Hello guys. I recently acquired a Pixel 8A and it was Google stock os I bought it from a man locally all with cash I brought It home and I flashed grapheneos onto this phone.
What else needs to be done to anonymous this phone and make it a privacy phone and a spy free phone no tracking phone no interception phone and no monitored phone.
If you want to be sure you cant be tracked, monitored, spyed on, and calls can't be intersepted:
Don't ever connect it to WiFi and don't insert a sim card.
Graphene or not, your ISP can still share your position or other meta data with government and stuff (in the us they can also be forced to not tell you) - in some countries they legally sell to third party's, in some probably illegaly
Calls are normally not encrypted so the os doesn't matter as much if its the government who can force your ISP or if someone is skilled enough for a Man in the middle attack.
Android is a highly complex system, it will never be 100% safe.
If you just want to decrease spying by companies and less powerful people:
Use neo store or fdroid (no google play or aurora) as all apps there are Foss
Don't install gapps or any other google services/packages
Use shelter for less trusted apps
Use netguard to block apps from accessing the internet
Physically block your cameras
If you want to be absolutely sure no one is recording audio: destroy mics with a needle and connect headset only when you need it
To only use communication apps which are encrypted and you hold the keys should be not needed to be said: matrix, signal, element, xmpp are good, (telegram (normal chats), Facebook, WhatsApp etc is a no go)
I think they are trying to illustrate the value of being explicit about your threat model.
So if your threat is the network, you can't use the network. Because the original poster is so vague about what their actual threat is, it could be as simple as use Firefox and an ad blocker, or don't connect to the network ever for any reason...
Exactly. If you want to be 100℅ sure you don't get tracked AT ALL you can't use the internet.
The second you connect metadata is gained by ISP and all the servers which get called.
This can be enough to track you down for powerful entities like the government.
If only your aunt may with a evening school IT course is your threat, a pin and graphene os is probably enough
Also OP mentioned his sim card is registered on his real life name, so having that connected to cellphones is enough to track you if you have a warrant to force your internet service provider to share the information
Plus: its google/us hardware. They could always hide something in lower level software like drivers or bios.
(Cant find the arricle i was thinking of, maybe false): It was recently discovered that snapdragons pinged their home server when turning on, which was not noticeable in android as it was on a deeper software level
First off, and most importantly, it is not an anonymous phone.
The phone is tied to your location, your identity with your cell phone carrier, the IMEI, the IMSI, many identifiers you will not be able to change. From a threat modeling perspective, you cannot be attached to a network without tracking, interception, and monitoring.
You can use your phone in a way to minimize third-party tracking, and unnecessary data leakage. You did a good job by installing graphene OS.
Just be mindful of the applications you install on it, if you install sandbox Google apps, just realize Google will still have access to your location and push notifications etc.
If your threat model truly includes not being observed, disable the cell phone part of the phone. Only use the phone via Wi-Fi. That'll reduce a lot of the risk surface
I have already inserted a sim card into this phone. The sim card is a kyc sim card. I want to do best I can without compromising my identity. My threat model does involve government interception and tracing, but it's more about staying Safe with this phone whilst I'm possibly under surveillance. Local police entities. More so than government contractors / third parties. What is best VPN to use in this phone? I rely in the sim card in this phone so always keeping in aeroplane mode isn't possible as this is my primary number and I need to have constant connection to it. In this case, what shall I do with this phone?
Privacy guides is a great place to start. They have lots of advice on many things for your digital life.
Running graphene OS is great. Just be deliberate about what apps you run. Use an encrypted messenger such as signal, or simple x, for your secure phone calls and messaging.
Even if you used a SIM card, that you paid for in cash, with no KYC. You're still not anonymous. If you use your SIM card at your house, the network operator will know that, and over a period of time will know where you live. Only so many people live there. They'll know where you travel, they'll know where you spend time, they'll know when you make phone calls, and who you make phone calls too. That's just the cost of being attached to the network
So when people are telling you if the network is your threat, don't attach to the network, they're not being unreasonable. It just requires you to be clear about what your threats are
If you want to get close as possible, this is going to be a LONG conversation and has less to do with the device and more to do with how you use it and what sacrifices you're willing to make.
I'm going to pivot this answer, to the more general: what's good data hygiene for my phone?
No specific threats, but what's the easiest things I can do to regain as much privacy and autonomy as possible.
Using graphene OS is great, good job.
Using always on VPN, like mullvad.
Set up a work profile, and install Google services inside the work profile, you can use shelter to do this. Then anything you need that requires Google, like Google maps, Uber, Lyft you can use it from that profile.
Use a secure messenger like signal, or simple x, with your friend group. To prevent metadata and unencrypted cell phone calls from leaking
People keep talking about threat models, that's an important exercise for everyone to do eventually. Figure out who your adversaries are what the downsides of them discovering information is and how much effort you're willing to put into prevent that.
For instance, keeping your phone private from snooping roommates fairly easy. Little bit of effort has good dividends
Being a whistleblower, much more difficult, depending on who your adversary is they could use a lot of asymmetric resources. Boeing has a tendency for their whistleblowers to become suicidal, through some means. And if that was your scenario, you'd have to be very careful.
But the biggest threat of all, the absolute worst threat you could ever face with technology, is a bored battle buddy working in signals intelligence.... There is no law, there is no restraint, there is no safety.... They will find your s***, and they will embarrass you.
I have a sim card in this phone. The sim card is one I heavily rely on. I have disabled the option for disable 2G in sims is this good? Even without the LTE mode as my phone doesn't seem to have this.
I don't have any crypto / XMR and in this case, shall I just set the DNS you recommended me without any VPN and just always use that?
Thanks.
I used adguard.dns before now I have VPN that have DNS filter. Disabling 2-3g minimize attack surface but just a small thing use 3 g if you need it. You can use both private DNA in settings and a free VPN if you want.
Vanadium is purposefully made this way. It tries to minimise profiling by making your actions noise in a big mass of users. That only works if you use the standard config without anything to discern you.
Mull is the other extreme of this. They try to eliminate fingerprinting by reducing the amount of trackable things in your browser.
It's hard to say what really is the better option. You can't completely eliminate fingerprinting, and the more you try, the more you will stick out of the masses.
Congratulations on your first steps in GrapheneOS!
In order to best help you and give relevant suggestions, we need more information of who you are trying to be private from.
If your threat model is particularly sophisticated, it may be recommended that you do not use a sim card, or at least never when your phone is at home. Instead, exclusively rely on WiFi. It may also involve desoldering your microphone and camera and only make calls using an earpiece.
These are not recommendations, but simply examples of how far one can go with respect to their threat model. If you would rather want to avoid "regular" spying by google, Facebook and the likes, you may be better off selecting a private DNS (for example Mullvad's extended DNS which comes with social media filtering https://mullvad.net/en/help/dns-over-https-and-dns-over-tls ). You would need to make sure you do not install Google services (nor microg) and especially no google apps.
Much more can be said, but we would need specific information about your case to provide better guidance.
EDIT: I do not want to give the impression that GrapheneOS does not make a good job in improving your situation already. They do! But to do more you would need to justify it with your threat model, that's what I'm getting at.
I have already inserted a sim card into this phone. The sim card is a kyc sim card. I want to do best I can without compromising my identity. My threat model does involve government interception and tracing, but it's more about staying Safe with this phone whilst I'm possibly under surveillance. Local police entities. More so than government contractors / third parties. What is best VPN to use in this phone? I rely in the sim card in this phone so always keeping in aeroplane mode isn't possible as this is my primary number and I need to have constant connection to it. In this case, what shall I do with this phone?
To be honest, if kyc means what I think it does (I am not from the states) so that your provider knows your real identity, this phone with this sim will not be private, especially not when constantly connected to cell service.
With a warrant the local police could force your provider to tell them to which cell phone tower you are connected to, effectively giving them live position data. They can also read all unencrypted trafic this way (calls, SMS, telegram, http traffic etc.)
If your thread level is the police, you already f'd up, sry :/
I'm a bit upset that GrapheneOS does not follow OpenBSD: ignore any person hating it, ignore anyone who wants to interferes with project personnel and donations like usa is doing on Viet Nam like they are speaking for the Vietnamese, and don't care if the feature works "for you" or not, just going on code improvements & maximally free code. And do whatever Micay want to do. Accept donations from whatever company. There's so much dramas. But they already achieved over-detailed documentations. Focusing on unprivileged google play is the true path, since the demand on google play is much larger and other "private" apps repos are expected to work on the "privacy" people's phone.
Maybe because GrapheneOS haven't made any world-significant project that every companies depend on so that companies have to put so much money on the project.
anonymous [...] spy free phone no tracking phone no interception phone and no monitored phone
You can do absolutely nothing to achieve that, because it is supposed to be a phone, a communication device that connects to cell towers, GPS, Bluetooth devices and other things.
Most of the security measures in Graphene are something you can take with lots of Android devices, and is nothing exclusive to Pixel/Graphene fairy tales. Daniel Micay and his minions just love selling that combo as the only solution, and I frankly hate it as it has no basis in reality.
GrapheneOS officially supports and encourages the use of Google Play Services and a Google account for “security” purposes. Their “unofficial” members also spread propaganda advocating for the same.
They are also an embargo partner with Google for security patches, and add features that may threaten the lives of privacy users, or end up in jail or death in certain circumstances.
You might be better off using CalyxOS or LineageOS and putting the effort to learn things yourself, so you are not reliant on the non existent support of GrapheneOS toxic mods/heads. The former two will provide support, assistance, accept criticisms and things will be far smoother.
A far bigger thing you can do is work on your threat modelling, using something like my easy guide. https://lemmy.ml/post/34223
I agreed with you on your first line, but the rest of what you say is just horse shit. GrapheneOS is easily the most secure and private Android based OS that one can use. Whether or not you want to believe it is up to you. But the facts are there, from multiple security researchers to Edward Snowden embracing it, to CalyxOS being months late on Android security patches while GrapheneOS does it within a day, to LineageOS not allowing for a locked bootloader which decreases your security and prevents certain apps (banking apps) from running on it as a result, etc etc etc.
Are the developers of GrapheneOS a bit poor mannered? Yes. Especially Daniel Micay, but he stepped down as the GrapheneOS lead over a year ago after Louis Rossman's video came out calling out Daniel Micay. Think what you want about the developers but their product is simply the best there is and you are harming nobody but yourself by avoiding it. They don't get anything out of you using their product as it is entirely free. It's only you are missing out on the benefits of GrapheneOS.
GrapheneOS is easily the most secure and private Android based OS that one can use. Whether or not you want to believe it is up to you. But the facts are there, from multiple security researchers to Edward Snowden embracing it,
The facts state that GrapheneOS is snake oil, and not at all "the most" best thing. Whether you want to believe it or not is upto you.
Snowden is not a security researcher or a security expert. He was a NSA contractor, nothing else. All he did is follow OPSEC properly and escaped successfully. This tells me you know nothing about security, privacy or OPSEC.
Are the developers of GrapheneOS a bit poor mannered? Yes. Especially Daniel Micay, but he stepped down as the GrapheneOS lead over a year ago after Louis Rossman's video came out calling out Daniel Micay.
If he stepped down, then why is he the only one making any commits to GrapheneOS project on Github? This again tells me you know absolutely nothing and are just a muppet. Micay is all about optics of deception and sugarcoating. And you are a believer of his cult.
It is incredible how you attempt to whitewash his disgusting, manipulative and charlatan behaviour by saying "a bit poor mannered". He is one of the worst creatures to have ever existed in FOSS space.
You might be interested in how they disseminate propaganda, something that might open your eyes. https://imgur.com/a/fpcsIL2 Or how Micay orders his minions to witch hunt and harass any critics on internet. https://i.imgur.com/nhepoMJ.jpg
Know that they lie to the extent of going around in tech YouTuber comment sections and claim they have $1M Cellebrite Israeli toolkits to verify grapheneOS is safe against bootloader attacks like Evil Maid. https://i.imgur.com/woNxPhx.jpg
I have a whole dissertation chock full of citations and evidence on these security charlatans in privacy community, spanning 5 years.
It's only you are missing out on the benefits of GrapheneOS.
I'd rather be dead than use GrapheneOS, a project made by one of the most disgusting internet creatures I have ever seen. He deserves a thread on Kiwifarms.