I've been playing around with techniques of catching location sharing on Android, and finding way to remove privacy leaks. Android's IntentFilters power to match URLs makes this quite easy to do system-wide.
That work got me thinking: maybe it makes sense to have something like "HTTPS Everywhere" as an Android app. It could claim all HTTP links, then the app would check if it has an HTTPS rewriting rule. If yes, it rewrites it and passes it on. If no, it either passes it on, or blocks access with a popup (this could be a preference). As an example use case, there are lots of apps that share location, and basically all of them use a HTTP URL. Some links, like http://maps.google.com or http://openstreetmap.org, can easily be rewritten to HTTPS links. Others like amap.com or map.baidu.com do not offer HTTPS. A shared location link can often be a unique ID, so any network observer could use that to de-anonymize a device. You can find raw work here: https://github.com/eighthave/LocationPrivacy .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
