How to upload binary ZIP file to net anonymously?

On 2017-02-12 21:57, Frank Slootweg wrote:
Carlos E. R. wrote:
On 2017-02-12 15:24, Frank Slootweg wrote:
Stijn De Jong wrote:

I have two Windows questions:
a. How do I get a reliable hash for this file
b. Where can it be uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

IMO, a. and b. are mutually exclusive/incompatible. Why the need for a
checksum if the originator cannot be trusted (because he wants to be
anonymous)?

To verify that a third party has not modified the file, or that is was
not accidentally modified in transit.

In the described scenario, there is no third party.

There is always a third party. The archive is uploaded to some site. How
do you know that someone at that site did not alter the archive?

The "accidentally
modified in transit" argument isn't particularly relevant in the given
example - an APK - because an APK is a zip file and hence any corruption
would be detected at unzip time,

Nope. Alter the files, repack.

but yes, in the general file-transfer
case, it could be relevant.

Better overly cautious than sorry.

--
Cheers,
Carlos E.R.

On Sun, 12 Feb 2017 19:56:12 -0200, Shadow wrote:

Still trying to figure out why you need to be anonymous.

"Need"? -- Naah ... just prefer. And 'tain't something to "figure out why".
--

In comp.mobile.android, on Sat, 11 Feb 2017 18:26:16 +0000 (UTC), Stijn
De Jong wrote:

Where/how can we upload a binary ZIP file onto the net anonymously?

On the Android newsgroup we have been discussing how some free apps get
worse over time, where a particularly useful app got worse so that the
older version is more desirable than the newer version.
Google Now Launcher to be pulled from the Play Store in Q1 2017
https://groups.google.com/forum/#!to...id/e17_KIXjYKs

The solution to apps changing out from under us is to use a good free app
backup solution, which can retroactively re-create the original installer,
(even if it was a system app or carrier bloatware) and which can
automagically back up all installed apps the moment they are installed.

I use just such one app, but the newer versions are worse than the older
versions so I just want to upload my ZIP file for this one user to use.

What confuses me about all this is that a zip file is for Windows (and
Mac and Linux??) and I know how to dl it and unzip it in widows, but
shouldn't I be dl'ing it to the phone instead?? What good will it do me
on the PC? Unless that's where it works. But I don't see how that can
be since I thought it was an .apk file that is zipped there.

I'm not quite a newbie, but my Android father died when I was rather
young and was raised by a Gynoid mother, who really didn't know much
about this stuff.


The actual app is "App Backup & Restore" which automagically backs up all
installed apps to a ZIP file, which we have found to be "mostly" portable
to other devices.
https://groups.google.com/forum/#!or...s/k0uCMeCYBgAJ

The ZIP file is 3,241KB stored on Windows:
"App Backup & Restore-mobi.infolife.appbackup-53-v3.2.0.apk"

I have two Windows questions:
a. How do I get a reliable hash for this file
b. Where can it be uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

Earlier:
On Wed, 8 Feb 2017 16:06:06 -0500, tlvp wrote:
Googling that suggests that the Play Store, now up to v. 6.0.9, no longer
offers v. 3.2.0, and that the only places that are offering it are sites
whose practices may be ... let's say ... on the shady side.

Any advice where safely to get that particular older (circa 2014-era)
version? From apk4fun? apkdom? appsuu? apkapk.org? 9apps? other?
(Neither archive.org nor oldapps.com seems to have it.)

What's wrong with apk4fun.

It says it has mobi.infolife.appbackup-3.2.0-www.APK4Fun.com.apk
and the file length is 3,318,353, which converts to 3,241KB, the same
length that you have above.

The only thing missing from the file name is 53, but the length is the
same.

I looked at 4 reviews and they all say it's okay. Except for the 2nd
one, AVG, I don't know who reviews the reviewers, but check out

https://www.mywot.com/en/scorecard/apk4fun.com

But AVG is reliable:
http://www.avgthreatlabs.com/us-en/w...n/apk4fun.com/
No current active malware appears on this website. However, during the
last 30 days potentially active threats did appear on a subdomain.
Last update: Feb 12, 2017
Safety Rating Safe
Malware Found 1
Compromised Pages 0

http://www.siteadvisor.com/sites/apk4fun.com

This one is strange:
http://www.siteadvisor.com/sites/apk4fun.com It says "No downloads
found". Maybe I'm misunderstanding what that means.

I didnt' look any further.

On Sat, 11 Feb 2017 18:26:16 +0000, Stijn De Jong wrote:

Where/how can we upload a binary ZIP file onto the net anonymously?



Try filebin.ca

Carlos E. R. wrote:
On 2017-02-12 21:57, Frank Slootweg wrote:
Carlos E. R. wrote:
On 2017-02-12 15:24, Frank Slootweg wrote:
Stijn De Jong wrote:

I have two Windows questions:
a. How do I get a reliable hash for this file
b. Where can it be uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

IMO, a. and b. are mutually exclusive/incompatible. Why the need for a
checksum if the originator cannot be trusted (because he wants to be
anonymous)?

To verify that a third party has not modified the file, or that is was
not accidentally modified in transit.

In the described scenario, there is no third party.

There is always a third party. The archive is uploaded to some site. How
do you know that someone at that site did not alter the archive?

Why use a site you don't trust? But if you don't trust the site, then
just encrypt or/and password-protect it.

[More of the same deleted.]

On 2017-02-13 19:35, Frank Slootweg wrote:
Carlos E. R. wrote:
On 2017-02-12 21:57, Frank Slootweg wrote:
Carlos E. R. wrote:
On 2017-02-12 15:24, Frank Slootweg wrote:
Stijn De Jong wrote:

I have two Windows questions:
a. How do I get a reliable hash for this file
b. Where can it be uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

IMO, a. and b. are mutually exclusive/incompatible. Why the need for a
checksum if the originator cannot be trusted (because he wants to be
anonymous)?

To verify that a third party has not modified the file, or that is was
not accidentally modified in transit.

In the described scenario, there is no third party.

There is always a third party. The archive is uploaded to some site. How
do you know that someone at that site did not alter the archive?

Why use a site you don't trust? But if you don't trust the site, then
just encrypt or/and password-protect it.

Have you really read and understood this thread? What you say is absurd.

--
Cheers,
Carlos E.R.

Carlos E. R. wrote:
On 2017-02-13 19:35, Frank Slootweg wrote:
Carlos E. R. wrote:
On 2017-02-12 21:57, Frank Slootweg wrote:
Carlos E. R. wrote:
On 2017-02-12 15:24, Frank Slootweg wrote:
Stijn De Jong wrote:

I have two Windows questions:
a. How do I get a reliable hash for this file
b. Where can it be uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

IMO, a. and b. are mutually exclusive/incompatible. Why the need for a
checksum if the originator cannot be trusted (because he wants to be
anonymous)?

To verify that a third party has not modified the file, or that is was
not accidentally modified in transit.

In the described scenario, there is no third party.

There is always a third party. The archive is uploaded to some site. How
do you know that someone at that site did not alter the archive?

Why use a site you don't trust? But if you don't trust the site, then
just encrypt or/and password-protect it.

Have you really read and understood this thread? What you say is absurd.

[Assuming that you don't think that "it" in "just encrypt or/and
password-protect it" refers to the *site*. It of course refers to (using
your term the *archive* (APK file) which is uploaded to/from the
site.]

Yes, I have. So please enlighten me and explain *why* you think what I
say is absurd.

On Mon, 13 Feb 2017 00:23:44 +0000 (UTC), Stijn De Jong
wrote:

On Sun, 12 Feb 2017 19:56:12 -0200, Shadow wrote:

Still trying to figure out why you need to be anonymous.

It's the opposite.

Look up Snowden's comments on this because he answered the question more
eloquently than I could.
https://www.google.com/search?q=snow...+privacy+right

Yes, I know what privacy is and I value it.
But you said it's an ANDROID app, for lord's sake. Android is
tracking you before you even switch it on. (slight exaggeration, but
you get the idea). It's like saying you use Win 7 or 10, or a Mac and
asking how to be anonymous. Impossible....
My question was "why do you need privacy to post an app that
is not secret, not malware and can be downloaded from other sources".

Want privacy ? Hack into someone's wifi using a fake,
preferably cloned MAC address and an old laptop. Use Win XP, or an
OLD, pre systemd version of Debian. Use a firewall, and don't have
anything on the computer that can identify you. IOW, don't use a HD or
a CPU from a machine that could have been tagged as yours.
It'll **** them off for a while. They will eventually triangle
your signal, and Google will map where you are to within a few
yards....
[]'s

--
Don't be evil - Google 2004
We have a new policy - Google 2012

On Mon, 13 Feb 2017 00:23:46 +0000 (UTC), Stijn De Jong
wrote:

On Sun, 12 Feb 2017 21:37:04 +0100, Carlos E. R. wrote:

I'm not sure what a "link to the program I used" means, because the version
I use no longer exists.

I mean to the checksum app.

Here is the link to the checksum app I used on Windows XP.
http://www.etree.org/cgi-bin/counter...are/md5sum.exe


http://implbits.com/products/hashtab/

The version for WinXP is at the bottom of the page....

Use at least SHA256

[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

On Mon, 13 Feb 2017 00:23:48 +0000 (UTC), Stijn De Jong
wrote:

On Sun, 12 Feb 2017 19:58:05 -0200, Shadow wrote:

Yes. Both Jotti and Virustotal scan for android malware when
they detect an apk file.

When I search for Jotti, I get only music apps.
https://www.google.com/search?q=jotti+google+play

https://virusscan.jotti.org/en

It uses a AV called "White Armor" for Android apps, though
most of the other main AVs will flag Android malware.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

On Mon, 13 Feb 2017 22:00:06 -0200, Shadow wrote:

Yes, I know what privacy is and I value it

Good. Because it's really hard to explain privacy on the Usenet.

But you said it's an ANDROID app, for lord's sake. Android is
tracking you before you even switch it on. (slight exaggeration, but
you get the idea). It's like saying you use Win 7 or 10, or a Mac and
asking how to be anonymous. Impossible....

Well.... I disagree with you completely.
But that's because I care bout privacy.

So, "my Android" isn't tracking me.

However, I do understand your point, which is that most people put credit
cards on their phones (which I never do since I never pay for anything),
and most people have Google stuff set up to remember things (even on iOS
they do that) and most people have not deleted Google Play like I have (the
corresponding Apple login is impossible to delete on iOS), and most people
don't wipe out their advertising ID (like I have, and which is impossible
to do on iOS) and most people don't know enough to prevent their phone from
broadcasting their home SSID whenever they go to a coffee shop and most
people don't have the location settings turned off for Google, so, most
people are spying for Google, etc.

So, I agree with you that most people who use Android (or iOS) don't
realize half the things that are tracking them constantly.

With respect to the fact that everyone who drives by my house is collecting
and sending to Google the GPS location, MAC address, signal strength, and
my home router SSID - there's nothing I can do about that fact that most
people don't have their Android WiFi settings set up correctly.

However, MY Android devices do NOT send ANY of that information to GOogle
when I drive by their houses, so, I, for one, am a considerate (and
intelligent) Android user.

At home, I use the optout and nomap keywords though for my WiFi, once of
which is required by Windows (which I have never really understood) and the
other of which is required by Google. My SSID is also unique as is my
passprase (AFAIK) to keep them out of WPA2/PSK rainbow tables, and, of
course, my router disallows the common attack ports (where I can often see
people hammering from China/Russia, etc.) since I'm on WISP so my signal
has to go through the air to the Internet.


My question was "why do you need privacy to post an app that
is not secret, not malware and can be downloaded from other sources".

Again, your questions are confusing because you're putting two things
together to ask a third question which has nothing, per se, to do with
combining the two things.

Take these two things:
1. You eat food.
2. You post apps.

Your question is like asking:
Why do you need food to post an app that is not tasty, not sugary, and can
be found at many restaurants?

The fact I want privacy is one thing.
The fact that I happened to post an app is another.
The fact that the app I posted is found in other sources was unknown to me
at the time I posted the app, but it doesn't change anything either.

Your question links two things that are completely separate.

Want privacy ? Hack into someone's wifi using a fake,
preferably cloned MAC address and an old laptop.

As you must be aware, the best way to secure your own network is to try to
hack into it, and to understand how to do that (netstumbler, wireshark,
antennas, protocols, etc.).

Since I have to set up my own Internet (there is no cable or dsl where I
live), I am very familiar with such things. My antenna can pick up probably
five hundred access points at this very moment. Of course, my antenna is
the size of a basketball hoop, so, it has more sensitivity for receiving
than any router in any home, and it has far more power for transmitting
than any router in any home - so the problem will always be GETTING the
signal, since I can always SEND a signal to a router 15 miles away.

You must be thinking you're talking to a "normal" person, who doesn't know
how to secure Android, nor how to get Internet from almost anywhere (if
it's not too badly locked up). For example, I assume you're aware that,
with rainbow tables, anyone can hack into even WPA2/PSK setups, right (if
the admins didn't use unique SSIDs and passphrases, since the WPA2/PSK salt
"is" the SSID -=== which is stupid, IMHO, but that's what it is).

Use Win XP, or an
OLD, pre systemd version of Debian.

Someday I'm gonna just put a WinXP VM in place for when those Indian Dell
Support and Microsoft Support scammers call (I get them once every few
months)....


Use a firewall, and don't have
anything on the computer that can identify you.

Yup. My computer name is "a" and my user name is "b" and the admin on teh
computer is "c", etc., and all the PDF and Windows properties are set to
forget. Plus I use Panopticlick regularly, etc.

There are a zillion things to keep privacy intact, which is just like
keeping your body clean. You are constantly finding stuff that you need to
keep clean (e.g., exif information in photos).


IOW, don't use a HD or
a CPU from a machine that could have been tagged as yours.
It'll **** them off for a while. They will eventually triangle
your signal, and Google will map where you are to within a few
yards....

The sad thing about Google isn't "my" phone since mine is set up properly
(which is to say, mine is set up to NOT spy for free for Google).

The sad thing about Google is that on both operating systems (whether iOS
or Android), all the GOogle apps spy on you, and, in the case of the
Android operating system, most users are stupid so they have their phone
set up to spy on you.

Even with _nomap, Google still *receives* your GPS location, signal
strength, MAC address, and SSID from all these phones. Google "says" they
will drop the data if you put _nomap, but they *get* the data.

And, no, this isnt' the MAC address that you can easily clone.

On Mon, 13 Feb 2017 00:23:48 +0000 (UTC), Stijn De Jong wrote:

It's better when I search for Virustotal:
https://play.google.com/store/apps/d...com.virustotal
VirusTotal by VIRUSTOTAL
https://www.virustotal.com/en/docume...-applications/

Here's what it says:
"Please note that VirusTotal for Android does not provide real-time
protection and, so, is no substitute for any antivirus product, just a
second opinion regarding your apps."

No, no, 2dogs, not the app, but the website: you were meant to use the web
site virustotal.com to submit your file to for virus- or malware-checking.

HTH. Cheers, -- tlvp
[PS: Jotti? You're on your own, there. I'd Google it, though :-) . -- t]
--
Avant de repondre, jeter la poubelle, SVP.

On Mon, 13 Feb 2017 02:37:34 -0500, micky wrote:

Earlier:
On Wed, 8 Feb 2017 16:06:06 -0500, tlvp wrote:
... Play Store, now up to v. 6.0.9, no longer
offers v. 3.2.0, and that the only places that are offering it are sites
whose practices may be ... let's say ... on the shady side.

Any advice where safely to get that particular older (circa 2014-era)
version? From apk4fun? apkdom? appsuu? apkapk.org? 9apps? other?

What's wrong with apk4fun.

Yup, that was (part of) my question :-) .

It says it has mobi.infolife.appbackup-3.2.0-www.APK4Fun.com.apk
and the file length is 3,318,353, which converts to 3,241KB, the same
length that you have above.

...

I looked at 4 reviews and they all say it's okay. Except for the 2nd
one, AVG, I don't know ...

There's "all" and there's "all but one". Very different (4 vs. 3).

... who reviews the reviewers, but check out

https://www.mywot.com/en/scorecard/apk4fun.com

But AVG is reliable:
http://www.avgthreatlabs.com/us-en/w...n/apk4fun.com/
No current active malware appears on this website. However, during the
last 30 days potentially active threats did appear on a subdomain.
Last update: Feb 12, 2017
Safety Rating Safe
Malware Found 1
Compromised Pages 0

"Malware Found: 1" is one too many for me, thanks :-) .

More reassuring is that neither VirusTotal nor Jotti found anything
suspicious in the apk4fun-provided .apk archive I might want to be using.

Thanks for your investigations on my behalf. Cheers, -- tlvp
--
Avant de repondre, jeter la poubelle, SVP.

On Tue, 14 Feb 2017 20:40:10 +0000 (UTC), Stijn De Jong
wrote:

On Mon, 13 Feb 2017 22:00:06 -0200, Shadow wrote:

Yes, I know what privacy is and I value it

Good. Because it's really hard to explain privacy on the Usenet.

But you said it's an ANDROID app, for lord's sake. Android is
tracking you before you even switch it on. (slight exaggeration, but
you get the idea). It's like saying you use Win 7 or 10, or a Mac and
asking how to be anonymous. Impossible....

Well.... I disagree with you completely.
But that's because I care bout privacy.

So, "my Android" isn't tracking me.

However, I do understand your point, which is that most people put credit
cards on their phones (which I never do since I never pay for anything),
and most people have Google stuff set up to remember things (even on iOS
they do that) and most people have not deleted Google Play like I have (the
corresponding Apple login is impossible to delete on iOS), and most people
don't wipe out their advertising ID (like I have, and which is impossible
to do on iOS) and most people don't know enough to prevent their phone from
broadcasting their home SSID whenever they go to a coffee shop and most
people don't have the location settings turned off for Google, so, most
people are spying for Google, etc.

So, I agree with you that most people who use Android (or iOS) don't
realize half the things that are tracking them constantly.

With respect to the fact that everyone who drives by my house is collecting
and sending to Google the GPS location, MAC address, signal strength, and
my home router SSID - there's nothing I can do about that fact that most
people don't have their Android WiFi settings set up correctly.

However, MY Android devices do NOT send ANY of that information to GOogle
when I drive by their houses, so, I, for one, am a considerate (and
intelligent) Android user.

At home, I use the optout and nomap keywords though for my WiFi, once of
which is required by Windows (which I have never really understood) and the
other of which is required by Google. My SSID is also unique as is my
passprase (AFAIK) to keep them out of WPA2/PSK rainbow tables, and, of
course, my router disallows the common attack ports (where I can often see
people hammering from China/Russia, etc.) since I'm on WISP so my signal
has to go through the air to the Internet.


My question was "why do you need privacy to post an app that
is not secret, not malware and can be downloaded from other sources".

Again, your questions are confusing because you're putting two things
together to ask a third question which has nothing, per se, to do with
combining the two things.

Take these two things:
1. You eat food.
2. You post apps.

Your question is like asking:
Why do you need food to post an app that is not tasty, not sugary, and can
be found at many restaurants?

The fact I want privacy is one thing.
The fact that I happened to post an app is another.
The fact that the app I posted is found in other sources was unknown to me
at the time I posted the app, but it doesn't change anything either.

Your question links two things that are completely separate.

Want privacy ? Hack into someone's wifi using a fake,
preferably cloned MAC address and an old laptop.

As you must be aware, the best way to secure your own network is to try to
hack into it, and to understand how to do that (netstumbler, wireshark,
antennas, protocols, etc.).

Since I have to set up my own Internet (there is no cable or dsl where I
live), I am very familiar with such things. My antenna can pick up probably
five hundred access points at this very moment. Of course, my antenna is
the size of a basketball hoop, so, it has more sensitivity for receiving
than any router in any home, and it has far more power for transmitting
than any router in any home - so the problem will always be GETTING the
signal, since I can always SEND a signal to a router 15 miles away.

You must be thinking you're talking to a "normal" person, who doesn't know
how to secure Android, nor how to get Internet from almost anywhere (if
it's not too badly locked up). For example, I assume you're aware that,
with rainbow tables, anyone can hack into even WPA2/PSK setups, right (if
the admins didn't use unique SSIDs and passphrases, since the WPA2/PSK salt
"is" the SSID -=== which is stupid, IMHO, but that's what it is).

Use Win XP, or an
OLD, pre systemd version of Debian.

Someday I'm gonna just put a WinXP VM in place for when those Indian Dell
Support and Microsoft Support scammers call (I get them once every few
months)....


Use a firewall, and don't have
anything on the computer that can identify you.

Yup. My computer name is "a" and my user name is "b" and the admin on teh
computer is "c", etc., and all the PDF and Windows properties are set to
forget. Plus I use Panopticlick regularly, etc.

There are a zillion things to keep privacy intact, which is just like
keeping your body clean. You are constantly finding stuff that you need to
keep clean (e.g., exif information in photos).


IOW, don't use a HD or
a CPU from a machine that could have been tagged as yours.
It'll **** them off for a while. They will eventually triangle
your signal, and Google will map where you are to within a few
yards....

The sad thing about Google isn't "my" phone since mine is set up properly
(which is to say, mine is set up to NOT spy for free for Google).

The sad thing about Google is that on both operating systems (whether iOS
or Android), all the GOogle apps spy on you, and, in the case of the
Android operating system, most users are stupid so they have their phone
set up to spy on you.

Even with _nomap, Google still *receives* your GPS location, signal
strength, MAC address, and SSID from all these phones. Google "says" they
will drop the data if you put _nomap, but they *get* the data.

And, no, this isnt' the MAC address that you can easily clone.

No, Android cannot be secured. It phones home by default. It's
extremely difficult to block. It has numerous backdoors, so you have
to update it with new backdoors when hackers discover the old ones.
When you update it Google sucks all your data.
And you still have not told me why you need to be anonymous to
send the URL of an app to a friend.
(yes, I know about all the other stuff you mentioned, I'm
familiar with aircrack-ng. I even used Kismet back in the day. Note :
calling your things "a" "b" and "c" would ID you in a flash. That must
be the Uniquemost name on the internet. Call your PC some singer or
actor's name, and rotate them).
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Shadow wrote:


No, Android cannot be secured. It phones home by default. It's
extremely difficult to block. It has numerous backdoors, so you have
to update it with new backdoors when hackers discover the old ones.
When you update it Google sucks all your data.

Good thing is that you don't have the foggiest what you are babbling about