' Google can and does abuse/misuse/spread that information. That's ofcourse nonsense, because Google would be sued to
bits.
*Fact* is that *if* you choose to upload your contacts to 'Google', it only gets into *your* Google Account storage. Duh!
VanguardLH wrote on Sat, 27 Jan 2024 16:43:41 -0600 :
Syndoc claims to do both encrypt and decrypt; however, that requires
using their web site. Yuck!
Yes. But. You said you wanted your contacts even if you lose the
phone. And you wanted contacts stored encrypted plus decrypted on the
phone.
Plus you said you didn't want to have to set up the NAS drive to do that.
They only have Android and iOS clients, no Windows client.
10 GB of cloud storage is nice, but unneeded in my
scenario with 32 GB in a OneDrive, GoogleDrive, and Dropbox scenario
(all free). Syndoc's free version has limited features and throttled
bandwidth (so there is a lure to pay for their Pro version). No thanks
to Syndoc mostly from having to use their web site to do encrypt/decrypt.
Yes. But. You said you wanted access to contacts if you lose the phone.
I'm just expecting you to understand my point of view which is simple:
1. It's simple not to store your contacts in the default location.
2. And it's simple to do whatever it is you want to do with them afterward.
A person only need 2 things, which, unfortunately, most people don't have.
A. They have to be wise enough to know _why_ they don't want to store
their contacts in the default Android database & uploaded to servers.
B. They have to be intelligent enough to create their own solution
when they don't store their contacts in the default Android location.
Zarchiver has no network access, so I would have to incorporate the use
of the OneDrive, Google Drive, or Dropbox clients to perform cloud sync
between devices.
I did give you a few other apps that do both archival and network access,
but ZArchiver solves a _different_ problem set. I mentioned ZArchiver
mostly to solve all the problems that Frank Slootweg said he wanted solved.
Frank hasn't responded, but I think ZArchiver solved all his stated needs. https://play.google.com/store/apps/details?id=ru.zdevs.zarchiver
Zarchive doesn't list .pea as supported, but .7s is
supported, so perhaps the TOC can be encrypted, too.
What does "TOC" mean in this context. I see you mean "Table of Contents",
so I guess you mean what Frank meant by looking inside the
password-protected encrypted archive but without decompressing it first?
I didn't find Windows or iOS versions of Zarchiver. I'd be using
Peazip on my Windows hosts, and Zarchiver on my Android phones.
That's a completely different problem set, which wasn't stated, AFAIK,
until now, where cross-platform tools will mostly be the open source
apps.
VanguardLH <V@nguard.lh> wrote:
Frank Slootweg <this@ddress.is.invalid> wrote:
<https://play.google.com/store/apps/details?id=com.rarlab.rar>
While the app is *named* "RAR", it can handle many other archive
formats, including ZIP, which was the topic of this subthread.
Yep. I was surprised it was free since they license their lib/tool to
create .rar files; however, they don't need to license to themself.
That one went on my short list of candidates.
And - according to the 'About this app' pop-in - the "RAR" Android app
can also handle 7z archives, which you seem to prefer because it can
encrypt the TOC.
VanguardLH:
How does WhatsApp know who in your contacts is a WhatsApp
subscriber?
WhatsApp claims end-to-end encryption: from client to client, and
what's on the server remains encrypted (in-situ on server).
If you store your contacts in the default location, WhatsApp uploads
them.
As I understand how it works, unless you set the phone up like I do,
every time you run WhatsApp, it uploads your contacts to its servers.
So not only are his arguments absurd. They're wrong.
It's encrypted. And hashed. But why do you need to tell WhatsApp
exactly the Venn-Diagram overlap between their databases and _all_
your contacts?
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2024-01-27 22:54, Andrew wrote:
Carlos E.R. wrote on Sat, 27 Jan 2024 22:30:50 +0100 :
The people who take your contacts make it very convenient to upload them. >>>>> Did you ever stop to wonder why they make it so easy to get your contacts?
I don't upload them.
Google does.
So?
Indeed. And "Google does" [upload your contacts] is also misleading, because Google only does that if you - implicitly or explicitly -
tell/ask them to do so. You can select to not sync contacts or/and other parts of your Google Accounts.
The wording also - dishonestly - implies that you give your contacts
to Google and that 'hence' Google can and does abuse/misuse/spread that information. That's ofcourse nonsense, because Google would be sued to
bits.
*Fact* is that *if* you choose to upload your contacts to 'Google', it
only gets into *your* Google Account storage. Duh!
*Fact* is that *if* you choose to upload your contacts to 'Google', it
only gets into *your* Google Account storage. Duh!
Yep. If you do not create a Google account, or assign your phone to
one, then your phone has no Google account to which it can sync
anything.
Android settings -> General -> Accounts
(navpath on my LG V20 smartphone)
You can store your contacts, and other info, anywhere on your phone, but
they won't get sync'ed anywhere unless you added a sync account. That
was the whole point of managing accounts in Android was to have one
place to manage them. In fact, when you install or configure an app,
you may be asked to select an account already defined. Instead of
having to go through all the settings to get an app to connect online,
you reuse an account already defined.
If you delete a sync account, no more sync'ing to it.
Most of mine are
for e-mail accounts. However, that's a list of accounts, not what app
or sync is involved with that account. My Hotmail account, for example,
is used for: dropbox, Exchange and IMAP apps (e-mail), and OneDrive.
Deleting a sync account, or not creating it, means no sync with that
account. I have done this accidentally where I deleted an account for
e-mail sync that I didn't realize that account was used for other
purposes. Oops.
If you store your contacts in the default location, WhatsApp uploads them.
Nope, as Carlos correctly said, WhatsApp does *not* upload your
contacts! (Umpteenth repeat of clue-by-four: WhatsApp Legal)
If you think otherwise, *prove* it, with a cite from a *reputable*
source (complete with URL).
VanguardLH wrote on Sun, 28 Jan 2024 15:10:31 -0600 :
*Fact* is that *if* you choose to upload your contacts to 'Google', it >>> only gets into *your* Google Account storage. Duh!
Yep. If you do not create a Google account, or assign your phone to
one, then your phone has no Google account to which it can sync
anything.
All three of you are always dead wrong because you've never tested it.
I have.
Try this simple test _before_ you respond and say Google doesn't get your contacts the very first time you log into your Google account to get email.
1. (Optional) Wipe out every vestige of your Google Account on your phone
2. Create a new contact "Frank Carlos Vanguard, +1-234-567-8910 & save it
3. Simply tap on the default GMail app, get your mail & close the app
Guess what.
Google got your contacts.
Android settings -> General -> Accounts
(navpath on my LG V20 smartphone)
It doesn't matter if you don't have a Google account on the phone.
Google will *create* that Google account if you use some of their apps.
In the test above, notice it doesn't matter that you wiped out every
vestige of the google account on your phone. Google will _create_ it.
Start with this simple explanation first and then tell me I'm wrong. https://faq.whatsapp.com/1191526044909364
WhatsApp claims end-to-end encryption: from client to client, and what's
on the server remains encrypted (in-situ on server). However, while
they do end-to-end encryption on messages, I cannot find specific
reference to encrypting contacts at the server.
Probably because WhatsApp does not store "contacts at the server"! :-)
Sofar he's disparaged Google and WhatsApp without providing any
substance, proof, etc.. Why should he stop there!?
How does WhatsApp know who in your contacts is a WhatsApp
subscriber?
WhatsApp claims end-to-end encryption: from client to client, and
what's on the server remains encrypted (in-situ on server).
If you store your contacts in the default location, WhatsApp uploads
them.
To where? Everything on the server is encrypted.
I'd have to see a technical paper describing just where contacts are
stored when using the WhatsApp service.
As I understand how it works, unless you set the phone up like I do,
every time you run WhatsApp, it uploads your contacts to its servers.
Not what I read on how the WhatsApp operates.
So not only are his arguments absurd. They're wrong.
So far, I think you're wrong about how WhatsApp handles contacts.
Uploading your contacts to WhatsApp is *optional* to have them validate
your list against those who have registered with their service.
Start with this simple explanation first and then tell me I'm wrong.
https://faq.whatsapp.com/1191526044909364
Start with the first sentence that reads "Contact upload is an optional feature".
How does the Gmail app on your phone know to what Google account to
connect to poll for e-mail or to synchronize its local data if there is
no Google account on your phone?
For once, try to follow the discussion and try to read for
comprehension!
I don't have any problem. I was only giving information/suggestions to *VanguardLH*, for encrypting/decrypting a contacts file *if* he wanted
to do that, which is *not* (yet) a given.
I need to look further into closing both doors into the barn.
From a screenshot (http://zdevs.ru/en/za/user_guide.html), looks
like AES 256, but there is a down chevron indicating there are other
choices; however, the other choices might only be ZipCrypto which is the
old PKZIP encryption algorithm that has long been vulnerable, but is compatible across all Zip archivers.
VanguardLH wrote on Sun, 28 Jan 2024 14:39:12 -0600 :
From a screenshot (http://zdevs.ru/en/za/user_guide.html), looks
like AES 256, but there is a down chevron indicating there are other
choices; however, the other choices might only be ZipCrypto which is the
old PKZIP encryption algorithm that has long been vulnerable, but is
compatible across all Zip archivers.
I installed ZArchiver though, after spending my valuable time and energy to find it to solve the problems that I thought that Frank & you wanted
solved.
If you can present to me a simple quick way to test ZArchiver for you,
I can do that, but if it's something you can test, you should do that
first.
VanguardLH wrote on Sun, 28 Jan 2024 14:08:12 -0600 :
I need to look further into closing both doors into the barn.
It's a simple file copy-&-merge process (removing dups) for Christ sake.
VanguardLH wrote on Sun, 28 Jan 2024 19:36:15 -0600 :
How does the Gmail app on your phone know to what Google account to
connect to poll for e-mail or to synchronize its local data if there
is no Google account on your phone?
Idiot. Now you're just wasting my time. I'm not reading further.
VanguardLH wrote on Sun, 28 Jan 2024 19:39:40 -0600 :
Start with this simple explanation first and then tell me I'm wrong.
https://faq.whatsapp.com/1191526044909364
Start with the first sentence that reads "Contact upload is an optional
feature".
I never said it wasn't and, let's be clear, I use the WhatsApp direct
dialer so they only get the contact that I'm communicating directly with.
And, let's end with the sentence that says something to the effect of if
you don't do this, you won't get the functionality that you expect of the
app (which you don't understand as you've probably never used the app).
With those two statements in mind, I expect an apology before I
respond any further because you wasted hours of my time when you were
wrong all along.
Frank Slootweg wrote on 28 Jan 2024 15:43:33 GMT :
WhatsApp claims end-to-end encryption: from client to client, and what's >>> on the server remains encrypted (in-situ on server). However, while
they do end-to-end encryption on messages, I cannot find specific
reference to encrypting contacts at the server.
Probably because WhatsApp does not store "contacts at the server"! :-)
I drastically dumbed it down for Vanguard & Carlos, Frank. Remember, Carlos said that Microsoft Excel was far too complicated for him, and in fact
Carlos even ridiculed the use of any Microsoft Office tool ever on a PC.
So it wouldn't have been worth any energy not to dumb it down for him.
Even so, he disputed what he doesn't even understand, as do you & Vanguard.
See this post to you which still dumbs it down for you, but not as much. Message-ID: <up6th9$25lj$1@nnrp.usenet.blueworldhosting.com>
And if you go down the hole that it's optional if you are willing to put up with loss of basic functionality, then you're missing what most people do.
Sofar he's disparaged Google and WhatsApp without providing any
substance, proof, etc.. Why should he stop there!?
This conversation is over until and unless you grow up and understand the GMail example I gave to Vanguard is something you have never even tried. Message-ID: <up6qig$2h2$1@nnrp.usenet.blueworldhosting.com>
Because you have never tried it, you're just guessing how it works.
And you're guessing wrong.
Stop that.
Try it.
Then tell me it doesn't work the way it works.
When you tell me it doesn't work the way it works, you sound no different than Carlos when he ridiculed the use of Microsoft Office tools on a PC.
Who is that stupid, Frank?
Carlos is.
Don't you be that stupid.
When you tell me that WhatsApp doesn't save the hashes on their servers,
then you sound stupid Frank - just as stupid as Vanguard did when he
brought up a million desperate hurdles for why he can't copy a file.
He sounded stupid.
Because he vehemently complained about something as simple as s file copy.
He threw up inane hurdle after asinine hurdle, Frank.
Like what if he's on vacation or what happens if he loses his phone.
He demanded to know my MUA. And my contacts manager. And what encryption.
He went on and on about his last century sneaker net frustrations, Frank.
And then he complained endlessly about how much he hates mail servers.
All because he's too lazy to think about how to copy & merge a file.
Don't be like that Frank.
You are smarter than Carlos & Vanguard combined and multiplied by ten.
Don't just guess.
Remember, I can use WhatsApp with a direct dialer.
They can't.
Can you?
I don't know, but most people are too stupid to understand the implications of not feeding any app that asks for it their default Android contacts DB.
Until you understand the concepts, I've wasted already hours on you.
In your response, please don't refute what you are just guessing about.
For example, if you've never used the GMail app, then don't tell me it doesn't create an Android account on your phone the moment you use it.
I'm trying to help you (and Vanguard and Carlos) understand what you don't.
I don't guess.
You shouldn't either.
I don't guess. I test.
You should too.
After you test what I've said, then YOU tell me that I was right all along. Until then, good bye.
Andrew <andrew@spam.net> wrote:
VanguardLH wrote on Sun, 28 Jan 2024 14:08:12 -0600 :
E-mail encryption doesn't cover encrypting the headers, so the contact records are still vulnerable to breaches, hacking, theft, abuse, etc.
You're protecting the body of the message, not the headers (which are required for routing and tracing). I'm checking where the e-mails
remain encrypted in-situ at the e-mail provider to ensure no one can get
at the contact headers in them. ProtonMail is too expensive for me. I haven't yet found a cheaper or free alternative.
Frank Slootweg wrote on 28 Jan 2024 15:16:29 GMT :
For once, try to follow the discussion and try to read for
comprehension!
I don't have any problem. I was only giving information/suggestions to
*VanguardLH*, for encrypting/decrypting a contacts file *if* he wanted
to do that, which is *not* (yet) a given.
I was trying to help you Frank, because you typically choose dumb apps.
The apps I provided are (IMHO) much better for what _you_ said you wanted
to do than the apps you listed (I searched for them to help you, Frank).
In fact, I'd like to ask you what, of what you expressed you needed in this thread, do you NOT get with that ZArchiver that I helpfully found for you?
As for Vanguard, simply copying a file he said is too much work for him.
I spent hours trying to address each and every one of his concerns.
And in the end, like Carlos when he ridiculed the use of Microsoft Office
on a PC, Vanguard ridiculed the concept of copying a file as a master db.
Who throws up so many hurdles such that their hurles are these two thing?
a. Who ridicules the use of Microsoft Office on a PC (but Carlos)?
b. Who ridicules copy & sync to maintain a Master DB (but Vanguard)?
The objections you three are throwing up are simply absurd.
I'm wasting my time trying to explain to you what you can't comprehend.
Frank Slootweg wrote on 28 Jan 2024 15:52:21 GMT :
If you store your contacts in the default location, WhatsApp uploads them.
Nope, as Carlos correctly said, WhatsApp does *not* upload your
contacts! (Umpteenth repeat of clue-by-four: WhatsApp Legal)
If you think otherwise, *prove* it, with a cite from a *reputable*
source (complete with URL).
You're not as stupid as Carlos is so bear in mind I dumbed it down because people like Carlos & Vanguard already told me a file copy is too hard.
If they can't handle how to copy a file, then they can't handle hashes.
Plus they can't handle common WhatsApp switches like "Contact Upload."
Since this was covered long ago (I think it may have even been you who
found all this out)
so from my memory, this is how it works for WhatsApp.
When you use the built-in WhatsApp contact upload feature, for example, WhatsApp will upload your phone numbers *daily* from your default contacts database (frequency depends on how often you use the WhatsApp app).
They only save the hash of the phone numbers on their servers & they say
they will disregard the other data like real addresses and real names.
That's what they say so you have to just trust them on it.
Notice I said "all" your contacts and not just the ones that use WhatsApp.
I'm going to repeat this for effect because they say that they do save the hash of *every* contact even *before* that contact has joined WhatsApp!
Andrew <andrew@spam.net> wrote:
Start with this simple explanation first and then tell me I'm wrong. https://faq.whatsapp.com/1191526044909364
Start with the first sentence that reads "Contact upload is an optional feature".
Andrew <andrew@spam.net> wrote:
Frank Slootweg wrote on 28 Jan 2024 15:43:33 GMT :
After you test what I've said, then YOU tell me that I was right all along. >> Until then, good bye.
Why does this guy remind me of Alan Connor?
Why does this guy remind me of Alan Connor?
Frank Slootweg wrote on 28 Jan 2024 15:16:29 GMT :
For once, try to follow the discussion and try to read for
comprehension!
I don't have any problem. I was only giving information/suggestions to *VanguardLH*, for encrypting/decrypting a contacts file *if* he wanted
to do that, which is *not* (yet) a given.
I was trying to help you Frank, because you typically choose dumb apps.
The apps I provided are (IMHO) much better for what _you_ said you wanted
to do than the apps you listed (I searched for them to help you, Frank).
In fact, I'd like to ask you what, of what you expressed you needed in this thread, do you NOT get with that ZArchiver that I helpfully found for you?
Andrew <andrew@spam.net> wrote:[...]
VanguardLH wrote on Sun, 28 Jan 2024 15:10:31 -0600 :
*Fact* is that *if* you choose to upload your contacts to 'Google', it >>> only gets into *your* Google Account storage. Duh!
Yep. If you do not create a Google account, or assign your phone to
one, then your phone has no Google account to which it can sync
anything.
All three of you are always dead wrong because you've never tested it.
I have.
Try this simple test _before_ you respond and say Google doesn't get your contacts the very first time you log into your Google account to get email.
1. (Optional) Wipe out every vestige of your Google Account on your phone 2. Create a new contact "Frank Carlos Vanguard, +1-234-567-8910 & save it 3. Simply tap on the default GMail app, get your mail & close the app
How does the Gmail app on your phone know to what Google account to
connect to poll for e-mail or to synchronize its local data if there is
no Google account on your phone? The Gmail app does not store accounts.
It gets them from the account manager in Android.
Somehow in your above test you are still connecting to a Google account despite you claim you wiped it off your phone. Since the Google account
is gone, how is any app going to connect to a non-existing account? I
think your process is flawed, because once signed out of your Google
account, and with none available from the Android account manager, the
app doesn't know where to connect.
Guess what.
Google got your contacts.
Frank Slootweg <this@ddress.is.invalid> wrote:
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2024-01-27 22:54, Andrew wrote:
Carlos E.R. wrote on Sat, 27 Jan 2024 22:30:50 +0100 :
The people who take your contacts make it very convenient to
upload them. Did you ever stop to wonder why they make it so
easy to get your contacts?
I don't upload them.
Google does.
So?
Indeed. And "Google does" [upload your contacts] is also misleading, because Google only does that if you - implicitly or explicitly -
tell/ask them to do so. You can select to not sync contacts or/and other parts of your Google Accounts.
The wording also - dishonestly - implies that you give your contacts
to Google and that 'hence' Google can and does abuse/misuse/spread that information. That's ofcourse nonsense, because Google would be sued to bits.
*Fact* is that *if* you choose to upload your contacts to 'Google', it only gets into *your* Google Account storage. Duh!
Yep. If you do not create a Google account, or assign your phone to
one, then your phone has no Google account to which it can sync
anything.
Android settings -> General -> Accounts
(navpath on my LG V20 smartphone)
You can store your contacts, and other info, anywhere on your phone, but
they won't get sync'ed anywhere unless you added a sync account. That
was the whole point of managing accounts in Android was to have one
place to manage them. In fact, when you install or configure an app,
you may be asked to select an account already defined. Instead of
having to go through all the settings to get an app to connect online,
you reuse an account already defined.
If you delete a sync account, no more sync'ing to it.
VanguardLH <V@nguard.lh> wrote:
[...]
Why does this guy remind me of Alan Connor?
You asked yourself that in December 2021 as well about 'Joel' in the Windows 10/11 groups.
This was my response:
Message-ID: <sqn87q.qgg.1@ID-201911.user.individual.net>
Can't be bothered to back-track that to see if 'Joel' was 'Arlen'.
VanguardLH <V@nguard.lh> wrote:
Andrew <andrew@spam.net> wrote:[...]
VanguardLH wrote on Sun, 28 Jan 2024 15:10:31 -0600 :
*Fact* is that *if* you choose to upload your contacts to 'Google', it >>>>> only gets into *your* Google Account storage. Duh!
Yep. If you do not create a Google account, or assign your phone to
one, then your phone has no Google account to which it can sync
anything.
All three of you are always dead wrong because you've never tested it.
I have.
Try this simple test _before_ you respond and say Google doesn't get your >>> contacts the very first time you log into your Google account to get email. >>>
1. (Optional) Wipe out every vestige of your Google Account on your phone >>> 2. Create a new contact "Frank Carlos Vanguard, +1-234-567-8910 & save it >>> 3. Simply tap on the default GMail app, get your mail & close the app
How does the Gmail app on your phone know to what Google account to
connect to poll for e-mail or to synchronize its local data if there is
no Google account on your phone? The Gmail app does not store accounts.
It gets them from the account manager in Android.
Somehow in your above test you are still connecting to a Google account
despite you claim you wiped it off your phone. Since the Google account
is gone, how is any app going to connect to a non-existing account? I
think your process is flawed, because once signed out of your Google
account, and with none available from the Android account manager, the
app doesn't know where to connect.
Guess what.
Google got your contacts.
His flaw is that he says "Wipe out every vestige of your Google
Account on your phone", but that does not delete the Google Account
*itself*, it only wipes out *references (from the phone) to* the Google Account. The Google Account still lives happily ever after and the 'Your devices' list is still there and kept for 28 days, so also logging out
on your Android device probably still allows Google to re-connect your Android device to your (non-deleted) Google Account.
So 'Arlen' hasn't actually proven anything.
I did not ridicule the use of Microsoft Office.
I simply said I never use it, in decades.
b. Who ridicules copy & sync to maintain a Master DB (but Vanguard)?
The objections you three are throwing up are simply absurd.
I'm wasting my time trying to explain to you what you can't comprehend.
I'm not throwing objections.
You can do what you please, and I will keep
doing what I please, in this case, using the Android default Address
Book. To each his own.
Don't try to teach me how to sync things differently. I know how to sync things since computers came with RS232 ports.
I was trying to help you Frank, because you typically choose dumb apps.
<barf!>
Frank Slootweg <this@ddress.is.invalid> wrote:
VanguardLH <V@nguard.lh> wrote:
[...]
Why does this guy remind me of Alan Connor?
You asked yourself that in December 2021 as well about 'Joel' in the
Windows 10/11 groups.
This was my response:
Message-ID: <sqn87q.qgg.1@ID-201911.user.individual.net>
Can't be bothered to back-track that to see if 'Joel' was 'Arlen'.
I need to retract that. With Alan Connor, if you agreed with him you
were God's right hand, but if you disagreed or even asked for more information you became Satan. Andrew seems familiar due to his style,
but I can't place him yet. Perhaps your NNTP client's (tin) retention
is longer than mine. How long has Andrew been here? More than 3
months? Maybe he nymshifted. I previously purged messages older than 2 months since the older the thread then the less interesting it is. I
upped retention to a year, but that change was in the last month.
Not everything Andrew says is bogus. There's enough content to keep
interest in reading him, whether I agree with him or not, but it can
take some prodding to get specifics rather than his sweeping claims.
Yes, for some users, keeping their contacts private is very important,
and some methods have been mentioned here, but it's only been about protecting contact lists, not about the e-mails that contain the
contacts. If a breach can get at your contacts, it can also get at your e-mails with contact headers.
I'm still looking into how to keep everything encrypted on the server, including the headers.
ProtonMail is too expensive for my very low
e-mail volume. I prefer to use a local e-mail client, not their web
app, and that requires using their bridge (local proxy) that locally
decrypts the e-mail traffic to then handed to the local e-mail client,
but their bridge requires a paid service tier with them. They do
encrypt all content (body and headers) in-situ on their server, so a
breach won't get at my contacts or e-mails (and their headers with
contact info). Their free service tier has me using their web site
instead of a local e-mail account; however, there is an option to send notifications of new mails in a Proton account to another account, so I
do can get notification by my local e-mail account of new mails at ProtonMail, but I would still have to use a web browser to see the new
mail. I've found other ProtonMail wannabees, but they don't have the
e-mails themselves fully encrypted, including headers, so a breach could expose contacts via e-mail headers.
PGP or x.509/SMIME certificates with public/private key pairs encrypt
only the bodies of e-mails, but not the other headers in an e-mail
containing the contact info needed to route and track transfer of
e-mails.
Plus, you cannot force your senders to always encrypt their
e-mails to you (after you've given them your public key). The headers
aren't encrypted, because they're needed for routing the message until deposited into your account, but once in your account the headers could
be encrypted, too.
E2EE server-to-client doesn't protect your e-mails on the server from
hacking or breaches. E2EE client-to-client can protect better, but
that's a scenario hard to do with e-mail built on a trust model with
some security tacked on (PGP/SMIME, SPF/DKIM/DMARC/MX DNS records).
E-mail is intrinsically "open". For users that want their contacts and messages protected wherever they reside, E2EE client-to-client works,
and easier to implement. E2EE client-to-client for e-mail (with headers
also encrypted) is hard, the solutions a bit clumsy, and may require
getting stuck with HTTPS to a web app at a free service tier.
For now, I use ProtonMail to keep e-mail data (whole messages, so
headers included) protected in-situ on the server. It's configured to
notify my Hotmail account when new messages arrive at ProtonMail. That
gives a URL back to their web site to securely read the new mail. I can protect my e-mails to others with a passphrase: the recipient has to
enter the passphrase after they are redirected from their e-mail client
to ProtonMail's web app (they don't need to login, just give the
passphrase). Unlike doling out a public key, you need to somehow get
the passphrase to the sender. I configured my ProtonMail account to
always add a PGP public key to my outbound messages to let the recipient
use it to encrypt their message back, but not all e-mail clients support
PGP (or x.509/SMIME), webmail apps typically don't support digital
signing or encryption (lots of users use webmail instead of local
clients), and recipients may not know how to implement encryption in
whatever client they use. Getting a message taking them to ProtonMail's
web site (no login required) to enter a passphrase is much easier for
them to figure out. But separately getting them the passphrase is a
nuisance unless you can allude to the string value by a combination of
info only they would know.
Carlos E.R. wrote on Mon, 29 Jan 2024 14:55:43 +0100 :
I did not ridicule the use of Microsoft Office.
I simply said I never use it, in decades.
Microsoft Excel is a perfectly good way to sort, merge & remove dups.
The only better MS Office tool would be Access (but that's overkill).
b. Who ridicules copy & sync to maintain a Master DB (but Vanguard)?
The objections you three are throwing up are simply absurd.
I'm wasting my time trying to explain to you what you can't comprehend.
I'm not throwing objections.
All you had to do was say that you understood the concept of NOT storing
the contacts in the default contact database and that would have been
better.
By throwing up objections (such as the fact that you're the only one on the planet who doesn't use Microsoft Office on their PC), you were ojecting to the concept.
Simply state you understand the concept.
And then you can say but it's too much work for you to think.
You have the trait that if someone doesn't agree with you, you call us stupid.
It's a simple file copy-&-merge process (removing dups) for Christ sake.
Don't know where you are going there. You argue that protecting the
contact records is better security. I agree, but that's only half the protection. Not securing the e-mails with their contact info is the
other half. Once I figure out how to secure BOTH is when I'll bother to implement both.
His flaw is that he says "Wipe out every vestige of your Google
Account on your phone"...
but that does not delete the Google Account
*itself*, it only wipes out *references (from the phone) to* the Google Account.
The Google Account still lives happily ever after and the 'Your
devices' list is still there and kept for 28 days, so also logging out
on your Android device probably still allows Google to re-connect your Android device to your (non-deleted) Google Account.
As to "Guess what. Google got your contacts.", as I said, it's not
"Google" - i.e. FUD - which got your contacts, but <FS>"*your* Google
Account storage"</FS> has got your contacts. Duh!
No app can connect to an account it is not told about. No phone is sold
that comes pre-bundled with YOUR Google account defined on it.
Andrew's claim is deleting the Google account defined on the phone will
still have the Gmail app find your Google account. Opposite happened to
me: when I deleted the Google account defined on the phone, the Gmail
app didn't know where to connect.
There are Google apps that still access Google services, like Maps, but
those don't need a Google account to perform basic functions.
connect to your Google account, because you didn't define one, but it
still uses Google's Maps API to access their maps service.
If you delete a sync account, no more sync'ing to it.
Yes, but my point was/is, that even if you *do* have a Google Account
for syncing, "You can select to *NOT* sync contacts or/and other
parts of your Google Accounts.".
Frank - the problem with you is you don't understand things to the level
that someone should who is going to say that it doesn't work how it does.
Test it first.
a. Set up your contacts database in a way that you can identify it.
b. Wipe out the Google Account on your phone (if you have one set up).
c. Log into ANY Google Account (it doesn't even have to be yours, but
of course you'll need the password) and that account will be _created_
on your Android phone (check "Settings > Accounts and backup").
Two things happened when I last tested this (and I reported it to you).
1. If you log into an account named "foo", that account is now set up
on your phone in the Android "Settings > Accounts and backup" area).
2. All your contacts are uploaded automatically - you can change that
but it already happened - so you have to know it will happen - which
is one of the reasons I'm explaining this to those who don't know it).
Try it first, before you guess that it doesn't work the way it does.
I test.
You guess.
WhatsApp still works in its basic mode when you keep
private your contacts (don't let WhatsApp app read your phone's address book).
Since this was covered long ago (I think it may have even been you who
found all this out)
Yes, I pointed to this information several times.
They only save the hash of the phone numbers on their servers & they say
they will disregard the other data like real addresses and real names.
That's what they say so you have to just trust them on it.
They will not "disregard the other data ...", they will not retrieve
it in the first place! "disregard" is already misleading and FUD.
Notice I said "all" your contacts and not just the ones that use WhatsApp. >>
I'm going to repeat this for effect because they say that they do save the >> hash of *every* contact even *before* that contact has joined WhatsApp!
Now - and later - you're mixing up "contact" and "phone number".
They do *not* retrieve, upload, collect, store, save, <whatever> "contact"s. They only retrieve/store *phone number*s. And for non WhatsApp users,
they store only a cryptographic hash value, not the phone number itself.
And *because* they only store *phone numbers*, not contacts, they
*can not* do the dreadful things which you and others say/imply do /
might do.
So now try to remember the difference between a phone number and a
contact, so we will not have to do this silly dance over and over again.
VanguardLH wrote:
I'm still looking into how to keep everything encrypted on the server,
including the headers.
I don't think you can.
ProtonMail is too expensive for my very low
e-mail volume. I prefer to use a local e-mail client, not their web
app, and that requires using their bridge (local proxy) that locally
decrypts the e-mail traffic to then handed to the local e-mail client,
but their bridge requires a paid service tier with them. They do
encrypt all content (body and headers) in-situ on their server, so a
breach won't get at my contacts or e-mails (and their headers with
contact info). Their free service tier has me using their web site
instead of a local e-mail account; however, there is an option to send
notifications of new mails in a Proton account to another account, so I
do can get notification by my local e-mail account of new mails at
ProtonMail, but I would still have to use a web browser to see the new
mail. I've found other ProtonMail wannabees, but they don't have the
e-mails themselves fully encrypted, including headers, so a breach could
expose contacts via e-mail headers.
PGP or x.509/SMIME certificates with public/private key pairs encrypt
only the bodies of e-mails, but not the other headers in an e-mail
containing the contact info needed to route and track transfer of
e-mails.
That can not be done, it breaks transport.
Plus, you cannot force your senders to always encrypt their
e-mails to you (after you've given them your public key). The headers
aren't encrypted, because they're needed for routing the message until
deposited into your account, but once in your account the headers could
be encrypted, too.
Maybe. I have my doubts. If they have webmail and you can read email
there, they have the key too.
Start with the first sentence that reads "Contact upload is an optional
feature".
The main problem, is that "Contact upload" is a misnomer. WhatsApp
does *not* upload your "contact"s.
Frank Slootweg wrote on 29 Jan 2024 15:36:20 GMT :
I was trying to help you Frank, because you typically choose dumb apps.
<barf!>
Of what ZArchiver claims it does, what isn't to your liking? https://play.google.com/store/apps/details?id=ru.zdevs.zarchiver
Frank Slootweg wrote on 29 Jan 2024 16:23:56 GMT :
His flaw is that he says "Wipe out every vestige of your Google
Account on your phone"...
I never once said that. So stop guessing (always wrong) at what I said.
Frank Slootweg <this@ddress.is.invalid> wrote:
VanguardLH <V@nguard.lh> wrote:
[...]
Why does this guy remind me of Alan Connor?
You asked yourself that in December 2021 as well about 'Joel' in the Windows 10/11 groups.
This was my response:
Message-ID: <sqn87q.qgg.1@ID-201911.user.individual.net>
Can't be bothered to back-track that to see if 'Joel' was 'Arlen'.
I need to retract that. With Alan Connor, if you agreed with him you
were God's right hand, but if you disagreed or even asked for more information you became Satan. Andrew seems familiar due to his style,
but I can't place him yet.
Perhaps your NNTP client's (tin) retention
is longer than mine. How long has Andrew been here? More than 3
months? Maybe he nymshifted. I previously purged messages older than 2 months since the older the thread then the less interesting it is. I
upped retention to a year, but that change was in the last month.
Claims an app can connect to an undefined account. I've experienced the opposite. I suspect eventually he would suggest I reset my phone, and
load the bundled Gmail app which will divine my Google account. Says
there have thousands of posts here about hiding contacts. "It's so
simple that it's obvious. Elegant. Efficient. Private. Secure." as that
must be so detailed as to help others ... not. Needs prodding to give details (similar to micky). Thinks his setup on a LAN is of any
importance regarding a solution across devices over the Internet. Makes statements about WhatsApp that refutes info by WhatsApp and elsewhere. Belittles others, but he wants apologies from those who contend his statements ... in Usenet, no less. Claims Internet access to a NAS
device on his intranet is easy, yet doesn't describe how he manages that
so easily compared to how I describe a possible setup. Focuses on
contact lists, but never addresses why unprotected e-mails on the server
with all those contact headers doesn't obviate his solution on
protecting contact lists.
Not everything Andrew says is bogus. There's enough content to keep
interest in reading him, whether I agree with him or not, but it can
take some prodding to get specifics rather than his sweeping claims.
Yes, for some users, keeping their contacts private is very important,
and some methods have been mentioned here, but it's only been about protecting contact lists, not about the e-mails that contain the
contacts. If a breach can get at your contacts, it can also get at your e-mails with contact headers.
So now try to remember the difference between a phone number and a contact, so we will not have to do this silly dance over and over again.
Frank Slootweg <this@ddress.is.invalid> wrote:
VanguardLH <V@nguard.lh> wrote:
Andrew <andrew@spam.net> wrote:[...]
VanguardLH wrote on Sun, 28 Jan 2024 15:10:31 -0600 :
*Fact* is that *if* you choose to upload your contacts to 'Google', it
only gets into *your* Google Account storage. Duh!
Yep. If you do not create a Google account, or assign your phone to >>>> one, then your phone has no Google account to which it can sync
anything.
All three of you are always dead wrong because you've never tested it. >>> I have.
Try this simple test _before_ you respond and say Google doesn't get your >>> contacts the very first time you log into your Google account to get email.
1. (Optional) Wipe out every vestige of your Google Account on your phone >>> 2. Create a new contact "Frank Carlos Vanguard, +1-234-567-8910 & save it >>> 3. Simply tap on the default GMail app, get your mail & close the app
How does the Gmail app on your phone know to what Google account to
connect to poll for e-mail or to synchronize its local data if there is
no Google account on your phone? The Gmail app does not store accounts. >> It gets them from the account manager in Android.
Somehow in your above test you are still connecting to a Google account
despite you claim you wiped it off your phone. Since the Google account >> is gone, how is any app going to connect to a non-existing account? I
think your process is flawed, because once signed out of your Google
account, and with none available from the Android account manager, the
app doesn't know where to connect.
Guess what.
Google got your contacts.
His flaw is that he says "Wipe out every vestige of your Google
Account on your phone", but that does not delete the Google Account *itself*, it only wipes out *references (from the phone) to* the Google Account. The Google Account still lives happily ever after and the 'Your devices' list is still there and kept for 28 days, so also logging out
on your Android device probably still allows Google to re-connect your Android device to your (non-deleted) Google Account.
So 'Arlen' hasn't actually proven anything.
I do see in my online (web) Google account, as part of security showing
which device has connected to your account, it will list those devices.
This is for history, not a reverse connection setup where Google
connects to your phone to reinstate an account definition for Google.
Carlos E.R. wrote on Mon, 29 Jan 2024 22:39:20 +0100 :
You have the trait that if someone doesn't agree with you, you call us
stupid.
You're wrong. I love to learn from others. I've always loved to learn.
If you gave me a rational sensible & logical reason for telling me the moon was made of cheese, I'd believe you (if it made any real sense, that is).
But your sole objection to privacy was that you don't use Microsoft Office. As if Microsoft Office had anything whatsoever to do with the concept.
My master contacts database file has over three hundred entrees.
Yet Windows 10 Thunderbird handles it (import/export).
And Android handles it (import/export).
Microsoft Office handles it too (Excel merges fields & removes duplicates).
You're making this about a million times harder than it really is.
Have you never used Microsoft Office not even once in your life?
How much trouble can you have synchronizing a simple MS Office file?
I don't use MS Office, ever.
Any file editor would have worked as well.
What kind of person exists that doesn't know how to use any file editors?
You and who else?
Nobody else.
Just you.
If your objection to privacy made sense, I'd think differently about you.
But you and Frank think they're exactly the same, which is why you called
me a troll. You don't understand anything - so when I tell you something
that you don't understand - you immediately call me a troll for that.
*IF* I decide to pay for their next service tier that includes their
bridge, I'll do a test to ensure what they say is what happens. I'll
have my IMAP client connect directly to their e-mail server, and also
through their bridge. I can then see if the headers were encrypted in
the direct connection to their servers.
Oh wait, they don't allow direct connections to their mail servers. You
must use their bridge. Their bridge (proxy) is currently available for Windows, Linux, and MacOS. For Android and iOS, you need to use their
mobile apps where they could incorporate their bridge to encrypt all
traffic.
When I needed my sister's social security number to complete a title
transfer of my mother's house after she died, I sent you a message via ProtonMail with a passphrase. She didn't have any clients that support
PGP or SMIME for encrypting messages between clients. When she got my
PM message, she clicks a link to go to PM's web app, and enters the passphrase. Then she could reply securely regardless of her inept mail client.
VanguardLH <V@nguard.lh> wrote:
Frank Slootweg <this@ddress.is.invalid> wrote:
VanguardLH <V@nguard.lh> wrote:
[...]
Why does this guy remind me of Alan Connor?
You asked yourself that in December 2021 as well about 'Joel' in the
Windows 10/11 groups.
This was my response:
Message-ID: <sqn87q.qgg.1@ID-201911.user.individual.net>
Can't be bothered to back-track that to see if 'Joel' was 'Arlen'.
I need to retract that. With Alan Connor, if you agreed with him you
were God's right hand, but if you disagreed or even asked for more
information you became Satan. Andrew seems familiar due to his style,
but I can't place him yet.
It's blatantly obvious that he's 'Arlen Holder'. Carlos and I have
been calling him "Arlen" and he has not objected, so ...
Perhaps your NNTP client's (tin) retention
is longer than mine. How long has Andrew been here? More than 3
months? Maybe he nymshifted. I previously purged messages older than 2
months since the older the thread then the less interesting it is. I
upped retention to a year, but that change was in the last month.
I could find out since when this nym popped up, but it doesn't matter. It's just one of many, probably getting close to a hundred. Just
recently he seems to be recycling yet another old nym.
Claims an app can connect to an undefined account. I've experienced the
opposite. I suspect eventually he would suggest I reset my phone, and
load the bundled Gmail app which will divine my Google account. Says
there have thousands of posts here about hiding contacts. "It's so
simple that it's obvious. Elegant. Efficient. Private. Secure." as that
must be so detailed as to help others ... not. Needs prodding to give
details (similar to micky). Thinks his setup on a LAN is of any
importance regarding a solution across devices over the Internet. Makes
statements about WhatsApp that refutes info by WhatsApp and elsewhere.
Belittles others, but he wants apologies from those who contend his
statements ... in Usenet, no less. Claims Internet access to a NAS
device on his intranet is easy, yet doesn't describe how he manages that
so easily compared to how I describe a possible setup. Focuses on
contact lists, but never addresses why unprotected e-mails on the server
with all those contact headers doesn't obviate his solution on
protecting contact lists.
Good summary and that's only of this thread! :-)
Not everything Andrew says is bogus. There's enough content to keep
interest in reading him, whether I agree with him or not, but it can
take some prodding to get specifics rather than his sweeping claims.
For me, there's way too much noise and hardly any signal, so I filter
most of his nyms. This one not yet, mainly because of his
misrepresentations about me, what I did (not) say, etc.. But it has -
again - gone way beyond ridiculous, so I'm limiting my responses to the minimum.
Yes, for some users, keeping their contacts private is very important,
and some methods have been mentioned here, but it's only been about
protecting contact lists, not about the e-mails that contain the
contacts. If a breach can get at your contacts, it can also get at your
e-mails with contact headers.
Indeed. That aspect, which you raised repeatedly, seems to escape :-)
him completely. He's very careful about keeping *other* people's contact information in his safe, locks all the windows and doors in his house to
keep the thieves out, but while doing all that, he sends his *own*
contact information out the front door, ready to be (ab)used by others!
The mind boggles!
[...]
"Carlos E.R." <robin_listas@es.invalid> wrote:
VanguardLH wrote:
I'm still looking into how to keep everything encrypted on the server,
including the headers.
I don't think you can.
There is no further transport when the message reaches the target server (unless an option to forward from there is enabled). Once in my
ProtonMail account, the entire message can be encrypted, including
headers. Using their web app will decrypt to view.
For an IMAP client
retrieving messages, their proxy (bridge) is needed to decrypt before delivering to the mail client (something akin to how sTunnel handles encrypted login between inept client to server).
ProtonMail is too expensive for my very low
e-mail volume. I prefer to use a local e-mail client, not their web
app, and that requires using their bridge (local proxy) that locally
decrypts the e-mail traffic to then handed to the local e-mail client,
but their bridge requires a paid service tier with them. They do
encrypt all content (body and headers) in-situ on their server, so a
breach won't get at my contacts or e-mails (and their headers with
contact info). Their free service tier has me using their web site
instead of a local e-mail account; however, there is an option to send
notifications of new mails in a Proton account to another account, so I
do can get notification by my local e-mail account of new mails at
ProtonMail, but I would still have to use a web browser to see the new
mail. I've found other ProtonMail wannabees, but they don't have the
e-mails themselves fully encrypted, including headers, so a breach could >>> expose contacts via e-mail headers.
PGP or x.509/SMIME certificates with public/private key pairs encrypt
only the bodies of e-mails, but not the other headers in an e-mail
containing the contact info needed to route and track transfer of
e-mails.
That can not be done, it breaks transport.
No further transport. Communication at the target server is to client.
The client is polling their account, not a server receiving a message to further transport to another server. However, their local proxy is
needed to decrypt before delivering to the local client.
Also, encrypting an encrypted document and decrypting the first time
leaves the previously encrypted document. If you encrypt 7 times, you
need to decrypt 7 times to get the original document which might've
already been encrypted with PGP or SMIME.
Their local proxy is not to handle PGP or SMIME encrypted messages.
Those pass through their bridge to get decrypted from the in-situ copy
on their server to deliver to your local client with the original
PGP/SMIME encrypted message.
Without their bridge, you would end up getting gobblety gook in the
messages retrieved from their server.
https://proton.me/mail/bridge
You can't just connect your local mail client to their server to get
your messages. The key for the bridge is different than in your
account, and only you know that key (similar to you having the private
key in a PGP/SMIME key pair). If you don't use their bridge, I'm not
sure how a local mail client is going to handle messages with no
discernable Subject, From, or other headers.
Plus, you cannot force your senders to always encrypt their
e-mails to you (after you've given them your public key). The headers
aren't encrypted, because they're needed for routing the message until
deposited into your account, but once in your account the headers could
be encrypted, too.
Maybe. I have my doubts. If they have webmail and you can read email
there, they have the key too.
Not if the encryption is using your login password. Similarly, you can encrypt a document to send and the recipient uses a passphrase to
decrypt. Yep, they probably have that (password or key), but their
claim is they cannot or will not look into your e-mails on their server.
They are not in a 5-Eyes country, so not subject to an NSL (National
Security Letter) forcing them to divulge e-mails, logging, or any info
about their accounts. I'm sure they are still subject to Swiss laws.
I'm sure they still do have the key (password) for my account for their
web app to decrypt the messages when viewing them there. However, my
concern is not with my e-mail provider looking at my e-mails. It is
with hacking and breaches. If you don't trust an e-mail with your
messages, you shouldn't be using them. However, as you noted for
transport, e-mail was built on a trust model. Making it secure, even
from the e-mail provider, is difficult, but necessarily from hackers and breaches. Hopefully they have processes in place regarding trust in
using keys/passwords against disgruntled employees stealing data (ever
heard of a gruntled employee?). They claim they cannot recover or read
your e-mails, because they don't have the key/password. If the password
you enter for login is encrypted, and compared against an encrypted
password database, then it's harder for them to peek, but not
impossible.
One of the options in a ProtonMail account is the user can change the
account key (RSA 2048). So, for the super paranoid, the user can keep changing the key. That still doesn't make it necessarily impossible for
them to get.
On 2024-01-30 11:57, Frank Slootweg wrote:[...]
It's blatantly obvious that he's 'Arlen Holder'. Carlos and I have
been calling him "Arlen" and he has not objected, so ...
And today he mentioned using wasap to talk with German relatives or
friends, something he said before under another name.
I have doubts about Frankie, who appeared 2023-11-02.
And please remember that I do know how to sync files, and did so, since
the computers came with RS232 ports several decades ago.
credentials of his Google Account into the Gmail app on his so, so the (reference to) his Google Account got re-created on his phone.
anybody that nymshifts is a troll.
You can, if you wish, explain some other method, for curiosity shake,
but you must know I will not use it. This is a conscious and meditated decision.
Guess what the double quotes mean? It was an exact
verbatim quote of what you *did* say.
Carlos E.R. wrote on Tue, 30 Jan 2024 14:13:56 +0100 :
anybody that nymshifts is a troll.
You're racist, Carlos.
All you clearly racist people can see, is the color of someone's skin.
You've said that before that everyone who is Black is a criminal even if they've never committed a crime and you also said that everyone who wears a facemask is planning to rob a bank also - even though they've never robbed
a bank. You've said that anyone who is tall & blond is a Nazi too.
You own the limited-input wrong-output perfect mind of a racist, Carlos.
And because you're a racist, you never will understand why I said the best place to store your contacts (for privacy) is NOT in the default database.
HINT: It doesn't matter the color of someone's skin, Carlos, when they try
to explain to you something that you're incapable of understanding.
Frank Slootweg wrote on 30 Jan 2024 10:05:50 GMT :
Guess what the double quotes mean? It was an exact
verbatim quote of what you *did* say.
Idiot. Carlos is a racist and you're an idiot.
*I was explaining how to _test_ it you idiot.*
For you to claim a simple test procedure is something everyone should do is an example of why I said your IQ doesn't even approach that of normal yet.
Frank Slootweg wrote on 30 Jan 2024 11:15:26 GMT :
credentials of his Google Account into the Gmail app on his so, so the (reference to) his Google Account got re-created on his phone.
Frank - you missed the important part. The important part is NOT that the account is automatically created by the GMail app (and other apps) when you log into the account - that's not what's important, silly.
What's important is the account is simultaneously created with the default settings which at that same time will upload your contacts - without you having any say in the matter.
As I said to the racist Carlos, Google can't upload your contacts is you do not put them in the default Android contacts database.
I don't know why you can't understand a concept _that_ simple, Frank.
Backpedal duly noted.
As I said to the racist Carlos, Google can't upload your contacts is you do >> not put them in the default Android contacts database.
Calling someone a racist for absolutely no reason, is an extreme low,
even for you.
Don't want to be called a troll and a nymshifter, then
don't troll and don't nymshift. Rather simple really.
As you've have been told a zillion times, your 'privacy' excuse for
your nymshifting it utter BS.
I don't know why you can't understand a concept _that_ simple, Frank.
Yet another misrepresentation/straw-man, not only about my position,
but also about what "Google" 'does'.
Then it's a good thing that I did *NOT* claim any such thing, isn't it!?
On 2024-01-30 02:57, VanguardLH wrote:
*IF* I decide to pay for their next service tier that includes their
bridge, I'll do a test to ensure what they say is what happens. I'll
have my IMAP client connect directly to their e-mail server, and also
through their bridge. I can then see if the headers were encrypted in
the direct connection to their servers.
Oh wait, they don't allow direct connections to their mail servers. You
must use their bridge. Their bridge (proxy) is currently available for
Windows, Linux, and MacOS. For Android and iOS, you need to use their
mobile apps where they could incorporate their bridge to encrypt all
traffic.
When I needed my sister's social security number to complete a title
transfer of my mother's house after she died, I sent you a message via
ProtonMail with a passphrase. She didn't have any clients that support
PGP or SMIME for encrypting messages between clients. When she got my
PM message, she clicks a link to go to PM's web app, and enters the
passphrase. Then she could reply securely regardless of her inept mail
client.
Interesting.
Me, I do not need to encrypt headers; content is enough. Maybe the
subject: Thunderbird can encrypt it.
This method you mention, is interesting.
Well, there's hardly anything serious in these subthread
Hum. I remember a case at least in which Protonmail handled email from
one client to the authorities demanding it.
Carlos E.R. <robin_listas@es.invalid> wrote:
[...]
And please remember that I do know how to sync files, and did so, since
the computers came with RS232 ports several decades ago.
I can beat that! I synced files via papertape in the late 60s!
[Well, there's hardly anything serious in these subthreads, so why
should I spoil things!? :-)]
Carlos E.R. wrote on Tue, 30 Jan 2024 13:59:38 +0100 :
You can, if you wish, explain some other method, for curiosity shake,
but you must know I will not use it. This is a conscious and meditated
decision.
Carlos,
You're not the only one on this newsgroup.
You have no education. No comprehension. No understanding.
Carlos E.R. wrote on Tue, 30 Jan 2024 14:13:56 +0100 :
anybody that nymshifts is a troll.
You're racist, Carlos.
All you clearly racist people can see, is the color of someone's skin.
You've said that before that everyone who is Black is a criminal even if they've never committed a crime and you also said that everyone who wears a facemask is planning to rob a bank also - even though they've never robbed
a bank. You've said that anyone who is tall & blond is a Nazi too.
Carlos E.R. wrote on Tue, 30 Jan 2024 14:13:56 +0100 :
anybody that nymshifts is a troll.
You're racist, Carlos.
All you clearly racist people can see, is the color of someone's skin.
Frank Slootweg wrote on 30 Jan 2024 18:25:40 GMT :
Backpedal duly noted.
Idiot. You confuse a test sequence with the real world, Frank.
And I said it was optional, so you're a double idiot.
I had to simplify the test case because Vanguard is stupid.
But I don't consider you stupid, Frank.
Your IQ is probably only about 10 or 20% below normal.
That's not great. But it's not stupid.
Get this fact into your head, Frank.
*Never once did I advocate it EXCEPT in the context of a testcase.*
Just like Carlos is a racist because he says that I'm a criminal because
I'm Black (no other reason than that) - you claim that an illustrative test case is the real world.
"Carlos E.R." <robin_listas@es.invalid> wrote:
On 2024-01-30 02:57, VanguardLH wrote:
*IF* I decide to pay for their next service tier that includes their
bridge, I'll do a test to ensure what they say is what happens. I'll
have my IMAP client connect directly to their e-mail server, and also
through their bridge. I can then see if the headers were encrypted in
the direct connection to their servers.
Oh wait, they don't allow direct connections to their mail servers. You >>> must use their bridge. Their bridge (proxy) is currently available for
Windows, Linux, and MacOS. For Android and iOS, you need to use their
mobile apps where they could incorporate their bridge to encrypt all
traffic.
When I needed my sister's social security number to complete a title
transfer of my mother's house after she died, I sent you a message via
ProtonMail with a passphrase. She didn't have any clients that support
PGP or SMIME for encrypting messages between clients. When she got my
PM message, she clicks a link to go to PM's web app, and enters the
passphrase. Then she could reply securely regardless of her inept mail
client.
Interesting.
Me, I do not need to encrypt headers; content is enough. Maybe the
subject: Thunderbird can encrypt it.
This method you mention, is interesting.
Andrew's objective was to protect your contacts by not uploading them.
Well, your contacts are also in the headers of your e-mails. I'm not concerned my e-mail provider will steal my contacts. At worst, Google creates profiles, not sell individual account data. Well, I go to the airport, and they profile all the time without knowing who they chose to
pass through the fluoroscope (or whatever that think is called). My
counter to Andrew was that protecting contact lists was insufficient as contacts can also be culled from e-mails, and anyone that hacked or
breached the e-mail provider would have access to BOTH.
Because ProtonMail uses its own local proxy to interface between IMAP
client and their servers, their proxy doesn't have to use any of the
e-mail protocols (that would include non-encrypted headers) to get
messages from their server. Their proxy only needs to support e-mail protocols on the client-side after decrypting the message retrieved from
the server.
For myself, using PGP/SMIME encryption (when usable with someone else
whose client supports those), or sending passphrase encrypted e-mails is sufficient protection. I'm not paranoid about an e-mail provider
stealing my contacts from a contacts list or culled from my e-mails.
Even if my contacts were stolen or culled, it's not my responsibility to protect others from spam. Each does their own spam filtering. That's
why the Challenge-Response anti-spam scheme is so stupid: it has others filtering out your spam. Not their responsibility. It's your responsibility. If at a party and I call out to John, it's not my fault
when the whole room of party-goers starts chanting "John John John".
Problem nowadays is getting a free e-mail certificate for SMIME. Comodo stopped in 2022. Others died before that. Acatalis still has them, but
asks unknown data during registration that prevents getting an account
to get the free certs (almost as though they expect companies to get
them, not end users). So, I use ProtonMail to send passphrase encrypted e-mails (and any replies have senders go through their web app).
ProtonMail also support PGP. My local client also supports PGP, but
that whole web of trust stupidity and key ring lookups (assuming you
know which to use to lookup the public key) is junk, and doesn't satisfy privacy requirements of many gov't agencies or institutions where a CA (Certificat Authority) is required for validating a cert. Also, even
when there were free e-mail certs from CAs, all they did was verify the sender's e-mail address versus the one they used to send their message.
There was no other identifying info in the e-mail cert unless you paid
to add more info into their cert they issued to you.
I know for certain that the spammers that bother me have not got my name
and data from the Google Address Book from me or others. It is obvious.
So I am not worried about having my address book backed up in the Google cloud.
They are getting them from other sources who sell them. It is visible in
the spelling errors or the amount of data they have, which is not in the Google Contact List.
Carlos E.R. <robin_listas@es.invalid> wrote:
[...]
I know for certain that the spammers that bother me have not got my name
and data from the Google Address Book from me or others. It is obvious.
So I am not worried about having my address book backed up in the Google
cloud.
Indeed. My contact details (including e-mail) are in my (Google)
Contacts (<https://contacts.google.com>, but I do get no [1] spam on
that - or any other - address. So one's Google Contacts are indeed *not*
a source for spam.
[1] Well, maybe one message per month, if that much.
They are getting them from other sources who sell them. It is visible in
the spelling errors or the amount of data they have, which is not in the
Google Contact List.
Yes, and sometimes some of one's - somewhat - legit suppliers seem to share your e-mail address with their partners without asking/telling you
and backtracking to the source is often not possible, so you don't know
who to blame. But even those are included in my about one message per
month, so nothing to get worked up about.
[...]
Andrew's objective was to protect your contacts by not uploading them.
Well, your contacts are also in the headers of your e-mails.
I'm not concerned my e-mail provider will steal my contacts.
My counter to Andrew was that protecting contact lists was insufficient as contacts can also be culled from e-mails, and anyone that hacked or
breached the e-mail provider would have access to BOTH.
Problem nowadays is getting a free e-mail certificate for SMIME.
This is not coming from Google sharing my contact book.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 03:13:06 |
Calls: | 6,666 |
Calls today: | 4 |
Files: | 12,212 |
Messages: | 5,335,697 |