A recent GrapheneOS adopter's first post/discussion, so first things first!

If Daniel Micay and/or any of the other studs working on GrapheneOS dev get to read this, my sincere thanks and salute! The importance of this project, along with other similar projects that are working on bolstering privacy & security on modern computing devices, cannot be underestimated. Hats off guys!

Now to my question...
My current setup has an 'Admin' user profile & a 'Default' user profile. The 'Admin' profile, being the first user profile, is used to setup things the way I want it (currently, toggle Mobile data etc.) and the 'Default' profile simply uses the networks (WiFi / Mobile data) made available.

Now, I want to add another user profile, say 'Anonymous', where all browser and app network traffic is sent strictly over Tor, no exceptions! How can I accomplish this?

Should I install Orbot in the 'Admin' profile and is there a way to make that accessible to other user profiles (like WiFi & Mobile data)? Also, how can I ensure that ALL network traffic initiated from within 'Anonymous' user profile, whether from browsers or apps, are sent only over Tor?

Thanks!
grapheneOS39663

    grapheneos39663 You install Orbot in the Anonymous user profile and make sure "Always On VPN" and "Block connections without VPN" are enabled in Settings (they are enabled by default I believe by I usually double check).

    This will make sure that the OS will route all network traffic from browsers and all other apps in that user profile though Orbot.

    This is good for most people, however if your threat model is very high, please also consider a couple of things:

    • Some OS traffic like Internet connectivity checks bypasses VPN (Orbot in this case). This is by design to make captive portals work
    • There were reports that Orbot app may leak. I don't know how often it may happen or if it was already fixed but do your own research if your personal safety depends on it

    Wow! A reply with solution in under 10 mins! And btw, I was expecting a reply from you evalda based on the number of posts/replies you have on the topic of 'user profiles', just not this quick. Thanks mucho!

    That reminds me...I would like to extend my sincere thanks & salute to the many amazing folks on this forum who respond to strange/familiar questions from strange/familiar people.