Use OHTTP for all connections to GrapheneOS servers

DeletedUser26

OHTTP is a new protocol that improves privacy for users. It’s already being adopted by big companies such as Google using it for Safebrowsing. GrapheneOS could make good use of this protocol to protect the privacy of its users. Cloudflare offers Private Gateway for privacy-oriented companies. It’s in closed beta currently so I understand it might be better to wait for it to be out of beta, but something to keep an eye on anyway.

router99

DeletedUser26 As hostile to privacy and anonymity as G**gle is, I would be cautious about trusting anything they support as it relates to privacy.

[deleted]

router99 This is by far one of the dumbest things i've ever read.

23Sha-ger

There is no benefit in that, since no private or personal information is ever transmitted to the GrapheneOS servers in the first place, the same update request is sent to the server for all GOS users of the same device:
https://grapheneos.org/faq#default-connections

DeletedUser26

23Sha-ger Protecting users’ IP addresses is useful, no?

Request privacy means that the application server does not learn information that would otherwise be revealed by an HTTP request, such as IP address, geolocation, TLS and HTTPS fingerprints, and so on.

https://blog.cloudflare.com/building-privacy-into-internet-standards-and-how-to-make-your-app-more-private-today/

GrapheneOS

DeletedUser26 The IPs are still learned by the proxy sitting between and it knows where it's sending it. Users should just use a VPN.

secrec

I just skimmed over the details of OHTTP, and it appears to be absolute NONSENSE. All it seems to be doing is adding a couple of additional servers in between the client and the target server. Unless you control those two additional servers yourself, then you aren't gaining anything from them because they'll still be spilling the beans to someone, and if you DO control those two additional servers, then the target server knows who you are by the fact that its getting a connection from YOUR server.

There's also a bunch of talk about multiple layers of encryption. Two layers between client-->relay, then the relay strips one layer and sends single-encrypted data relay-->gateway. Then gateway strips the remaining encryption and sends it in PLAINTEXT to target server!!! So it hides your IP address from the target server in exchange for all of your data being sent in plaintext? Sounds to me like an NSA wet dream.