• General
  • Questions about GrapheneOS and related topics

Hi there! Thanks for reaching out. There are a lot of questions here, and I will attempt to answer as many as I can to the best of my ability, however it might take some time. This comment is just to express interest that I'm willing to take this thread on. :)

Keep in mind that I will most likely be making multiple posts to address 1-2 questions at a time, both because some of these answers may require further research on my part, and I don't want to postpone answers to questions I can answer immediately, and because I believe it will make the thread more readable tin the long run.

Stay tuned. ^_^

gk7ncklxlts99w1 Why do some sites (eg. com.google.android.gsf) start with com? Usually the TLD is at the end. Is this because they are CDNs? If so, why do CDNs have the TLD at the beginning of the URL?

These are not sited but Android package names

Any Android package (app) name begins with com, so for example, com.mycompany.myapp

    Volen Just a brief interjection here. It is true that this seems to be a package name and not a site, but it's not necessary for it to begin with .com, it can be any TLD like .org, .io etc.

    gk7ncklxlts99w1 Is it worth using a root level firewall on GrapheneOS?. Do root firewalls take up a VPN slot? Does this section (https://grapheneos.org/faq#ad-blocking-apps) only apply to non-root based firewalls like NetGuard (an app I have used and enjoy, but I prefer RethinkDNS), or does it also include root firewalls like AFWall (an app I've never used and don't know anything about). I'm not really educated on the differences between root firewalls and non-root firewalls, except that non-root firewalls typically rely on a device-hosted VPN (I'm unclear on the security of this

    In order to use Root firewall, you need to root your device which is not recommended because it will create a huge security hole in your device (imagine a malicious app getting root access). Plus many apps, especially, banking apps, will not work.

    What you want to achieve with root firewall? - blocking network? - GOS has a native Network toggle that does it properly. Disabling apps? - you can do it natively with GOS. Blocking ads? - you can use a free service, for example, Adguard Personal DNS and configure your lists. It allows up to 300k hosts per month without having to pay so for me its a great option. Alternatively, install any non-root adbkocker - Tracker Control, Blockada, etc. You might not need it at all depending on what apps are you going to install (plain GOS does not spy nor do many FOSS apps).

      Volen I thought "rooting" your device was the same thing as flashing an OS/ROM on it. How does rooting a device differ from flashing, and from unlocking the bootloader, and from jailbreaking? (i'm going to google this in the mean time to be clearer on it).

      If you root your device to use a root firewall, only the firewall app will have root access, right? Or does it expose other apps too?

      I'm not necessarily saying I want a non-root firewall but whether it's worth using or not. Also, firewalls tend to give you more granular control over your network, like blocking IPs specifically, which GrapheneOS doesn't do. Also, RethinkDNS (which isn't a root firewall) has a lot of features that I'm not sure GrapheneOS addresses. GrapheneOS doesn't recommend non-root firewall apps.

      Basically, firewalls tend to give you more granular control. That's what I want, if it's necessary.

        gk7ncklxlts99w1 "Rooting" an Android device means that you expose the ability to gain... well, root. It is not possible to grant that kind of access to a specific app.

        Furthermore, rooting is different from unlocking the the bootloader or flashing an alternative OS. For example, the reason why Pixels are chosen for GrapheneOS is because they allow you to flash an alternative OS (like GrapheneOS) and then lock the bootloader again, and by doing that, retain all of the hardware security features and keeping them intact.

        This is not the case with other devices that don't provide first-class support for alternative OSes. Some devices irreversibly neuter hardware security features the moment you unlock the bootloader in a way that doesn't bring them back even if you decide to later flash the Stock OS of that device again and re-lock the bootloader. They achieve this by blowing a fuse in the hardware that permanently disables these features forever on that device.

        https://www.privacyguides.org/os/android-overview/#avoid-rooting provides some information on rooting and why it should be avoided if you're planning to have a reasonably secure (and by extension, private) device.

          gk7ncklxlts99w1

          matchboxbananasynergy provided a great answer about rooting. It is a completely different process vs flashing.

          As for granular control - as I mentioned, you can use a DNS server that allows you to track, monitor, block and unblock every single host that your phone processes, for example, Adguard Private DNS.

          If you don't want to use a DNS, then you can configure Netguard or other similar software that will show you which app established a connection to a host.

          Generally speaking, you don't even need this if you use FOSS apps as most of them do not track users. As long as you are careful on what app you install, you might never need an adblocker (for browsers, you can install uBlock or just use browsers that have built-in adblockers).

            gk7ncklxlts99w1 Security of Vanadium browser vs Tor Browser. "The Tor Browser's security is weak which makes the privacy protection weak.". This is the first I've heard of Tor Browser being insecure from a security and privacy perspective. On GrapheneOS, is using Vanadium over the Tor network more secure and private than using Tor Browser? As described in the docs, Vanadium is more secure than Tor on GrapheneOS (technical reasons that I don't remember or understand), but I've always heard using Tor Browser is the most secure browser to use over the Tor network (I know this is mostly applicable to desktop but unclear on if it applies to phones too). Why should I use Vanadium (with Orbot) over Tor (with Orbot)? And what makes Tor insecure from a security and privacy perspective?

            It all depends what your threat model is: do you want privacy or security?

            Privacy means you don't want any website to know who you are.
            Security means your browser is protected as much as possible against zero-day and recent threats and vulnerabilities.

            Whilst Tor Browser is not as secure, it provides maximum privacy (anonymity). People use it if they don't want any website to identify them. Tor browser is not good for websites where you need to login (social, banking, etc).

            Vanadium (and other similar browsers) provide more security, which means they are great for day-to-day browsing, logging in to your preferred websites etc.

            Using Vanadium (and any other browser) over Tor/Orbot will ultimately make you unique as each browser has a unique fingerprint based on some of the configs, etc. And websites will see its you as your browser will have the same unique fingerprint with or without Tor.

            Using Tor browser (with default settings) means every single person who is using Tor browser will have the same browser fingerprint so websites will not be able to identify you. This is why it is strongly recommended to not touch any Tor browser settings, not install any extra add-ons, etc - just browse the web using default settings, to avoid fingerprinting.

              gk7ncklxlts99w1 "Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface" I'd like a technical elaboration. Why is Vanadium so much more secure than other browsers on GrapheneOS, and does Vanadium have the same level of security and privacy on other operating systems? Side note, I'm aware that default desktop Firefox is insecure, but hardened with Arkenfox, it becomes the most robust browser for privacy and security. What's stopping developers from developing an arkenfox based fork of Firefox for Android? Would it be as strong on Android as it is for desktop? And if Vanadium is better than Firefox on GrapheneOS, could it be adapted to desktop and still out-compete other browsers for privacy and security? I assume there's a fundamental difference in the architecture of AOSP over desktop that make this complicated.

              You can find some answers here: https://www.privacyguides.org/mobile-browsers/

              Firefox on Android (and any other fork based on Firefox) does not support site isolation (in comparison with Firefox Desktop).
              Chrome-based browsers on Android do support this feature, hence they are recommended for enhanced security.

              Using Arkenfox on Android Firefox won't improve this as site isolation is something that needs to be added via codding to original Firefox code. Arkenfox tweaks Firefox settings - it cannot tweak something which is not present in Firefox source code. So in order to Firefox on Android to support this, the devs need to add the relevant feature via codding.

              Desktop version is different - Desktop version does support site isolation (Total Cookie Protection) + you can use containers if you, for example, want to login to the same website using 2 accounts in the same session.

                gk7ncklxlts99w1 "Tor itself makes people into much more of a target (both locally and by the exit nodes)". I'd like more information. Is it talking about the browser, or the network? Using Tor properly, without bridges, in a country that doesn't ban the use of Tor, your ISP might flag you, but other than that they have no idea what you're doing. Using bridges, I don't see how using Tor makes you a target, and even if it did, given how much better Tor is compared to VPNs or the clearnet, there's no better option available that I'm aware of.

                It is talking about Network.

                ISPs can see that you are using Tor network (they see that your computer connects to one of the entry Tor nodes) hence they might or might not (no one knows this for sure - it depends on country, ISP, etc, etc - no one knows for sure!) flag you as using Tor often associates with doing shady things.

                If you use bridge then it will try to mask your entry node so your ISP won't see you are connecting to Tor network so you are unlikely to become a target.

                Its again boils down to the question: what you want to achieve? You can't use Tor for social media, banking, etc. Whilst you can use VPN for these (although, some streaming or other services might block the access if they think you are on VPN).

                You can use a trusted VPN for your day-to-day activities so that it will hide your traffic from ISP (some ISPs are known for monitoring and selling your data)

                  gk7ncklxlts99w1 "If you're using a VPN, you should consider using the standard DNS service provided by the VPN service to avoid standing out from other users.", does this suggest using other DNS providers like cloudfare, Google and Quad9 make you stand out, or that not using any DNS provider makes you stand out?

                  It says the following "if you are using a VPN provider, its better to use their own DNS server". Because the sites will see: Mullvad VPN with Mullvad DNS is connecting - hmmm, there are thousands of people using Mullvad VPN + Mullvad DNS - so its hard for us to find the person.

                  If you use a custom DNS, then the websites will see: Mullvad VPN with 3rd party DNS is connecting - lets see, it seems much less people are using this config, so we can probably guess who it is.

                  Also, using a 3rd party DNS with your VPN provider means trusting 2 parties: your VPN and DNS as both will see part of your traffic. You ideally want to avoid this as the less parties see you traffic, the better it is.

                  If you don't use VPN at all, its good to use a privacy-friendly DNS.
                  You can find a good comparison here: https://www.privacyguides.org/dns

                  If you are using Mullvad, then just add their own adblocking DNS as your Android Private DNS and then it will be used both with and without VPN: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/

                    Volen I suppose a DNS blocklist would be able to block specific IPs, but it doesn't have the same convenience as a firewall app like RethinkDNS, where you can easily see which IPs are being accessed in real time, and block or allow them easily. The ability to actually monitor your network activity is really handy.

                    Again, the documentation says not to use apps like Netguard.

                    Most apps I install probably aren't tracking me, but there are a few nasty ones like Amazon, which is something I can't live without (I like being able to quickly add books to my wishlist).

                    Also, the privacy and security features provided by RethinkDNS have not been addressed yet.

                      matchboxbananasynergy How does GrapheneOS gain root? Sorry, I'm not really clear on the process of how to root a device (I will google this, and read the article you mentioned). So just to be clear, when you root a device, you're actually exposing all apps that you install?

                        Volen

                        Vanadium (and other similar browsers) provide more security, which means they are great for day-to-day browsing, logging in to your preferred websites etc.

                        Does this also suggest Chromium based browsers would be better for logging into accounts with on desktop? Since Chromium is more secure than Firefox/Gecko, why aren't Chromium browsers touted as being better for security in the desktop space (any browser privacy guide worth it's salt recommends firefox over chromium, I have not heard of any recommendation for using chromium (eg. Brave) for logins).

                        Using Vanadium (and any other browser) over Tor/Orbot will ultimately make you unique as each browser has a unique fingerprint based on some of the configs, etc. And websites will see its you as your browser will have the same unique fingerprint with or without Tor.

                        So are you suggesting there's no way to prevent browser fingerprinting on Android, with or without Tor? If that's the case, then that sucks. I would like to know what specific configs make the browser unique (if you're able to provide that information).

                        Using Tor browser (with default settings) means every single person who is using Tor browser will have the same browser fingerprint so websites will not be able to identify you. This is why it is strongly recommended to not touch any Tor browser settings, not install any extra add-ons, etc - just browse the web using default settings, to avoid fingerprinting.

                        This contradicts the previous paragraph, but I'll just assume you meant "any other browser besides Tor".

                        So to summarize, it sounds like the best option for Android is to use Vanadium for logins, and Tor with default settings (which is how Tor is meant to be used) is best used for non-logins and general browsing where speed is not important. I don't want to put words in your mouth (or hands, in this case...) so correct me if I'm wrong.

                          Volen replying to https://discuss.grapheneos.org/d/2061-questions-about-grapheneos-and-related-topics/13

                          That guide doesn't tell me much. It just says to avoid Firefox because it doesn't have site isolation or IsolatedProcess, use Chromium because they do, and use Tor for anonymity. It then proceeds to show information for Brave, which is not as secure as Vanadium, which means I won't be using it, and the rest of the section talks about iOS making the guide mostly irrelevant for me.

                          It does provide a bit more information about site isolation (here, which I'll read up on.

                          I see your point about Arkenfox, but that shouldn't prevent someone from making a Firefox fork that tweaks the source code to enable site isolation / IsolatedProcess. I'm not a developer, so I don't know the hurdles associated with such a change.

                          Containers are considered dead, as this guy explains.

                          Also, I want to mention that the GrapheneOS documentation explains that Tor has poor security, therefore has poor privacy. But as you mentioned, and as the guide that you linked mentions, Tor is the only browser that has the capacity to be truly anonymous. If Tor has poor privacy, then Vanadium must have even worse privacy. Something doesn't add up.

                            Volen replying to https://discuss.grapheneos.org/d/2061-questions-about-grapheneos-and-related-topics/14. That sounds fair, but the phrase "Tor itself makes people into much more of a target" sounds very ominous and overly dramatic. I suppose it depends on the country you're in, if you live in a country that really doesn't like people using Tor, then ISP's might end up cancelling your internet. I don't see how it would end up in you being targeted by a state government or hackers (as the phrase might suggest, at least to me).

                              gk7ncklxlts99w1 I do not know. You shouldn't root your device. Keep in mind that if you root the device, you're running an unsupported setup, and not something that can really be called GrapheneOS at that point. GrapheneOS assumes that all of the hardware security features of the device are in place.

                              gk7ncklxlts99w1

                              Have you ever tried Adguard Private DNS (not public DNS but private DNS, the new service they offer)? Its does exactly what you said you want.

                              The documentation says not to use Netguard for blocking Internet access as you can use Network toggle to do it much more effectively, natively and correctly. No one said you are not allowed to use Netguard or that you can't use it for other purposes, for example, monitoring your traffic.

                              Its up to you to decide what to use in your case - you want Netguard - then use Netguard. You want RethinkDNS - then use it instead. The choice is yours.

                              You're just overthinking all this.

                                gk7ncklxlts99w1

                                Again, you're overthinking all this.

                                Desktop (Windows, Linux, Mac, etc) and Android are 2 completely different platforms.

                                Firefox for Desktop is NOT the same as Firefox for Android, Chrome for Desktop is NOT the same as Chrome for Android.

                                Both Firefox and Brave have a good reputation of being good browsers for Desktop users. No one said Chromium-based browsers are not recommended. See here: https://www.privacyguides.org/desktop-browsers/

                                Of course there is NO WAY to completely prevent fingeprinting if you are using a browser for day to day activities. There are tons of settings (browser settings, IP, locale, time, your operating system, etc) that contribute in creating a unique fingeprint. You need to do more research on this, there are tons of articles online about fingeprinting.

                                No browser, except Tor browser, will give you anonymity nor make you invisible (100% fingerprint protection). Its simply impossible.

                                You want anonymity - use Tor browser. You want a good and secure day to day browser? - use Vanadium or Brave, depending on your needs. That's it.

                                gk7ncklxlts99w1 I see your point about Arkenfox, but that shouldn't prevent someone from making a Firefox fork that tweaks the source code to enable site isolation / IsolatedProcess. I'm not a developer, so I don't know the hurdles associated with such a change.

                                Yes, it shouldn't prevent someone from making it. You can't code, I can't either, so we just need to sit and wait for this feature to be available one day.

                                gk7ncklxlts99w1 Containers are considered dead, as this guy explains.

                                You don't use containers in Firefox for security, you use them for convenience, if you want to login to 2 different websites without having to opening and closing Firefox, you use containers. Its up to you to use them or not, they don't provide any extra security.

                                gk7ncklxlts99w1 Also, I want to mention that the GrapheneOS documentation explains that Tor has poor security, therefore has poor privacy. But as you mentioned, and as the guide that you linked mentions, Tor is the only browser that has the capacity to be truly anonymous. If Tor has poor privacy, then Vanadium must have even worse privacy. Something doesn't add up.

                                Again, privacy and security are two completely, completely different things.

                                Tor is private but not as secure, Vanadium is not private but more secure. Thats it.

                                gk7ncklxlts99w1 replying to https://discuss.grapheneos.org/d/2061-questions-about-grapheneos-and-related-topics/14. That sounds fair, but the phrase "Tor itself makes people into much more of a target" sounds very ominous and overly dramatic. I suppose it depends on the country you're in, if you live in a country that really doesn't like people using Tor, then ISP's might end up cancelling your internet. I don't see how it would end up in you being targeted by a state government or hackers (as the phrase might suggest, at least to me).

                                Its not dramatic, its a correct statement that warns people about possible side effects of using Tor. No one can guarantee your ISP won't make you a target if you use Tor, hence the precaution.

                                This is something you can again do some more research on the web .