this post was submitted on 25 Nov 2024
136 points (97.2% liked)

Privacy

32179 readers
556 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can't just "install Linux" on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP's latest version, imptoves upon it's security and significantly hardens it. There's hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you're using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can't work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn't the friendliest but you can get help. Just don't try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let's have a discussion!

you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 12 points 1 week ago* (last edited 1 week ago) (2 children)

https://www.privacyguides.org/en/android/distributions/#aosp-derivatives

https://eylenburg.github.io/android_comparison.htm

I am a GOS user, it just works, so I don't really think about it. It's very nice to have storage and contact scopes.

My only complaint is I can't share a VPN over hotspot or tethering, which is very useful for a travel router device (to make all traffic look like it's coming from the phone). (Lineage and calyxos have this)

[–] Cris16228@lemmy.today 2 points 1 week ago (3 children)

What about the network permission?

[–] muntedcrocodile@lemm.ee 5 points 1 week ago (1 children)

U can completly block an app from internet as an app permission.

[–] Cris16228@lemmy.today 2 points 1 week ago (1 children)

I wonder why this is not a permission available in the Android OS itself 🤷‍♂️

[–] muntedcrocodile@lemm.ee -1 points 1 week ago (1 children)
[–] Cris16228@lemmy.today 1 points 1 week ago

Because fuck google? I know why and fuck google

[–] MalReynolds@aussie.zone 1 points 1 week ago

Network permission is godly. App you need or want but don't trust that shouldn't be allowed to phone home? Fixed.

[–] jet@hackertalks.com 1 points 1 week ago (1 children)

Sure, that's a nice to have. However, I don't install any apps on my phone that don't need the network. So for my use case it's a bit moot

[–] Cris16228@lemmy.today 3 points 1 week ago

That's a permission I wish stock Android had because it could be useful.

That alone makes me consider switching to GOS

[–] muntedcrocodile@lemm.ee 2 points 1 week ago (1 children)

Really? I use rethink to filter my dns and that uses a local vpn and that works since ive configured it to not connect to internet unless through that vpn. U can then configure rethink to proxy via wireguard, orbot, or socks.

[–] jet@hackertalks.com 2 points 1 week ago* (last edited 1 week ago) (1 children)

I'm not sure I understand your architecture.

Let's say I'm traveling. I have two phones and one laptop

One of the phones has a SIM, unlimited data for the phone, and no data available for tethering. The Sim phone has a VPN

In your use case, how do I get other phone, and the laptop to use the VPN?

[–] muntedcrocodile@lemm.ee 1 points 1 week ago (1 children)

Ahh i see ur issue. I have my sim in my grapheneos with a vpn that i can then shair via hotspot. Ur trying to use a non graphene with a vpn that u then use to hopspot ur graphene and laptop? Id say thats an issue with ur non graphene phone cant shair a vpn via hotspot?

[–] jet@hackertalks.com 2 points 1 week ago (1 children)

The graphene phone has the SIM card.

Now how does that phone share a VPN connection with the laptop? Or another phone that's not graphene?

And my requirement for my scenario is, the upstream carrier cannot tell that the traffic is not coming from the graphene phone

[–] muntedcrocodile@lemm.ee 1 points 1 week ago (1 children)

So simply turning hotspot on on the graphene phone as well as the vpn then it will send all traffic over the vpn. Are u having issues with the carrier detecting ttl and thus blocking hotspot traffic cos as of present there is no fix for that.

[–] jet@hackertalks.com 1 points 1 week ago (1 children)

Thank you for explaining your architecture. I understand now.

carrier detecting ttl and thus blocking hotspot traffic

There is a fix for that, sharing the VPN over the hotspot like in calyxos or lineageos.

[–] muntedcrocodile@lemm.ee -1 points 1 week ago (1 children)

graphene will route all hotspot traffic over the vpn so idk why it isnt changing ttl.

[–] jet@hackertalks.com 0 points 1 week ago (1 children)

It does not route hotspot traffic over the VPN in my experience

[–] muntedcrocodile@lemm.ee -1 points 1 week ago

Try turning on block connections without vpn in the vpn settings of gos