pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[^Tripper^]

Looks like that’s the issue. Must’ve been a recent development on the app as it used to work fine with pixelserv-tls previously.

Good god, what if more app developers learn this and implement it?!?!?! Somebody delete my posts!!!!

 

[Asad Ali]

Good god, what if more app developers learn this and implement it?!?!?! Somebody delete my posts!!!!

This technique is not new and Instagram is doing that since ages, the only difference is it doesn't alert the end-user about that but it bombarded the Pixelserv-tls with an insane amount of retry attempts to call home that it even interferes with Pixelserv-tls performance.

I'm sure there are many other apps as well.

 

[L&LD]

Apps. One more way to give away control of your devices, data, and security.

 

[^Tripper^]

This technique is not new and Instagram is doing that since ages, the only difference is it doesn't alert the end-user about that but it bombarded the Pixelserv-tls with an insane amount of retry attempts to call home that it even interferes with Pixelserv-tls performance.

I'm sure there are many other apps as well.

I think that would explain the ungodly amount of “slu” errors I see when the family is instagram-ing away. Knew it was some app or another but this fits.

Apps. One more way to give away control of your devices, data, and security.

Too true!!! I avoid apps if I can access a webpage, always found apps to be comparatively restrictive in addition to everything you mentioned.

Thank you everyone for helping with this midnight mystery, it is very much appreciated.

Tin foil hat off!! (But always close at hand)

 

[Asad Ali]

I think that would explain the ungodly amount of “slu” errors I see when the family is instagram-ing away. Knew it was some app or another but this fits.

Yep, "graph.instagram.com" is the culprit URL.

 

[Butterfly Bones]

Update; no dice. Deleted the app, rebooted the phone, reinstalled and still getting the error.

Hmmm... wonder what “checks” this app does.

This is from left field - I got this after the iOS 13.3.1 update yesterday. Below steps cleared the error for me.

Go into Diversion,

ep - This manages installed Entware packages.
3 - Manage pixelserv-tls certificates
1 - Purge pixelserv-tls domain certificates

 

[Stevens243]

Yep, "graph.instagram.com" is the culprit URL IRL .

FTFY.

 

[jrmwvu04]

Not exactly. I'm speculating that the expected certificate signature is hard-coded in the app and the pixelserv-generated certificate signature doesn't match that. A way to prevent spoofing of certs, but it's hard to say with any certainty what they're doing inside.

EDIT: what @Asad Ali said.

For what it’s worth when the brain trust was at its peak during the development of pixelserv 2.2, it was determined through quite a lot of testing that this was the case. What is changing, more recently, is that more and more apps are moving to that model. One of the big reasons everyone is trying to push you to their apps rather than websites and etc. so that they can gather a stunning amount of tracking data that the average user can’t circumvent. The surprising thing to me is that this app was so honest about what was failing.

 

[Asad Ali]

The surprising thing to me is that this app was so honest about what was failing.

It seems the developers here have good intentions and trying to warn the user about the wrong SSL certificate being detected because a skilled hacker can easily sniff the data out of the app using SSL MiTM attacks.

 

[thelonelycoder]

The Entware maintainers have released updated packages. This now brings the official release of pixelserv-tls 2.3.1 to those that were patiently waiting for it.
Use ep in amtm or Diversion to update Entware packages.
Note that for those that updated pixelserv-tls manually or through Diversion to v2.3.1 need to restart pixelserv-tls after the update, in ep, 4.
Since both amtm and Diversion see no version change when it was previously updated to v2.3.1, this step is necessary.

 

[joe68000]

The Entware maintainers have released updated packages. This now brings the official release of pixelserv-tls 2.3.1 to those that were patiently waiting for it.
Use ep in amtm or Diversion to update Entware packages.
Note that for those that updated pixelserv-tls manually or through Diversion to v2.3.1 need to restart pixelserv-tls after the update, in ep, 4.
Since both amtm and Diversion see no version change when it was previously updated to v2.3.1, this step is necessary.

Thanks!

For the entware pixelserv-tls, what do we expect to see in the banner? This is what I see after updating the entware packages and restarting pixelserv:

pixelserv-tls 2.3.1 (compiled: Dec 19 2019 11:03:57 flags: tls1_3) options: 192.168.2.3

 

[Butterfly Bones]

Thanks!

For the entware pixelserv-tls, what do we expect to see in the banner? This is what I see after updating the entware packages and restarting pixelserv:

pixelserv-tls 2.3.1 (compiled: Dec 19 2019 11:03:57 flags: tls1_3) options: 192.168.2.3

Mine shows -

pixelserv-tls 2.3.1 (compiled: Jan 31 2020 13:27:14 flags: tfo tls1_3) options: 192.168.1.2

 

[Makaveli]

Mine shows -

pixelserv-tls 2.3.1 (compiled: Jan 31 2020 13:27:14 flags: tfo tls1_3) options: 192.168.1.2

I did mine manually awhile back.

pixelserv-tls 2.3.1 (compiled: Dec 13 2019 20:33:42 flags: tfo tls1_3)

I just forced the update and now i'm current.

pixelserv-tls 2.3.1 (compiled: Jan 31 2020 13:27:14 flags: tfo tls1_3)

 

[Butterfly Bones]

I did mine manually awhile back.

pixelserv-tls 2.3.1 (compiled: Dec 13 2019 20:33:42 flags: tfo tls1_3)

I did as well, when the 2.3.1 update was posted in the pixelserv-tls thread. Just ran the ep update from AMTM (and ep then 4 in Diversion) and this is what I see. (compiled: Jan 31 2020 13:27:14)

 

[joe68000]

Strange, I tried to force an update again and the banner still shows compiled Dec 19. The version is listed as "Version: 2.3.1-1". Not sure if I am actually getting the latest version.

 

[Makaveli]

after you forced the update did you restart the service?

 

[joe68000]

after you forced the update did you restart the service?

Yes- multiple times. There doesn't seem to be a way to force a reinstall, unless I'm missing something. All I see is:

This updates or upgrades pixelserv-tls v2.3.1

 1. Update pixelserv-tls, regular Entware version
 2. Upgrade pixelserv-tls, regular Entware version
 3. Upgrade pixelserv-tls to v2.3.1, Jack Yaz version

 

[Asad Ali]

Yes- multiple times. There doesn't seem to be a way to force an update, unless I'm missing something. All I see is:

This updates or upgrades pixelserv-tls v2.3.1

 1. Update pixelserv-tls, regular Entware version
 2. Upgrade pixelserv-tls, regular Entware version
 3. Upgrade pixelserv-tls to v2.3.1, Jack Yaz version

Use ep>6>5 option.

 

[thelonelycoder]

pixelserv-tls 2.3.1 (compiled: Dec 19 2019 11:03:57 flags: tls1_3) options: 192.168.2.3

This is @Jack Yaz version. Use ep to update to the official release version.
Edit: ep, 6, 5

 

[joe68000]

Use ep>6>5 option.

I've done that already. Can I delete the package file to force a re-download?