Hello guys. I recently acquired a Pixel 8A and it was Google stock os I bought it from a man locally all with cash I brought It home and I flashed grapheneos onto this phone.
What else needs to be done to anonymous this phone and make it a privacy phone and a spy free phone no tracking phone no interception phone and no monitored phone.
Any advice welcome!
Thanks.
Start with the basics. Use a VPN preferable a good one payed in crypto /XMR or cash. Use Foss apps only check out F-droid.
Also one that blocks malware and ads. If not use adguard.dns or other that filter traffic
Settings , disable 2-3 G if you always have access to 4-5 G .
Don’t change add browsers use vanadium. No gapps obviously.
The more challenging is to just use it as WiFi phone without SIM.
I have a sim card in this phone. The sim card is one I heavily rely on. I have disabled the option for disable 2G in sims is this good? Even without the LTE mode as my phone doesn’t seem to have this.
I don’t have any crypto / XMR and in this case, shall I just set the DNS you recommended me without any VPN and just always use that? Thanks.
I used adguard.dns before now I have VPN that have DNS filter. Disabling 2-3g minimize attack surface but just a small thing use 3 g if you need it. You can use both private DNA in settings and a free VPN if you want.
Are you recommending I change Preferred network type " to 3G? other options are 4G only 5G ( recommend ) 4G if I use that DNS with what VPN u recommend, and have allow 2g disable am I good?
Vanadium doesn’t have good/any fingerprinting protection. Cromite or Mull would be better, Tor would be best.
Why would you use Chrome webview plus something else? You can’t replace just pile on. Not a good idea. https://grapheneos.org/usage#web-browsing
Dont use system webview as your default browser. Webview is used by apps, your browser can and should be changed if privacy is your goal. Vanadium may be hardened, but it lacks any fingerprinting protection.
Vanadium is purposefully made this way. It tries to minimise profiling by making your actions noise in a big mass of users. That only works if you use the standard config without anything to discern you.
Mull is the other extreme of this. They try to eliminate fingerprinting by reducing the amount of trackable things in your browser.
It’s hard to say what really is the better option. You can’t completely eliminate fingerprinting, and the more you try, the more you will stick out of the masses.
You can’t blend in with a crowd of vanadium users with the amount of data points given away by the browser. Your fingerprint will be decernable from other users. Without actual anti-fingerprinting, which theoretical can allow for a crowd only when fingerprinting of user browsers results in the same fingerprint ID, the best you can hope to do is thwart naive fingerprinting. Vanadium doesn’t have any anti-fingerprint built in, so the slightest differences between user can be used to easily fingerprint. Vanadium also has no strong method of in browser content blocking (eg an adblocker like uBlock) which is required on the modern web to remove JS tracking scripts (or straight allow and deny lists for specific web contents). Adblock is cyber security: https://www.ic3.gov/Media/Y2022/PSA221221
Examples of metrics include, but are not limited to, the following: Timezone, system and browser fonts (often automatically fetched by websites as a remote font that is cached by the browser), language, screen metrics (DPI, height x width, refresh rate, pixel ratio), canvas, CSS fingerprint, useragent, browsing mode (standard/private), video autoplay policy, audio device fingerprinting, installed plugins, cookie policy, device theme, and of course IP.
As a graphene OS vanadium user, assuming that the browser stays default, you would still have screen, audio, other hardware metrics, canvas (this one is a killer), IP, user agent (differences in installed versions of plugins and vanadium itself), timezone, remote Fonts, and others. Fingerprinting is an insane science which needs actual protection against to even begin hoping to create a crowd.
See some more details below.
Info on fingerprinting (about choosing a desktop browser but still relevant info): https://www.privacyguides.org/en/desktop-browsers
Browser comparison: https://divestos.org/pages/browsers
Fingerprinting test site: https://abrahamjuliot.github.io/creepjs/
First off, and most importantly, it is not an anonymous phone.
The phone is tied to your location, your identity with your cell phone carrier, the IMEI, the IMSI, many identifiers you will not be able to change. From a threat modeling perspective, you cannot be attached to a network without tracking, interception, and monitoring.
You can use your phone in a way to minimize third-party tracking, and unnecessary data leakage. You did a good job by installing graphene OS.
Just be mindful of the applications you install on it, if you install sandbox Google apps, just realize Google will still have access to your location and push notifications etc.
If your threat model truly includes not being observed, disable the cell phone part of the phone. Only use the phone via Wi-Fi. That’ll reduce a lot of the risk surface
I have already inserted a sim card into this phone. The sim card is a kyc sim card. I want to do best I can without compromising my identity. My threat model does involve government interception and tracing, but it’s more about staying Safe with this phone whilst I’m possibly under surveillance. Local police entities. More so than government contractors / third parties. What is best VPN to use in this phone? I rely in the sim card in this phone so always keeping in aeroplane mode isn’t possible as this is my primary number and I need to have constant connection to it. In this case, what shall I do with this phone?
https://www.privacyguides.org/en/vpn/
Privacy guides is a great place to start. They have lots of advice on many things for your digital life.
Running graphene OS is great. Just be deliberate about what apps you run. Use an encrypted messenger such as signal, or simple x, for your secure phone calls and messaging.
Even if you used a SIM card, that you paid for in cash, with no KYC. You’re still not anonymous. If you use your SIM card at your house, the network operator will know that, and over a period of time will know where you live. Only so many people live there. They’ll know where you travel, they’ll know where you spend time, they’ll know when you make phone calls, and who you make phone calls too. That’s just the cost of being attached to the network
So when people are telling you if the network is your threat, don’t attach to the network, they’re not being unreasonable. It just requires you to be clear about what your threats are
I use TrackerControl (f-droid).
It’s an app that can turn off entirely internet access to an app or granurarly tweak which domains can comunicate with.
I’m going to pivot this answer, to the more general: what’s good data hygiene for my phone?
No specific threats, but what’s the easiest things I can do to regain as much privacy and autonomy as possible.
Using graphene OS is great, good job.
Using always on VPN, like mullvad.
Set up a work profile, and install Google services inside the work profile, you can use shelter to do this. Then anything you need that requires Google, like Google maps, Uber, Lyft you can use it from that profile.
Use a secure messenger like signal, or simple x, with your friend group. To prevent metadata and unencrypted cell phone calls from leaking
I highly, highly, highly recommend you read privacy guides https://www.privacyguides.org/en/
People keep talking about threat models, that’s an important exercise for everyone to do eventually. Figure out who your adversaries are what the downsides of them discovering information is and how much effort you’re willing to put into prevent that.
For instance, keeping your phone private from snooping roommates fairly easy. Little bit of effort has good dividends
Being a whistleblower, much more difficult, depending on who your adversary is they could use a lot of asymmetric resources. Boeing has a tendency for their whistleblowers to become suicidal, through some means. And if that was your scenario, you’d have to be very careful.
But the biggest threat of all, the absolute worst threat you could ever face with technology, is a bored battle buddy working in signals intelligence… There is no law, there is no restraint, there is no safety… They will find your s***, and they will embarrass you.
