A 3rd-party, Android email client, still worth using: FairEmail.

One of the observations which I’ve made about the Android platform is, that many of the 3rd-party email apps that once used to run well, no longer do so under Android 10, and that, additionally, their devs have often abandoned them.

For that reason, I’m happy to find that such an app still exists, or newly exists, and its name is FairEmail. This is an app, the free version of which can actually be used in the long term, but which I paid for, just to get the extra features.

One of the observations which I can make about this app is, that it has a plethora of settings, some of which I haven’t learned the meaning of yet. But, by default, the way to use it is to follow what is located in its first settings tab, which displays wizards to set up email accounts according to a database of recognized providers, and then, to leave the settings at their defaults. Additional wizards help the user give the app special settings under Android. The app directs the user to the required or optional settings, but it’s up to the user actually ‘to throw the switch’ each time. (:2)

Multiple email accounts can all be set up, using the same wizard.

The app runs in phone-optimized as well as tablet-optimized formats.

Screenshot_20200723-121436_FairEmail_1_e

Screenshot_20200723-121814_FairEmail_2_f

One of the features that were highly important to me was, support for both ‘S/MIME’ and ‘OpenPGP’. When using OpenGPG, this app will always encode it using the trendy ‘PGP/MIME’ format, and no longer, using ‘Clearsigning’, which was also referred to as ‘Inline Format’. The use of OpenPGP requires that an additional key-management app be installed, and on my devices, Open Keychain was already so, and was recognized immediately by FairEmail.

The app displays many widgets inside displayed emails, most of which give explicit commands to do things, that might impact the privacy of the user, such as, to display images, to display tracking images, etc. The app tries to distinguish between these two types of images because additionally, being an IMAP Client, downloading even plain images will consume additional data, when many emails can Humanly be understood, without the need actually to see the images. This is especially true for actual Spam.

The app leaves Spam filtering up to the IMAP Server, but displays the Spam Folder as fully accessible.

And many configuration details show me, that it assumes trendy preferences, even though I can’t say that either I, or most of my email contacts, qualify as trendy Internet users. One trendy feature is that this app mainly supports IMAP, and that any support of POP3 which the user may find, will be incomplete at best.

Another trendy setting in this app has to do with “Flowed Text”. This is a term which refers to ‘Pure Text Emails’, in which one paragraph is essentially written on one line. Traditionally, this lack of formatting was reserved for HTML-composed emails, and the receiving email client would always display those flowed. By contrast, traditionally, Pure Text had fixed line-lengths, determined by the sender, and the receiving client would break lines where line-breaks were sent, even if doing so, or not doing so, tended to wreck the appearance of the email…

(Updated 8/13/2020, 10h10… )

Continue reading A 3rd-party, Android email client, still worth using: FairEmail.

Can a VPN carry out a Man-In-The-Middle Attack?

If the reader needs to ask this question, then I’d suggest that the question should first be translated into a similar question, which the reader more-probably needs the answer to:

‘Can software which claims to be a VPN, intercept the user’s data or carry out a MITM attack?’ A way in which some software can attack its user is by misleading him or her, about what its nature is. In order to assess this question quickly, I’d ask two more questions about the software:

  • We know that Windows, Mac and Linux computers have a large variety of installed libraries, that make up the core of how each O/S works, which under Windows are .DLL-Files, and which under Linux consist finally of .SO-Files. Does this software replace any of those existing libraries with its own versions?
  • Does this software install anything, such as Browser Extensions, which may change the way the browser behaves?

If the answer to either of these two questions was ‘Yes’, then in fact, this software has an opportunity to perform a MITM.

If the answer to both questions was firmly ‘No’, then the possibility is more likely, that this software really is ‘just a VPN’, in which case it should not be able to perform a MITM.


 

Why? Because, as long as we are connecting to a Website the URL of which begins with ‘httpS://’, and not ‘http://’, what a healthy browser will do is to encrypt its traffic to and from the site, using a public key, for which only the intended site has the private key, needed for decrypting the exchanged data. This is already being done by mainstream browsers, on the assumption that one or more of the connecting pieces of the Internet are insecure or untrustworthy. In the case where a link in this chain actually performs its own encryption, well that’s just another insecure link according to the way data is secured.

Data can be encrypted more than once, and, assuming that different encryption keys are being used each time, taking data which was already encrypted, and encrypting it again, does not by itself compromise the security of the data. The resulting stream just needs to be decrypted twice again, each time using the appropriate keys, each of which is held by a different party, to translate the data back into its clear-text form, in this case finally on the Web-server.

Therefore, VPN software operating as it should, ends up passing through any data that has been encrypted using a shared secret between the browser and the server, as though this data just consisted of random bytes. But, a VPN will add a layer of encryption to it. It can also be said conversely, that, given the encryption of the VPN, the browser adds its layer of encryption.

But what of software that confuses its users into installing special browser extensions, or library-overrides? Well, such software could have as its special behaviour, to cause the client to bypass its own encryption, only applying whatever encryption the so-called VPN may apply, and also doing what any client could do, which is, to connect to the server using encryption that exists between the VPN and the server, as a proxy. A computer which has been modified in this way is essentially hacked.

Dirk

 

Browsing Android Files using Bluetooth

One of the casual uses of Bluetooth under Android, is just to pair devices with our Android (host) device, so that specific apps can use the paired (slave) device. This includes BT-headphones, and many other devices.

But then a slightly more advanced use for BT under Android could be, that we actually send files to a paired Android device. It’s casually possible to take two Android tablets, or a tablet and a phone, and to pair those with each other. After that, the way to ‘push’ a file to the paired device, from the originating device, is to open whichever app displays files – such as for example, the Gallery app, if users still have that installed, or a suitable file-manager app – and to tap on ‘Share’, and then select ‘Bluetooth’ as what to share the file to. Doing this should open a list of paired devices, one of which should be suitable to receive a pushed file in this way.

But then, some people would like to take Bluetooth file-sharing up another level. We can pair our Android device – such as our phone – with a Bluetooth-equipped, Linux computer, which may be a bit tricky in itself, because the GUI we usually use for that assumes some legacy form of pairing. But eventually, we can set up a pairing as described. What I need to do is select the option in my Linux-BT-pairing GUI, which requires me to enter the pass-code into the Linux-GUI, which my Android device next displays…

And then, a question which many users find asking themselves is, ‘Why can’t I obtain FTP-like browsing capability, from my Linux-computer, over the files on the phone? Am I not giving the correct commands, from my Linux-computer?’

Chances are high, that any user who wishes to do this, is already giving the correct commands from his or her Linux-computer…

(Updated 06/03/2018, 20h45 … )

Continue reading Browsing Android Files using Bluetooth

A Note On Playing Back Commercially-Recorded Blu-rays

Just as it was with DVDs, when movies first started to be distributed in that format, commercially-recorded Blu-ray disks today use an encryption system, which is sometimes referred to as ‘content scrambling’, to prevent people from making unauthorized copies. It’s actually named ‘aacs’.

Experts already know about this, but I’m putting this in layman’s terms for anybody who might not.

Basically, Blu-ray playback-devices have a hidden store of public keys, which the users are not allowed to access, and this time, the company is able to update that store of keys via the Internet, because most Blu-ray players today are also online devices.

Unlike how it is with Blu-rays, the content-scrambling system of DVDs was famously hacked. This means that Linux computers are well-able to play back Movie-DVDs. OTOH, the ability to play back commercial Blu-rays, is mainly unsuccessful on Linux computers, or on any other unauthorized devices, because the content-scrambling which gets used – was never hacked. As long as the encryption continues to work, Linux users and pirates will not be able to play back or rip Blu-rays.

As it stands, the company is able to revoke public keys which it was once using.

This is a shame, because some Linux users might only be wanting to view Blu-ray movies which they purchased and paid for. But the main fear of the industry remains, that as a platform, a Linux computer is more susceptible to an unauthorized copy being made of anything, which that Linux computer would also be able to perform authorized playback of.

Therefore, when I gave instructions on how people can record Blu-rays privately, my assumption was that we would not be using any encryption. I don’t see encryption as being important in any way, for home-movies which people might shoot. But, the Blu-ray folder must nevertheless contain a sub-folder named ‘CERTIFICATES’. In the example I wrote about, this sub-folder will simply remain empty.

Further, the mere use of the Blu-ray (single-layer) disk, as a step-up from DVD+Rs, where a Blu-ray can store up to 25GB of pure data instead of 4.7GB, is unfettered for Linux users to use as they wish. All we need is an external Blu-ray burner, and we’re all set to burn pure data. But as soon as we want to burn something using ‘UDF’, which is the approved file-system of Blu-ray players, the level of difficulty already increases, even though no encryption has been used yet.

(Updated 09/19/2017 : )

Continue reading A Note On Playing Back Commercially-Recorded Blu-rays