Good day. I don't see it covered anywhere, and I think it's an important topic that should be mentioned and discussed.
As far as I can tell, GrapheneOS by default is making routine requests to check for firmware updates and also for date/time synchronization. In the case of firmware updates, what servers are queried, exactly? Is it Github, or GrapheneOS's own server infrastructure? Are there any other requests being made by GrapheneOS base system, and if so, what are they? Is it possible for an ordinary user to turn off each and every scripted/scheduled request coming from the base system (e.g. check for updates only when a user taps a "check..." button, and replace GrapheneOS's time servers with own time servers amongst other things) so as to make the device completely "silent" to the Internet? That of course presuming no third-party applications have been installed.
Regarding firmware checks and date/time requests being made, there is no privacy and data handling policy on either, so there's no way to tell how the access logs are being handled, if those exist at all and for how long those are being kept, whether any authority can lawfully request a log of (e.g.) IP addresses from the Organization, and so forth. Does the general organization-level policy indeed exist and I simply missed it somehow, and if it doesn't, why? Is there at least some basic preliminary policy addressing my concerns above? Same question goes for this forum.