Its still being tracked even with gos. Just maybe Google isn't tracking you.
this post was submitted on 28 May 2024
46 points (91.1% liked)
Privacy
31220 readers
848 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
I'm going to pivot this answer, to the more general: what's good data hygiene for my phone?
No specific threats, but what's the easiest things I can do to regain as much privacy and autonomy as possible.
Using graphene OS is great, good job.
Using always on VPN, like mullvad.
Set up a work profile, and install Google services inside the work profile, you can use shelter to do this. Then anything you need that requires Google, like Google maps, Uber, Lyft you can use it from that profile.
Use a secure messenger like signal, or simple x, with your friend group. To prevent metadata and unencrypted cell phone calls from leaking
I highly, highly, highly recommend you read privacy guides https://www.privacyguides.org/en/
People keep talking about threat models, that's an important exercise for everyone to do eventually. Figure out who your adversaries are what the downsides of them discovering information is and how much effort you're willing to put into prevent that.
For instance, keeping your phone private from snooping roommates fairly easy. Little bit of effort has good dividends
Being a whistleblower, much more difficult, depending on who your adversary is they could use a lot of asymmetric resources. Boeing has a tendency for their whistleblowers to become suicidal, through some means. And if that was your scenario, you'd have to be very careful.
But the biggest threat of all, the absolute worst threat you could ever face with technology, is a bored battle buddy working in signals intelligence.... There is no law, there is no restraint, there is no safety.... They will find your s***, and they will embarrass you.
If you want to be sure you cant be tracked, monitored, spyed on, and calls can't be intersepted:
Don't ever connect it to WiFi and don't insert a sim card.
Graphene or not, your ISP can still share your position or other meta data with government and stuff (in the us they can also be forced to not tell you) - in some countries they legally sell to third party's, in some probably illegaly
Calls are normally not encrypted so the os doesn't matter as much if its the government who can force your ISP or if someone is skilled enough for a Man in the middle attack.
Android is a highly complex system, it will never be 100% safe.
If you just want to decrease spying by companies and less powerful people:
Use neo store or fdroid (no google play or aurora) as all apps there are Foss
Don't install gapps or any other google services/packages
Use shelter for less trusted apps
Use netguard to block apps from accessing the internet
Physically block your cameras
If you want to be absolutely sure no one is recording audio: destroy mics with a needle and connect headset only when you need it
To only use communication apps which are encrypted and you hold the keys should be not needed to be said: matrix, signal, element, xmpp are good, (telegram (normal chats), Facebook, WhatsApp etc is a no go)
Don't ever connect it to WiFi and don't insert a sim card.
So.. don't ever use the Internet?
I think they are trying to illustrate the value of being explicit about your threat model.
So if your threat is the network, you can't use the network. Because the original poster is so vague about what their actual threat is, it could be as simple as use Firefox and an ad blocker, or don't connect to the network ever for any reason...
load more comments
(10 replies)
Plus: its google/us hardware. They could always hide something in lower level software like drivers or bios.
(Cant find the arricle i was thinking of, maybe false): It was recently discovered that snapdragons pinged their home server when turning on, which was not noticeable in android as it was on a deeper software level
Congratulations on your first steps in GrapheneOS!
In order to best help you and give relevant suggestions, we need more information of who you are trying to be private from.
If your threat model is particularly sophisticated, it may be recommended that you do not use a sim card, or at least never when your phone is at home. Instead, exclusively rely on WiFi. It may also involve desoldering your microphone and camera and only make calls using an earpiece.
These are not recommendations, but simply examples of how far one can go with respect to their threat model. If you would rather want to avoid "regular" spying by google, Facebook and the likes, you may be better off selecting a private DNS (for example Mullvad's extended DNS which comes with social media filtering https://mullvad.net/en/help/dns-over-https-and-dns-over-tls ). You would need to make sure you do not install Google services (nor microg) and especially no google apps.
Much more can be said, but we would need specific information about your case to provide better guidance.
EDIT: I do not want to give the impression that GrapheneOS does not make a good job in improving your situation already. They do! But to do more you would need to justify it with your threat model, that's what I'm getting at.
I have already inserted a sim card into this phone. The sim card is a kyc sim card. I want to do best I can without compromising my identity. My threat model does involve government interception and tracing, but it's more about staying Safe with this phone whilst I'm possibly under surveillance. Local police entities. More so than government contractors / third parties. What is best VPN to use in this phone? I rely in the sim card in this phone so always keeping in aeroplane mode isn't possible as this is my primary number and I need to have constant connection to it. In this case, what shall I do with this phone?
To be honest, if kyc means what I think it does (I am not from the states) so that your provider knows your real identity, this phone with this sim will not be private, especially not when constantly connected to cell service.
With a warrant the local police could force your provider to tell them to which cell phone tower you are connected to, effectively giving them live position data. They can also read all unencrypted trafic this way (calls, SMS, telegram, http traffic etc.)
If your thread level is the police, you already f'd up, sry :/
What shall I do to regain some privacy since it is a pixel 8A grapheneos?
You always need to ask: which data do you want to protect.
If its position data and calls: nothing, it really doesn't matter what phone you use if the connection is not secure.
If its communication via messenger like matrix: you are already quite good protected with graphene os and matrix from a safe source.
If its Trojans from the police: don't download any software/apps/services that are not open source and widely reputable. (Most rich western states can probably still get full control if they want to because of zerodays)
If you want privacy for calls: get a simcard without your name/Iban/PayPal/creditcard etc attached to it in any way (prepaid with cash), Reset the phone, drive somewhere where you don't work or live with phone off Insert simcard and turn on phone. Wait Turn off phone and disable sim card Use only WiFi until you really need sim service (best not at your home or work).
If you want to protect data on phone: don't have biometric login (you can be forced to put your finger on the sensor, you can't be forced to type in a password as easily)
Netguard, shelter, only FOSS software, regular updates, no cloud, no google is never a bad idea, also only communicate via safe encrypted protocols (matrix, xmpp, pgp, https, etc., NOT WhatsApp, Facebook, unencrypted mail, http, SMS, calls)
EDIT: people here mentioned that graphene has a build in firewall, which you can use instead of netguard. I have netguard running though as I know the interface and options, have separate profiles for shelter and normal and don't use a VPN anyway.
Shall I run netguard 24/7 Always in this phone? Will that help? Is the default netguard enough or must I use a hosts file imported into netguard to?
You don't need NetGuard. GrapheneOS has a built in, more reliable firewall. You can access it by going to the settings -> privacy -> permission manager and selecting Network. Also, you can't use a VPN when using NetGuard, so I recommend dropping NetGuard and using a VPN, as well as the built-in firewall instead.
Are there any other good free VPN other then proton VPN?
Check out Calyx VPN and Riseup VPN. They are run by voluntary, non-profit organizations. If you need maximum security, consider routing your traffic through Tor, using the Orbot app (it's not in the main F-Droid repo, you need to add the Guardian Project repo). There's also Windscribe VPN, but it has limited bandwidth.
load more comments
(2 replies)
Again. It's down to what your threat model is
Running a VPN, and a firewall, protect you from some threats but not all threats
What is best host file to use? Hagezi is fine? With just always on VPN switch on Netguard without block connections switch. Is this a good setup to use always?
Yes this link has RethinkDNS app am I better of using that app always?
At this point I think the best thing for you to do is just read all of privacy guides. I cannot give you advice
For example, using Aurora Store and Obtanium instead of Google Play and avoid enabling Google Play Services.
load more comments
(1 replies)
First off, and most importantly, it is not an anonymous phone.
The phone is tied to your location, your identity with your cell phone carrier, the IMEI, the IMSI, many identifiers you will not be able to change. From a threat modeling perspective, you cannot be attached to a network without tracking, interception, and monitoring.
You can use your phone in a way to minimize third-party tracking, and unnecessary data leakage. You did a good job by installing graphene OS.
Just be mindful of the applications you install on it, if you install sandbox Google apps, just realize Google will still have access to your location and push notifications etc.
If your threat model truly includes not being observed, disable the cell phone part of the phone. Only use the phone via Wi-Fi. That'll reduce a lot of the risk surface
I have already inserted a sim card into this phone. The sim card is a kyc sim card. I want to do best I can without compromising my identity. My threat model does involve government interception and tracing, but it's more about staying Safe with this phone whilst I'm possibly under surveillance. Local police entities. More so than government contractors / third parties. What is best VPN to use in this phone? I rely in the sim card in this phone so always keeping in aeroplane mode isn't possible as this is my primary number and I need to have constant connection to it. In this case, what shall I do with this phone?
https://www.privacyguides.org/en/vpn/
Privacy guides is a great place to start. They have lots of advice on many things for your digital life.
Running graphene OS is great. Just be deliberate about what apps you run. Use an encrypted messenger such as signal, or simple x, for your secure phone calls and messaging.
Even if you used a SIM card, that you paid for in cash, with no KYC. You're still not anonymous. If you use your SIM card at your house, the network operator will know that, and over a period of time will know where you live. Only so many people live there. They'll know where you travel, they'll know where you spend time, they'll know when you make phone calls, and who you make phone calls too. That's just the cost of being attached to the network
So when people are telling you if the network is your threat, don't attach to the network, they're not being unreasonable. It just requires you to be clear about what your threats are