DRM provisioning and internet access pinning, why choose gOS servers ?

de0u

graphenediscoverer4 Thanks, so it's either :

I choose one of the two ping servers,

or disable it, and :
on public wifi :
--I'll need to open the browser and enter a URL myself, or click on an existing tab to reload its content in RAM, in order to get redirected to the public wifi prompt
--all the currently opened tabs in the browser will still redirect me to that terms prompt each time I'll attempt to go back at them, because the system is unaware that it's already connected to a network ?

Did I get it right ?

Roughly. But (as I mentioned de0u) the issues aren't restricted to one's browser. Other apps on the phone may subscribe to connectivity-change alerts and try to use the Internet when it appears to have become available, and some of those apps might misbehave and/or generate alerts.

de0u

graphenediscoverer4 One thing I still don't understand though is :

If you're using a VPN and want to hide that you use GrapheneOS, you should switch connectivity check toggle to Standard (Google).
https://discuss.grapheneos.org/d/1234-android-leaks-connectivity-check-traffic-mullvad-blog/2

If the most restrictive case (someone having to use a VPN for other reason than geofencing) implies to use google servers, why is the use of gOS ones still proposed ?

Short answer: it's an option for people who dislike Google.

It is often useful to think about which information one wishes to conceal from whom, because using the Internet without leaking information to anybody is basically impossible. With respect to the captive-portal detector, connections reveal a little bit of information (e.g., "it's an Android device trying to check whether or not there's a captive portal") to the entity running the Wi-Fi network, to the ISP serving the Wi-Fi network, and to the entity running the captive-portal detector endpoint web site.

GrapheneOS provides users with a fair amount of flexibility:

leak the connectivity-check fact to your Wi-Fi provider, to the ISP, and to Google,
leak the connectivity-check fact to your Wi-Fi provider, to the ISP, and to the GrapheneOS project,
don't leak that you are doing Android connectivity checks, but suffer through having a less-usable Wi-Fi experience when connecting to a Wi-Fi network with a captive portal

missing-root

graphenediscoverer4 IPC is used for small amounts of data normally. People already got ads though, with internet permission disabled.

IPC allows any apps to talk if both agree, and they could in theory use that to bypass the internet permission. But as this doesnt exist on stock Android the chance is tiny.

GrapheneOS

missing-root It's a misconception that there's something about this specific to the Network permission. It applies to any permissions, other access or data given to apps. If you give an app the Contacts permission, it can share it with another app in the same profile against the rules of the permission model. People wrongly believe this is specific to Network. The INTERNET permission used to build the Network permission does exist on Android, but isn't user-facing and can't be dynamically toggled. It's still part of the permission model and is meant to be respected. Google Play delivering push messages to an app without it or delivering ads to an app without it is in not a violation or bypass of the permission.

« Previous Page