New GrapheneOS user Adtech mitigation

User2288

Forgot to mention a few things.

There are some hardcoded internet comms that are built into AOSP that connect to google and others than can give away identifiable info about the user. In graphene OS as well as a few other privacy OSes these have been removed and replaced with better options.

dns
gps (supl)
time servers
internet connectivity servers
? ...etc

Also the main issue in privacy is not "ads". Its being "identified" and "tracked" and have data gathered and built-up on you and associated with new things you do. The idea is to curtail this.

FlyingRacoon

"What is the best way to set up graphene to become as invisible to ad tech as possible?"

As stated before, the best approach is to use privacy friendly apps and only those you need.

Aside of that you can still block trackers in DNS level.
You can use a VPN with ad/tracking blocking capabilities.
Or you can set up a private DNS under settings.
Or use an app like nextguard (will take the VPN slot)

Remember that every Information you willingly give to an application will still be used to build a profile.

User2288

Autogeneratedusername Interesting, so would you say that graphene is more security focused than privacy focused? Adtech is what concerns me mostly as I have seen how powerful it can be.

You are looking for privacy.

To give you a simple answer without all the technical shenanigans, if you want privacy, then I don't thing there is a better option than GOS. The combination of security and privacy features that it offers amalgamate to a level of privacy control that you can't get anywhere else. End of story.

[deleted]

Autogeneratedusername There are many approaches to privacy too. Just blocking adtech isn't privacy.

@Autogeneratedusername Also do note that apps can communicate with each other even if they are in seperate profiles, provided that both of them have the Network permission. This type of communication is done via localhost, which is the device itself in networking, but routed by the TCP/IP layer

User2288

[deleted]
Can you explain more about the local host communication? I want to understand this.

Autogeneratedusername

User2288 this has been really helpful I appreciate the time and effort you put into this mate cheers.

[deleted]

User2288 https://www.geeksforgeeks.org/what-is-local-host/
https://www.rfc-editor.org/rfc/rfc6890#section-2.2.2
https://www.rfc-editor.org/rfc/rfc6890#section-2.2.3

FlyingRacoon

Last year i ran GOS for 6Months.
Yes you have to put in extra work to stop adtech, but its possible (depending on your usage)
Then i switched back to stock.
I never had my mind at peace since (a bit exaggerated maybe).
The things you have to do on OS level to get the same privacy from GOS is just impossible. Even if you try, you'll never now for sure what you Phone is doing in the background.

Finally switched back to GOS, setup my humble 10$ monthly donation via github and will never look back.

The only thing i want to be able is to be in control of what my phone is doing. Nothing more.

I use MullvadVpN with Ad/Tracking blocking on DNS level. This is good enough for me. Just be aware what apps you are using and what data you give them willingly, not Ad/Tracking Blocker can save you from that

protonuser2

FlyingRacoon Hi can you explain more about what the ad/tracking blocking on Mullvad does?

I'm currently exploring the option for me to use mainstream apps on my GOS device, while also blocking tracking that is bundled with the app.

For example, take the simple payment app, Venmo. It constantly uploads device and profile data to google and other tracers.

Does this MullVad tracking blocker make great strides in blocking this, while maintaining the functionality of the app?

Thanks

User2288

protonuser2
You shouldn't rely on such tracking blockers for effectiveness. These blockers might block some addresses and IPs that an app like venmo uses to connect to analytics servers to upload data. However blocking these paths does not guarantee actual blockage because apps like venmo could be programmed to send data to their own server if the analytics server path is failing (as a back up plan). You will not then be able to block that path because it might disable to whole app. Therefore blocking "trackers" through network blocking "might" help, it also might not. Hence its not reliable.

The better way to deal with this is to let the app upload "all it wants" but actually not have any actual "data" to upload. By isolating an app in a separate profile you are giving it a separate androidID and preventing IPC. This strongly limits the app from acquiring any more data about your system than it already has access to. This is better than having apps in one profile and using blockers. You could use blockers on that profile but in reality its not necessary at all. Makes no difference.

N3rdTek

User2288 I keep a PKM database, may I put your blog-less write up into my PKM for both personal use and for others who may ask this again on here in the future?

User2288

N3rdTek
No problem.

Also I don't know what PKM is.

mmmm

N3rdTek Off topic, but may I ask what app(s) you use for your PKM ?

mmmm

User2288 Personal Knowledge Manager