Hi all,
I have been using GrapheneOS for over 2 years now and I loving it. However, I am going to change my VPN provider. When a VPN company claims they do not collect any metadata or logs, they are lying.
Some VPN claims they allow unlimited devices but that is not entirely true. There is always a catch in the fine print where nobody reads.

Can someone help me. What can exactly VPN companies can gather from a Graphene user?
With my current VPN provider I can see on my dashboard the device model that is connected, ie Pixel 8. Is there a way we can block that?
I have tried changing the name but that didn't make any difference.
Out of curiosity I wanted to conduct a test. With a pixel 7 and 8, I created 3 profiles, each with the same VPN account. I checked my VPN dashboard and saw 3x Pixel 8 and 3 x pixel 7.
I wiped the device and repeated the same process 5 times on the same day. My VPN dashboard would show 30 different connections.
A few moments later my account got suspended for abuse. My VPN claims there is an abnormal number of connections from various devices. So I am puzzled what can they really get from a Graphene device bsides knowing the device model and android version.

I was hoping to find a solution to block all information so that my VPN does not know anything of me.

Thank you for your time reading this.

    ShinRamen247 I was hoping to find a solution to block all information so that my VPN does not know anything of me.

    That is not really possible. Your device literally sends all of its traffic to the VPN server, so the VPN server knows all IP addresses your device communicates with and when.

    You can choose which VPN service to use, including choosing to run your own VPN server. The downside of that approach is that sufficiently-resourced parties could tie your personal VPN server to you.

    It is not possible when using the Internet to conceal everything from everyone. Some information will leak, and you will need to decide which information to leak to whom.

      ShinRamen247 When a VPN company claims they do not collect any metadata or logs, they are lying.

      VPNs are NOT anonymization services, they were never designed for that.
      Don't use VPN services.
      German: VPN sind als Anonymisierungsdienste ungeeignet.
      Do you really need a VPN?

      I hardly know of a country in the world where the provider does not have to store the access IP + usage time for weeks or months if they charge for usage. Anyone who has their own ASN + IP knows that there is no other way. In Germany, most providers store data for 7 days.
      At the beginning of May 2024, the European Court of Justice allowed the storage of IPs. This data retention is actually not permitted in Germany/Europe and there will be new lawsuits before the European Court of Justice (EuGH).

      As a Tor exit operator, I don't have to do that because I don't charge any fees. Quote from my Tor exit page:

      A Tor relay is a simple data carrier (mere conduit) in the terms of Article 12 of the european directive 2000/31/CE of 8 June 2000: we do not initiate the transmissions, we do not select the receiver of the transmission, and we do not select or modify the information contained in the transmission. Therefore, we are not liable for the information transmitted.

      As a German organization, we fully comply with Telekommunikation-Telemedien-Datenschutz-Gesetz §9 (the German telemedia data protection law), which prohibits to log any personally identifiable data or usage data unless required for billing purposes. As we do not charge for using our services, we will never be able to keep any connection data.

      Tor routers owned by German media services are protected by Telemediengesetz §8

        @ShinRamen247 Hi, just a quick heads up, my reply is strictly related to VPN providers and their relationships. As this may help show a non technical jargon side of how some VPN company's do business. Might help others see the answer more clearer:

        ShinRamen247 I am going to change my VPN provider. When a VPN company claims they do not collect any metadata or logs, they are lying.

        In general, it's best to stay away from mainstream providers, even more so the ones advertising on social media platforms and sponsoring youtube content makers; especially and most importantly, the ones that pay for ads in newspapers and magazines, etc.
        For those wondering why that is... I'll answer that after the following quote:

        ShinRamen247 Can someone help me. What can exactly VPN companies can gather ...

        Perhaps, instead the technical answer you may have hoped for, it may be easier to just look at the people behind the company(s). For example, one of the most well known providers is NordVPN. Here is the history of this VPN's relationships:

        After taking a look the business tactics mentioned and checking out the referenced citations, IMHO, I think it's important to stay away from Nord Security related products, such as NordVPN, AtlasVPN and SurfSharkVPN. Not to mention any other type of provider like Nord*.

              akc3n While not remotely as damning as your excellent links, for an anecdotal argument against anything Nord*-related, here is my own email conversation with their customer support as I tried to delete the free account I made to test their password manager back in 2021.

              https://ibb.co/1GQ0jBP

              They deleted my account after this.

                  DeletedUser29 Well done. Nord never came near the top of what was recommended to me in the first place, so I guess I spared myself a hassle or two.

                    akc3n I discovered the very good kumu.io through the founder of Windscribe, I thought the website had been created by him at that time.

                    DeletedUser29 You know that insult is not an effective way of getting things done, but I had a similar experience with Bitdefender where I had to fight for weeks with customer service to get a paid subscription cancelled, so I can understand the annoyance.

                          Xtreix Yeah I really don't like being rude (especially not to customer service) but marketing and sales people infuriate me like almost nothing else. And when they are blatantly ignoring such a clear and simple request it is clearly policy which just adds fuel to the fire.

                              DeletedUser29 And when they are blatantly ignoring such a clear and simple request it is clearly policy which just adds fuel to the fire.

                              Many other companies will do the same thing, losing a customer means losing money for them, it's not a behavior I appreciate as a customer either.

                                  Xtreix if in doubt of a company, use a virtual payment card. Then kill the card. They won't get any funds, and as you requested the canceling of the account, which they failed to act on, they wouldn't stand a chance if trying to pursue it

                                      ShinRamen247

                                      At the end of the day no matter which service you use requires a certain amount of trust. The 3 vpn providers mentioned above are in my opinion the only 3 worth considering as far as privacy goes. They get audited, accept cash payment and have all been around long enough to prove themselves so to speak. Knowing that your using a Pixel should not bother you, millions of people are also. They need to be able to configure it for you so they need some info. You need to ask yourself who you trust more with your data (vpn or your isp)

                                        DeletedUser29 It is indeed policy. I very much doubt the poor support person cares if you use Nord products themselves. :P

                                        Such companies have their support staff operate with flow charts/scripts. It's likely that their standard procedure when you try to delete your account is to try to keep you there.

                                        Shitty? Absolutely, and shame on Nord. I understand the urge to bite back for playing that on you, but the support staff is more or less an innocent bystander just sending what they're told to. :)

                                            matchboxbananasynergy I know :( Hopefully my clarification who I was angry at back then was enough for the poor bugger not to take it personally. I have worked somewhat with CS (and want nothing to do with it again) so they have my sympathies. And I'd probably wouldn't resort to expletives today in the same situation.

                                            This has gotten very off topic to OP's question though, and the point of my addendum to akc3n's post. So enough about that :)

                                              2 months later

                                              Thank you all for your time and feedback. I will certainly stay well away from Nord and Surfshark. With AtlasVPN is now owned by NordVPN. I subscribed to AtlasVPN and it did not work with Graphene devices. Requesting a refund was a mission as it was very difficult to bypass their BOT chat and speak to a real person. In the end they didn't cancel the subscription and when I contacted them again after 30 days, they said there was no record. I couldn't be bothered chasing $80 and let it go. The graphene community is always informative and helpful. Thank you! If Graphene team ever have their own VPN service I will surely sign up!!