Hi everyone, here's a patch for Issue #1827 [1]. The patch is to be applied in the "vendor/cmsdk" project in the Replicant tree. It sets default values for the following anti-features, disabling them by default:
- Forward phone number lookup - Reverse phone number lookup - People lookup When applied, the patch causes the following behaviour: - A fresh new replicant installation with my patch has lookup services disabled by default (and I detected no dns query to lookup services). - Enabling lookup "features" manually in the dialer app makes them work again (at least I detected some dns queries to whitepages-like services when the features are enabled) - Doing a "factory reset" when lookup is enabled results in lookup anti-features being disabled again as the default configuration expects. Like Denis and Wolfgang pointed out [2], it is important to disable these "features" by default, to avoid privacy leaks and unwanted network traffic without the user knowing. This services should only be enabled by an explicit manual action of the user. I have only conducted a brief test case using the configuration suggested by Denis [3], and the outcome seems to confirm that disabling these anti-features in the settings does cease network traffic towards lookup services, but further/deeper investigation is needed. For the moment, I suggest disabling the anti-features by default. Happy hacking, Fil [1] https://redmine.replicant.us/issues/1827 [2] https://redmine.replicant.us/issues/1827#note-2 [3] https://redmine.replicant.us/issues/1827#note-5
From e936dcf6ef499af8946ed489005e578f1da4eedd Mon Sep 17 00:00:00 2001 From: Fil Bergamo <[email protected]> Date: Fri, 28 Dec 2018 23:52:24 +0100 Subject: [PATCH] Disable phone number lookup by default for privacy This patch sets the default state of all phone number lookup features to "disabled". This prevents unwanted connection and information leaking to third parties such as whitepages and similar network services when searching for a number in the Dialer's search bar. Lookup features can still be manually enabled by the user if desired. Signed-off-by: Fil Bergamo <[email protected]> --- packages/CMSettingsProvider/res/values/defaults.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/CMSettingsProvider/res/values/defaults.xml b/packages/CMSettingsProvider/res/values/defaults.xml index 1ea76a6..0e14ceb 100644 --- a/packages/CMSettingsProvider/res/values/defaults.xml +++ b/packages/CMSettingsProvider/res/values/defaults.xml @@ -68,13 +68,13 @@ <bool name="def_lockscreen_visualizer">true</bool> <!-- Default value of CMSettings.System.ENABLE_FORWARD_LOOKUP --> - <integer name="def_forward_lookup">1</integer> + <integer name="def_forward_lookup">0</integer> <!-- Default value of CMSettings.System.ENABLE_PEOPLE_LOOKUP --> - <integer name="def_people_lookup">1</integer> + <integer name="def_people_lookup">0</integer> <!-- Default value of CMSettings.System.ENABLE_REVERSE_LOOKUP --> - <integer name="def_reverse_lookup">1</integer> + <integer name="def_reverse_lookup">0</integer> <!-- Defaults for Global --> -- 2.11.0
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
