A few questions regarding trying to be more anonymous on Graphene OS

q654q

Hey everyone. I'd like to point out that this shouldn't refer to my personal or someone's elses threat model, but rather a discussion to get more understanding on how to become more private/anonymous on GoS, if needed.

Let's imagine a scenario when a user would like to do something really sensitive its phone. For instance, surfing the DarkWeb through Tor network. And we probably don't have other than Tor tools for sensitive stuff anyways.

Thus, I have several questions:

1) Is using just Tor browser on GrapheneOS with owner profile only and installed sanboxed google play services (without any extra precautions) safe enough and at least multiple times better than running Tor browser on Windows PC?
2) Is GrapheneOS with owner profile only and installed sanboxed google play services comparable to something like QubeOS when it comes to anonimity? If not, which settings should be applied to get there, other than adding another user profile?
3) Would something like Orbot be necessary, when trying to wire EVERY connection through Tor network, or Tor browser is sufficient (owner profile or not)? In particular, should a user worry about connectivity checks?
4) Is it wise to turn off sim and in general worry about mobile triangualtion or some other factors that may deanonimize you at the process of going through Tor network (IMEI, hardware etc)?
5) If adding another user profile (with Tor browser installed only, for instance) is almost mandatory, is Android Private Space at least comparable or worse still? This feature should have separate encryption, as far as I'm aware.

Tandara

It really depends on trust you place on the apps/services that are in the same profile running through Tor.
I believe using smth like Orbot would run all of your traffic through a Tor node, which might include apps that have accounts linked to your activity in the normal web. Also, using play services alone with network permissions on would snitch on you even without g account in case apps are using ps on the same profile.
Better off running in a separate profile or private space for that matter.

QubesOS is better suited for that due to its ease of disposing VMs and leaving no traces behind.

JollyRancher

I know you said you don't Wang to get into threat models but number 4 is basically only answerable for specific threat models.

Generally, installing orbot and setting it as the profile VPN with kill switch enabled is what you should do if you want privacy via Tor for a profile. That will prevent inadvertent leakage outside of Tor.

QubesOS vs. GrapheneOS is like comparing apples and oranges. They are both fruit but that is about it. GOS is designed to integrate with the Pixel hardware to create a holistically secure device and by default it is very good at providing that secure device.

QubesOS can run on all manner of computer set ups and with all manner of configurations. Some of those will be substantially more secure for darknet browsing than GOS while some will be substantially worse.

The question, as always, is what is your threat model, what level of inconvenience are you willing to accept, and what level of resources are you willing to invest.

q654q

JollyRancher

Thanks for the reply!

So you think that Private Space is on par with using separate user profile for this case, correct?

Also, if using orbot in Private Space (not sure if it would be separate VPN per Private Space/user profile), should a user still use Tor browser? Wouldn't Tor browser and orbot conflict each other?

NetRunner88

q654q
There is no conflict between orbot and tor browser