- Edited
Hi,
I'm aware that doing anything that is risky to personal safety on a mobile is generally not a great idea. I am just asking for advice and opinions on a particular scenario. If I had a spare laptop that I trusted and it were a viable option, I would use that with tails etc and other measures.
I have a spare Pixel 6 Pro that has been factory reset and updated to current GOS. It has no sim in it, has never been connect to my home WiFi or any accounts that are connected to me personally (since factory reset, was used as a primary phone previously). On first boot, I set the language and timezone to something other than my own country, strong passphrase, every radio switched off, no location etc. The first thing I do is connect to a WiFi not associated with me, install f-droid, then aurora, then protonvpn and have it always use protonvpn free server as guest with kill switch (f-droid version of protonvpn appears to lack guest option?). I install tor browser from guardian project f-droid repo, set to safest security setting and use a bridge. Then the phone is only online when I connect to a WiFi network that is not associated with me. I have a blank main profile, with anything I do in a separate user profile and have a duress pass code set.
I'd just like opinions on how safe this would be if using a phone were the only option available? Assuming no attacker were able to get full physical access to the phone, and it were wiped by entering the duress password if that did happen, what information could be reliably linked to the physical device? I'm not skilled or particularly knowledgeable on the technical side of things, but with no mobile carrier and no GPS or radios on, randomized MAC address, unassociated WiFi connection, log in free VPN -> Tor via bridge and no JavaScript, what am I missing? Is this a dangerous setup if absolute privacy and deniability were of the utmost importance? What if through mistakes JavaScript were allowed to run in Tor browser? What's the likelihood of being able to link back to the public wifi being used? Or any personally identifiable information?
Sorry if these are stupid questions I do try to search and read as much as possible but a lot of my bandwidth is taken up by navigating difficult life circumstances so it's nice to get direct feedback from people who know more than I do.
Thanks in advance :-)