Just an update to say that I am still happy with using this method on my daily driver Note3. I have been analyzing traffic from one of my other devices, the Note Air. I haven’t yet been able to identify any nefarious behavior. The most suspect traffic has been TLS traffic to qq.com, but other than my connected Wi-Fi SSID, I’m not seeing any evidence of personal data in that traffic. I have dug into the database and understand now how the stroke data is stored in binary blob format. Even searching all of the TCP and TLS streams, I’m not able to find evidence that the blob data is being sent out. That doesn’t mean there isn’t anything the nefarious happening, it just means it’s not readily identifiable. There are so many ways to silently and secretly suck the data off the backend that it can be sometimes impossible to detect. That is why, of course, I am restricting all of my network traffic the only things I specifically allow. But I just wanted to update you all, to let you know that I haven’t found anything specifically of concern. That doesn’t make me any less paranoid. If it was just shopping lists and drawings and e-books, then I wouldn’t worry about it. When I put professional notes in writing, I want to do the best I can to protect that information.Even without doing any syncing, I still like blocking unknown network traffic.
@harewoodm
3 жыл бұрын
I was just going to ask how you were feeling about things. I just downloaded the app today so I am going to try it out. I am wondering, is there a way to have the Onyx account activated (solely for password recovery) but not have your notes synced with there service? I am using Dropsync to back up everything to Dropbox but it seems like my notes are still syncing to Onyx. I just want to be able to recover my password using Onyx. That is it.
@harewoodm
3 жыл бұрын
One last thing, has this app impacted your battery life? Amazing vids by the way. They need to make their devices more user friendly but your videos have been a huge help.
@emma70707
3 жыл бұрын
@@harewoodm , you can get pretty specific in which IP addresses you want to block. However, if the recovery server is the same one that they're sending other stuff to, you wouldn't be able to block that.
@larsaltman8495
3 жыл бұрын
How do you back your Notes up (from the internal Note taking application which you use to draw/handwrite on) with Netguard up? Thank you ahead of time!!
@emma70707
3 жыл бұрын
@@larsaltman8495 , I use Autosync to set up syncing with a Google Drive folder. They have version of the app for DropBox and others.
@slivkask8329
2 жыл бұрын
Wow! Thanks a lot for the video! 👍 This evidence has removed Boox tablets from my short list of e-ink notebook candidates.
@stefangrosser6466
3 жыл бұрын
This is fantastic! Seeing this traffic was the main reason I was hesitant of buying a Note Air. Super happy that I don't have to worry anymore. One concern: does this affect Boox system updates?
@EVERYTHINGcpo
3 жыл бұрын
Yes. And no. You’ll have to allow tcp traffic to the update server, and you should get updates.
@emma70707
3 жыл бұрын
You can sideload the updates from their website.
@Maisonier
3 жыл бұрын
Great !! I didn't knew about this. That explain why the battery drain like crazy when I'm with wifi on. Do you see any difference on the battery with this app?
@MichaelHFrandsen
3 жыл бұрын
Super info, thank you. Does the blocking effect the CPU utilization much by having timeouts on any of the services?
@EVERYTHINGcpo
3 жыл бұрын
I haven’t noticed anything
@grow3384
Жыл бұрын
What a good tips!!! I love your eink tablet contents. There are priceless tips about my boox.
@mbustin548
3 жыл бұрын
Very interesting, thank you. Under Settings->AcctMgmt->System Account Settings is an option to turn off sync data, I assume that doesn’t stop the root service comms...?
@EVERYTHINGcpo
3 жыл бұрын
No. That just disables the normal syncing to the Boox servers for your data backups. It doesn’t do anything to stop the other traffic. You saw how much traffic I have constantly, and I dont have syncing enabled, nor do I have a Boox account.
@gee7092
3 жыл бұрын
Great review! How is the battery life after using netguard for 2 months?
@theonlyrick
3 жыл бұрын
Thanks for this vid - I'm hopefully getting my Nova 3 Color tomorrow so I need to decide what level of security/paranoia to adopt before I enter all my info. 🤔 Did you do any testing on the quantity of data that is sent before and after signing in? Could that give any clue as to the type of data that gets sent back to the motherland?
@LowlyExile
3 жыл бұрын
Are you able to determine which services are responsible for checking and delivering system/firmware updates from Boox?
@EVERYTHINGcpo
3 жыл бұрын
Looks like it’s using en-data.onyx-international.cn on port 80.
@EVERYTHINGcpo
3 жыл бұрын
I should add... it appears that all of the "root" system apps are equally trying to access everything. There are 19 apps on my system that all have the UID of 1000, and all of them are attempting to access all of the resources. Another shady thing to me. I don't fully understand Android... so keep that in mind. But, if I allow that specific URL on any of those system apps (such as "Android System" it does allow it on all of them... since they all share the same UID.
@larsaltman8495
3 жыл бұрын
How do you sync the Notes you take in the inbuilt note app to a third party cloud? I do not trust the Onyx push website. Thanks and great video!!!
@C7S123R8P0M3
Жыл бұрын
Id like to know this too!
@桜のような恋でした
3 жыл бұрын
Unrooted VPN traffic filter is not perfect, this firewall apk may do help u filter some packages, but the network has 7 layers, your personal apk firewall runs (without root permission) definitely can't prevent it sending data in lower network layers 😣, that's the problem.
@user-ke8vk8bo4j
3 жыл бұрын
How do you customize your boox cover? I'm also having trouble just connecting to wifi because I don't know how to add a network and my saved wifi is wpa2psk.
@yasmineomar4188
3 жыл бұрын
Hi! Is there a way to make this tablet HIPAA compliant? I'm not sure whether the method in this video would qualify?
@emma70707
3 жыл бұрын
You should talk to your IT people. My guess is no because the files aren't encrypted as far as I can tell. That said, if there's an app that is HIPAA compliant that's not downloading anything to the device and requires a separate log-in each time, that would probably be sufficient.
@karaadae
3 жыл бұрын
how do you allow firmware updates, or even be informed that a new version is ready to update? Which app will you allow to get your device the latest fixes?
@EVERYTHINGcpo
3 жыл бұрын
You could allow en-data.onyx-international.cn, check for updates, and then shut it back off again. Or just leave that allow rule in place all the time...
@karaadae
3 жыл бұрын
@@EVERYTHINGcpo Ok, nice you've figured that out already. I see you have trusted your thumb print, but not your google account to your Note3. Now that you have full control on the traffic, would you still object to use your google account?
@EVERYTHINGcpo
3 жыл бұрын
@@karaadae Here is the GET request for firmware update checks: GET/api/firmware/update?where {"buildNumber":XXXX,"buildType":"user","deviceMAC":"XX:XX:XX:XX:XX:XX","fingerprint":"ONYX/NoteAir/NoteAir:10/2020-11-20_15-33_3.0_bfa98e1/1269:user/dev-keys","fwType":"release","heightPixels":1872,"id":-1,"lang":"en_US","model":"NoteAir","size":0,"submodel":"","widthPixels":1404}HTTP/1.1 mac: XX:XX:XX:XX:XX:XX deviceUniqueId: xxxxxxxxxxxxxxxxxxxxxxxxx language: en Host: en-data.onyx-international.cn Connection: Keep-Alive Accept-Encoding: gzip User-Agent: okhttp/3.12.1 As far as Google... I actually am fine with Google. The reason I sideload everything isn't because I didn't trust Google as much as I didn't trust Onyx. I haven't felt comfortable putting my Google creds into this device... Strange I know. The random app creds are not a big deal to me if they get keylogged or something like that, but I much more protective of my google creds. But with everything successfully locked down, I am more comfortable. Even if they keylog it, if it can't be sent anywhere... it's of no consequence. As with fingerprint info... it's not useful without physical access to the device, so that doesn't really bother me. Also... that can't be sent anywhere either. So I guess my point is this... Starting with a fresh system, installing the firewall via sideload allows me to get everything locked down BEFORE I input any personal info... once that is done, I add fingerprints, and can then enable Google Play Store and use that if I want, with a reasonable assurance of it not leaving. Hope that makes sense. The reason I don't have Google on there now, is that I really only needed those few apps, so no point going through the trouble to enable. And I'll reiterate my pinned comment. I can't find any evidence that personal data is leaving the device (other than the SSID of my network). Unfortunately, absence of evidence isn't evidence of absence.
@emma70707
3 жыл бұрын
@@EVERYTHINGcpo , 100% about Google credentials. Many of us who use Chrome and Gmail have a whole host of passwords and 2FA linked through that one log-in. It makes it terribly convenient, but it's not something to enter lightly.
@brandimills585
3 жыл бұрын
I don't understand any of that traffic stuff, but it sounds unsafe. If I were to install Net Guard and then turn on "manage System App", then allow whatever i use, is that going to do it? or is there more to it?
@---tx9xx
Жыл бұрын
Thanks! put me a lot more at ease w purchasing boox ultra. any modifications you recommend for 2023?
@hwasylum
Жыл бұрын
PB only or wait for PineNOte / BuyEink monitor
@livic45
3 жыл бұрын
I understand NetGuard provides a degree of security, but does it save battery life in actual use, or does it it drain the device further with its aggressive blocking?
@EVERYTHINGcpo
3 жыл бұрын
I don’t notice any degradation in battery life.
@---tx9xx
Жыл бұрын
Does any data transfer take place if you turn off WIFI? or does it still sneak through
@RadMajik
3 жыл бұрын
how do you side load on this device? Does anyone know how to put this software on without ever connecting to wifi to begin with as the OP suggests in the comments? To OP: thanks for this video.
@---tx9xx
Жыл бұрын
usb
@serheangtan6195
2 жыл бұрын
thanks @cpo!
@rempha
3 жыл бұрын
This is not battery eficient, all that communication retries consume power (even if they are blocked). Is that communication under the terms of use and privacy?
@emma70707
3 жыл бұрын
Well, there's no way to turn them off since the pings are part of critical Android components, from what I can tell. And since they're going to keep pinging with or without this, it doesn't seem to add much overhead versus the unaltered device (it's not draining any more or barely so additional battery).
@emma70707
3 жыл бұрын
Yes. The user agreement says they can collect "any and all personal information you provide to us, like...materials or data you may sync through the Cloud or other apps".
@Finite8614
2 жыл бұрын
Super helpful, thanks for this
@evenaicantfigurethisout
2 жыл бұрын
How to sync notes with Synology Nas?
@giovanni_a67
2 жыл бұрын
The Autosync app has a client for WebDAV
@thelightings
9 ай бұрын
thank you alot
@hwasylum
Жыл бұрын
lmao , gen traff = eat batt , holy sht dude, its 300-400$(30-100 real price) device that lives less than a 6 hours
Пікірлер: 63