Cell Provider Tracking

plantmom

I desperately wanna get my phone more secure and private. Been thinking of switching to graphene, but I'm also curious about how much it actually protects from.

Won't my cell provider still be able to track almost all data that goes through the phone? Excuse me if this is a dumb question. I honestly don't know how that works.

Also, with the protections that graphene provides, is it still possible for the gov to spy on your phone if they want to? The amount of surveillance in our society just really creeps me out.

DeletedUser69

plantmom if you want to stay private from your network provider, use a good VPN.

https://www.privacyguides.org/en/vpn/

There is too much to take on to answer your second question briefly and plainly and I am not cut out for the job.

secrec

plantmom Won't my cell provider still be able to track almost all data that goes through the phone?

There is a limit to what they can see. Most or all of the data that goes into or out from your phone should be encrypted, therefore they can only see that there is data, how much data, and with whom it is being transferred. A VPN can hide more of this from them, they can tell that you use a VPN and can see overall how much data you use, but they don't know any more than that.

JollyRancher

Use a VPN (Mullvad is generally the best outside of setting up your own). If you have issues with VPN blocking of services that you need/desire, Private Internet Access with a Dedicated IP is probably the best option.

Set the VPN kill switch option on your phone (remember that you need the VPN in every profile).

The VPN usage will prevent your telecom from knowing what sites you visit and will prevent those sites from knowing what telecom you are using.

The telecom will still have records of every phone call and SMS along with fairly accurate location data thanks to the phone connecting to cell towers.

Establish a Signal account with the SIM number and then refuse to engage with anyone over phone or SMS.

SimpleX is more secure and anonymous but adoption and ease of use suffer compared to signal.

Establish a ProtonMail account, do not link a recovery phone or email to it.

Use authenticator app (Aegis is the best) or that proton email for 2fa. Anything sent over SMS should be assumed compromised against a state actor.

Ultimately, privacy and security are in balance with ease of use and cost. What compromises you make are up to you to decide.

Base GOS (no apps) on a Pixel 9 with a good VPN, USB disabled, and a strong password will be essentially impossible for anyone to access without your assistance. Any phone calls or SMS messages too or from the device should be assumed compromised but the device will be secure.

Going beyond that is a much more complex topic. What apps for you install? In what profiles? How do you use your device and those apps? What threats are you concerned about? What ease of use and cost compromises are you willing to make in mitigating those threats? What are your associates willing and able to do to help you mitigate the threat?

For some people/circumstances appropriate threat mitigation might involve buying property in multiple nations using shell companies with concealed ownership and using those properties to host RAM Disk servers that you are piping all of your internet traffic through. Or hiring your own team of experts to code you up custom apps for your needs.

For other circumstances, buying a Pixel direct from Google with your credit card, flashing GOS to it, and putting in an eSim bought in your own name from Verizon is perfectly fine.

plantmom

JollyRancher if i use split tunneling with proton vpn, would pia be more secure? Or is split tunneling ok?

locked

Adding to the above, though, if you want to be even safer, don't insert a sim card into your pixel. always run on airplane mode, and connect to wifi. If you need to receive sms for whatsapp, telegram, and signal activation, stick it in another phone to receive them.

BeepBeep

I'm not on Mullvad, but generally split tunneled data isn't protected by the VPN (since only 1 VPN runs on android), so it's less secure. Mullvad Multihop would theoretically be more secure -- hey, it's not paranoia if they're actually after you! :) Might be slower using multihop. Turning on full time VPN with Kill Switch could help prevent data from leaking past your VPN.

Ammako

You also can't do split tunneling on Android without turning off "Block connections without VPN."

If you need this kind of functionality then I suggest installing the apps you want to be "split-tunneled" into private space, or a secondary profile, which would not have a VPN connection. So every connection on your phone goes through VPN, connections without VPN are blocked (you can leave that setting on), and you just unlock private space or switch profile when you want to use an app outside of VPN. Then lock/close the private space or profile after you're done so it stops running and won't be making connections while not in use.

ellsworth

If you're always on a VPN, only the VPN provider can see what websites you are contacting. HTTPS effectively encrypts the data you send, VPN or not.

Your location can always be tracked by your cell service provider as long as your phone is on and not in airplane mode. If you're in airplane mode your location cannot be determined under normal circumstances. State actors may be able to track a phone that is off, but that is an exceptional scenario where you would have to be specifically targeted.

Apps can obtain and report your location if you give them location permissions, even on WIFI and on a VPN. They determine this using GPS and nearby WIFI SSIDs.

I normally keep my phone in airplane mode and only use cell data when I need it. I always use a VPN (Mullvad or Proton are good). I am very careful what apps I install. I use a web browser for x.com and Instagram, for example. I rarely give apps location permissions.