Hi all, I'll try it here with more space and since my question kind of drowned in the fuzz when asking it in the matrix channel.
Could you please help me to verify my mental model?
- If I use Orbot as Always-on-VPN and do block connections without VPN, then no service I am trying to reach will know the IP address that my ISP provides me, but only the one of the TOR exit node.
- Any app in that user profile will only know the IP of the Tor entry node, when receiving packets from it's server.
- This is about the same when using a VPN app like Mullvad. The difference would be that entry and exit node are the same.
- Using this setup in graphene OS is more secure regarding IP leakage to Servers and to Apps on the phone than using Orbot and Mullvad as regular apps without the settings mentioned in 1.
Q: How likely is it that a leakage happens nevertheless, compared to the security that, let's say whonix, provides?
Q: Would you use an app on your phone that you do not fully trust when you'd like to stay anonymous? (Given you are required to use it.)