• General

  • How does Private Spaces isolation compare to secondary user profile?

roamer4223 You are looking for a completely different feature, as far as I can tell.

Can't see how because nothing in your description is incompatible with the nesting VPN use case. This is also how things work in the desktop equivalents of a private space.

roamer4223 It just seems to be similar to what you're looking for?

No, because as I said

The current compromise often recommended is a not particularly intuitive hack offered by some firewall apps that have secondary VPN functionality but you forfeit expedient location changes and now have to place your trust in them to not introduce subtle bugs that break the VPN, a big ask for something of secondary concern to them, while they're focused on building out their firewall/dns features. Even worse, this compromise is off the table if you rely on the anti-censorship/obfuscation measures the full VPN provides.

This applies to RethinkDNS as much as it does to Blokada. Rethink is nice but asking me to trust them for critical VPN function is a bridge too far, and not even possible when you need anti-censorship/obfuscation features of a proper VPN app.

        ignition Fair enough then. As I said, I wasn't particularly recommending RethinkDNS, I just misunderstood what you were looking for. There are some VPN providers that have multi-hop on their Android clients as well, such as iVPN. iVPN also has a reasonably customisable DNS blocklist built in to their app. Anyway I guess you'll have to submit a feature request for what you're after. Good luck :)

            roamer4223 There are some VPN providers that have multi-hop on their Android clients as well

            You are misunderstanding something. While similar, multi-hop and nesting VPNs are two different things.

            Multi-hop is a same provider feature, with servers of both hops owned by the same provider and known to not just them but also its adversaries. The exit hop here is the important one and, for very private VPN providers like IVPN, your internet use gets blasted with a mountain of captchas or outright blocked by websites and apps because all of IVPN's servers are publicly known.

            Nesting is multi-provider. If you read through the iCloud relay article, you'd see how they explain this. One provider is used for the entry relay and a different, unrelated provider for the exit relay. From a privacy and anti-censorship angle, this means you can use IVPN, which is highly private, as your entry relay and they'll know your real IP but you could now, assuming it wasn't deprecated, much more safely use something like Google One VPN as your exit relay without exposing your real IP to Google.

            Advantages of nesting in comparison to multi-hop are significant, including much fewer, if any, captchas and blocks since the algorithm is almost always Google's or trusts Google, and websites and apps (some of the biggest owned by Google themselves) will only see Google controlled IPs, deeming it safer because its VPN is not at all as private as IVPN. Another privacy and censorship advantage is your ISP, and government that may know about IVPN, gets blinded to the details of your use of the less private nested VPN. Yet another advantage is you can retain your privacy while gaining high availability in the sense that you can use IVPN, which has servers in only a few locations, as your entry relay but another, less private VPN with a wider selection of locations as your exit.

                ignition
                Unless Im misunderstanding something it should be possible to create an app which sits in the VPN slot of an Android profile which provides the nested vpn functionality you are looking for. Private space is functionally a profile, just a different type. Similar to work profiles and clone profiles.

                An app in the VPN slot has control of pretty much all network traffic from the profile in which its installed and can route it as it wishes.

                    Carlos-Anso Unless Im misunderstanding something it should be possible to create an app which sits in the VPN slot of an Android profile which provides the nested vpn functionality you are looking for.

                    Isn't that just, if it even is possible, the Rethink and Blokada compromise discussed above but worse?

                    An app in the VPN slot has control of pretty much all network traffic from the profile in which its installed and can route it as it wishes.

                    But this is about the chosen design of profiles themselves, not some app. The always active Owner profile is privileged amongst its peers, giving users the option to route calls, messages, even notifications, and also DNS but when it comes to a VPN, an arbitrarily impenetrable wall is erected. A user isn't even given the option to make a choice save for going scorched-earth by rooting the device.

                        ignition A user isn't even given the option to make a choice save for going scorched-earth by rooting the device.

                        That's a little unfair. You obviously know you can run a VPN in the secondary profile too.

                        I suspect this is not exactly a GrapheneOS design decision, but a result of how profiles work in AOSP, and making it work differently would likely be quite a large amount of work.

                            Probably9857 That's a little unfair. You obviously know you can run a VPN in the secondary profile too.

                            Don't see how when compared to the many things the Owner profile provides options to let through the boundary. If anything is unfair, it's the lack of similar options for a VPN which leads to, among other things, needing to run the same thing over and over. You wouldn't recommend running the same app with the same accounts in multiple profiles just to receive notifications.

                            I suspect this is not exactly a GrapheneOS design decision

                            I know. That's why I said it was unfortunate design decision in response to how it works in ordinary Android. An unfortunate, arbitrary restriction by Google on a base that would normally allow it.

                                ignition You wouldn't recommend running the same app with the same accounts in multiple profiles just to receive notifications.

                                I wouldn't. But I also wouldn't waste my time ranting about the choices of projects that are providing me with amazing free software. If what you want doesn't exist, you can build it yourself, or you can find a way to make do with the options that are available to you.

                                    Probably9857 I also wouldn't waste my time ranting about the choices of projects that are providing me with amazing free software.

                                    Ranting? You clearly didn't even comprehend the title but this is a thread of questions about how something works and I asked mine, got my answer and made a comment which someone was curious about. Maybe pay more attention next time before jumping in when you're triggered by an exchange you don't even understand?

                                        So private space is simply an additional work profile?

                                        This is pretty great, and among the first feature I find useful that is implemented in AOSP XD Cant wait for the upgrade

                                        (Btw people, switch to alpha or beta releases if you can and report bugs!)

                                        ignition This is also how things work in the desktop equivalents of a private space.

                                        I am not sure what you consider "the desktop equivalent" but suspect this may be a big part of he reason you are disappointed. You are attempting to replicate a somewhat complex setup in another OS, there are big differences as to how things work in these operating systems, and nobody has created something that provides what you want.

                                        The way networking, profiles and VPNs work in Android may appear a bit strange when compared to what you are familiar with from desktop operating systems but there are reasons. Much network functionality is split per profile running through the VPN of that profile. Some things are handled solely by the kernel and effect the whole device. This contributes to the leaks we have been fixing. There is a lot of complexity to everything which has made fixing the leaks very difficult. It also makes making any changes difficult. Also potentially maintaining those changes. Which means any changes have to be very carefully considered and, particularly if complex, ideally avoided. We cant risk big changes landing in AOSP which could completely break networking or changes we have made which people rely upon.

                                        ignition The current compromise often recommended is a not particularly intuitive hack offered by some firewall apps that have secondary VPN functionality but you forfeit expedient location changes and now have to place your trust in them to not introduce subtle bugs that break the VPN

                                        I would not call it a hack or presume that an app designed just for running a VPN would be higher quality. Many VPN apps are not great. Notice the project has a very short list of recommended VPN apps.

                                        "The only app we can recommend is the official WireGuard app."

                                        ignition Isn't that just, if it even is possible, the Rethink and Blokada compromise discussed above but worse?

                                        Its technically possible to have networking from any given profile run through nested VPNs. Any VPN company could make their VPN app support this kind of nesting.

                                        An independent project could make an app that sits in the VPN slot and offers this nesting and likely also the location switching and other features you desire.

                                        It appears your imagined ideal is a device wide VPN but also being able to run VPN apps in individual profiles with any VPN connections also nested/routed through the device wide VPN. I am not at all sure GrapheneOS will ever take on the work to implement and maintain this.

                                        I think it may be wise to split this conversation off to a new thread as its veered significantly off topic. There are existing apps and methods that can achieve nesting of network connections. Also GrapheneOS aims to offer the possibility to run desktop operating systems, which would have their own networking stacks, in virtual machines.

                                                roamer4223

                                                but it's also slightly more convenient

                                                I've only skimread some of the comments here and I don't fully understand private spaces, but from what I can tell, since you can only use private spaces in the owner profile this makes it less convenient. I don't use my owner profile for anything except changing settings and updating the system, I use secondary profiles for everything. I'm not entirely sure what purpose private spaces actually serve, I disagree with the notion that they are more convenient than profiles. And I feel like the ability to daisy-chain VPNs (ie. VPN-over-VPN) is a highly desired feature for many people, as well as various other features to do with VPNs.

                                                This might be very useful for devices not using GrapheneOS, but it appears GrapheneOS already kinda serves the same purpose but is much more flexible. I'm open to being corrected since I'm only just learning about this.

                                                  Carlos-Anso I am not sure what you consider "the desktop equivalent"

                                                  VMs.

                                                  You are attempting to replicate a somewhat complex setup in another OS, there are big differences as to how things work in these operating systems, and nobody has created something that provides what you want.

                                                  The way networking, profiles and VPNs work in Android may appear a bit strange when compared to what you are familiar with from desktop operating systems

                                                  I use a different Android variant where this is already possible, so I'm not sure what 'complex setup' is in reference to, but nesting is pressing one toggle in the main profile and then connect in the sub profile's VPN. Just like on desktop. You can definitely get more elaborate in a desktop environment but it's not necessary.

                                                  I would not call it a hack or presume that an app designed just for running a VPN would be higher quality.

                                                  That's fine. I would. It's true that there are many poor VPN apps but the solution is higher quality apps, not third-party apps that are really 'and we support VPN functionality'. With the increasing captcha-blasting, outright blocking, and AI-powered analysis of more privacy-respecting VPN use, I cannot depend on a team that does not have the VPN and its continued improvement as their primary focus, critical to their bottom line. It's definitely off the table when their real focus has the capacity to introduce bugs that subtly break the VPN. This is no different from how I wouldn't depend on a VPN for ad blocking features that are secondary.

                                                  Its technically possible to have networking from any given profile run through nested VPNs. Any VPN company could make their VPN app support this kind of nesting.

                                                  An independent project could make an app that sits in the VPN slot and offers this nesting and likely also the location switching and other features you desire.

                                                  There are existing apps and methods that can achieve nesting of network connections.

                                                  This is mixing things up and contradictory. What is being talked about here is an option to share the Owner's profile connection with a sub profile, not yet another third-party app that handles assumed-to-be extractable configurations of yet two other VPNs.

                                                  VPN companies don't need to add any feature for this because they already do support nesting by design. There's no special sauce needed. It's not something the app makes an effort to 'support', it's something the OS itself makes an effort to restrict. The inability to nest profiled VPNs on Android is a uniquely Google introduction. Not even ChromeOS has this restriction as far as I can tell.

                                                  So unless you're covering up some secret god-mode app or setting that can pierce through the private space or profile boundary, or suggesting I root an installation Graphene, this is an OS problem thanks to Google, not a user-space app concern.

                                                  It appears your imagined ideal is a device wide VPN but also being able to run VPN apps in individual profiles with any VPN connections also nested/routed through the device wide VPN

                                                  An option for this in relation to the private space, or profiles more generally, yes. In a similar fashion to those that, for profiles, allow setting a private DNS, notifications, etc. or, locally, allow blocking connections without a VPN, having the VPN always on.

                                                  I am not at all sure GrapheneOS will ever take on the work to implement and maintain this.

                                                  Yes, which is why I was holding out hope that Google didn't bungle the private space like they did profiles in this matter, forcing downstream forks to have to work to fix it. Unfortunately, no such luck.

                                                  I think it may be wise to split this conversation off to a new thread as its veered significantly off topic.

                                                  I guess, though I'm not sure what would be the point because I've only really been answering questions about my earlier answer and, as you've said, that's unlikely to bear fruit in terms of being implemented. I did ask for it here in the hope that since it isn't fully baked, it may be easier to fix but that's a long shot. There's also this more general thread but same thing.

                                                    fid02

                                                    All of this sounds and looks exactly like a work profile. Is there any difference?

                                                    Also how do you add apps to the private space? I assume they need to be installed within the private space from an app like Play Store or F-Droid. Is it also possible to clone apps from the main profile to the private space and they get updated when you update them in the main profile?

                                                        Viewpoint0232 All of this sounds and looks exactly like a work profile. Is there any difference?

                                                        I've never used a work profile before, so I don't know.

                                                          rdns dev here

                                                          ignition This applies to RethinkDNS as much as it does to Blokada.

                                                          I take insult to be lumped with Blokada.

                                                          ignition Rethink is nice but asking me to trust them for critical VPN function is a bridge too far, and not even possible when you need anti-censorship/obfuscation features of a proper VPN app.

                                                          Rethink is focused on anti-censorship, and we continually add (and want to add) improvements to that end, even if you may not notice it.

                                                          Also, it is a bit of a stretch passing your opinion (about what's critical for our project) as a fact. Have you got a personal email from me where I decried that WireGuard is a bridge too far for Rethink (a bit rich as we've been working on just the WireGuard bits for close to a year now, btw)? If not, you should consider if deriding our little project is of any constructive use to anyone.

                                                                ignoramous I take insult to be lumped with Blokada.

                                                                Okay?

                                                                Rethink is focused on anti-censorship, and we continually add (and want to add) improvements to that end, even if you may not notice it.

                                                                Also, it is a bit of a stretch passing your opinion (about what's critical for our project) as a fact.

                                                                I've known of Rethink long before it added the ability to import WireGuard configs so I'm not sure what you think it is I don't notice. I'm also not sure what you think is not a fact about the fact that Rethink is not a VPN and that mere support for configs does not make that a priority to its overall offering. You don't host servers, provision IP addresses and monitor their reputation, experiment with designs not based on WireGuard, undertake (or even as yet support) pioneering tech on obfuscation/anti-censorship measures in the space, deal with the realities of facing the GFW and its variants, etc.

                                                                It's no more 'opinion' than saying the Mullvad app isn't an ad blocker and that its ad blocking isn't a priority. It isn't, and that's perfectly fine. It's a great VPN though, and in this case, is one.

                                                                Have you got a personal email from me where I decried that WireGuard is a bridge too far for Rethink (a bit rich as we've been working on just the WireGuard bits for close to a year now, btw)?

                                                                Email? What? What does this have to do with anything here?

                                                                If not, you should consider if deriding our little project is of any constructive use to anyone.

                                                                Simply explaining why your app is a bad fit for what's being discussed is not 'deriding' it any more than explaining why Mullvad, IVPN, and Proton are a bad fit for ad blocking in a browser is 'deriding' any of them. You can find it unconstructive, but it was suggested and I was asked. I only answered.

                                                                    ignition I'm also not sure what you think is not a fact about the fact that Rethink is not a VPN and that mere support for configs does not make that a priority to its overall offering

                                                                    You don't get to decide what is and isn't priority for a project you don't control.

                                                                    ignition pioneering tech on obfuscation/anti-censorship measures in the space

                                                                    Anti-censorship is more than just GFW. Also, I've developed two other FOSS projects in this space, Rethink isn't my first or last foray.

                                                                    ignition Simply explaining

                                                                    Your simple explanations are rather too verbose and opinionated.