• General

  • New Phone Order of Operations

Hello,

So I’ve been reading up as much as I can on privacy and how data can leak, and it’s looking like a real rat’s nest of potential problems. Basically, every step of how a device connects to the internet and how it navigates the internet to a specific location on the internet is a potential leak. I’ve also been reading up as best as I can on how internet connections work.

So here’s what I’ve gathered so far.

A device sends a signal requesting to be connected to a URL by an ISP. The ISP sends that signal to a DNS server according to the Device’s settings, which maintains a gigantic list of domains and their respective IP addresses. The DNS looks up the URL, finds the IP address, and sends that back to the ISP. The ISP then connects the device to that IP address via whatever pathways and other ISP’s are needed along the way. The device then sends a signal requesting information to the server at the requested IP address. That server receives that request and replies with the information requested, sending it to their ISP, through the internet, through the devices ISP, and finally to the device.

Every step of this can be a leak.

There are DNS servers that are secure and privacy respecting.
There are VPN’s that get in between your device and your ISP - your device encrypts data before handing it to your ISP, and your ISP can’t do anything with it except send it to your VPN, who then decrypts it and fulfills the rest of the job your ISP ordinarily would.
A lot of good VPN’s have their own DNS servers to keep things in-house and thus more private and secure.

So… I’m trying to understand how would someone go about setting up a new pixel as securely and privately as they want?

Because you gotta connect to the internet to get Graphene. And you gotta connect to the internet to get a vpn set up. You might be able to bypass DNS leaks by just navigating by pure ip address input, but you still need the vpn to keep the ISP in the dark… I guess it doesn’t matter if the ISP sees you setting up a VPN because they’re gonna know you’re using a VPN no matter what. And it’s roughly the same for Tor.

So my best guess for the optimal order of operations is to set up a vpn on a router, turn on your pixel, set it to use a good DNS, navigate to graphene to download/install, then set up the vpn on the graphene pixel so it can safely connect to other routers and ISP’s.

Is that correct?

    • [deleted]

    • Post #2

    GlytchMeister

    From my understanding, it seems you're pretty on point in your understanding (but im no expert).

    Yes, most of your VPN providers (if not all) are going to handle your DNS requests, unless you tell them not to. This can be done by using private DNS (which graphene supports) over VPN. Some VPN's might allow you to do custom DNS filtering and live logs (ill explain that in a minute). If not, you can use a DNS provider that does allow this and use them on top of your VPN using privateDNS settings. In this setup, your VPN will not be handling the DNS requests, but will handle the rest of your traffic. Some will argue that this will make you more fingerprintable, but the nice side of using a DNS service like this (assuming your VPN provider does not offer it) is that you can analyze the telemetry from your phone and block outbound connections. You can look at system level background connections and things such as connections being made from apps. When you open an app, it may NEED to make 1 or 2 connections to work, but it may make 5 connections (the additional being things like analytics connections that are unecessary). Analyzing DNS logs will allow you to see this, then you simply add them to a blocklist.

    GlytchMeister So my best guess for the optimal order of operations is to set up a vpn on a router, turn on your pixel, set it to use a good DNS, navigate to graphene to download/install, then set up the vpn on the graphene pixel so it can safely connect to other routers and ISP’s.

    You can do this, but it seems like a bit of overkill. Assuming your threat model doesn't require this, who cares if your provider sees you connected to graphene. If you want to be lazy about it, use public wifi or flash GOS (with a VPN enabled on your laptop so all the WiFi sees is a VPN connection), then connect the phone to the public wifi until you get your VPN on it. Or as you stated already you can put a VPN on your router and then connect your NON-VPN enabled devices to the router and do it. Either way (again assuming your threat model doesn't require it) it seems a bit unecessary just to hide the fact that you are accessing Graphene.

    GlytchMeister I guess it doesn’t matter if the ISP sees you setting up a VPN because they’re gonna know you’re using a VPN no matter what. And it’s roughly the same for Tor.

    Not roughly the same, it is the same. Your ISP will see that you are connected to a VPN or Tor, but they can't see anything beyond the fact that you are connected to Tor/VPN. This can be avoided (if you're concerned about it) by using things like pluggable transports/bridges for Tor.

          GlytchMeister So my best guess for the optimal order of operations is to set up a vpn on a router, turn on your pixel, set it to use a good DNS, navigate to graphene to download/install, then set up the vpn on the graphene pixel so it can safely connect to other routers and ISP’s.

          Is that correct?

          It depends on what information you want to hide from whom.

          For example, do you want to hide where you live from the GrapheneOS team? Do you want to hide from your ISP that you are installing GrapheneOS? Do you want to hide from Google that somebody in your neighborhood just bought a Pixel?

          You can't connect to the Internet while hiding everything 100% from everybody. You can't move around connected to cellular networks while hiding your location track.

          To decide on how to act you need to prioritize what information you want to conceal from whom. A written list is a good step.

            With the question I posed above, I think I was mainly looking for a generic “best practices” kind of answer, and I figured I could take that information and go from there, but you make a good point about how it varies so much based on what you’re nervous about.

            For me specifically, I know overenthusiastic law enforcement gets a trifle… antsy… whenever they see someone using GrapheneOS because of the ol’ “if you have nothing to hide” fallacy.

            Protection from overenthusiastic law enforcement with wide dragnet-style warrants and/or poor target verification is my “high consequence, low probability” priority.

            It would be nice to keep google from knowing I bought a pixel but seeing as I had to get mine from Amazon (for affordability and availability reasons), that point is probably moot.

            But in that vein, protecting myself from targeted advertisement influence, algorithmically-biased news manipulation, and straight-up propaganda is my “low risk, high probability” priority (obviously, a lot of that is up to me being cognizant of how I consume media, but I would assume the less targetable I am, the better).

            I don’t particularly think I need to hide where I live from the grapheneOS team but if there’s more eyeballs on that info than GOS, my DNS, and my ISP, I’d prefer to minimize that, too, but that’s closing the barn door after the horses got out, I dun been connected to GOS loooong before I was as knowledgeable about privacy and security as I am now, so… that’s kind of an “oh well” situation.

            • de0u replied to this.

              GlytchMeister "your device encrypts data before handing it to your ISP, and your ISP can’t do anything with it except send it to your VPN, who then decrypts it and fulfills the rest of the job your ISP ordinarily would."

              Just to point out, its a common misconception that (most) internet traffic can be 'leaked'/sniffed.

              While non-secured traffic could be, almost all traffic (including this webpage) is encrypted using HTTPs. It's a standard, most websites don't accept HTTP (non-secured) traffic anymore.

              A VPN will only act as a proxy in that regard, which can be useful, but regardless is not any more 'private' in terms of data sniffing.

              VPNs may actually pose a risk, since they could in theory do an SSL strip, but your web browser would catch on (either warning you about an insecure connection due to a HTTP connection or giving you a really big warning with a self-signed SSL cert)

              Assuming the connection is secured, data is encrypted at client and server level, both ways. Metadata like IP connections and DNS querys (assuming you are using your ISPs DNS) are still public but can be covered through a custom DNS and VPN

              Anyways, best suggestion is to not really worry when downloading the operating system itself and then configuring the VPN however you wish. Either before or after the first connection to the internet. Whatever you prefer

                  raccoondad

                  I didn’t know HTTPS kept the ISP in the dark about what you’re up to.

                  So is the URL encrypted, then sent to the ISP, then sent to the DNS, then decrypted by the DNS?

                      GlytchMeister The URL is not encrypted, URLs are plaintext.

                      DNS requests can be secured, but as far as I understand often are not. When they are, yes that's basically how it would go.

                      DNS over TLS/HTTPs are newish, non-traditional, but 1.1.1.1 does support them

                      Even without encryption however, a sniffer could only see the domain you request, not any information you send to the domians IP (assuming traffic is secured, which is 99% of the time.)

                          raccoondad (been past 10 mins so I can't edit my comment, but just to clarify, by 'the URL is not encrypted' I was referring to the fact the URL is just a piece of human readable plaintext. Technically the URL itself isn't even sent, just its domain. Regardless with DNS over TLS/HTTPs the DNS request, including the requested domain, is secured.)

                            GlytchMeister With the question I posed above, I think I was mainly looking for a generic “best practices” kind of answer, and I figured I could take that information and go from there, but you make a good point about how it varies so much based on what you’re nervous about.

                            Quite. If you are worried about your ISP knowing your browsing habits, you can use a VPN... at which point your VPN provider knows your browsing habits instead. There are legitimate reasons why many people would prefer the latter case, but my point is that it's important to prioritize.

                            GlytchMeister Protection from overenthusiastic law enforcement with wide dragnet-style warrants and/or poor target verification is my “high consequence, low probability” priority.

                            If you want to make it less obvious that you are running GrapheneOS, you might want to flip some of the settings (such as connectivity checks) from using GrapheneOS's servers to using Google's. Again, you would be shifting who has access to that small scrap of data from one party to another. And you might want to use a VPN, so that your VPN provider, instead of your ISP, knows that your phone is contacting the GrapheneOS update server and the App-repository server.

                            GlytchMeister But in that vein, protecting myself from targeted advertisement influence, algorithmically-biased news manipulation, and straight-up propaganda is my “low risk, high probability” priority (obviously, a lot of that is up to me being cognizant of how I consume media, but I would assume the less targetable I am, the better).

                            If you use apps designed to track who you are and what you're interested in (Facebook might qualify as an example for you given what you wrote), they likely will track who you are and what you're interested in. Using apps like that without them figuring out who you are is structurally hard: everything you click on is a data point, also what time of day you tend to click on which things, which days of the week you are active during which hours... a lot of highly-paid people with fast computers are working day and night to turn your behavior into your identity. GrapheneOS can reduce the amount of data such an app can collect about your phone, but it can't stop a remote service from tracking your behavior as you use the service. Perhaps "The only winning move is not to play".