Jae's Blog Creatures and blogs.

PII in plaintext on ANFR’s website
Friday, January 9, 2026

First, some context.
ANFR is France’s equivalent to the OFCOM (in the UK), BNetzA (in Germany) or Traficom (in Finland). They regulate allocations on the radio spectrum and everything related to it.


Last year, they did a public consultation in relation to raising the threshold for “atypical points” from 6V/m to 9V/m. As with anything concerning radio waves, they had a slew of responses from conspiracy theorists, self-proclaimed “hyperelectrosenstive” people (the term coming back fairly often), but also approval from some entities such as SNCF (the national rail system).

All those responses are published on their website: https://www.anfr.fr/REPONSES/
Given that URL is publicly accessible, PII such as names, family names, phone numbers and addresses were redacted via black boxes on the documents.

While reading the responses in my web browser, Firefox, I noticed that I could click on some of those boxes, switch to edition mode, press DEL and completely de-obfuscate the PII.
I’m not a security expert by any means, and even I can say that’s pretty bad for an agency supposed to regulate frequencies.

So, what to do in this situation? I discovered this on Thursday 25 of December 2025.
On Friday 26 of December 2025, I decided to give them a call, as their website stated they would be open. Of course, no response at this point.

On Monday 29 of December 2025, I called once again, and this time, got someone over the phone. After explaining the issue, I was just told, “that sounds bad, I’m going to transfer you to someone else” (paraphrased).
After waiting for a bit, I ended up on someone who sounded confused and just thanked me for the report before quickly ending the call.

At this point, I wasn’t sure the issue would be even resolved from this phone call, so I waited for a bit, checking on the website now and then.

As of today, Friday 09 of January 2026, the issue has finally been fixed. While in a browser, the redaction boxes can’t be moved or deleted. When loading the PDF into Inkscape, you can move and remove the redaction boxes, but what’s under it is gone.

I’m also shooting a message to the CNIL (governmental data privacy agency) as ANFR didn’t publicly disclose that there was a possible leak of PII from their website, even if as simple as this.
In my opinion, this does reach the threshold to be a personal data breach, and as the European Commission themselves says, ANFR would have had to disclose it within 72 hours.

Categories: Privacy
0 Comments
Various Yealink utilities and firmware, archived
Sunday, January 4, 2026

A quick blog post to announced that I archived a bunch of Yealink-related software on Archive.org, including firmware, manuals, and configuration tools.
This is due to Yealink’s support just removing things after updating their website.

You can find the files at:

Happy hacking :)

Small update: I was curious about the firmware 3CX published on their website, being T4XS-66.86.0.180. This firmware not appearing on any official Yealink documentation, I sent them the following email:

Hey, I see that you are offering a T4XS-66.86.0.180 firmware for the Yealink T42s.
I wonder, what are the changes from the official one?
For instance, does the firmware lock the phone into 3cx or is it just bug fixes?
Thanks,
// jae

Today, I received the following response from 3CX:

Hello Jae,
Thank you for your message, The firmware versions you see on the 3CX website are official Yealink firmware build which are simply Tested, certified, and recommended by 3CX for use with 3CX systems
3CX does not modify or “custom-code” Yealink firmware. 
​For further information or comparisons of the firmwares, please contact Yealink directly. 
​Let me know if you require further assistance from our end. 

This firmware has therefore been added to the archive.

Categories: Tech,VoIP
0 Comments
FreePBX part 1: The initial setup
Friday, January 2, 2026

Happy new year again dear reader, hopefully you had wonderful holidays.
Me? I spent my holidays getting increasingly frustrated by a small software named FreePBX.

FreePBX, as its name suggest, is… a PBX… manager, PBX meaning Private Branch Exchange, or to do simple, your very own VoIP and telephony server.
As mentioned, FreePBX is only a front-end for another software called Asterisk, which does the real phone stuff in the background.

While both software are Open-Source, FreePBX being under (A)GPL v3 (for the most part, more on that later), and Asterisk GPLv2, there is a giant gap in quality between the two.
While Asterisk generally works like you would expect it to, FreePBX has been a hassle at all level, all the more exacerbated by the current documentation, being one of the worst I’ve seen in recent times.

More than that, the default FreePBX installation script installs a plethora of proprietary “commercial” modules, which has the tendency to show you ads on login.
It’s because of that poor documentation that I’m starting this small series of tutorial on how to make your own phone system using FreePBX.

“But Jae”, some might say, “why don’t you just contribute to the project instead”? The answer is simple: I’m not signing no damn SLA.


The installation

Of course, we have to start somewhere, and I actually think installing FreePBX is a good one.
There are two ways to install FreePBX:

  • The distribution version, which is a modified Debian 12 ISO that ships FreePBX by default
  • The automated installation script hosted on GitHub

In this tutorial, we’re gonna focus on the script version, as I have no idea how you’re getting servers, been provisioning them via a public cloud or having a spare machine.
So we’re going to make a few assumptions:

  • You have a running Debian 12 server, freshly installed
  • You know how to follow instructions
  • The domain we’ll use is example.com (of course, replace with your domain)
  • Your server is equivalent or above of a Hetzner CPX22 (4Gb RAM, 80Gb disk 2vCPU)

So SSH into your server, and let’s start the installation by:

# Get the actual script
$ wget https://github.com/FreePBX/sng_freepbx_debian_install/raw/master/sng_freepbx_debian_install.sh -O /tmp/sng_freepbx_debian_install.sh

# Don't forget to audit it :)
$ less /tmp/sng_freepbx_debian_install.sh

# And start the install
$ bash /tmp/sng_freepbx_debian_install.shCode language: Bash (bash)


This will take a while, go fill your bottle of water and get hydrated properly in the meanwhile.


Once this is done, our first step will be getting rid of most of the proprietary modules; sadly, some provide functionality that is needed to not have the worst experience in the world.
This step will throw errors, but don’t worry, in the FreePBX world, that’s normal.

# First, we get rid of everything
$ for x in $( fwconsole ma list | grep Commercial | awk '{print $2}' ); do fwconsole ma delete $x; done

# Install some dependencies
$ apt install build-essential

# Now we re-add the admin tools add-on
$ fwconsole ma install sysadmin

# Upgrade the rest
$ fwconsole ma upgradeall

# Double check for any remaining commercial modules
$ fwconsole ma list

# Small note: do NOT uninstall the sysadmin module since it's one of the essentials. The following is also an example.
$ fwconsole ma remove endpointCode language: Bash (bash)


Now, let’s head to the web interface using the IP displayed after the installation. There, you will have to set up basics such as the admin user and password.

Screenshot of the FreePBX initial setup screen asking for admin credentials.


Congrats, you now have a FreePBX instance! Beware, you’ll need to skip a few ads.

Once you have done this step, log into the FreePBX dashboard.
Make sure to enable the smart firewall when prompted, this is critical as bots will instantly hammer your server.

This will have the side effect of terminating your SSH connection, get your IP address (or even better, prefix), on the navigation bar, go in “Connectivity” then “Firewall”.
There, in the “Networks” tab, add your prefixes by clicking the small green “+”, hit “Save” in the bottom right and finally, hit “Apply config” in the top right.

You’ll see that “Apply config” button a lot, as most actions will require you to press it.


Configuring the basics

Now, we’re going to give the only concession we’ll ever give to FreePBX. Find some temporary email address and mailbox, it’ll be important in a few lines.

In the navigation bar, head to “Admin”, then “System Admin” near the bottom. On this page, click “Activate” (on the bottom right), and follow the prompts on screen, giving the add-on your fake email.
Don’t forget to put fake phone numbers as well.

Once you have an installation ID on screen, copy it, it’s faster to activate through the command line interface like so:

$ fwconsole sysadmin activate <deployment ID>
Code language: Bash (bash)


Thereafter, refresh the page, and you’ll see new options on the right.
In those new options, click on “HTTPS Setup” and open the “Here” hyperlink in a new tab.

On this new page, hit “New certificate”, then “Generate Let’s Encrypt Certificate”, and fill in the info with what you have. When you’re done, hit “Generate certificate” in the bottom-right corner.

Screenshot of the FreePBX certificate generator.



You can now close this tab and come back to the one we left open. Refresh the page, then head into “Settings”, select your certificate in the dropdown and hit “Install”.
Congrats, now you can access your PBX admin panel via HTTPS.



… and that’s it for today.

Don’t miss the next tutorial, in which we’ll start adding extensions and configure emails.

Categories: Tech,VoIP
0 Comments
Jae 2012-2025, CC BY-SA 4.0 unless stated otherwise.
Close

Ad-blocker not detected

Hi, it seems you don't have an ad blocker on your device.

Ad blockers protect you in today's web, get one for Firefox (desktop or mobile) or Chrome.

Additionally, you can get one for iOS as well nowadays.