Mobileread
Boox eink reader recommended in podcast
#1  trott3r 05-14-2022, 07:14 AM
Hello,
Just arrived in this part of the forum after originally frequently the kobo section.

Interesing to see the boox nova reader recommended in the privacy and security podcast by michael bazzel.

It is titled "leaving kindle" ep259.

Look forward to see what other people think to his privacy perspective of boox.
Reply 

#2  Renate 05-14-2022, 09:26 AM
In the 21st century everybody is trying to monetize your clicks. Kindle has been shown to collect tons of info. I would guess that they are the worst, but I wouldn't think that anybody is actually good. You can look in any software package and see tons of analytics.

For me, I just keep WiFi off all the time. I only read books, references and music on my Poke3. I don't need to browse the internet on it. It's not the privacy that concerns me it's the wasteful use of my data allotment and the risk of inopportune automatic updates. I also disable a bunch of Onyx stuff.

Obviously, this is no solution for many people who want to browse the internet.
Reply 

#3  very_rude_Turnip 05-15-2022, 02:33 AM
Some influencer got paid to podcast by Onyx.

Suggesting Onxy Boox with an interest in privacy is a joke. Like Renate said, they might be the worst of the ereader bunch in regards to privacy.

Stop listening to that podcast.

Onyx is a Chinese company who is currently violating the GPL, and other OSS licenses by refusing to release source code. The image is full of tracking crap that sends lots of info to China. In their most recent system images they have forbidden downgrading.

I don't let my Boox touch the internet. Ever.
Reply 

#4  bazookajoe 05-15-2022, 07:39 AM
Has anyone done a quick "how to" basics tutorial for Onyx & privacy/China?

It'd be nice for newbs to know how to disable apps and/or how to remove apps without bricking (I've seen that mentioned? That's what's stopping me from just removing them through adb, Would turning them to user apps first help?) plus how to get AFWall+ to work properly (I cannot even as converted to system/priv-app it does not start on boot, the (eventual) correct combination of leak scripts do block internet but once AFWall+ is launched manually and run, it doesn't allow my few whitelisted apps through, wifi is just knocked out for the count until I manually go into Network Settings and mess about again so currently I keep wifi off entirely and start AFWall+ manually then turn on wifi and quickly jump onto a couple of apps when needed).
Reply 

#5  trott3r 05-15-2022, 08:52 AM
Quote Renate
In the 21st century everybody is trying to monetize your clicks. Kindle has been shown to collect tons of info. I would guess that they are the worst, but I wouldn't think that anybody is actually good. You can look in any software package and see tons of analytics.

For me, I just keep WiFi off all the time. I only read books, references and music on my Poke3. I don't need to browse the internet on it. It's not the privacy that concerns me it's the wasteful use of my data allotment and the risk of inopportune automatic updates. I also disable a bunch of Onyx stuff.

Obviously, this is no solution for many people who want to browse the internet.
He does cover it a little in the podcast on what he removed with adb

A decent solution is something like adguard (which i run on all android device and windows).

There is blockada which has a limited free version that does something similiar.
Reply 

#6  trott3r 05-15-2022, 08:55 AM
Quote bazookajoe
Has anyone done a quick "how to" basics tutorial for Onyx & privacy/China?

It'd be nice for newbs to know how to disable apps and/or how to remove apps without bricking (I've seen that mentioned? That's what's stopping me from just removing them through adb, Would turning them to user apps first help?) plus how to get AFWall+ to work properly (I cannot even as converted to system/priv-app it does not start on boot, the (eventual) correct combination of leak scripts do block internet but once AFWall+ is launched manually and run, it doesn't allow my few whitelisted apps through, wifi is just knocked out for the count until I manually go into Network Settings and mess about again so currently I keep wifi off entirely and start AFWall+ manually then turn on wifi and quickly jump onto a couple of apps when needed).
I have cleaned up my samsung 10e with adb.
Some degoogling and removing samsung apps worked fine for me.
I would suggest removing a small number of apps at a time and see if there are any consequences.
Reply 

#7  underscore 05-16-2022, 05:47 AM
Quote bazookajoe
Has anyone done a quick "how to" basics tutorial for Onyx & privacy/China?

It'd be nice for newbs to know how to disable apps and/or how to remove apps without bricking (I've seen that mentioned? That's what's stopping me from just removing them through adb, Would turning them to user apps first help?) plus how to get AFWall+ to work properly (I cannot even as converted to system/priv-app it does not start on boot, the (eventual) correct combination of leak scripts do block internet but once AFWall+ is launched manually and run, it doesn't allow my few whitelisted apps through, wifi is just knocked out for the count until I manually go into Network Settings and mess about again so currently I keep wifi off entirely and start AFWall+ manually then turn on wifi and quickly jump onto a couple of apps when needed).
Instead of multiple devices, I found it's easier to just intervene on what is my internet connection.
Put a pi-hole (relying on an internal dns) on your network.
Check for traffic
Reply 

#8  pazos 05-16-2022, 08:30 AM
Android ereaders are very well suited for being spy devices. Whether that's important or not in the eyes of the beholder is another topic.

All system apps are signed with the same key. A "benign" app without explicit permissions (other that what's fair for its duty) can use IPC through the binder and leak your data using another "bening" app.

Case in point: the mediaScanner, whose duty is to scan files from user directories might have not the internet permission and the OTA updater might have not access to your local files. Since both are signed with the same key the mediascanner might leak your files through the OTA updater masquerading them as a normal update checking.

OFC the same applies to all android devices, not just ereaders. But the phone/tablet market has a lot of users and eyes behind it and it is even possible to install a different android build from somebody you trust more.

TL;DR: It is a matter of trust. If you don't trust onyx don't buy. If you bought but still don't trust the company and you do care about what's leaked then airport mode/LAN firewall is your only hope.

A pi-hole can be bypassed by hardcoding the IPs in the program.
Reply 

#9  pazos 05-16-2022, 08:37 AM
To be fair: I'm talking about the theory, not the practice.

There's a feeling in the west of fearing chinese data hoarders, no matter if the data is used for QoS, push notifications or bug reports. At the same time most people might find the same data leaked to Samsung somewhat okayish

Again: it is a matter of trust.
Reply 

#10  bazookajoe 05-17-2022, 08:59 AM
Quote underscore
Instead of multiple devices, I found it's easier to just intervene on what is my internet connection.
Put a pi-hole (relying on an internal dns) on your network.
Check for traffic
Yeah I've been thinking of upping my game it's more urgent now niece and nephew are on permanent internet. I manage them remotely via Google Family Link on their tablets and I've got Adguard family private DNS service on their tablets but permanent internet access is a new challenge, thinking of a pi-hole for both of us sort of looking into all that now.
Reply 

Today's Posts | Search this Thread | Login | Register