I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can’t just “install Linux” on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP’s latest version, imptoves upon it’s security and significantly hardens it. There’s hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you’re using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can’t work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn’t the friendliest but you can get help. Just don’t try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let’s have a discussion!

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    10 hours ago

    I’m not sure I understand your architecture.

    Let’s say I’m traveling. I have two phones and one laptop

    One of the phones has a SIM, unlimited data for the phone, and no data available for tethering. The Sim phone has a VPN

    In your use case, how do I get other phone, and the laptop to use the VPN?

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 hours ago

        The graphene phone has the SIM card.

        Now how does that phone share a VPN connection with the laptop? Or another phone that’s not graphene?

        And my requirement for my scenario is, the upstream carrier cannot tell that the traffic is not coming from the graphene phone