this post was submitted on 28 May 2024
46 points (91.1% liked)

Privacy

31737 readers
613 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hello guys. I recently acquired a Pixel 8A and it was Google stock os I bought it from a man locally all with cash I brought It home and I flashed grapheneos onto this phone.

What else needs to be done to anonymous this phone and make it a privacy phone and a spy free phone no tracking phone no interception phone and no monitored phone.

Any advice welcome!

Thanks.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (18 children)

Congratulations on your first steps in GrapheneOS!

In order to best help you and give relevant suggestions, we need more information of who you are trying to be private from.

If your threat model is particularly sophisticated, it may be recommended that you do not use a sim card, or at least never when your phone is at home. Instead, exclusively rely on WiFi. It may also involve desoldering your microphone and camera and only make calls using an earpiece.

These are not recommendations, but simply examples of how far one can go with respect to their threat model. If you would rather want to avoid "regular" spying by google, Facebook and the likes, you may be better off selecting a private DNS (for example Mullvad's extended DNS which comes with social media filtering https://mullvad.net/en/help/dns-over-https-and-dns-over-tls ). You would need to make sure you do not install Google services (nor microg) and especially no google apps.

Much more can be said, but we would need specific information about your case to provide better guidance.

EDIT: I do not want to give the impression that GrapheneOS does not make a good job in improving your situation already. They do! But to do more you would need to justify it with your threat model, that's what I'm getting at.

[–] [email protected] 1 points 5 months ago (17 children)

I have already inserted a sim card into this phone. The sim card is a kyc sim card. I want to do best I can without compromising my identity. My threat model does involve government interception and tracing, but it's more about staying Safe with this phone whilst I'm possibly under surveillance. Local police entities. More so than government contractors / third parties. What is best VPN to use in this phone? I rely in the sim card in this phone so always keeping in aeroplane mode isn't possible as this is my primary number and I need to have constant connection to it. In this case, what shall I do with this phone?

[–] [email protected] 8 points 5 months ago (16 children)

To be honest, if kyc means what I think it does (I am not from the states) so that your provider knows your real identity, this phone with this sim will not be private, especially not when constantly connected to cell service.

With a warrant the local police could force your provider to tell them to which cell phone tower you are connected to, effectively giving them live position data. They can also read all unencrypted trafic this way (calls, SMS, telegram, http traffic etc.)

If your thread level is the police, you already f'd up, sry :/

[–] [email protected] 2 points 5 months ago (1 children)

What shall I do to regain some privacy since it is a pixel 8A grapheneos?

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago) (1 children)

You always need to ask: which data do you want to protect.

If its position data and calls: nothing, it really doesn't matter what phone you use if the connection is not secure.

If its communication via messenger like matrix: you are already quite good protected with graphene os and matrix from a safe source.

If its Trojans from the police: don't download any software/apps/services that are not open source and widely reputable. (Most rich western states can probably still get full control if they want to because of zerodays)

If you want privacy for calls: get a simcard without your name/Iban/PayPal/creditcard etc attached to it in any way (prepaid with cash), Reset the phone, drive somewhere where you don't work or live with phone off Insert simcard and turn on phone. Wait Turn off phone and disable sim card Use only WiFi until you really need sim service (best not at your home or work).

If you want to protect data on phone: don't have biometric login (you can be forced to put your finger on the sensor, you can't be forced to type in a password as easily)

Netguard, shelter, only FOSS software, regular updates, no cloud, no google is never a bad idea, also only communicate via safe encrypted protocols (matrix, xmpp, pgp, https, etc., NOT WhatsApp, Facebook, unencrypted mail, http, SMS, calls)

EDIT: people here mentioned that graphene has a build in firewall, which you can use instead of netguard. I have netguard running though as I know the interface and options, have separate profiles for shelter and normal and don't use a VPN anyway.

[–] [email protected] 2 points 5 months ago (2 children)

Shall I run netguard 24/7 Always in this phone? Will that help? Is the default netguard enough or must I use a hosts file imported into netguard to?

[–] [email protected] 5 points 5 months ago* (last edited 5 months ago) (1 children)

You don't need NetGuard. GrapheneOS has a built in, more reliable firewall. You can access it by going to the settings -> privacy -> permission manager and selecting Network. Also, you can't use a VPN when using NetGuard, so I recommend dropping NetGuard and using a VPN, as well as the built-in firewall instead.

[–] [email protected] 2 points 5 months ago (1 children)

Are there any other good free VPN other then proton VPN?

[–] [email protected] 2 points 5 months ago (1 children)

Check out Calyx VPN and Riseup VPN. They are run by voluntary, non-profit organizations. If you need maximum security, consider routing your traffic through Tor, using the Orbot app (it's not in the main F-Droid repo, you need to add the Guardian Project repo). There's also Windscribe VPN, but it has limited bandwidth.

[–] [email protected] 1 points 5 months ago (2 children)

Again. It's down to what your threat model is

Running a VPN, and a firewall, protect you from some threats but not all threats

[–] [email protected] 4 points 5 months ago (1 children)

You can't run a VPN and NetGuard at the same time.

[–] [email protected] 1 points 5 months ago (1 children)

What is best host file to use? Hagezi is fine? With just always on VPN switch on Netguard without block connections switch. Is this a good setup to use always?

[–] [email protected] 2 points 5 months ago (1 children)
[–] [email protected] 2 points 5 months ago (1 children)

Yes this link has RethinkDNS app am I better of using that app always?

[–] [email protected] 4 points 5 months ago

At this point I think the best thing for you to do is just read all of privacy guides. I cannot give you advice

load more comments (14 replies)
load more comments (14 replies)
load more comments (14 replies)