this post was submitted on 25 Nov 2024
213 points (97.3% liked)

Privacy

32424 readers
543 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can't just "install Linux" on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP's latest version, imptoves upon it's security and significantly hardens it. There's hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you're using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can't work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn't the friendliest but you can get help. Just don't try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let's have a discussion!

you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 14 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

https://www.privacyguides.org/en/android/distributions/#aosp-derivatives

https://eylenburg.github.io/android_comparison.htm

I am a GOS user, it just works, so I don't really think about it. It's very nice to have storage and contact scopes.

My only complaint is I can't share a VPN over hotspot or tethering, which is very useful for a travel router device (to make all traffic look like it's coming from the phone). (Lineage and calyxos have this)

[–] muntedcrocodile@lemm.ee 2 points 3 weeks ago (1 children)

Really? I use rethink to filter my dns and that uses a local vpn and that works since ive configured it to not connect to internet unless through that vpn. U can then configure rethink to proxy via wireguard, orbot, or socks.

[–] jet@hackertalks.com 2 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I'm not sure I understand your architecture.

Let's say I'm traveling. I have two phones and one laptop

One of the phones has a SIM, unlimited data for the phone, and no data available for tethering. The Sim phone has a VPN

In your use case, how do I get other phone, and the laptop to use the VPN?

[–] muntedcrocodile@lemm.ee 1 points 3 weeks ago (1 children)

Ahh i see ur issue. I have my sim in my grapheneos with a vpn that i can then shair via hotspot. Ur trying to use a non graphene with a vpn that u then use to hopspot ur graphene and laptop? Id say thats an issue with ur non graphene phone cant shair a vpn via hotspot?

[–] jet@hackertalks.com 2 points 3 weeks ago (1 children)

The graphene phone has the SIM card.

Now how does that phone share a VPN connection with the laptop? Or another phone that's not graphene?

And my requirement for my scenario is, the upstream carrier cannot tell that the traffic is not coming from the graphene phone

[–] muntedcrocodile@lemm.ee 1 points 3 weeks ago (1 children)

So simply turning hotspot on on the graphene phone as well as the vpn then it will send all traffic over the vpn. Are u having issues with the carrier detecting ttl and thus blocking hotspot traffic cos as of present there is no fix for that.

[–] jet@hackertalks.com 1 points 3 weeks ago (1 children)

Thank you for explaining your architecture. I understand now.

carrier detecting ttl and thus blocking hotspot traffic

There is a fix for that, sharing the VPN over the hotspot like in calyxos or lineageos.

[–] muntedcrocodile@lemm.ee 0 points 3 weeks ago (1 children)

graphene will route all hotspot traffic over the vpn so idk why it isnt changing ttl.

[–] jet@hackertalks.com 1 points 3 weeks ago (1 children)

It does not route hotspot traffic over the VPN in my experience

[–] muntedcrocodile@lemm.ee 0 points 3 weeks ago

Try turning on block connections without vpn in the vpn settings of gos

[–] Cris16228@lemmy.today 2 points 3 weeks ago (3 children)

What about the network permission?

[–] muntedcrocodile@lemm.ee 6 points 3 weeks ago (1 children)

U can completly block an app from internet as an app permission.

[–] Cris16228@lemmy.today 4 points 3 weeks ago (1 children)

I wonder why this is not a permission available in the Android OS itself 🤷‍♂️

[–] muntedcrocodile@lemm.ee 0 points 3 weeks ago (1 children)
[–] Cris16228@lemmy.today 2 points 3 weeks ago

Because fuck google? I know why and fuck google

[–] MalReynolds@aussie.zone 2 points 3 weeks ago (1 children)

Network permission is godly. App you need or want but don't trust that shouldn't be allowed to phone home? Fixed.

[–] Cris16228@lemmy.today 1 points 3 weeks ago

I wonder why such a powerful permission isn't available to everyone 🤦‍♂️

[–] jet@hackertalks.com 1 points 3 weeks ago (1 children)

Sure, that's a nice to have. However, I don't install any apps on my phone that don't need the network. So for my use case it's a bit moot

[–] Cris16228@lemmy.today 3 points 3 weeks ago

That's a permission I wish stock Android had because it could be useful.

That alone makes me consider switching to GOS