Good day. I don't see it covered anywhere, and I think it's an important topic that should be mentioned and discussed.

  1. As far as I can tell, GrapheneOS by default is making routine requests to check for firmware updates and also for date/time synchronization. In the case of firmware updates, what servers are queried, exactly? Is it Github, or GrapheneOS's own server infrastructure? Are there any other requests being made by GrapheneOS base system, and if so, what are they? Is it possible for an ordinary user to turn off each and every scripted/scheduled request coming from the base system (e.g. check for updates only when a user taps a "check..." button, and replace GrapheneOS's time servers with own time servers amongst other things) so as to make the device completely "silent" to the Internet? That of course presuming no third-party applications have been installed.

  2. Regarding firmware checks and date/time requests being made, there is no privacy and data handling policy on either, so there's no way to tell how the access logs are being handled, if those exist at all and for how long those are being kept, whether any authority can lawfully request a log of (e.g.) IP addresses from the Organization, and so forth. Does the general organization-level policy indeed exist and I simply missed it somehow, and if it doesn't, why? Is there at least some basic preliminary policy addressing my concerns above? Same question goes for this forum.

    Thank you, that's quite comprehensive and I missed it somehow.

    So Graphene OS organization is registered in Canada. Is my assumption correct that it will abide by and only by the laws of Canada? Suppose in a case where an official court (police?) request comes to provide some connection logs.

      865be553dc4f5b2b

      So Graphene OS organization is registered in Canada. Is my assumption correct that it will abide by and only by the laws of Canada? Suppose in a case where an official court (police?) request comes to provide some connection logs.

      Connection logs are only kept for 4 days for the network services and 10 days for update servers. It would take us longer than that to consult with our lawyer about what to do.

      Not clear what info you think is available in the logs. There is no user data or anything there. Please read the FAQ section on default connections.

      So Graphene OS organization is registered in Canada.

      GrapheneOS Foundation is based in Canada. That doesn't mean GrapheneOS itself is specifically based there. GrapheneOS existed long before the non-profit did.

        GrapheneOS
        Well, you might be right, as just having an IP address log is probably of little use in this case.

        Not sure what you mean by "doesn't mean GrapheneOS itself is specifically based there". The OS and the Foundation are different entities? Hosting done elsewhere? Can you elaborate on that statement?

          865be553dc4f5b2b The OS and the Foundation are different entities?

          What if, hypothetically, a giant meteor wiped out all life in Canada? Would that mean the end of the GrapheneOS project, even if 2/3 of the developers, hypothetically, lived in Brazil?

          Bloody hell.

          What if a giant meteor eradicated 2/3 of the USA tomorrow? Would that mean the end of Google and its Pixel phones, even if factories are located in Asia?

          Any more apocalyptic scenarios you would like to share with us?

            fid02 I think that @de0u is using an extreme example to point out that GrapheneOS is an international project. The non-profit organization being incorporated in Canada doesn't make the project that the foundation is supporting Canadian. The team is all around the world.

            I think you misinterpreted an obviously extreme example to try and drive a point home as more of an actual question, which given the content of the question would indeed be quite the ridiculous one.

              865be553dc4f5b2b Hosting done elsewhere?

              I think that this is a real key question, but extends beyond just the physical location of hosting to the physical location of the specific people who have administrative control over the hosted services.

              Speaking as a person living in Canada, the Canadian government's willingness to impose martial law on private citizens and infrastructure (I'm talking about people being locked out of bank accounts specifically here as an example) without any kind of trial makes it very difficult to trust any service where control of that service is within Canada. How do we know that the services have not been subordinated by the radical Canadian government?

              A reasonable example of this would be for the government to order a datacenter to provide government with administrative control over a server. Subpoenaing the service provider for records is irrelevant if they physically took control over the infrastructure yesterday.

                fid02 I think well of Canada and in no way hope for apocalypse from the skies for my northern neighbors!

                I do suspect that if things got bad enough for the GrapheneOS project in Canada (in a hypothetical meteor sense or in a lawfare sense) then the project would quickly move.

                And I apologize for any alarm induced by my extreme hypothetical example.

                bookreader A reasonable example of this would be for the government to order a datacenter to provide government with administrative control over a server. Subpoenaing the service provider for records is irrelevant if they physically took control over the infrastructure yesterday.

                That could happen to a server located in Canada... or the U.S.... or Italy... or China... or Brazil... I think? Is there a country where that is not possible?

                  de0u That's the point though, having the phone software somehow bound to a particular service instead of allowing the user of the device to bind it to their OWN service.

                  • de0u replied to this.

                    865be553dc4f5b2b Hosting done elsewhere? Can you elaborate on that statement?

                    The servers are distributed in the USA and France.
                    OVH and Frantech/BuyVM are well known. If you spend time on the Internet, it is very likely that you come across OVH, Frantech, Hetzner and Online S.A.S. on a daily basis. Your IP is registered as soon as you enter these data centers. Therefore, you don't need to worry about the GrapheneOS admins the least.

                      bookreader That's the point though, having the phone software somehow bound to a particular service instead of allowing the user of the device to bind it to their OWN service.

                      For several services GrapheneOS provides the ability to choose between servers (often Google's vs. a GrapheneOS proxy), and in some cases AOSP allows configuring arbitrary servers.

                      It is true that the system updater and the Apps app are pointed at GrapheneOS servers, but pointing a GrapheneOS device at different update servers would require somebody to maintain those servers. If one wishes to do that, the GrapheneOS web site provides build directions for system images (including, if I recall, delta updates) and guidance on how to set up the update servers.

                      Overall I guess I am not yet understanding which enhancement(s) are wished for.

                        de0u I think its obvious that somebody would have to maintain those servers. Basically what is being asked for isn't just "google"/"grapheneos"/"disabled", but rather also add a "custom" option. From the top of my head, connectivity check, gps, updater.

                        Having it connect to grapheneos servers, in addition to making you vulnerable to the integrity of those servers, identifies you as using grapheneos, which is a possible risk in some scenarios, including exercising your freedoms while within surveillance states, and being able to blend in, or if authorities are looking for someone with a phone running grapheneos, its pretty easy to identify. Reboot it and see what the boot logo looks like.

                        Having it connect to google servers lets you blend in, but leaks tons of information about you to google, which is also undesirable.

                        But having it connect to a server that I physically control? That doesn't leak ANY information, because nobody can know what those connections mean.

                          boldsuck The servers are distributed in the USA and France.

                          That does NOT make me feel all warm and fuzzy about the independence of those servers.

                            bookreader why? There's nothing wrong with the servers. Apps and OS releases are signed so it's not like those can be tampered with.