• Off Topic
  • Disabling connectivity checks on GrapheneOS

What are the exact consequences of disabling internet connectivity checks? 

    Forget about the connectivity checks, WiFi Calling also completely bypasses the VPN. Even if you turn it off, it still resolves the domains which could be used to fingerprint devices on a WiFi network. There is currently no way to prevent this, though the issue has been brought up: https://github.com/GrapheneOS/os-issue-tracker/issues/887

    Also, the network assisted location (SUPL) bypasses the vpn, though there is now a toggle for that service.

      • [deleted]

      nodsocket Also, the network assisted location (SUPL) bypasses the vpn, though there is now a toggle for that service.

      Source? As far as I know that's not true.

        [deleted] If you are connected to WiFi but there is no upstream connection, you're supposed to get a notification. With connectivity checks disabled, you won't get any notification if the connection breaks.

        nodsocket WiFi Calling also completely bypasses the VPN. Even if you turn it off, it still resolves the domains which could be used to fingerprint devices on a WiFi network.

        If you have airplane mode on and don't have a SIM in your device, would WiFi calling network requests still happen?

          I leave mine disabled all of the time. I have noticed however where some public WiFi hotspots have a some kind of log-in screen/ terms and conditions to agree to this page won't open open so the WiFi stays connected but says no internet access.

            nodsocket Also, the network assisted location (SUPL) bypasses the vpn, though there is now a toggle for that service.

            That is not true for Tensor Pixels.

              nodsocket Thank you, that's good to know. So if a SIM was never inserted, DNS requests won't be sent?

                evalda I think so. The phone needs to know which domains to resolve first, which would require a sim.

                  • [deleted]

                  The only downside of disabling internet connectivity checks is that captive portals will not work? 

                    [deleted] How I am understanding it, if the connectivity checks are disabled, it won't bring up the sign in page automatically for a captive portal. You can still open your browser and go to a website and it should redirect you to the sign in page. After you sign in, the network should work like normal.
                    If you try to go to a https page it should give you a certificate warning as the portal is redirecting you to the sign in website. If you try going to an http page it should redirect properly.

                    The only other drawback I am aware of is say you are connected to WiFi and the internet connection goes down, you won't get prompted that the network went out. So you can be joined to WiFi and not be aware that it is not working.

                    • [deleted]

                    matchboxbananasynergy It's something that's inherently not a big deal (no user data is sent) and has been blown way out of proportion.

                    I think that it's quite a big deal because every time you will identify yourself as a GrapheneOS user to every public Wi-Fi and your ISP.

                    So if you're the only one using GrapheneOS in your city or place, then you can be traced and identified.

                      • [deleted]

                      matchboxbananasynergy GrapheneOS also adds the ability to fully disable the connectivity checks. This results in the OS no longer handling captive portals itself, not falling back to other networks when some don't have internet access and not being able to delay scheduled jobs depending on internet access until it becomes available.

                      1. The OS will no longer handle captive portals itself

                      2. It will not fall back for example to cellular when your Wi-Fi has lost connection and vice versa.

                      The part that I don't understand is "not being able to delay scheduled jobs depending on internet access until it becomes available".

                        [deleted] To blend in with other users while using a VPN, use the Standard mode. Disabled stands out from other users nearly as much as GrapheneOS.