apppets / privacykit Goto Github PK
View Code? Open in Web Editor NEWFramework offering easy to use privacy enhancing technologies (PETs) for iOS and macOS applications
License: ISC License
Framework offering easy to use privacy enhancing technologies (PETs) for iOS and macOS applications
License: ISC License
We use badly documented low-level functions for performing TLS operations required to support Shalon. There we set the default ATS profile:
PrivacyKit/PrivacyKit/Tls.swift
Lines 273 to 278 in 358201c
Which is better than the default. It should be configurable like the high-level URLSession
connections via ATS configuration in the information property list (Info.plist
) of the application.
See RFC 7469 for recommendations and knowns privacy issues.
This issue was migrated from https://gitlab.prae.me/apppets/PrivacyKit/issues/6.
The URL httpss://shalon1.jondonym.net/services.app-pets.org
will not be supported, as the port for the proxy server is missing. The default HTTPS port 443 should be used in this case.
Issue migrated from https://gitlab.prae.me/apppets/PrivacyKit/issues/1.
URLs of the kind httpss://proxy:port/destination:port/index.htm
could be used as a custom URL handler that triggers Shalon to be used and first connect to proxy:port
and then establishing a tunnel to destination.port
. Depending on how many proxies should be used, the URL scheme could be httpss+
.
Alternatively there could also be a configuration file that sets up the proxy.
This issue was migrated from https://gitlab.prae.me/apppets/PrivacyKit/issues/5.
The implementation of Shalon is just a proof-of-concept and does not support downloading "big" files. As soon as the response headers could be parsed, the response is immediately returned. The Content-Length
header should be read and additional bytes received should be attached to the response.
This issue was migrated from https://gitlab.prae.me/apppets/PrivacyKit/issues/4.
Jain et al. [1] proposed a location API that nudges developers to use location data in a more privacy-friendly manner. We should definitely implement this to make this accessible to more developers.
Ideally a GUI should be added, like the photo chooser that is already present on iOS, that in addition to selectively providing access to user-chosen photos, should also strip EXIF meta data from the accessed photos by default.
The privacy issues caused by EXIF metadata are demonstrated nicely by Felix Krause [1].
An
NSURLSession
object manages multiple tasks, each of which represents a single URL request and any follow-on requests. You usually create a session when your app launches, then create tasks in much the same way that you would createNSURLConnection
objects.
This issue was migrated from https://gitlab.prae.me/apppets/PrivacyKit/issues/3.
Some tests (HttpTest.testHeadRequest
, HttpTest.testConnectRequest
) fail randomly, since the order of the HTTP headers does not match.
The key-value storage provider could exchange values. Integrity of single values is protected by authenticated encryption, but values can still be decrypted if assigned to another key of the same user. If the provider has access to the users reactions, swapped values can be linked.
Fix this by adding the key to the value before encrypting it. Integrity violation can be detected if the key used for retrieving the value does not match with the retrieved key stored alongside the value.
See AppPETs/PrivacyService@fdb53ac.
I tried setting:
request.allHTTPHeaderFields = [:]
, see URLRequest.allHTTPHeaderFields
request.setValue(nil, forHTTPHeaderField: "User-Agent")
, see URLRequest.setValue(_:forHTTPHeaderField:)
sessionConfiguration.httpAdditionalHeaders = nil
and sessionConfiguration.httpAdditionalHeaders = [:]
, see URLSessionConfiguration. httpAdditionalHeaders
These methods could be used to override default HTTP headers, but none of them prevents the header from being sent.
The Shalon implementation gives way more control over which HTTP headers are sent.
This issue was migrated from https://gitlab.prae.me/apppets/PrivacyKit/issues/2.
The bad behaviour of the P-Service now needs to be explicitly enabled (see AppPETs/PrivacyService#5). Add configuration option to the API to enable it for a given application. This must not be the default.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.