Hello guys. I recently acquired a Pixel 8A and it was Google stock os I bought it from a man locally all with cash I brought It home and I flashed grapheneos onto this phone.
What else needs to be done to anonymous this phone and make it a privacy phone and a spy free phone no tracking phone no interception phone and no monitored phone.
Any advice welcome!
Thanks.
I use TrackerControl (f-droid).
It's an app that can turn off entirely internet access to an app or granurarly tweak which domains can comunicate with.
It will never be any of those things.
If you want to get close as possible, this is going to be a LONG conversation and has less to do with the device and more to do with how you use it and what sacrifices you're willing to make.
Start with the basics. Use a VPN preferable a good one payed in crypto /XMR or cash. Use Foss apps only check out F-droid.
Also one that blocks malware and ads. If not use adguard.dns or other that filter traffic
Settings , disable 2-3 G if you always have access to 4-5 G .
Don't change add browsers use vanadium. No gapps obviously.
The more challenging is to just use it as WiFi phone without SIM.
I have a sim card in this phone. The sim card is one I heavily rely on. I have disabled the option for disable 2G in sims is this good? Even without the LTE mode as my phone doesn't seem to have this.
I don't have any crypto / XMR and in this case, shall I just set the DNS you recommended me without any VPN and just always use that? Thanks.
I used adguard.dns before now I have VPN that have DNS filter. Disabling 2-3g minimize attack surface but just a small thing use 3 g if you need it. You can use both private DNA in settings and a free VPN if you want.
Are you recommending I change Preferred network type " to 3G? other options are 4G only 5G ( recommend ) 4G if I use that DNS with what VPN u recommend, and have allow 2g disable am I good?
It's only an attack surface minimation , security is better on new generations. I use all since I am in the middle of nowhere. If you don't need it disable it, otherwise let it be
Vanadium doesn't have good/any fingerprinting protection. Cromite or Mull would be better, Tor would be best.
Why would you use Chrome webview plus something else? You can't replace just pile on. Not a good idea. https://grapheneos.org/usage#web-browsing
Dont use system webview as your default browser. Webview is used by apps, your browser can and should be changed if privacy is your goal. Vanadium may be hardened, but it lacks any fingerprinting protection.
- That makes no sense.
- Vanadium have a different approach than trying to block it , blend in instead.
- Gecko based browser have crap sandboxing
- Again if you have 1 problem adding 1 more makes 2 problems.
Your system webview is for in app usage. You aren't browsing the web using your system webview (generally). You can't blend into a crowd if you have no anti-fingerprinting. Firefox does this through RFP by normalizing settings between users, and on mobile there is partial support for screen size normalization through letterboxing. Vanadium isn't special, it is hardened chromium with some specific patches. You cannot form a crowd without special a lot of anti-fingerprint patching. See my other comment for details.
Firefox is missing per-site process isolation. This is theoretical an attack vector in the presence of multiple other major vulnerabilities. It has never been shown to be an attack vector in real world vulnerabilities. Don't call Firefox's sandboxing crap if you don't know why people have said that.
You can’t blend in with a crowd of vanadium users with the amount of data points given away by the browser. Your fingerprint will be decernable from other users. Without actual anti-fingerprinting, which theoretical can allow for a crowd only when fingerprinting of user browsers results in the same fingerprint ID, the best you can hope to do is thwart naive fingerprinting. Vanadium doesn’t have any anti-fingerprint built in, so the slightest differences between user can be used to easily fingerprint. Vanadium
Anti-fingerprinting? By blocking javascript which the half-hearted privacy users can never afford? hahahahaha. Even privacy projects spread dirty javascripts.
If you want to be sure you cant be tracked, monitored, spyed on, and calls can't be intersepted:
Don't ever connect it to WiFi and don't insert a sim card.
Graphene or not, your ISP can still share your position or other meta data with government and stuff (in the us they can also be forced to not tell you) - in some countries they legally sell to third party's, in some probably illegaly
Calls are normally not encrypted so the os doesn't matter as much if its the government who can force your ISP or if someone is skilled enough for a Man in the middle attack.
Android is a highly complex system, it will never be 100% safe.
If you just want to decrease spying by companies and less powerful people:
Use neo store or fdroid (no google play or aurora) as all apps there are Foss
Don't install gapps or any other google services/packages
Use shelter for less trusted apps
Use netguard to block apps from accessing the internet
Physically block your cameras
If you want to be absolutely sure no one is recording audio: destroy mics with a needle and connect headset only when you need it
To only use communication apps which are encrypted and you hold the keys should be not needed to be said: matrix, signal, element, xmpp are good, (telegram (normal chats), Facebook, WhatsApp etc is a no go)
Plus: its google/us hardware. They could always hide something in lower level software like drivers or bios.
(Cant find the arricle i was thinking of, maybe false): It was recently discovered that snapdragons pinged their home server when turning on, which was not noticeable in android as it was on a deeper software level
Good question. Tried to find it but couldn't. Think I saw a post linking to an article somewhere here on Lemmy, but can't find it anymore. So take it with a grain of salt
