R
RedHenry

raccoondad · Feb 8, 2024

RedHenry Security keys don't work on GOS as far as I am concerned, sadly (Edit: it seems to work with Google services now)

" I want one to log into my banking accounts or any account with personal info like emails, vpns and such.", most banks, emails, and VPNs don't support U2F

"One key will work for everything? Right?", usually U2F is FIDO2. But no, most accounts will not work with a yubikey or U2F in general because they don't support U2F

There is a limited number of services that support U2F authorization. Some services like Paypal, discord, etc., but not many compared to the amount of accounts a user would have.

PPosichronic · Feb 5, 2024

Apps only need storage permissions to interact with files they didn't create. Storage scopes just allows you to limit their ability to do that in a way that's transparent to the app.

Many apps only need to interact with their own files and nothing else. Those apps don't need any special storage permissions, so there won't be an option to set storage scopes.

Changing the permissions or otherwise disabling apps that came pre installed is generally a bad idea. It can cause your system to break in ways that are difficult to diagnose and there's no benefit to doing it.

PPosichronic · Feb 5, 2024

RedHenry clearing the cache is harmless. Clearing the app's storage will wipe it clean like a fresh install, losing any data that wasn't backed up.

other8026 · Feb 5, 2024

Maybe the most obvious, but the best place to start is the website, especially the Usage and FAQ sections for normal use.

AAffiliateAnthony · Feb 5, 2024

Is there some sort of document that lays out the do's and don'ts of using Graphene OS?

That would be really beneficial.

Maybe a list of what to do to maximize security and privacy and the risks you take when choosing different profile setups.

TTheGodfather · Feb 5, 2024

AloofChocolate How often should one do a factory reset on the pixel

Never. It's not a desktop OS which gets cluttered. The base OS is immutable and verified and apps get installed into their own sandbox.

raccoondad · Feb 2, 2024

missing-root The worst trend to come out of the modern tech industry is the concept that security is secondary

matchboxbananasynergy · Feb 1, 2024

router99 Updates need to be frequent because it is important to release Chromium updates as soon as they come out, seeing as they contain security fixes.

In the interim period between chromium updates, there may be Vanadium-specific features/fixes which are applied. That is why the release cadence might seem unusually frequent to you.

DDeletedUser28 · Jan 31, 2024

If there was bank that officially said they had GrapheneOS support, they would surely benefit from dozens of new customers!

Bbrookie229 · Jan 31, 2024

The odds of anyone getting a bank to acknowledge or accept GOS as an acceptable OS for transactional use are approximately 1 in 23 Billion. /s

[deleted] · Jan 29, 2024

Check your OS integrity with the preinstalled Auditor app. Then grab an USB stick and go to a computer shop or some place where you can obtain files safely. Install Tails on your USB drive there and boot from it on your home PC. Disconnect and power off everything else in your house which can connect to the network until you figure out exactly whats wrong. Your tails PC and your phone are certainly safe if you verify the phone OS and install tails from an uninfected PC. This is the only 'simple" secure way to live with guarantees.

leafnose · Jan 24, 2024

Yes and no.
Anyone can access the recovery mode and do a factory reset, thus making you lose any data you did not back up elsewhere. That’s part of the data security definition.

Otherwise, as long as the firmware and software have not been tampered with (check with Auditor), the data should be safe and private due to the encryption.
I guess that in some extreme cases, you should not enter the passphrase again on the device.
Obviously, if someone already knows your passphrase or is threatening you, it’s another story.

Not sure it answers your question. And not sure everything is accurate.

matchboxbananasynergy · Jan 17, 2024

Vanadium is based on Chromium's stable release channel, similar to how other Chromium forks offer those for production usage than the developmental branch. The developmental branch that updates more frequently isn't meant for daily usage and has issues which may also include security issues.

Vanadium versioning involves the Chromium version, suffixed by Vanadium increment counter after the dot.

For example, 119.0.6045.163.2 implies Vanadium has been updated 2 times while retaining 119.0.6045.163 stable release from Chromium as base, seen here: https://github.com/GrapheneOS/Vanadium/releases/tag/119.0.6045.163.2

missing-root · Jan 17, 2024

The official Chromium releases tags every few hours (how do they even do that?)

This means, as far as I understood, that Downstream Versions of Chromium either ship an unstable Browser but with all security patches, or a stable Browser with Backports.

I am wondering how GrapheneOS does that, and also if you know how other Browsers like Brave (Desktop/Android) do it.

[deleted] · Dec 30, 2023

ninjanoir789

VPN's do a few things:

They encrypt your traffic from your device to the VPN server (but not from the VPN server to the website you are connecting to, this is why HTTPS is important).
They change your IP.
-This can allow you to access websites that you normally aren't able to in your location (since the website you are connecting to thinks you are where the VPN server you're connected to is).
-The IP change also allows you to conceal your true IP address (which is often associated with your identity) from the website you are connecting to. Additionally, concealing your IP address (VPN/Tor) when doing something like sending an anonymous email is important as IP addresses can be extracted from email headers.
When using websites that rate limit you for using a service on their site (e.g., your free trial ran out of uses), clearing your cookies and changing your IP address will often allow you to continue using the service past "what you were supposed to", since the website thinks you are a different person.
They handle your DNS requests. DNS (domain name system) is the phonebook of the internet. When you type in www.google.com, the internet doesn't understand this. A DNS request is made and www.google.com gets changed into an IP address and then connects you to the website. Without a VPN your DNS requests are handled by your ISP, which means they can see what websites you are connecting to. VPN's may also offer additional DNS filtering (to stop unwanted connections), but this is dependent upon the VPN, and with graphene you can use Private DNS over VPN if you are really interested in doing this. All your ISP will see is that you are connected to a VPN.
As already stated, they conceal your internet usage from your ISP. Your ISP will be able to see the amount of data going through the network and that you are using a VPN however.

An ISP may log this afforementioned informations (DNS requests, websites your visit, etc), a good VPN provider does not log internet usage from its users. Remember though, a VPN does not offer your anonymity unless you set it up correctly (even then it's probably not perfect). That would need things such as: An account and account requirements created anonymously (the account name, the email used, etc), the VPN would need to be funded in a non-KYC payment, and last but not least, your internet connection source must be set up anonymously as well. ALL VPN providers see your public IP address (which as stated above is associated with your true identity one way or another). So the VPN provider knows who you are. The idea is that the VPN provider is more trustworthy than your ISP and don't log, which you technically have no way to confirm personally.

VPN downsides,

Some websites will block you for using a VPN.
Some websites (like reddit) might shadow ban you for using a VPN.
Your internet traffic will be slower.
If you use the same VPN account over multiple accounts (your phone and computer) the VPN provider will see ALL of your generated internet usage, versus if you were to have say, ATT for your home internet and T-mobile for your cellular provider. Your "internet life" would then be split in two.

But I think the pros outweigh the cons, so yea i'd use one.

Llambd · Dec 29, 2023

It is important for me, both for security and privacy. But it is not critical and I am OK to use split tunneling so that my banking application see my normal IP address.

Ddc32f0cfe84def651e0e · Apr 4, 2023

Vogelhaus Thank you, I'm aware of that. However, it would be nice to have extra protection of Security related settings regardless of whether 2FA is enabled or not.

GrapheneOS · Nov 21, 2022

newbie24689 Storage Scopes is an alternative to granting storage permissions. If the app doesn't ask for storage permissions, it's not relevant. It's a way to make the app think it has storage permissions and work properly without giving it access to files from other apps in shared storage. Enabling storage scopes doesn't reduce access unless you had storage permissions granted already. It's not a restriction compared to not granting anything.

KKenny33 · Sep 12, 2022

endth3fed

I like your setup. Do you think the 40% non working is strictly due to mint?

My understanding is that graphene is quite private over Wi-Fi due to the mac address randomization but any reason you don’t feel comfortable connecting to Wi-Fi?

Perhaps you can try a solution like silent.link instead of mint although you’d need play services for Esim to work.

KKenny33 · Sep 10, 2022

defidawg

Wouldn’t you need to carry around two devices in that case?