Is the privacy GrapheneOS can provide severely limited by non Graphene users?

dln949

Non-technical person here trying to better understand the limits of privacy provided by prudent use of GrapheneOS.

Suppose I have a recent Pixel with the current version of GrapheneOS installed. I practice good internet hygiene, minimal apps installed only from trusted sources, no dirty apps like Facebook, no Google account, use encrypted messaging apps like Signal, etc. In that case, I understand I should have pretty darn good privacy. My goal is to very significantly minimize the information Big Tech has about me.

But I need to communicate with people, and I can’t know how each person deals with privacy. So, suppose I need to communicate (via something like Signal) with a person. But, that person runs stock Google android OS, has a Google account, has installed a third party keyboard that captures and sends keystrokes to someplace, has installed the Facebook app, uploads his contact list (with my contact info) to Google, Facebook, Telegram, and engages in other such bad practices.

So, in such a scenario, wouldn’t the poor behavior of such a person counteract a lot of of the privacy benefits GrapheneOS and my good practices would provide me? And as a result, Big Tech ends up with a lot of information about me anyway? Or is my thinking about this all wrong?

tango

dln949

Some of what you mentioned about other peoples bad privacy practices counteracting your good practices is true to a certain degree (especially the contacts uploads they give away without any thought whatsoever)

However, GOS can offer you so many positive upgrades over all the others. Firstly you will get prompt regular updates of the OS and Apps to keep you as secure as possible, you dont have to worry about big tech constantly tracking you as you are not signed into an account.

Its very hard/impossible really to have a social life and not give any data away whatsoever, but with GOS you will be giving a lot less away. You can disable all location tracking and know its actually working (apart from sim carrier obviously) Keep apps to the minimum as to what you actually need and updated and you will have a secure phone that you can enjoy using. It takes time to learn about all the GOS benefits so best just to read the site thoroughly and ask on here if unsure. We all started from nowhere!

Hope that helps a bit anyhow

[deleted]

See, GrapheneOS is an Operating system (OS). Whatever services/applications you use are mostly out of scope of an OS, GrapheneOS has many security and privacy improvements that make it better than the Pixel OS¹, about which you can read here.

¹ "Pixel OS" shall be interpreted as the Operating system that is preloaded on Google Pixel Phones and Tablets by Google or Carriers in the context of this post.

dln949

Right, I agree and understand all you wrote. But that isn't getting at the core of my question.

I can install GrapheneOS, I can follow all best practices, etc., all of which provide tremendous privacy improvements. But if the people I communicate with follow awful practices with their devices, isn't it true that my information and the messages I sent them, and therefore my privacy is then compromised? And therefore the privacy I attained from GrapheneOS and all my careful practices is lessened?

To be clear: I don't ask this as some kind of slam against GrapheneOS; rather, I'm just trying to gain a more comprehensive and broader understanding of digital privacy.

lambd

Indeed if you send data on someone's device you have to acknowledge the privacy context of this device.

We can't have full privacy if we want to interact with the world using the new technologies and not living in a cave. The sad truth is that yes the power of Big Tech to gather information is quite huge and we are only able to limit it. When you combine their power with the power of a government it is even more difficult to resist.

Nevertheless the choices made by using for example GrapheneOS limit a lot this power of data gathering. People remain the customers that keep society running. The more they express a need of privacy by their choices, the more the companies and the politicians adapt to this need, or at least try to.

It is an equilibrium to find. There is no miracle solution.

dln949

tango It does help, thanks much.

I've been using GrapheneOS for a few years now. What prompted my question was something that happened recently.

I was communicating with a friend via Signal, he installs apps on his Google Android OS device, such apps including some third party keyboard. So I thought, Well, this app could be capturing all his keystrokes while using Signal, and sending them to who-knows-where, and while that captures only his half of the conversation, he does mention my name, and it wouldn't be hard for someone to deduce what we've been discussing, and so, there goes a chunk of my privacy.

I realize this isn't a strictly GrapheneOS issue, but it is what made me wonder: I can do only so much to protect my privacy, and it seems to some extent I am at the mercy of others I interact with. Hadn't really thought of that before.

Blastoidea

I think your privacy is at risk from everyone with whom you interact, and the only way to be sure is to become a recluse.

That makes it very difficult to do mundane things like make a living, buy food, maintain an address, get mail, and so on.

As someone said, we just do the best we can, with what is available.

GrapheneOS

You choose what you share with other people just as you choose what you share with apps and services you use on GrapheneOS.

[deleted]

I would rather choose extreme security than extreme privacy. Ideally I would like to have both. As said above, it is near impossible in current climate. So in this case I choose security provided by the OS which naturally remedies some of the privacy issues to remain sane and to be able to go about my life.

chance

I suppose Google has my full name and phone number, as well as my email addresses, physical addresses and more just based on people backing up their contacts to Google's servers. Maybe someone can weigh in on if that information is hidden from Google so that only the owner of the account can view it but it illustrates the point your making nonetheless. People also backup all their chats which would include our phone numbers as well so yes, they are able to collect lots of information even though we are not directly parting in it. You can't let the perfect be the enemy of the good however. You have vastly better privacy and security avoiding Google, Facebook and the like and using alternatives like Linux and GrapheneOS.