I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can’t just “install Linux” on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP’s latest version, imptoves upon it’s security and significantly hardens it. There’s hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you’re using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can’t work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn’t the friendliest but you can get help. Just don’t try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let’s have a discussion!

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      2 days ago

      I’m not sure I understand your architecture.

      Let’s say I’m traveling. I have two phones and one laptop

      One of the phones has a SIM, unlimited data for the phone, and no data available for tethering. The Sim phone has a VPN

      In your use case, how do I get other phone, and the laptop to use the VPN?

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 days ago

          The graphene phone has the SIM card.

          Now how does that phone share a VPN connection with the laptop? Or another phone that’s not graphene?

          And my requirement for my scenario is, the upstream carrier cannot tell that the traffic is not coming from the graphene phone