deGoogle

Kagi (the search engine), where I am a customer, has just sent me this gift link, which up to three people can use to get three months of free access to Kagi.

If you decide to use it, please leave a note here so that others can know whether the link is still relevant: https://kagi.com/p/THANKSGIVINGB46565519A

I shared a version of this guide earlier this year, but felt a website was needed to unpack the different options fully. So after an unreasonable number of hours, I put together the necessary data and website.

I hope this is digestible enough for the average person to help those looking to take that first step, or for people who are equally passionate and want to get their friends or family involved.

Details:

• Site - https://purchasewithpurpose.io/
• Code - https://codeberg.org/purchase-with-purpose/pwp-website
• Community - https://lemmy.world/c/PurchaseWithPurpose

Every time I post these guides, there is always feedback on things that can improve, or I got wrong. Please do share, as it is the best way for these to evolve!

OC by @FallenWalnut@lemmy.world

Google just can't stop being evil. Their latest ploy? Changing article headlines using AI. The results? Exactly as you'd expect.

Found this article, I think it's an interesting comparison

My source: https://mastodon.nz/@leighelse/115572223821306554

Hey everyone,

I have a promotion on my phone right now that is preventing me from unlocking my pixel to put GOS on. I can't unlock it until I pay it off.

I also noticed an option on T-Mobile in the US to temporarily unlock the device. Obviously this would be a loophole but my question is this:

Has anyone used the temporary unlock and been able to then OEM unlock the phone to install graphene?

OQB @ChocolateFrostedSugarBombs@lemmy.world

cross-posted from: https://discuss.tchncs.de/post/46277277

Recently Google decided that in the future for an app to be installable on an Android device, the developer of this app needs to be ID'd and registered at Google. They claim this is in order to "to better protect users". However, I think, this is a move to get more control over the Android ecosystem, and the data they can collect with it. If anyone who wants to develop an app for Android devices has to be registered with Google, this puts all the power of who to allow distributing an app to Google.

Furthermore F-Droid shows, that safe app stores can exist without registration, neither of users nor of developers. There is zero malware or spyware on the F-Droid store. What there is on F-Droid is thousands of beautiful, useful and, most importantly, safe apps. And this entire ecosystem is at risk, because Google wants to gain more control over its users and over the Android operating system.

TL;DR: Don't buy Huawei or Honor phones if you need bootloader unlocking capabilities. Even on units without a carrier lock. I couldn't unlock my Honor 90 Lite.

While the following comes from my experience attempting to unlock the bootloader on an Honor 90 Lite, it likely also applies to recent Huawei smartphones. Honor shares a great deal of its codebase with Huawei as it was a subsidiary spun off several years ago.

Unfortunately, a visible OEM unlocking toggle under the developer options does not guarantee bootloader unlocking in practice. It is up to the bootloader itself to accept unlocking commands, which manufacturers can patch out or severely restrict.

Prior to 2020, users could fill in a form on the Huawei/Honor website that provided the 16-character code required to unlock the bootloader. Instead of

fastboot flashing unlock

Huawei/Honor bootloaders require

fastboot oem unlock [16-CHAR CODE]

However, the form has since been discontinued, leaving us with

• Exploits for certain models with Kirin and Qualcomm SOCs
• Various paid and proprietary unlocking services
• Brute-force tools for models without known exploits

Since my phone does not have a known exploit and I don't feel like handing over my money to unlocking services with characteristically shady-looking websites, I am left with the latter option.

Brute-force with Luhn algorithm

For some time, the unlock codes were 16-digit numerical strings which were related to the IMEI and satisfied the Luhn algorithm (the same algorithm used as a rudimentary checksum for credit card numbers). This greatly narrows down the number of codes to be tried, such that I exhausted the entire space of 16-digit codes satisfying the Luhn algorithm in 45 minutes using the following Python scripts.

https://github.com/vcka/huawei-honor-unlock-bootloader

The better-known of the two Python scripts, this works mostly as intended, but does not stop once the space of 16-digit codes are exhausted, instead continuing up into 17-digit codes and beyond. However, an unlock code longer than 16 digits has never been attested.

https://github.com/borisgrigorov/bootloader-brute-force

This script did not appear in my initial search and didn't work out of the box on account of expecting a specific error message and stopping execution otherwise. However, it proved a friendlier script than the former with a quick patch and stopped once all 16-digit codes valid under the Luhn algorithm were exhausted.

Huawei/Honor are also known to require 16-digit alphanumeric codes, paritcularly on later models. Adding just the uppercase alphabet would make for a 16-character base-36 code, effectively conveying the information in a 25-digit base-10 code. Searching through this space would take about 800 million times longer. By the time this finishes, I can only hope that humanity has moved on past locked bootloaders. So I ditched any effort of extending the scripts to include alphabetic characters.

Trying both scripts with both IMEIs yielded no working unlock codes, so onto our next options.

Brute-force without Luhn algorithm

But what if it's still a 16-digit code, but it just doesn't add up according to the Luhn algorithm? How much longer would that take? The following C programs claim to be the fastest brute-force unlockers, neither of which use the Luhn algorithm.

https://github.com/Martazza/Huawei-Bootloader-Unlocker

The simpler and more well-known of the two, this simply increments up from 1000000000000000, testing each code along the way. At a rate of 200 guesses per second, my computer and phone would have burned through a good chunk of the world's remaining coal reserves by the time this finishes, even without accounting for alphabetical characters. So this is a no-go.

https://github.com/B83C/huawei_bootloader_unlocker

This optimizes upon the code of the former, incorporating portions of the fastboot source code to suppress unnecessary output. However, it appears to get stuck after guessing only 8 codes. I'll guess why in a bit.

Previously reported successes and time required to unlock

There are reports of the scripts utilizing the Luhn algorithm working on Huawei and Honor devices from around 2018 and 2019. Those attempts required continuous brute-forcing anywhere from several hours to several days. So why was my computer, featuring an i7-9700 also from 2019, able to iterate through all codes accoring to the Luhn algorithm in only 45 minutes? I am not certain, but my theory is that my phone had been silently discarding attempted codes without ever taking the time to evaluate them. The program from B83C is the only one to check the USB connection status and 8 attempts may have been the cutoff for my phone. I didn't bother with further testing. And unless someone manages to guess several million codes per second, at which point USB I/O would become a bottleneck, Martazza's code is of little practical use.

If it had taken longer to search through possible codes, my phone would have died during the process as it did not take in enough charge to sustain itself in fastboot. Fortunately, fastboot is kind enough to wait until the phone is ready again after disconnecting, charging, and reconnecting.

Other things that didn't work

• fastboot reboot fastboot: bootloader seems to double as fastboot for Huawei/Honor devices. fastboot with a white background and plain orange text doesn't seem to take any commands.
• Recovery menu accessed by holding volume up during boot: OTG upgrade does not allow choosing a file. USB upgrade allows the phone to show up under adb devices, but there is no dialog to grant permission.
• mtkclient: tried every button combination I could think of during power-up, but could not enter BROM mode
• Honor Suite: Just a dumbed-down syncing tool that requires admin privileges on Windows, no option anywhere related to bootloader unlocking. Worse yet, it doesn't even detect the phone in fastboot mode, even though the phone suggests opening Honor Suite when in fastboot.

Just to be clear: I could not unlock the bootloader of my Honor 90 Lite (CRT-NX1). Gotta love how we have to worry about things like Cellebrite cracking our precious data in a matter of hours while concerted efforts have done little against the accursed little bootloader.

OC by @monovergent@lemmy.ml

I'm just sharing here this app I use always on my phone, and I don't see many people talking about it.

It's similar to DuckDuckGo app feature that block trackers across all the device, but this one is focused only on that, it also allows you to add your custom tracker URLs to block and monitor every request being made.

It's open source and available on F-Droid: https://f-droid.org/packages/dev.clombardo.dnsnet/
GitHub: https://github.com/t895/DNSNet

It enables a VPN to intercept requests, so it can block URLs of trackers across all your apps. The app provides a list of URLs as you open it for the first time, you can choose a few options between less or more aggressive.

Obs.: The app don't tell, but when you add a custom URL you need to disable and enable it again.

cross-posted from: https://lemmy.ca/post/51878818

If we want to argue that Degoogling isn't just about privacy, but about protecting your digital life from being shut down at the whim of a tech giant with no real appeal process, what are some examples showing why we shouldn’t ignore the risk of Google banning users, locking them out of countless accounts, and deleting photos, emails, and records that often lack backups?

Some examples that I personally know of:

• Being mass reported in YouTube comments for expressing a controversial opinion
• Filing a copyright claim, only for a creator to appeal it, and failing to provide ownership proof within 48 hours
• Having your Google account hacked and used for fake ads or Play purchases, then being told the charges are “legitimate,” and facing a ban if you dispute them
• Having your $1000 Google store purchase lost in transit, then being told that you're not getting a refund and if you try to chargeback, you'll be banned.

As a result of this discussion in !degoogle@lemmy.ml, there is now an IRC channel about degoogling!

/join ##degoogle on irc.libera.chat:6697 (TLS). The channel name begins with a double hashtag (according to the namespace policy).

Come on down and join us through your local IRC client or the web client web.libera.chat!

• Backgrounder: Timeline of events related to the investigation of Google and de-listing of online information;
• Report of Findings: Investigation and recommendations concerning Google search engine service’s compliance with its obligations under PIPEDA.