Exciting development: Thanks to QEMUAppleSilicon, there is now a FOSS way to emulate #iOS (currently iOS 14.0 beta 5 on an iPhone 11) using #QEMU! I of course immediately had to try it out today and I did actually get it running.
Not quite useful for #tweasel just yet because it is still missing some key features like networking, but we'll definitely be watching the development. ^b
Weil es Rückfragen gab: Tracktor wird aktuell nicht weiterentwickelt. Die Website ist buggy und die Trackerliste nicht mehr aktuell. Experten können die Beschwerdetexte aber sicher anpassen an neue Gesetzesnamen und Technologien.
Ich finde gerade nicht die Zeit 🤷♂️.
Die Kollegen von @datenanfragende haben ein tolles ähnliches Projekt für Apps aufgesetzt (#tweasel). Mit ihnen war von Beginn an abgesprochen, dass sie die Tracktor-Funktionalität gerne übernehmen können, soweit das möglich ist.
Android: Der Beitrag stellt die Vorbereitung des Testgeräts sowie Werkzeuge (Frida, Magisk) zur Analyse des Datensendeverhaltens von Apps vor. Reinschauen! ✌️ 👇
#share #android #frida #objection #tweasel #pirogue #tls #ssl #CertificatePinning #mitmproxy #proxy #intercepting #analyse #datenschutz #sicherheit #privacy #security #dsgvo
We’re back after the summer with our fourth #tweasel devlog: https://www.datarequests.org/devlog/tweasel-update-4/
A few highlights: We’ve been busy improving the documentation of our TrackHAR adapters to provide better reasoning on why we think properties contain certain data types. We’ve also written a script for debugging our adapters, which allows us to run them against all matching requests in our open request database.
We already announced the database in a previous toot: https://chaos.social/@dev_at_datarequestsORG/111006402859017611 ^b #privacy #tracking
Our tweasel updates are back after the summer. We have made our request data publicly available, such that anyone can run SQL queries against our datasets. We have also better documented many of our TrackHAR adapters. Furthermore, we have begun doing legal research to inform our decisions on how to establish tracker IDs as personal data in our complaints.
Die „pseudonyme Messung“ nutzt dabei den Endpunkt https://de.ioam.de/tx.io (vgl.: https://docs.infonline.de/infonline-measurement/integration/web/checkliste_web_allgemein/#uberprufung-der-einbindung).
Schauen wir doch mal in den #tweasel-Daten, ob sich alle Apps an die Vorgaben von INFOnline gehalten haben und nach dem 1. Dezember 2021 keine Daten mehr ohne Einwilligung an den Endpunkt gesendet haben:
https://data.tweasel.org/data/requests?runType__exact=no-interaction&endpointUrl__exact=https%3A%2F%2Fde.ioam.de%2Ftx.io&startTime__gte=2021-12-01
Ach Mensch. Haben sie nicht.
Our open request database is online: https://data.tweasel.org/ \o/
We regularly run #traffic analyses on thousands of #Android and #iOS apps. As we want to enable as many people as possible to look into the inner workings of trackers, we are publishing our datasets for other researchers, activists, journalists, and anyone else who is interested in understanding #tracking. There are already 250k requests from between January 2021 and July 2023, with more to come in the future. ^b
#tweasel #privacy
We have just published our third #tweasel devlog. You can read it here: https://www.datarequests.org/devlog/tweasel-update-3/
One of the major changes we have made is switching to the @httptoolkit #Frida unpinning script for bypassing certificate pinning on Android. We had run an analysis comparing its performance to the script we used before and found that it works better for our use case. As a bonus, this change allowed us to close two related issues. ^b #privacy #Android #iOS
The third installment of our semi-regular updates on the development of the tweasel project. This time, we have switched to a different certificate pinning bypass script and fixed various bugs on different platforms and devices. We have also continued working on our documentation and outreach, and collected new traffic data for our TrackHAR adapters.
We published our first update blog post for #tweasel. Our plan is to do these biweekly from now on.
https://www.datarequests.org/devlog/tweasel-update-1/
A lot has happened since our last update in January. We have released a set of tools and library for mobile #tracking analysis.
First up: appstraction (https://github.com/tweaselORG/appstraction), an abstraction layer for instrumenting #Android and #iOS. It allows you to install, uninstall, start, stop apps, manage emulator snapshots, clipboard, proxy, and certificates, etc. ^b
We update you on our progress with the tweasel project. We have released first versions of our libraries and tools for instrumenting and analyzing mobile apps and their traffic. We have worked on automating the installation of dependencies and device setup. We have launched our documentation website for tracking endpoints and their data. We have also given a talk at FireShonks event and a presentation to the EDPB tech advisory board.
Introducing #tweasel. @zner0L and I (@baltpeter) will be working on fighting #tracking in mobile #apps thanks to #NLnet funding (https://nlnet.nl/project/TrackingWeasel/). Our goal is to automate complaints against tracking under the #GDPR and #ePrivacy directive.
We don't have a website yet (this is our behind-the-scenes account, after all), but all code will of course be FOSS (https://github.com/tweaselORG) and we'll report here.
First overview in our #FireShonks talk: https://media.ccc.de/v/fire-shonks-2022-49115-tracking-in-apps-ist-das-legal-eine-bersicht-ber-die-mobile-trackinglandschaft (DE with EN dub). ^b
dev @ datarequests.org
Tracktor.it! 🚜-✉️
Kuketz-Blog 🛡
Benjamin Altpeter