graphenediscoverer4 I don't find it in the code https://github.com/GrapheneOS/grapheneos.network/blob/main/nginx/nginx.conf#L344
Is it what proxy_hide_header X-Robots-Tag; and proxy_hide_header X-Amz-Cf-Id; mean ?
Based on this documentation on Nginx's website, it appears that the headers are dropped when passing the response to the client, which would in this case be our phones.
graphenediscoverer4 Docs don't write about removing information when forwarding the request of getting the GPS almanac to broadcom (even though I see some proxy_hide in the codeblock dedicated to broadcom too), does this mean there are some leakages on latest devices, or that broadcom doesn't gather any sensitive info ?
The website specifically mentions Qualcomm, but not Broadcom, so I would guess that means that info was never never included in the request in the first place.
graphenediscoverer4 If A-GPS ("Secure User Plane Location (SUPL)") is disabled,
graphenediscoverer4 Will emergencies still be able to retrieve my position if I do an emergency call ?
I haven't looked at that code in a long time, but I don't recall there being anything in GrapheneOS's implementation for disabling SUPL that would affect any other part of the OS or change its behavior. That said, I could be remembering wrong, of course.
graphenediscoverer4 Why gOS proxy fetches almanacs from broadcom servers but not using the gOS proxy would kind of use a google proxy, instead of directly fetching from broadcom ?
I don't understand this question. You have already read through the Nginx configuration file. You can easily find out where the proxies fetch the files from.
graphenediscoverer4 https://en.wikipedia.org/wiki/Assisted_GNSS seems to say that A-GPS/SUPL speeds up the fix obtention way more than PSDS/Almanacs possession does. Do you guys relate to this ? (For me to know whether it's really worth it to expose that the user fires GPS to the nearby celltowers/routers = ISP = gowvernment ... = )
I don't understand parts of this question as well. I have disabled SUPL on my phone before and don't really recall my phone getting a location being that much slower. Feel free to disable it on your phone and try it out.
graphenediscoverer4 What is the server called "standard"/the server to which gOS connects to, for A-GPS/SUPL ?
The PSDS servers are listed on the website. The default SUPL site is probably supl.google.com:7275
, but I didn't confirm that in the OS code. That's the server listed in the Nginx config for the SUPL proxy, so I'd assume that's the default used if not using the proxy on our phones.