A behind-the-scenes log by the developers at Datenanfragen.de/datarequests.org. We are hacking on data protection. #gdpr #dsgvo #privacy
You can expect threads about our latest changes, technical details, and interesting things we discover.
Longer blog posts in our devlog: https://www.datarequests.org/devlog
Toots by @baltpeter (^b) and @zner0L (^z).
Contact details and legal notice: https://www.datarequests.org/contact
| GitHub organization | https://github.com/datenanfragen/ |
| Matrix community | https://matrix.to/#/#datenanfragen:matrix.altpeter.me |
| Main account (German) | https://mastodon.social/@DatenanfragenDE |
| Main account (English) | https://mastodon.social/@datarequestsORG |
Exciting development: Thanks to QEMUAppleSilicon, there is now a FOSS way to emulate #iOS (currently iOS 14.0 beta 5 on an iPhone 11) using #QEMU! I of course immediately had to try it out today and I did actually get it running.
Not quite useful for #tweasel just yet because it is still missing some key features like networking, but we'll definitely be watching the development. ^b
Interested in contributing to our project? On November 06 at 17:00 (CEST), we're holding an online meetup. Regardless of whether you're already contributing to datarequests.org, whether you're interested in joining, or you just want to get to know us: Our contributor meetup is supposed to be a space to ask questions on participating, for learning on how to contribute to datarequests.org and Tweasel, and where data protection nerds can meet and network on various issues.
https://www.datarequests.org/verein/event/contributor-meetup-11-2024/
Our open request database at https://data.tweasel.org/ had been practically unusable for a while with pages taking way too long to load.
Turns out we were getting hammered with ridiculous amounts of requests by inconsiderate LLM crawlers. :|
This should now be fixed鈥攚e are now blocking their user agents in our reverse proxy. Thanks to @ubernauten for this very helpful blog post which pointed us in the right direction: https://blog.uberspace.de/2024/08/bad-robots/
More details in this issue: https://github.com/tweaselORG/data.tweasel.org/issues/2 ^b
Android: Der Beitrag stellt die Vorbereitung des Testger盲ts sowie Werkzeuge (Frida, Magisk) zur Analyse des Datensendeverhaltens von Apps vor. Reinschauen! 鉁岋笍 馃憞
#share #android #frida #objection #tweasel #pirogue #tls #ssl #CertificatePinning #mitmproxy #proxy #intercepting #analyse #datenschutz #sicherheit #privacy #security #dsgvo
We have also started doing legal research, looking into relevant complaints, court submissions, decisions, rulings, DPA recommendations, and legal commentary regarding tracking. This is to inform our decisions on how we establish tracker IDs as personal data in our complaints and also to prepare for writing our complaint templates.
As always: Have a look at the blog post for the full details.
https://www.datarequests.org/devlog/tweasel-update-4/
Our tweasel updates are back after the summer. We have made our request data publicly available, such that anyone can run SQL queries against our datasets. We have also better documented many of our TrackHAR adapters. Furthermore, we have begun doing legal research to inform our decisions on how to establish tracker IDs as personal data in our complaints.
We鈥檙e back after the summer with our fourth #tweasel devlog: https://www.datarequests.org/devlog/tweasel-update-4/
A few highlights: We鈥檝e been busy improving the documentation of our TrackHAR adapters to provide better reasoning on why we think properties contain certain data types. We鈥檝e also written a script for debugging our adapters, which allows us to run them against all matching requests in our open request database.
We already announced the database in a previous toot: https://chaos.social/@dev_at_datarequestsORG/111006402859017611 ^b #privacy #tracking
Our tweasel updates are back after the summer. We have made our request data publicly available, such that anyone can run SQL queries against our datasets. We have also better documented many of our TrackHAR adapters. Furthermore, we have begun doing legal research to inform our decisions on how to establish tracker IDs as personal data in our complaints.
To publish the data, we are using the phenomenal @datasette. This allows you to run arbitrary SQL queries against the data.
Just a few ideas to get you started:
* endpoints that were contacted by the most apps: https://data.tweasel.org/data?sql=select+count(distinct+regex_replace(%27%40.%2B%3F%24%27%2C+coalesce(initiator%2C+%27%3Cno+app+ID%3E%27)%2C+%27%27))+appCount%2C+count(1)+requestCount%2C+endpointUrl+from+requests%0D%0Awhere+endpointUrl+is+not+null%0D%0Agroup+by+endpointUrl++order+by+appCount+desc+limit+101%3B
* requests by a particular app, e.g. Airbnb on Android: https://data.tweasel.org/data?sql=select+link(dataset%2C+id)%2C+initiator%2C+platform%2C+runType%2C+startTime%2C+method%2C+httpVersion%2C+endpointUrl%2C+scheme%2C+host%2C+port%2C+path%2C+content%2C+headers%2C+cookies+%0D%0Afrom+requests%0D%0Awhere+initiator+like+%3AappId+||+%27%40%25%27%0D%0Alimit+101%3B&appId=com.airbnb.android
* longest requests: https://data.tweasel.org/data?sql=select+length(content)+%2B+length(path)+%2B+length(headers)+%2B+length+(cookies)+as+length%2C+link(dataset%2C+id)%2C+initiator%2C+platform%2C+runType%2C+startTime%2C+method%2C+httpVersion%2C+endpointUrl%2C+scheme%2C+host%2C+port%2C+path%2C+content%2C+headers%2C+cookies+from+requests%0D%0Aorder+by+length+desc%0D%0Alimit+10%3B
We'd love to hear what you discover! We're currently using the data to better document our tracker wiki. More on that in our next devlog.
Our open request database is online: https://data.tweasel.org/ \o/
We regularly run #traffic analyses on thousands of #Android and #iOS apps. As we want to enable as many people as possible to look into the inner workings of trackers, we are publishing our datasets for other researchers, activists, journalists, and anyone else who is interested in understanding #tracking. There are already 250k requests from between January 2021 and July 2023, with more to come in the future. ^b
#tweasel #privacy
We made a few UX improvements: You don鈥檛 have to specify the IP address on iOS anymore as we use a usbmuxd proxy. In CLI, you don't need to specify an app ID anymore.
We also fixed a bunch of bugs.
Finally, we have a new docs site and gave a workshop at the @digitalcourage #Aktivcongress. We have also collected some new traffic data.
You can find our new docs here: https://docs.tweasel.org/
And as always, there's much more in the blog post: https://www.datarequests.org/devlog/tweasel-update-3/
datarequests.org
Kuketz-Blog 馃洝