Clarification regarding fingerprinting and some questions

someone27281 It'd be even better if it got added to FAQ also :)

• https://grapheneos.org/faq#hardware-identifiers
• https://grapheneos.org/faq#non-hardware-identifiers

There's also a post with a lot of info here: https://discuss.grapheneos.org/d/17118-identifiers-across-private-space-and-profiles/4. As you can see, the info there was shared by a project member. The project is open about these things. Maybe the FAQ doesn't list them out like in this post, but the FAQ does say that certain global info is available to apps.

someone27281 mediaDRM

https://github.com/GrapheneOS/os-issue-tracker/issues/2314

someone27281 SIM operator name

In the FAQ. Also, I believe you can disable the SIM for that (don't know for sure, so you can check that yourself), otherwise remove the SIM.

someone27281 OS details

In the FAQ

someone27281 I guess my question would an app be able to identify 2 user profiles as being the same user based on info that is common between them

(Kind of just started writing and went on a little rant here, but I don't feel like making it shorter, so here you go... Also, want to point out that I'm NOT a GrapheneOS developer, nor am I involved in making decisions for the project, so keep that in mind. Maybe a developer or someone who actually makes development decisions would have different opinions.)

This depends on a lot of factors, but I'd like to sort of quote a thing another forum member, de0u, sometimes says: I don't expect [insert feature here] to convert privacy-invasive apps into privacy-respecting apps. (from this post specifically).

In other words, I think what you're trying to do is to install and use apps that you don't expect will respect your privacy. GrapheneOS's privacy and security features already do a lot to help protect GrapheneOS users' privacy, but GrapheneOS users cannot expect the project to add features where the OS will reliably break apps that don't respect users' privacy in certain ways to block those apps' access to certain things, all while maintaining app compatibility.

Ultimately, it's a numbers game, but consider if toggles spoof everything, then possibly both profiles have the same spoofed info, so since GrapheneOS is a well-known OS, fingerprinting services/companies could then add some logic to their fingerprinting library or service to account for that and see over time "this phone is always at 50% battery, is never charging, its charge cycles never seem to change, storage is aways at 50%, the timezone is set to GMT, no mobile carrier, but it's clearly a phone based on the screen size so that's strange, etc." and they see the same info from another profile. So now a potentially bigger fingerprinting datapoint is right there: here are two "devices" that spoof almost everything. So, in effect, you stand out in a crowd even more that way.

So, clearly more thought needs to go into this sort of feature. Adding features without first considering these things is not helpful, and may actually end up being harmful to your privacy. So the features have to be even more complicated, meaning more resources need to go into development, etc., etc. Are toggles user specific? If so, more infrastructure needs to be added. Will spoofed data be random? If so, that needs to be planned and implemented in a way that works and is effective.

Anyway, simply adding toggles to supply fake data might end up being harmful, and GrapheneOS doesn't do dumb stuff like that. You could also consider that maybe no spoofing is the best way to not stand out. But I think it would be most ideal for upstream AOSP to limit access to these things so that the changes can made more cleanly and apps don't break or fingerprinting isn't easier because of downstream changes. Also cool because then GrapheneOS can work on more interesting features.

someone27281 Is user profiles be treated as completely separate identities?

No.

someone27281 if I use the same app without VPN in my main profile, with a VPN in a second profile, the app can corelate both as me by checking the mediaDRM id right?

Probably. And also via other data points.

someone27281 I guess my question would an app be able to identify 2 user profiles as being the same user based on info that is common between them

It would be best to assume that an app written by an entity whose business model involves tracking people is fairly likely to be tracking people.

If an entity claims (pethaps in a ToS document) that they are not tracking in some specific way, and that entity is subject to a jurisdiction that punishes false claims about tracking, the entity may well act much of the time in the way they claim to. This is less likely to be true of entities homed in jurisdictions lacking functional independent judiciaries.

If one installs apps from "modder"/"unlocker" sites operated by unknown parties in unknown jurisdictions... 🤔

someone27281 In videos like https://m.youtube.com/watch?v=yTeAFoQnQPo and https://m.youtube.com/watch?v=8FDIef7tVFg , he claims apps installed in GrapheneOS makes it anonymous.

The first video is about security, the second is about their specific "anonymous" setup in which they specifically say they don't use a mobile network, etc.

someone27281 is it possible to add an entry in FAQ regarding this specific issue? Since there are YT videos claiming this I'd say it's necessary to clarify this.

They aren't making the claim you're saying they are.

You seem to believe GrapheneOS does certain things that it doesn't after consuming content that states something else. You also keep saying "anonymous" but I am not sure if you really mean "anonymous" or something else. Consider how many people and how many devices are out there. Just guessing, but you are probably just one in tens to hundreds of thousands in your area. Just because apps have some access to global data doesn't mean they know who you are.

Consider a setup where you have a fairly popular device, in a country with many people, with mobile service provided by a major provider, device's locale is set to something common. If an app or fingerprinting library attempt to fingerprint you, they will find some data that would be exactly the same as the majority of the country. That data isn't very useful then, is it? But, if you do weird things to stick out, then that makes the job much easier. For example you're one of the very few people using said mobile provider in said country, but your phone's timezone is set to something very different (for example, setting the timezone to the same as New York's when located somewhere in Europe).

Anyway, I didn't plan on writing yet another long post, but looks like I did anyway. I'll leave it here. I'd suggest you take a step back and try to look at fingerprinting in a different way. I have a feeling this topic is much more complex than you give it credit for.