• General
  • Questions about GrapheneOS and related topics

gk7ncklxlts99w1 "Rooting" an Android device means that you expose the ability to gain... well, root. It is not possible to grant that kind of access to a specific app.

Furthermore, rooting is different from unlocking the the bootloader or flashing an alternative OS. For example, the reason why Pixels are chosen for GrapheneOS is because they allow you to flash an alternative OS (like GrapheneOS) and then lock the bootloader again, and by doing that, retain all of the hardware security features and keeping them intact.

This is not the case with other devices that don't provide first-class support for alternative OSes. Some devices irreversibly neuter hardware security features the moment you unlock the bootloader in a way that doesn't bring them back even if you decide to later flash the Stock OS of that device again and re-lock the bootloader. They achieve this by blowing a fuse in the hardware that permanently disables these features forever on that device.

https://www.privacyguides.org/os/android-overview/#avoid-rooting provides some information on rooting and why it should be avoided if you're planning to have a reasonably secure (and by extension, private) device.

    gk7ncklxlts99w1

    matchboxbananasynergy provided a great answer about rooting. It is a completely different process vs flashing.

    As for granular control - as I mentioned, you can use a DNS server that allows you to track, monitor, block and unblock every single host that your phone processes, for example, Adguard Private DNS.

    If you don't want to use a DNS, then you can configure Netguard or other similar software that will show you which app established a connection to a host.

    Generally speaking, you don't even need this if you use FOSS apps as most of them do not track users. As long as you are careful on what app you install, you might never need an adblocker (for browsers, you can install uBlock or just use browsers that have built-in adblockers).

      gk7ncklxlts99w1 Security of Vanadium browser vs Tor Browser. "The Tor Browser's security is weak which makes the privacy protection weak.". This is the first I've heard of Tor Browser being insecure from a security and privacy perspective. On GrapheneOS, is using Vanadium over the Tor network more secure and private than using Tor Browser? As described in the docs, Vanadium is more secure than Tor on GrapheneOS (technical reasons that I don't remember or understand), but I've always heard using Tor Browser is the most secure browser to use over the Tor network (I know this is mostly applicable to desktop but unclear on if it applies to phones too). Why should I use Vanadium (with Orbot) over Tor (with Orbot)? And what makes Tor insecure from a security and privacy perspective?

      It all depends what your threat model is: do you want privacy or security?

      Privacy means you don't want any website to know who you are.
      Security means your browser is protected as much as possible against zero-day and recent threats and vulnerabilities.

      Whilst Tor Browser is not as secure, it provides maximum privacy (anonymity). People use it if they don't want any website to identify them. Tor browser is not good for websites where you need to login (social, banking, etc).

      Vanadium (and other similar browsers) provide more security, which means they are great for day-to-day browsing, logging in to your preferred websites etc.

      Using Vanadium (and any other browser) over Tor/Orbot will ultimately make you unique as each browser has a unique fingerprint based on some of the configs, etc. And websites will see its you as your browser will have the same unique fingerprint with or without Tor.

      Using Tor browser (with default settings) means every single person who is using Tor browser will have the same browser fingerprint so websites will not be able to identify you. This is why it is strongly recommended to not touch any Tor browser settings, not install any extra add-ons, etc - just browse the web using default settings, to avoid fingerprinting.

        gk7ncklxlts99w1 "Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface" I'd like a technical elaboration. Why is Vanadium so much more secure than other browsers on GrapheneOS, and does Vanadium have the same level of security and privacy on other operating systems? Side note, I'm aware that default desktop Firefox is insecure, but hardened with Arkenfox, it becomes the most robust browser for privacy and security. What's stopping developers from developing an arkenfox based fork of Firefox for Android? Would it be as strong on Android as it is for desktop? And if Vanadium is better than Firefox on GrapheneOS, could it be adapted to desktop and still out-compete other browsers for privacy and security? I assume there's a fundamental difference in the architecture of AOSP over desktop that make this complicated.

        You can find some answers here: https://www.privacyguides.org/mobile-browsers/

        Firefox on Android (and any other fork based on Firefox) does not support site isolation (in comparison with Firefox Desktop).
        Chrome-based browsers on Android do support this feature, hence they are recommended for enhanced security.

        Using Arkenfox on Android Firefox won't improve this as site isolation is something that needs to be added via codding to original Firefox code. Arkenfox tweaks Firefox settings - it cannot tweak something which is not present in Firefox source code. So in order to Firefox on Android to support this, the devs need to add the relevant feature via codding.

        Desktop version is different - Desktop version does support site isolation (Total Cookie Protection) + you can use containers if you, for example, want to login to the same website using 2 accounts in the same session.

          gk7ncklxlts99w1 "Tor itself makes people into much more of a target (both locally and by the exit nodes)". I'd like more information. Is it talking about the browser, or the network? Using Tor properly, without bridges, in a country that doesn't ban the use of Tor, your ISP might flag you, but other than that they have no idea what you're doing. Using bridges, I don't see how using Tor makes you a target, and even if it did, given how much better Tor is compared to VPNs or the clearnet, there's no better option available that I'm aware of.

          It is talking about Network.

          ISPs can see that you are using Tor network (they see that your computer connects to one of the entry Tor nodes) hence they might or might not (no one knows this for sure - it depends on country, ISP, etc, etc - no one knows for sure!) flag you as using Tor often associates with doing shady things.

          If you use bridge then it will try to mask your entry node so your ISP won't see you are connecting to Tor network so you are unlikely to become a target.

          Its again boils down to the question: what you want to achieve? You can't use Tor for social media, banking, etc. Whilst you can use VPN for these (although, some streaming or other services might block the access if they think you are on VPN).

          You can use a trusted VPN for your day-to-day activities so that it will hide your traffic from ISP (some ISPs are known for monitoring and selling your data)

            gk7ncklxlts99w1 "If you're using a VPN, you should consider using the standard DNS service provided by the VPN service to avoid standing out from other users.", does this suggest using other DNS providers like cloudfare, Google and Quad9 make you stand out, or that not using any DNS provider makes you stand out?

            It says the following "if you are using a VPN provider, its better to use their own DNS server". Because the sites will see: Mullvad VPN with Mullvad DNS is connecting - hmmm, there are thousands of people using Mullvad VPN + Mullvad DNS - so its hard for us to find the person.

            If you use a custom DNS, then the websites will see: Mullvad VPN with 3rd party DNS is connecting - lets see, it seems much less people are using this config, so we can probably guess who it is.

            Also, using a 3rd party DNS with your VPN provider means trusting 2 parties: your VPN and DNS as both will see part of your traffic. You ideally want to avoid this as the less parties see you traffic, the better it is.

            If you don't use VPN at all, its good to use a privacy-friendly DNS.
            You can find a good comparison here: https://www.privacyguides.org/dns

            If you are using Mullvad, then just add their own adblocking DNS as your Android Private DNS and then it will be used both with and without VPN: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/

              Volen I suppose a DNS blocklist would be able to block specific IPs, but it doesn't have the same convenience as a firewall app like RethinkDNS, where you can easily see which IPs are being accessed in real time, and block or allow them easily. The ability to actually monitor your network activity is really handy.

              Again, the documentation says not to use apps like Netguard.

              Most apps I install probably aren't tracking me, but there are a few nasty ones like Amazon, which is something I can't live without (I like being able to quickly add books to my wishlist).

              Also, the privacy and security features provided by RethinkDNS have not been addressed yet.

                matchboxbananasynergy How does GrapheneOS gain root? Sorry, I'm not really clear on the process of how to root a device (I will google this, and read the article you mentioned). So just to be clear, when you root a device, you're actually exposing all apps that you install?

                  Volen

                  Vanadium (and other similar browsers) provide more security, which means they are great for day-to-day browsing, logging in to your preferred websites etc.

                  Does this also suggest Chromium based browsers would be better for logging into accounts with on desktop? Since Chromium is more secure than Firefox/Gecko, why aren't Chromium browsers touted as being better for security in the desktop space (any browser privacy guide worth it's salt recommends firefox over chromium, I have not heard of any recommendation for using chromium (eg. Brave) for logins).

                  Using Vanadium (and any other browser) over Tor/Orbot will ultimately make you unique as each browser has a unique fingerprint based on some of the configs, etc. And websites will see its you as your browser will have the same unique fingerprint with or without Tor.

                  So are you suggesting there's no way to prevent browser fingerprinting on Android, with or without Tor? If that's the case, then that sucks. I would like to know what specific configs make the browser unique (if you're able to provide that information).

                  Using Tor browser (with default settings) means every single person who is using Tor browser will have the same browser fingerprint so websites will not be able to identify you. This is why it is strongly recommended to not touch any Tor browser settings, not install any extra add-ons, etc - just browse the web using default settings, to avoid fingerprinting.

                  This contradicts the previous paragraph, but I'll just assume you meant "any other browser besides Tor".

                  So to summarize, it sounds like the best option for Android is to use Vanadium for logins, and Tor with default settings (which is how Tor is meant to be used) is best used for non-logins and general browsing where speed is not important. I don't want to put words in your mouth (or hands, in this case...) so correct me if I'm wrong.

                    Volen replying to https://discuss.grapheneos.org/d/2061-questions-about-grapheneos-and-related-topics/13

                    That guide doesn't tell me much. It just says to avoid Firefox because it doesn't have site isolation or IsolatedProcess, use Chromium because they do, and use Tor for anonymity. It then proceeds to show information for Brave, which is not as secure as Vanadium, which means I won't be using it, and the rest of the section talks about iOS making the guide mostly irrelevant for me.

                    It does provide a bit more information about site isolation (here, which I'll read up on.

                    I see your point about Arkenfox, but that shouldn't prevent someone from making a Firefox fork that tweaks the source code to enable site isolation / IsolatedProcess. I'm not a developer, so I don't know the hurdles associated with such a change.

                    Containers are considered dead, as this guy explains.

                    Also, I want to mention that the GrapheneOS documentation explains that Tor has poor security, therefore has poor privacy. But as you mentioned, and as the guide that you linked mentions, Tor is the only browser that has the capacity to be truly anonymous. If Tor has poor privacy, then Vanadium must have even worse privacy. Something doesn't add up.

                      Volen replying to https://discuss.grapheneos.org/d/2061-questions-about-grapheneos-and-related-topics/14. That sounds fair, but the phrase "Tor itself makes people into much more of a target" sounds very ominous and overly dramatic. I suppose it depends on the country you're in, if you live in a country that really doesn't like people using Tor, then ISP's might end up cancelling your internet. I don't see how it would end up in you being targeted by a state government or hackers (as the phrase might suggest, at least to me).

                        gk7ncklxlts99w1 I do not know. You shouldn't root your device. Keep in mind that if you root the device, you're running an unsupported setup, and not something that can really be called GrapheneOS at that point. GrapheneOS assumes that all of the hardware security features of the device are in place.

                        gk7ncklxlts99w1

                        Have you ever tried Adguard Private DNS (not public DNS but private DNS, the new service they offer)? Its does exactly what you said you want.

                        The documentation says not to use Netguard for blocking Internet access as you can use Network toggle to do it much more effectively, natively and correctly. No one said you are not allowed to use Netguard or that you can't use it for other purposes, for example, monitoring your traffic.

                        Its up to you to decide what to use in your case - you want Netguard - then use Netguard. You want RethinkDNS - then use it instead. The choice is yours.

                        You're just overthinking all this.

                          gk7ncklxlts99w1

                          Again, you're overthinking all this.

                          Desktop (Windows, Linux, Mac, etc) and Android are 2 completely different platforms.

                          Firefox for Desktop is NOT the same as Firefox for Android, Chrome for Desktop is NOT the same as Chrome for Android.

                          Both Firefox and Brave have a good reputation of being good browsers for Desktop users. No one said Chromium-based browsers are not recommended. See here: https://www.privacyguides.org/desktop-browsers/

                          Of course there is NO WAY to completely prevent fingeprinting if you are using a browser for day to day activities. There are tons of settings (browser settings, IP, locale, time, your operating system, etc) that contribute in creating a unique fingeprint. You need to do more research on this, there are tons of articles online about fingeprinting.

                          No browser, except Tor browser, will give you anonymity nor make you invisible (100% fingerprint protection). Its simply impossible.

                          You want anonymity - use Tor browser. You want a good and secure day to day browser? - use Vanadium or Brave, depending on your needs. That's it.

                          gk7ncklxlts99w1 I see your point about Arkenfox, but that shouldn't prevent someone from making a Firefox fork that tweaks the source code to enable site isolation / IsolatedProcess. I'm not a developer, so I don't know the hurdles associated with such a change.

                          Yes, it shouldn't prevent someone from making it. You can't code, I can't either, so we just need to sit and wait for this feature to be available one day.

                          gk7ncklxlts99w1 Containers are considered dead, as this guy explains.

                          You don't use containers in Firefox for security, you use them for convenience, if you want to login to 2 different websites without having to opening and closing Firefox, you use containers. Its up to you to use them or not, they don't provide any extra security.

                          gk7ncklxlts99w1 Also, I want to mention that the GrapheneOS documentation explains that Tor has poor security, therefore has poor privacy. But as you mentioned, and as the guide that you linked mentions, Tor is the only browser that has the capacity to be truly anonymous. If Tor has poor privacy, then Vanadium must have even worse privacy. Something doesn't add up.

                          Again, privacy and security are two completely, completely different things.

                          Tor is private but not as secure, Vanadium is not private but more secure. Thats it.

                          gk7ncklxlts99w1 replying to https://discuss.grapheneos.org/d/2061-questions-about-grapheneos-and-related-topics/14. That sounds fair, but the phrase "Tor itself makes people into much more of a target" sounds very ominous and overly dramatic. I suppose it depends on the country you're in, if you live in a country that really doesn't like people using Tor, then ISP's might end up cancelling your internet. I don't see how it would end up in you being targeted by a state government or hackers (as the phrase might suggest, at least to me).

                          Its not dramatic, its a correct statement that warns people about possible side effects of using Tor. No one can guarantee your ISP won't make you a target if you use Tor, hence the precaution.

                          This is something you can again do some more research on the web .

                            Volen gk7ncklxlts99w1 I see your point about Arkenfox, but that shouldn't prevent someone from making a Firefox fork that tweaks the source code to enable site isolation / IsolatedProcess. I'm not a developer, so I don't know the hurdles associated with such a change.

                            Yes, it shouldn't prevent someone from making it. You can't code, I can't either, so we just need to sit and wait for this feature to be available one day.

                            This is someone that was attempted with Mull, but it had to be reverted cause it broke horribly. IsolatedProcess is just not ready on Firefox for Android at this point.

                            Volen

                            No one said you are not allowed to use Netguard or that you can't use it for other purposes, for example, monitoring your traffic.

                            The documentation doesn't say you can't use Netguard or firewalls, but that they're not recommended. Here it explains the reasons. I'm simply asking for a better explanation. However, since I haven't really gotten a definitive answer about it, I'll just use my VPN instead.

                            You need to do more research on this, there are tons of articles online about fingeprinting.

                            I have done plenty of research on fingerprinting. I may not know everything, but browser privacy is probably my area of expertise in terms of privacy. Firefox, hardened with Arkenfox, is recommended as being more private than Chromium. I never said Chromium-based browsers had a bad reputation (although, they do). I never asked for complete privacy or complete anonymity. That wasn't part of my question. My question was why Vanadium was recommended over Tor, and why the documentation says that Tor has weak security therefore weak privacy, which is completely false as you and other articles have demonstrated. The only explanation that I've received for why Vanadium is more secure over Tor (and other browsers) is that it uses isolation. I have yet to read this article, which may shed some light on site isolation.

                            You don't use containers in Firefox for security, you use them for convenience, if you want to login to 2 different websites without having to opening and closing Firefox, you use containers. Its up to you to use them or not, they don't provide any extra security.

                            While I think they do provide some privacy (or at least they used to), you can also achieve the same thing by using separate profiles (which is what I do), which is more private. But yes, if you wanted a simple solution, containers would work.

                            Again, privacy and security are two completely, completely different things. Tor is private but not as secure, Vanadium is not private but more secure.

                            I understand that they are different, as I explained in my original post. However, you can't separate the two, they are intertwined like two sides of the same coin. If we're going to debate about the differences between security and privacy, then we may as well get our definitions straight. There are numerous good articles that explain the differences, and anyone remotely knowledgeable about InfoSec knows that privacy and security go hand-in-hand.

                            It seems to me that, in the privacy community, you have two types of people. Those who don't understand the differences between security, privacy and anonymity, and those that think they're all completely different and have no overlap with each other. Not only do they overlap, they enable each other.

                            gk7ncklxlts99w1 It sounds like what you might be looking for is a tool like Blokada. There's a tab in the app where you can see connections in real time if you want to, and block/allow as you choose, along with installing various available blocklists. Blokada 5 is free, and available from the blokada website itself (don't know if another source for it is better?) Blokada does NOT require root, but it does work by acting as a VPN, so bear that in mind if you choose to use it. I've used it before and my experience was very favorable, but I think the suggestion by users much more knowledgeable than myself of using a custom DNS blocklist might be the way to go, as it will allow you to use an actual VPN, whereas using Blokada simultaneously prevents that, I believe.

                              Shendai If using a non-root firewall prevents me from using a dedicated VPN, and root firewalls aren't secure, then I'll probably use a VPN. I don't know if the benefits of any non-root firewalls warrant using that over a dedicated VPN so I'm a bit in the dark about that.

                                gk7ncklxlts99w1 I believe that Netguard allows you to use a VPN as well as Netguard.

                                So while Netguard would be occupying the VPN slot, it also lets you use your VPN through Netguard.

                                I might be misremembering, however, or this may no longer be possible.

                                I'm just remembering that this was the case at some point. It might be something you might want to look into.

                                That said, I would personally recommend using the network permission when you don't want an app to have network access. That's robust, not leaky, and in my experience very reliable.