Correlation through location data and VPN

DeletedUser232

What could possibly happen if I use a same IP address to acquire the location data (SUPL, PSDS, Network location) and the service that I am trying to visit anonymously? Does using the default GrapheneOS proxy helps againt correlation attacks?

other8026

DeletedUser232 First of all, I'd suggest you look through the default connections FAQ, and the following section on other connections on the website. It's kind of long, but considering your question, it may be interesting to you, and some of it is relevant to your question.

PSDS is a file or files your phone downloads and no identifying information is sent when fetching the file(s).

As for your question, I'm not sure I follow, so I'll just say some related stuff and hope it helps clarify some things... I believe no extra identifying information is sent when getting location assistance from either SUPL (see the website, identifying info was removed) or network location (only BSSIDs are sent now, afaict). All those servers (Google's and Apple's) should see is a lot of requests coming from GrapheneOS's proxies, yours along with anyone else's, so they shouldn't see your IP address.

ryrona

DeletedUser232 What could possibly happen if I use a same IP address to acquire the location data (SUPL, PSDS, Network location) and the service that I am trying to visit anonymously? Does using the default GrapheneOS proxy helps againt correlation attacks?

The location lookup connection to GrapheneOS proxy service is HTTPS encrypted, so no one between you and GrapheneOS proxy service can see your location information at all, not even your VPN service provider or their ISP.

Likely, the service you visit anonymously is also HTTPS encrypted.

So, GrapheneOS proxy service will see your VPN IP address and exact location, and the service you visit anonymously will see the same VPN IP address, but no one else should see anything of privacy or anonymity concern. There is a correlation there. For most people, this is probably not that much of a concern, but if your threat model involves GrapheneOS being coerced to surrender the exact location for the user who used a specific VPN IP address at a specific point in time, it might be a concern.

Ideally, you should never mix real life activity and anonymous activity over the same VPN connection. Because even if there are mitigations such as HTTPS, the correlation is nonetheless already there.

Just the same as you should never login to a service with your real life account over the same VPN connection you are also using for anonymous activity. Ideally, keep real life activity and anonymous activity on separate user profiles, with separate VPN nodes, and have location services completely disabled in the user profile for anonymous activity.

other8026

ryrona but if your threat model involves GrapheneOS being coerced to surrender the exact location for the user who used a specific VPN IP address at a specific point in time, it might be a concern.

GrapheneOS would have to actually have the data in order to determine a person's location. I don't know Nginx configuration very well, but it looks like that data isn't logged. Maybe someone who knows this stuff better than me can verify.

Also, GrapheneOS's privacy policy may be of some interest: https://grapheneos.org/faq#privacy-policy

GrapheneOS

ryrona

So, GrapheneOS proxy service will see your VPN IP address and exact location, and the service you visit anonymously will see the same VPN IP address, but no one else should see anything of privacy or anonymity concern. There is a correlation there. For most people, this is probably not that much of a concern, but if your threat model involves GrapheneOS being coerced to surrender the exact location for the user who used a specific VPN IP address at a specific point in time, it might be a concern.

GrapheneOS does not store any data about the requests. There are web server logs with a 4 day time limit enforced for retention which will likely be lowered further. The logs are needed to deal with DDoS attacks and similar issues but don't need to be kept for very long. Having it more granular than a few days would require changing the journald configuration though since it currently has daily log rotation.

Ideally, you should never mix real life activity and anonymous activity over the same VPN connection. Because even if there are mitigations such as HTTPS, the correlation is nonetheless already there.

Each profile has their own VPN configuration for a reason. All of the SUPL and network location requests are made from the Owner user, never from secondary profiles.