Is owner profile with sandboxed GPS enough to stay somewhat anonimous?

q654q

Hey everyone.

Let's imagine a scenario when some user is a high level target, being a journalist, politician, or just a criminal doing shady things. It's obvious in this case that this user would use special tools to avoid tracking, Tor connection in particular.

Now, we know that there is pretty much no alternative to GOS in desktop space and even something like QubesOS cannot really compete with GOS when it comes to both privacy and security.

But what if such user operates the sole default user profile (owner) with sandboxed Google Play Services and throwaway Google account, for the sake of convenience? Let's say that Google Plays Services permissions in such case are pretty minimal (ideally, just Network toggle) and Google account is basically used to download apps from Google Play Store.

So, by "anonimous" I mean not being invisible to apps from Google play (it's obvious that telemetry and analytics of apps would track you), but rather inability of Google and others to see if you are using special tools, such as tor connection and encrypted messengers.

I also get the point, that Google could probably only see that you installed Tor browser, for instance, but cannot really know how exactly you use it.

Considering the above, is there any chance that data from your Tor connection would be leaked to Google or 3-letter agencies if you are using only owner profile with Sanboxed Google Play?

Is there any possible weak spot to consider such as IPC, cross app talk etc?

q654q

In other words, I'd just like to know if using "Owner" profile with sandboxed GPS and minimal permissions would be just as safe from privacy standpoint as doing something really private (and even "shady" to some) in another profile where potentially only Tor browser could be intalled.

alex

Please make an appropriate threat model before asking all those questions. It's really the number one step on your path to more privacy/security, otherwise it will become increasingly burdensome to your mental health.

If your're using Tor Browser, your ISP will see that you're using Tor (unless you're using an additional VPN wrapped around it). If you have Play Store/Services installed, they will see that you have Tor Browser installed. It is theoretically possible, but very unlikely that your OS spies on you and reports URLs you've visited to a third party.

q654q

alex
Thanks for your reply.

The point of my post is to not really to "personalize" my question and reduce it to my personal needs, as it's more of a general reasoning behind it. As for my threat model, it is as simple as to send as low data to GAFAM as possible and I follow a pretty balanced approach to privacy, that's why I'm using the only GOS profile with installed Google Play Services (to not sacrificy convenience while still using a secure mobile OS).

Speaking of mental health, frankly I would feel a lot better if knowing that I could potentially do some shady things and visit not-so-legal websites in TOR even with my existing settings and no extra precautions and my existing one profile GOS install with GPS is already good and safe enough for that.

I suppose that most GOS users use multiple profiles and while I understand that everyone has their own threat model, it's possible that sometimes compartmentalizing that much may actually be an overkill and detrimantal for mental health.