I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.
Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can’t just “install Linux” on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.
According to https://grapheneos.org/features , they start from base AOSP’s latest version, imptoves upon it’s security and significantly hardens it. There’s hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you’re using. That means with Tor and zero permissions given, apps are anonymous.
Compatibility with apps are best in Custom ROMs but there are still that can’t work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn’t the friendliest but you can get help. Just don’t try and engage too much or have too many debates.
Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let’s have a discussion!
I’m not sure I understand your architecture.
Let’s say I’m traveling. I have two phones and one laptop
One of the phones has a SIM, unlimited data for the phone, and no data available for tethering.
And your use case, how do I get other phone, and the laptop to use the VPN?
Ahh i see ur issue. I have my sim in my grapheneos with a vpn that i can then shair via hotspot. Ur trying to use a non graphene with a vpn that u then use to hopspot ur graphene and laptop? Id say thats an issue with ur non graphene phone cant shair a vpn via hotspot?
The graphene phone has the SIM card.
Now how does that phone share a VPN connection with the laptop? Or another phone that’s not graphene?
And my requirement for my scenario is, the upstream carrier cannot tell that the traffic is not coming from the graphene phone
So simply turning hotspot on on the graphene phone as well as the vpn then it will send all traffic over the vpn. Are u having issues with the carrier detecting ttl and thus blocking hotspot traffic cos as of present there is no fix for that.
Thank you for explaining your architecture. I understand now.
There is a fix for that, sharing the VPN over the hotspot like in calyxos or lineageos.
graphene will route all hotspot traffic over the vpn so idk why it isnt changing ttl.
It does not route hotspot traffic over the VPN in my experience
Try turning on block connections without vpn in the vpn settings of gos