• General
  • Guide to GrapheneOS configuration for high-risk users

  • [deleted]

  • Edited

zzz
Take a look at both these scenarios and tell me which you think is best for what the article describes its user as "anarchist."

https://riseup.net/en/about-us/press/canary-statement

https://www.reddit.com/r/mullvadvpn/comments/12swybw/mullvad_vpn_was_subject_to_a_search_warrant/

Would you prefer to recommend a logging policy or a no logging policy? I may have made an assumption on the threat level that this was working off of.

zzz Also as far as I am aware, they are the only privacy oriented mailing list service out there, which is important for some organizing activities.

They are connected to many friendly organizations that offer the same thing.

  • zzz likes this.

@matchboxbananasynergy

Do you have thoughts on best practice for verifying AppVerifier, in a way that is accessible to non-CLI users? Bit of a "chicken or egg" problem.

For instance, if the user obtains the AppVerifier apk from Github Releases, installs it, and retroactively uses Appverifier to display the fingerprint of the apk they just installed, they can't really trust that it's showing them the true fingerprint. If AppVerifier was available on Google Play that could be the root of trust, but it's not. It's available on Accrescent, but this just moves the same problem to another apk because you need a (non-CLI) way to verify the authenticity of the Accrescent apk...

    anarsec AppVerifier is also published on Accrescent.

    Accrescent will soon be mirrored on the Apps app where people will be able to download it.

    That means there will be a chain of trust from the OS to Accrescent, and therefore AppVerifier.

      Consider making a donation to Accrescent if you can, the project needs more support.

      Indeed, that's excellent news. We'll rewrite the section on how to install software when that's the case.

      The Obtanium unattended updates change is here.
      Prioritizing Mullvad/IVPN change is here.

      @matchboxbananasynergy Is there any official or unofficial advice for what services to access if Auditor ever detects tampering? The guide currently links to Access Now’s Digital Security Helpline.

        anarsec The guide currently links to Access Now’s Digital Security Helpline.

        Interesting, I had not known about that group.

        Their "Disclosure of Your Personal Data" statement seems a little ominous, e.g.:

        [...]

        We may also disclose your personal data to third parties:

        • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
        • To a buyer or other successor in the event of merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, where one of the transferred assets is the personal data we hold.

        [...]

        anarsec @matchboxbananasynergy Is there any official or unofficial advice for what services to access if Auditor ever detects tampering? The guide currently links to Access Now’s Digital Security Helpline.

        Actually, I have a question with a broader scope. What is the recommended user behavior upon Auditor detecting tampering? @GrapheneOS

        As a baseline, users should immediately consider the device untrusted and start fresh with a new one, but I'm wondering if there are additional recommendations? From the user's perspective, forensic analysis could be in their interest - if such an analysis can determine how the compromise occurred, and this can be mitigated, then the adversary can no longer simply compromise the new device with the same attack vector. For instance, do GrapheneOS devs want to receive firmware images for forensic analysis?

        4 months later

        I understand the benefit from delegating apps from the play store from the owner to the default profile, so that you don't need to install google stuff in the default profile.

        I don't understand what is the benefit from delegating apps from Obtainium. What is the benefit compared to installing Obtainium and apps from there in the default profile?

          TrustExecutor
          yes, ok makes sense.

          It made me just realize that you see all apps installed on all profiles on the owner profile if you go settings>Apps.
          I wasn't aware of that!
          Means, installing in owner and disabling has the same visibility in the owner profile as installing it only in a 2nd profile.

          I've been using the owner profile as my only profile but after reading this guide, I'm considering doing something similar. The only thing I'm wondering is whether or not I should wipe my phone completely to "start over" with a clean owner profile or if I should just create the additional profiles and start using my device from a different profile. Curious what people recommend/do.

          Perhaps user profiles could be expanded a little, for example difference on installing apps in individual profiles vs owner profile.

          "high risk users" has so many definitions - perceived threat levels - we don't know where to start.
          And that's the problem.
          Why are "high risk users" even considering conducting all their activities with only one phone.
          If your threat level is genuinely that high you need a second phone.
          The second [public] phone is the device you use to leave a boring public footprint.
          You don't need a super secure phone to check news stories, sports results or your "public face" social media accounts.
          AND, if your threat level really is that high, you should know that.