Safe Unix Terminal

Revliss

Is there a safe way to use a terminal? The native terminal refuses any kind of VPN, is this going to get a fix? Is Termux safe on Graphene?

Johnnyloans

Revliss

Termux is safe. Use the official repository for getting extra packages.

About low target sdk:
I guess don't ssh into shady servers to avoid getting hacked.

It is baked into the design that the Linux terminal in android can't use a vpn at this point in time. It isn't necessarily a bug but this could be changed.
Terminal is useful for using nmap and other tools which termux doesn't have permissions for.

Johnnyloans

Revliss The native terminal refuses any kind of VPN

DeletedUser688 Just use the Linux development environment. It can be enabled in the developer options

littlerack

Revliss refuses any kind of VPN

Not precisely, it's only "block connections without vpn" part of vpn settings, the vpn can be ON. So I disable it while behind "trusted/secured" upstream network.

littlerack

Johnnyloans Use the official repository

I hasn't seen any reviews of termux privacy (like what is sent to outside world). Internal IP, system details, etc. It's "official" repositories are in China and xyz domains (I think there were even insecure defaults http 80 at a time), so one has to cleanup repo settings.

DohnJoe

littlerack Why don't you apply your suggestion to yourself first?

I am trying, but you are not helping me lol

The first "controversial" reply you had is that:

Johnnyloans Termux is safe.

(I guess as in secure).

Then you started a crusade about Termux privacy:littlerack

And then you are wondering if people:

littlerack understand security and privacy are two distinct areas?

So i think there have been some miscomunication, and it's ok.
Let's try to de-escalate.

littlerack Termux has never advertised itself as a privacy-concise environment and no-one should pretend it is.

We agree on this and if you skim on previous replies, no one is trying to tell otherwise.
In fact in my very first post I started with:

DohnJoe While Termux is not privacy focused, [ . . . ]

I think everything started after @starglider suggested you can't use ufw effectively unless you root your OS (?)

But let's concentrate on the feedback you are searching for...
At a certain point you somewhat suggested that f-droid is trustable:

littlerack F-droid at least has reproducible builds and warnings.

I would like to skip the fact that you can change repo on f-droid, because I want to underline another point that seemed to go unnoticed:

Jasper82 Get it from the F-Droid repo, they build it from source.

@Jasper82 is suggesting us that f-droid already reviewed the code of Termux and that they consider it trustable enough to build it and publish it.
With the presence of the eventual warnings on the store page, I would say this is the feedback you are searching for.

For what concerns the official repo, you had the idea they where chinese:

littlerack It's "official" repositories are in China and xyz domains

Apart from the fact that an .xyz domain is not less secure than a .com domain (it's just, usually, less expensive) I might accept that in the past they had official chinese repositories (I really don't know the entire repository story of Termux, I can accept that at a certain point on time they were).
But if you are installing Termux today, we should take into consideration the current state of the project.

While examining termux.dev domain we can see cloudflare's DNSs, having a lookup of their IP address 5.75.242.194 we can see it is part of the Hetzner network.

This point has been made clear, already:

Johnnyloans 1 official repository + cloudflare CDNs
Germany sponsored by Hetzner
packages.termux.dev
https://i.imgur.com/tgwH6M7.png

These are facts, and wether we like them or not, are facts.

On top of this we can create all the good arguments we want.

You already found your solution in RDNS, so whatever we are going to discuss here should be just for the sake of discussion, in the hope of growing up.
Maybe someone didn't know about RDNS and now has a new tool in their arsenal.
Maybe someone started to trust Termux because they found out they rely on a German server.
Maybe someone decided to leave Termux because of the same German server.

To be honest I growed up in this thread, especially reading about why Always on VPN breaks the terminal.

Let's agree we value different things and that your way of assessing an app works good enough for you, and that my way of assessing an app works good enough for me.

All things considered, if you didn't searched for an alternative to Termux, you couldn't have helped others like in this reply:

littlerack

Everyone has their use cases, and I personally wouldn't trade the Always on VPN feature to use the native terminal app, especially with a configurable Termux app around.
But maybe in my country there is a different kind of censorship that forces me to make different choices, this doesn't mean that my choice is better than yours.

I was genuinely wondering why you prefer your solution, to learn something new.

DeletedUser688

Just use the Linux development environment. It can be enabled in the developer options

Johnnyloans

The native terminal refuses any kind of VPN
littlerack Not precisely

The native terminal app is NAT'd before android's VPN rules apply. I am not privy on the specifics; but, the linux environment runs in a VM and the app has a "remote" VNC connection to the console--or a similar method. A VPN breaks the remote connection to the VM's IP.

A VPN as the default gateway will make 'Terminal' fail to open. A split tunnel or no VPN are the same end result for the terminal.

littlerack It's "official" repositories are in China and xyz domains

1 official repository + cloudflare CDNs
Germany sponsored by Hetzner
packages.termux.dev
https://i.imgur.com/tgwH6M7.png

Anyone is free to compare the site or any mirror to github.

littlerack one has to cleanup repo settings

5 seconds to verify: termux-change-repo

littlerack I hasn't seen any reviews of termux privacy

https://termuxfa.github.io/en/privacy-policy

"Termux does not record any personal information and ... without sending any data over the network in the background automatically."

Would you verify if any online reviewer is a real, credible person or from a satisfactory country? To combat propaganda.

This app is open source--not secretive.

littlerack Internal IP, system details, etc.

These seem like random, irrelevant words. Running a traceroute in termux, the first hop is my router--nothing nefarious.

Johnnyloans

littlerack do you understand security and privacy are two distinct areas?

Me replying to your privacy concerns:

littlerack I hasn't seen any reviews of termux privacy (like what is sent to [the] outside world).

Johnnyloans privacy-policy
"Termux does not record any personal information and ... without sending any data over the network in the background automatically."

Would you verify if any online reviewer is a real, credible person or from a satisfactory country? To combat propaganda.

This app is open source--not secretive.

Yes, this relates to privacy as well as "like what is sent to outside world." I directly answered this with: "recording data" & "sending data over the network."
3rd parties having zero knowledge is rather private.

Jasper82

littlerack I hasn't seen any reviews of termux privacy (like what is sent to outside world). Internal IP, system details, etc. It's "official" repositories are in China and xyz domains (I think there were even insecure defaults http 80 at a time), so one has to cleanup repo settings.

Get it from the F-Droid repo, they build it from source.

Johnnyloans

I think the bulk of the confusion comes from the assumption that termux is a separate computer, VM, or container.
It is an app that executes a task on the phone.

tl;dr termux is safe

Irrelevant words:

littlerack Phone model with all details re storage etc (not just arm arch by itself), network details are "random words" for privacy? Interesting statement.

littlerack Internal IP, system details, etc.

My previous comment is because this sounds like a person telling a mechanic:
"I love freedom and safety, can you install a new highway lane and speedbump into my car. I feel safer with these around."
These words all relate to cars but don't make sense.

termux is an app just like the gmail app.

No one decides which app to use--like email--based on:

What is the IP address of the gmail and tuta app?
Your phone has 1 IP address for apps. (Split tunnels are different but also the same concept.)
I can't decide between gmail and tuta; what is the phone model, storage device, and cpu arch that it'll be running on?
It'll be the same hardware. There is 1 phone. gmail and tuta don't affect the cpu architecture or phone model.
How will gmail and tuta change my routing table? (insert any other "networking detail" here)

littlerack there is no UFW package available for Termux.

littlerack Can't I, like in regular gnu/linux, drop everything except what I explicitly allow? protocol, etc.

Termux cannot bind a service to a port nor can it read data for the command ip a. Okay, so Termux is shielded from unsolicited inbound traffic. What UFW rules can we make for outbound?

To me, these are all useless outbound rules:

block all outgoing -- The code is verifiable to see it isn't malicious. This makes the console useless for most people.

sudo ufw default deny outgoing

block a destination port. No point, the user would have to desire for this connection so why block it.

sudo ufw allow out to any port 80

block ip address(es). Useless, use a DNS filter isntead.

sudo ufw deny out to 8.8.8.8
sudo ufw deny out to 34.0.0.0/8

What UFW cannot do on any device:

sudo ufw deny /usr/bin/firefox

Yes, you can block incoming connections on a "regular GNU/Linux" home PC but if there is nothing listening to the port, why? If there is a service listening on the port and you didn't intentionally do it and want to block it, you have bigger problems with a virus or a misinformed user wreaking havoc on the system.

starglider Why would you want to install a firewall in an unprivileged app? It wouldn't do anything meaningful since it can't control the host network interface.

starglider is correct.

littlerack Termux is in [no] way privacy-oriented (and has never been). ... Termux has never advertised itself as a privacy-concise environment and no-one should pretend it is. I haven't seen any reviews

You have made it clear you will only trust a review of the app. I have provided more than the average review worth of evidence. It seems you want an authoritative figure's words to trust your privacy with. I quoted the GOS head dev--the privacy phone you're using--saying he used termux in the past and that was disregarded as well. This'll be my last post on this topic because no one can talk you out of what your intuition tells you. You haven't provided anything about termux being malicous or not private.

"[An app is] privacy oriented" and "advertising an app as privacy focused."
What changes if your favorite privacy app removes the word "privacy" on github, their website, and app store page? Nothing. Non-privacy-focused apps can be 100% private.

littlerack Termux privacy policy is really short that tells a lot

This is good for trust. Which is better?:
"Are you spying me?"
(1) no.
(2) "Well ..." 40 pages later

littlerack Have you noticed "The CloudFlare CDN endpoint for the primary packages repository and other termux mirrors hosted by the community and maintainers may have different policie"?

I am well aware that people are different and don't have the same morales or intentions. Would you uninstall Vanadium because the app is capable of accessing these shady termux mirrors? As I said earlier: use the official repo.

littlerack system details

You strike me as a user and not a developer that could benefit from knowing exactly how termux does tasks like reading and writing files.

littlerack

Johnnyloans do you understand security and privacy are two distinct areas?

littlerack

Johnnyloans These seem like random, irrelevant words

Phone model with all details re storage etc (not just arm arch by itself), network details are "random words" for privacy? Interesting statement.

Termux is in now way privacy-oriented (and has never been). I haven't seen any reviews on what is sent out and I don't understand what's the source of your frustration with my mention of Termux specific. From what I recall I there is no UFW package available for Termux.
Not everyone is concerned about privacy, Termux has never advertised itself as a privacy-concise environment and no-one should pretend it is.

littlerack

Johnnyloans A VPN as the default gateway will make 'Terminal' fail to open.

I use VPN by default, if I'm behind safe network and do need Terminal, I just disable "block connections without vpn" and Terminal works (with its regular glitches).

Johnnyloans

The head GOS dev said he uses Termux in 2019

https://github.com/termux/termux-app/issues/1072#issuecomment-473962352

I use Termux and also work on Android OS security ...

littlerack

Johnnyloans 3rd parties having zero knowledge is rather private.

Termux privacy policy is really short that tells a lot) Have you noticed "The CloudFlare CDN endpoint for the primary packages repository and other termux mirrors hosted by the community and maintainers may have different policie"?

littlerack

Johnnyloans Would you verify if any online reviewer is a real, credible person or from a satisfactory country? To combat propaganda.

Review feedback are a bit easier to verify that the whole system, so a review would be a good starting point.

starglider

littlerack From what I recall I there is no UFW package available for Termux.

UFW? Like "uncomplicated firewall"? Why would you want to install a firewall in an unprivileged app? It wouldn't do anything meaningful since it can't control the host network interface.

DohnJoe

littlerack network details are "random words" for privacy?

Your mac address changes per connection by default and knowking that your dhcp gave you 192.168.0.1 is irrelevant, this is probably what he meant.

littlerack Termux is in now way privacy-oriented (and has never been).

While Termux is not privacy focused, it doesn't contains any telemetry or metadata grabber.
You can say the very same for the native terminal, which needs to download data from a source you cannot change.

littlerack Have you noticed "The CloudFlare CDN endpoint for the primary packages repository and other termux mirrors hosted by the community and maintainers may have different policie"?

They cannot be responsible of what is running on a different infrastructure they do not own. You should at least be grateful mirrors are an option, especially if your country have strong censorship.

spl4tt

I just use termux. My server only has ssh access via vpn, and termux gets routed through wireguard for me

littlerack

starglider firewall in an unprivileged app?

Are you saying that Termux has no idea and no way to control what's sent out from its env by all the apps? Can't I, like in regular gnu/linux, drop everything except what I explicitly allow? protocol, etc.

starglider

littlerack Yep exactly. Unless you're rooting the OS, Termux is just another sandboxed app.

littlerack

starglider Yep exactly. Unless you're rooting the OS, Termux is just another sandboxed app.

Oh no, it can't be you call a solution private/safe while it's a window to 3rd party potential privacy nightmare.
It's as private/safe as Aurora store)
F-droid at least has reproducible builds and warnings.
Termux just allow you to install something where "community and maintainers may have different policies". Use at your own risk, we'll label it "safe and private"