High Threat model: Companys, government, tracking add tracking and personal.

Pocketstar

Disclaimer: I am NOT a security expert, do your own research and do not blindly follow my advises.

-Use a zero-trust policy.
-Use the KISS-principle. (Keep it simple and stupid)
-I only recommend TOR, I2P or zeronet for folks with a high threat level. (A VPN company can get compromised)
-I do not use any cellular connection on my phone, instead I use a mobile hotspot with web-based SMS function. (It prevents the baseband obtaining the phone's IMEI, etc, it is easier to dispose of a hotspot instead if neccesary)
-Only use verified free and open source software, use the AppVerifyer app and the Accresent and Obtainium apps as a source verification method and application repositories.
-Turn off Bluetooth, NFC and Location.
-Get offline resources like maps, (Organic maps) Wikis, (Kiwix) chats, (Briar messenger) a survival manual, some offline entertainment like games (verify all rom (no-intro) files (datomatic) and check for viruses, use RetroArch)
-Use the internal firewall to block all apps that do not need internet.
-Set autoreboot to 10 min.
-Do not use biometrics.
-Set USB port to "Off" (Charge when phine is off)
-Turn on hardened memory allocator for all apps. (MTE)
-Turn off bluetooth after 15 sec.
-Turn off WiFi after 1 min.
-Set Native code debugging to blocked by default.
-Turn off WebView JIT.
-Restrict DCL
-Use secure app spawning
-Manually give camera and mic access.
-Location: Turn off SUPL, PSDS, WiFi and BT scanning.
-Make a secondary profile for outdoors with less sensitive data on it. (In case the phine gets napped from your hands, the main (sensitive) profile would still need a password)
-Use the duress function, put small note with duress password in phone sleeve. (Not in a way that it is too obvious)
-Manage "open links" on all apps, and manage all permissions of each app manually.
-Use a web-based email account, do not install any app on the phone that can recieve files from strangers.
-Do not use the dialer or SMS.
-Set dialer to "block unknown callers".
-Turn on MAC-randomization.
-For Orbot, use " always-on VPN" and "block connections without VPN" in the main settings menu.
-For Orbot enable "isolate destination addresses" in the Orbot settings menu.
-Give Orbot and Briar Messenger unrestricted acces to battery and internet.
-Use an app like Droid-ify to put really sensitive files in an encrypted container. (Use a different password)
You can make camera pictures and notes from within the encrypted environment so it will never store outside the container.
-Use Nostr for relaying public messages.
-Only use offline AI's and speech recognition. (ChatterUI, SDAI, sayboard for voice to text)
-Use 2FA where possible, onlu use keyboard dictionary to copy them. (Magikeyboard in KeepassDX)
-Never copy/paste sensitive credentials to the web.
-Do not store passwords online.
-Minimize cloud usage.
-And now I need to go to the grocery store before it closes, sorry folks, I hope I did not miss anything, I am in a bit of a hurry.

yiit

Pocketstar
Depending on how you use TOR, exit nodes are at risk of being managed by US gov. (correct me if I am wrong)

Briar leaks metadata to your contacts (if you trust your contacts and their security practices, then this might be fine). Using a vpn might mitigate this risk, but idk how much more than just your IP is leaked with Briar. So maybe in some situations it is fine, but signal/molly and simplex are my go-to.

I'm curious, you use/suggest pairing Orbot as the vpn with briar and using TOR, I2P, and zeronet in combination to achieve a high level of privacy, security, and anonymity? I don't utilize the deep web/dark web, so I'm not completely familiar with some of these best practices.

For email (like you said, I would separate it completely), I wouldn't even use it on your GOS or what you consider "secure device." Email is by design insecure and it will be better to use secure messengers over email. I would use email on a completely different device.

Pocketstar

yiit
Thanks for the analysis, awesome!
It is good to have some feedback considering I am not a security expert in any way, I hope that people do take everything I say with a grain of salt.

But indeed, I am not using Orbot at the same time as Briar, which has TOR build in, so that would be difficult I guess. (I never tried)
I believe people can exclude Briar from the applist within Orbot.
Also, if people are using Orbot as a VPN they might want to turn off "block connections not using a VPN"
Enable "power user" if people just want to use TOR without a VPN.

I did not know Briar could leak an IP adres considering it uses TOR, unless a local or mesh connection has been established.

About the metadata being leaked to contacts; I did not know this, I do only chat with contacts I explicitly trust, but I believe it is safe considering people can use an alternative name.
When it comes to metadata, people say SimpleX is really great, it does not use identifyers as well.
Molly uses a phone number to register, even though I use it myself, I did not recommend it for people with a high threat level.
About the U.S. government being able to access TOR; I am not sure if that is possible, it would be nice if someone can provide some clarity on that, I honestly have no idea...

ILIKETRAINS

Pocketstar the U.S. government being able to access TOR; I am not sure if that is possible, it would be nice if someone can provide some clarity on that, I honestly have no idea...

As far I recall the Alphabet-Agencies mainly use man in the middle - hi-jacked sites- and Firefox exploits. - There is a rabbit whole starting from the 2000s... TOA to Prsim etc.

And then there is the crux that nodes are public and most likely the NSA and frens world wide just cache a lot of data from there and play a giant puzzle in the hope of getting a hit

The consensus seems to be the TOR-core is safe, the highest risk is still (personal) op-sec.

yiit

Pocketstar
Thank you for your insight on those programs connecting to the deep web/dark web!

Right, a local connect can leak meta data on Briar. It can leak bluetooth address for one. To my understanding TOR is much better for users only browsing the network. So using TOR for messaging isn't ideal, since messaging involves more metadata than just browsing websites. Using an alternative name doesn't mean you are safe. Metadata is what is used many times to de-anonymize people. So since briar does to your contacts, unless they take every precaution to anonymize themselves and even if they do, it just takes one trip up somewhere. And that could create the connection LE needs to de-anonymize you.

SimpleX is according to many people very good. I use it and like it.

With Signal/Molly, while they do require a phone number, there are ways to use Signal/Molly pretty anonymously. Use a VPN and a VOIP number paid with monero using a monero address not linked to you. The difference between Signal/Molly and other secure communication methods like Briar, is that we know that Signal/Molly has your phone number and IP of when you first opened the account and the last IP of when it was accessed (I believe). So knowing this is what gets leaked, there are workarounds to make Signal/Molly a very viable communication method despite that.

Pocketstar

Furthermore; I was mistaken about the hardened memory allocator, which is obviously not the same thing as MTE. (Memory tagging extension is only possible on ARMv9 based phones; the Pixel 8 and 9)
Perhaps someone (not me, but an actual security expert) can write an extended detailed guide for people with a high threat level based specifically on GrapheneOS as a sticky on the forum, or elsewhere.
That would be great for journalists, whistleblowers and dissidents, just what SPUTTERGRUMBLENANOMETER suggested!

yiit

ILIKETRAINS

Agencies do use hi-jacked sites, whether it be them monitoring one already up that they have access to, them during an operation taking control of a website already known from someone managing, that they arrested or them re-creating a previously taken down website. They employ many tactics.

Pocketstar

ILIKETRAINS
Thanks for the information! That is very useful information for many people that rely on TOR including myself.
I am glad we can still rely on it.
I do have a second phone which I purchased with cash, (a Pixel 6a) I do try to distance that phone's identity from my own by never connecting it to my home network and I've put it in two faraday cases as well, (against EMPs) and I only update the phone offline.
I would only connect to public hotspots, and I did purchase an anonymous SIMcard with cash as well. (Which is still possible in my country)
This way, people cannot tie my the info of my phone to me during a situation like an anarchy.
But indeed, I have to persist in having a proper opsec, so I won't login anywhere, don't use personal information and do not browse for things related to me.
It is a backup phone I keep in my survival backpack (BOB) for emergencies.
It contains alot of offline apps and libraries that are very useful during such an event.
I am very focused on using Briar because it is the only viable app I can still use after the internet goes out.
Naturally I will use exclusively TOR on it as well, but that is not possible during a blackout.
I do have a portable solar panel for charging the phone. (I also have that wrapped in a large faraday bag)
I honestly don't think it'll ever come to it that I have to use it in an emergency, but just like a smoke alarm; it is better to be safe than sorry.
I did enjoy putting my bag together and configuring my phone.
If the world ends one day, at least one phone, one GrapheneOS will survive an EMP from a nuclear blast.
I really appreciate the hard work and thought the GrapheneOS developers put into it, it is an amazing and very important project, it is truly one of a kind.

Pocketstar

yiit
Thanks! I've never considered using Molly like that, it would be anonymous indeed!
I do use Molly on my primairy phone (a Pixel 7) but I don't have a high threat level myself, so I don't use it anonymously, but I do keep it very secure.
I installed Molly initially due to the fact is was fully FLOSS, Signal had some proprietairy libraries, namely Google Maps.
However, the hardening features of Molly were a big plus for me as well.
I am glad I was able to convince at least my direct family to use Signal, so I could communicate with them more safely than using WhatsApp, which is closed source and collects metadata before selling it, not my idea of privacy or freedom.
i shall only use Briar messenger when there is no more internet, otherwise I shall disable the app in settings until (if) that dreadful day comes.
But no, I do not suggest using briar over Orbot, merely excluding it so it can use its own build-in TOR connection, also using zeronet, I2P and Orbot seperately, not combing those, I am not sure if that is possible indeed...

yiit

Pocketstar
Same, I would probably use Molly, but none of my family and friends would. So I use Signal because I was able to convince a few in my circle to use it.

Pocketstar

yiit
Actually Molly is a Signal fork, but with the extra hardening, and fully free and open source.
Signal is partly FOSS.
Molly is using the Signal protocol, so it is fully compatible with Signal users, that is why I was so happy I was able to convince family to use it, so I could use Molly and communicate with my family whom uses Signal themselves.
Molly updates regularily and tries to keep the version number as close as Signal.

yiit

Pocketstar
That's great to know! I had thought I could do something like that, but was never really sure. I also didn't know how caught up Molly is with Signal. Thanks to you confirming it, I might give it a try.

That and one more app was the only app that wasn't fully FOSS that I have. So I'll at least maybe be able to get it to one app. The other is Magic Earth and I have tried Organic Maps and prefer ME much much more. So I have come to terms with that.

Thank you!

yiit

SPUTTERGRUMBLENANOMETER
Great thread, by the way! This is very informative.

Pocketstar

yiit
I must stress that I am in not good at networking myself, my knowledge on TOR, I2P and Zeronet is very limited, I merely know how to use it and that it is kinda safe to use it.
I am also not an expert in any specific subject regarding security, I am merely a person that wants to be free, (like not having my metadata taken and sold) and having safe options during a survival situation, GrapheneOS provides that to us, but I am always eager to learn more, hence my two cents on what information I've accumulated thus far.
But do take my advice with a grain of salt, I don't want to spread misinformation, after all; many people's lives depend on security-related information, it is always good to search information from legimitate sources like developers.
For me, having a smartphone that is very secure, has software on it with a free license, is like a beautiful diamond, with all its brilliance and perfection.
I could never use a phone wehre nothing is certain, it just brings too much stress in the long run.

Agreed with yiit;
Thank you SPUTTERGRUMBLENANOMETER

Have a nice evening everyone!

yiit

Pocketstar
Like you, I am always learning. That's why an open discussion like this is good to flesh out and hone in on the best practices.

TOR, I2P and Zeronet are out of my use case, from research and just hearing things on the so-called grapevine is the information I operate with with these. So I learn about them out of curiosity, so I have some working knowledge of them if I ever need them. I also personally haven't found a way to use them yet in a safe way that meets my threat level.

stupidcreature

Hello, if your security model includes a government adversary, then turning off the microphone even at a hardware level is pointless since gyroscopes and speakers can be used as microphones.

Instead of Briar I would suggest a peer-to-peer messenger called Cwtch which automatically routes all the traffic through Tor and automatically wipes chats upon closing the app unless explicitely specified otherwise.

If you care about defences against fingerprinting I would suggest the Tor browser as it is the only one that can offer retaliation against fingerprinting. The more your configuration differs from the default the more of a fingerprint you have.

yiit

stupidcreature
https://discuss.privacyguides.net/t/simplex-vs-cwtch-who-is-right/19256/8

Here is a good discussion on both Briar and Cwtch as to why they may not be ideal, even with TOR. It also discusses the shortcomings of TOR in messaging.

Pocketstar

stupidcreature
I could be completely wrong, but even for a government adversary, should the phone not be compromised first before hackers can utilize the speaker or gyroscope as a microphone?
Next to that, if the phone is not compromised, it can be a pleasant idea that apps cannot access the microphone from a privacy point of view.
For example; Meta apps cannot listen in or Google translate will not "accidentally" capture your voice.
These apps can also be potentially abused by governments by using the third party doctrine law so they can have access to people's accounts and possibly some apps.

I shall check Cwtch out, thanks for the suggestion, it sounds great! I've heard the name before, but never bothered checked it out, now is a good time for that.

I use Privacy Browser sometimes with Orbot, but I agree, but when it comes to fingerprinting (the less unique browser setup the better it is) TOR browser is the best, and it also comes equiped with all the needed secure settings enabled for use with TOR.
There are several trackers in the browser (leftovers by Mozilla) but these are not enabled, so it should be safe to use.

Pocketstar

yiit
Awesome! Thanks!

stupidcreature

yiit Hello, SimpleX is an absolutely amazing solution for digital communication as well and I can strongly reccomend it. Thank you for sharing this informative discussion.

stupidcreature

Pocketstar Hello, using the Tor network with a browser that is not Tor Browser is strongly advised against by Tor.
Also, Exodus is dubious when it comes to app privacy due to it's rudimentary tracker checking and a subjective process for deciding what is a tracker.