Article discussion

[deleted]

From https://bencrypted.gitlab.io/post/2/:

Does spoofing device information (Randomization section) and using secondary user account as your main profile (Account Isolation) achieve much?

[deleted]

[deleted] This article is inaccurate on many points and literally recommends to use F-Droid.

randomname

That article is incorrect on multiples points such as:

Lockdown Mode provides the same security features as would be in place after reboot (before the first unlock).

is it false

Disable Sensors using dev option and sensor tile.

grapheneos have sensor permission you don't need to enable dev tools sensor tile.

and also it is recommending to disable connectivity check for no reason

[deleted]

randomname grapheneos have sensor permission you don't need to enable dev tools sensor tile.

The article is from before the Sensor permission debuted.

[deleted]

For more information about the internet connectivity checks, read MetropleX's post here: https://discuss.grapheneos.org/d/1234-android-leaks-connectivity-check-traffic-mullvad-blog/2

[deleted]

[deleted] The writer stated that the safest approach to installing applications is to use Aurora Droid and Aurora Store in lieu of F-Droid and the Google Play Store.

[deleted]

[deleted] Aurora Droid is a F-Droid frontend

nrt

Pass. Better to follow the recommendations of GOS Devs and Mods.

[deleted]

Thanks to everyone for chiming in but my question went unaddressed. Ignoring plenty of questionable advice mixed in with some uncontroversial takes, does spoofing device information (Randomization section) and using secondary user account as your main profile (Account Isolation) achieve anything in the context of our favorite OS?

[deleted]

In my personal opinion, the Randomization section is a bit much/extreme unless a user's threat model is serious enough that it requires going to that length.

Regarding Account Isolation, a good Pros and Cons breakdown can be found here: https://discuss.grapheneos.org/d/4867-secondary-user-profile-as-a-main-one-advantages-and-disadvantages/2

As the GrapheneOS website states: "Using a secondary profile for regular usage allows you to make use of the device without decrypting the data in your regular usage profile. It also allows putting it at rest without rebooting the device. Even if you use the same passphrase for multiple profiles, each of those profiles still ends up with a unique key encryption key and a compromise of the OS while one of them is active won't leak the passphrase. The advantage to using separate passphrases is in case an attacker records you entering it."

https://grapheneos.org/faq#encryption

[deleted]

[deleted] Thanks for the direct link to existing discussion.

[deleted]

[deleted] Yes. I'm aware. I was clarifying your post.