Discussion in 'mobile device security' started by guest, Nov 15, 2016.
Are you using the paid version or the DNS?
Paid version (Android app).
OK so a VPN will keep connections secure? That's what I needed to know. I'm not willing to pay for this, so I'm probably going for Windscribe, Hide.me or ProtonVPN. Recommendations are welcome.
I don't have any experience for them, but if I would use it'll be Proton and/or Windscribe, only 2 free VPNs which I may trust once time-tested. They're relatively transparent and their response to vuln like VORACLE are not bad so far. But remember free version of Proton may be slow while free Windscribe has traffic limit. Windscribe also has relatively cheap lifetime plan if you have interest (somehow not from official site).
Orbot (Tor for Android)
Adguard paid (=premium) includes several dns options, incl adguard dns server.
using here for different machines. but i needs adguard to be set as proxy, not vpn (default). then you have to set the browsers proxy to adguard and the rest is done by vpn. using adguard as default vpn is also filtering a lot of in-app ads.
OK thanks, I only need them for browsing in restaurants and hotels, but I don't want anyone capturing my login information obviously.
Isn't this overkill when you're surfing on a free WIFI network?
nothing is overkill if not redundant
can use paid VPN with Adguard + firewall?
my rooted spare phone
Not at the same time, AdGuard for everyday use, switched over to VPN with public /hotel wifi.
Unless it is tor
You can use VPN and Adguard at the same time if you choose proxy mode in Adguard setting.
But depending on your OS, 4G/LTE connection may not be filtered and even for wi-fi not all apps can be filtered (it all depends on each app).
Ofc you can use Tor(Orbot) as guest said, but basically Tor and VPN serve for somewhat different purposes, anonimity & privacy each, tho you can combine them if you want. But Brave will sooner or later implement Tor for private browsing mode, that's interesting. As far as security is concerned, if the website uses https, you're safe unless there's vuln on it, even w/out VPN. However, 2018 today, there're still stupid sites which uses http while require login.(sigh)
Does anyone have a good recommendation for an online scanner that can scan documents such as Word and PDF for web bugs and trackers? I plan to make that part of my mobile security as I download several documents per day to my phone for work, especially PDF's.
since Android is Linux based, Word and PDF files can't be harmful, unless it has a hyperlink that you click on that redirects to a phising site that you fall for.
I don't think any Linux is exploit free, but he asks about bugs and tracker i.e. invisible image to check if it was opened by receiver, not exploit or malware.
Well, tho I have no idea about the scanner (other than malware/exploit scanner), how about blocking all connection from the document viewer by firewall app? This is what I do. If it tries to connect, it will be blocked and optionally you'll be notified. Web bugs doesn't work w/out connection.
but you can lead traffic trough adguard and adguard contain dns features to avoid malware domains.
no pdf viewer here is allowed to connect, same for image viewers and more apps. adguard (premium) is really powerful^^
sorry if this sounds like advertisement, but i am familiar with windows security and i already tried several solutions for android, either intrusive or not.
well adguard can separate mobile from wlan blocking - wlan for all (with exceptions) and mobile for few.
if someone can recommend a free and no ads or nags and decent antivirus - like sophos - i will listen (droidx 4u is out of race)
Last Pass was my favorite app on Chrome but since it has a history of data breaches . I won't recommend using one. Instead use google password manager. I know handing over the information to google is like selling information. But it is the only way.
Adguard is good. I am using three sec app on my android:
Google Play Protect
The linked article has nothing to do with LastPass history of data breaches but a blog article to highlight the importance of choosing 'good' passwords and protect accounts. LastPass is been the first target and keep been targeted by hackers but to date no one was able to access/download/decode password vaults of users. Even if they could these are anyway unusable, not worth the game. Much easier to tamper the user directly.
@boredsecenthusiast I ditched Lastpass since a while, using bitwarden now.
I don't see how that is the only way when we have good pwdmgr such as 1Password (a bit expensive but usability seems to be almost the same w/ LP. Only one online PWM I'll ever consider to use) or KeePass (free but requires some learning. I now use KeePass2Droid on Android).
These 2 are almost free from most of past vuln (some of which could cause complete compromise, and more importantly some of them were very elementary bugs which could be prevented by simple audit) while other competitors suffered. They haven't experienced any slightest breach (except for a fuss those who don't understand things made) so far and AFAIK only these 2 (IDK but probably PasswordSafe too) explain the DETAILS of their crypto (Bitwarden still requires you to look through source code).
BTW, I was thinking, isn't HTTPS supposed to protect your data, why do we need a VPN to protect against people hacking WIFI? I installed Windscribe it protects 10GB for free and is quite simple to operate. BTW, if you enable the VPN from Windscribe and close the app, will it run in the background on Android? BTW, would you also recommend an app like Lookout?
Yes it will keep running in the background. You will see a key icon in the status bar, whenever a you are connected to a VPN.
If all your connection are https and protected by HSTS, VPN is not needed as I said earlier. But it may not be easy to ensure all your connection is that (Android and installed apps makes many connection in background, some of them may include private info).