TranquilSolitaryTree

  • Joined 5 May
  • low threat model GrapheneOS user

  • I have decided to put it in. I now see a setting which allows me to turn of the sim in the phone does this do anything for privacy and security or is this just so i can save data and stop receiving sms?

    • yourmother The e-sim has a paid internet subscription, the sim card does not.
      Can the sim card use the paid internet subscription that the e-sim has?

      Based on what I got from your question, you're want to know about whether a physical SIM card can 'use' the data plan of an eSIM. The thing is though they operate independently. You're physical sim cant "use the paid internet subscription that the e-sim has" the phone does, it connects to the cellular network using you're sim as a sort of key and identifier.

      Now if what you mean is "Can i use my physical sim and my e-sim at the same time" that depends on the phone and carrier and is something you will have to look into yourself.

    • tango Sorry if i wasn't clear enough.

      No problem i knew what you were insinuating but for someone going through this discussion it might not be clear. Therefore, i tried to clear it up.

      tango Molly is a modified Signal in case you didn't know and is recommended on here

      I do know about Molly but haven't look into it yet (might do so later).

      tango You can always run Signal/Molly on your main user and use Whatsapp on a separate profile with no other apps

      I was thinking about making a second profile for apps that aren't open source or which i don't trust but, I've concluded that for now, I'm just going to use the owner profile for everything and rely on GOS sandboxing for the privacy and security.

    • tango All they can see is that your using an encrypted connection, but obviously with sim card in anything like calls/texts and location are all in their hands!

      I'm going to assume you're referring to communicating over cellular networks and through SMS. However, I plan to minimize having to use those for communication as much as possible. Instead, I'll try to primarily use WhatsApp or, even better, Signal for messaging and calls. They operate over the internet/WiFi, meaning carriers cannot see what I'm doing / talking about when I'm connected via a VPN. Please correct me if I've misunderstood what you've said or if any of my statements are incorrect.

      • tango

        tango Its well known most or all carriers are collecting plenty of data, which includes your approximate location (within 500 meters approximately) if using a sim card. you cannot do anything about that.

        I know if my GOS phone isn't in airplane mode or in a Faraday bag it will keep pinging cell towers and have accepted that carriers will know my approximate location in those cases. I'm just wondering if they can see what I'm doing on my phone besides the fact that they can see I'm connected to a VPN and where i approximately am.

        tango As Evalda said there is the WiFi/Ethernet only option but that's where inconvenience comes in as you are limited to where you can use that option.

        I thought about buying a mobile-hotspot and putting my old sim in there but i don't know if they can receive and display SMS messages for things like verification with apps or services and if their even secure and private + their another item to carry. Although if there was a mobile-hotspot small enough with those features i would definitely consider it.

        tango I would recommend you only install apps you really need and only give them the minimum permissions they need to function.

        Already doing that :D

        • I've been considering moving my SIM card from my old iPhone to my new GrapheneOS device, but I'm unsure if this is the best choice for me. As a low-threat-model user who avoids illegal activities online, I believe using my old SIM probably won't matter much. However, I'd appreciate hearing different viewpoints since I've had my Pixel for a while now and still haven't done it. The phone number linked to the SIM has been mine for a long time and has been owned by various different carriers (EU). I've recently started taking steps to keep my online activity private and secure. For instance, I became a Proton Unlimited member and only connect to the internet on important personal devices using ProtonVPN through Securecore servers with NetShield for extra security and have enabled Always-On VPN + Killswitch. My concerns include whether my online activities remain private and secure when using both a VPN and cellular data, how much privacy I might forfeit if I decide to use my old SIM, if an E-SIM would be more private and secure, and whether these considerations are even relevant given my low-threat model? It all feels very overkill to me, but on the other hand, I keep finding out more and more about how agencies and corporations collect data on the masses, and if they ever get interested in you specifically, they can easily find out what you're doing, who you are, and where you've been. Again, low threat model user, probably don't need to think about this that much but wanted to ask anyway before making the decision.

          • p338k GrapheneOS limits Google Play from accessing your hardware identifiers, but it cannot do anything about your carrier. By "downgrade" I simply mean that you won't lose additional privacy compared to iOS.

            I get what you mean now thanks for explaining. I'll probably just turn on airplane mode if i feel like im going somewhere where i don't want people knowing where im going.

            p338k Aliases also make credential stuffing attempts more difficult since each account can use a unique alias, so you will get fewer annoying notifications of people attempting to access your accounts.

            Luckily i don't get these notifications i've been pretty careful where i use my email for a long time now, and is as far as i know not been in any data breaches so lucky me!

            Also new question popped into my head when writing this. If i insert my old sim into my GOS phone should i view it as infected or compromised?

            What i mean by that is even though when you don't have a sim card inside you're phone (To my knowledge) cell towers are still pinging you're phone so it can know for instance the current time.

            So lets say i plug in my old sim, connect to a tower and then remove the sim do the cell towers now know that that phone is mine even if there is no sim card inside it anymore?

            Because like you said the phone has "hardware identifiers" which can then (In theory) be used to associate the sim card and the personal information tied to it with my GOS phone (Even though the sim isn't in my GOS phone at that moment) because it once was in my GOS phone at one point in time linking the two together.

            Let me know if this doesn't make any sense btw just thought of it in the moment.

            • mmmm I'm also quite new, and my decision to switch to GOS was driven more by
              enthusiasm for the project and wanting to use services and software which respect the user. I don't need to use GOS because as i said my threat model is pretty low but i still like trying to optimize for security, privacy and convenience.

            • mmmm

              mmmm 1, I would - I did actually. But dont stress just as and when. You can link your old email address (assuming gmail) to proton so you receive the emails into your inbox. You can change them as they arrive if you deem necessary. At the same time close old accounts you dont need and remove your data.

              I already linked my gmail to proton to receive the emails into my inbox.

              mmmm 2, if you already have one no perhaps dont bother. I was talking as if you started from afresh. I did it like you and my login 'real' email is attached to my important accounts.

              Yeah no im not starting fresh fresh, i did start very recently though. My "main" Proton email is already linked to some accounts which used to be connected to my gmail. But i might switch the accounts connected to my "main" Proton email to aliases anyway since there is no harm in doing so.

            • p338k Thanks for the long reply

              p338k Your service provider will be able track you while your phone is not in airplane mode or otherwise shielded and potentially associate your movements with your actual identity. Since you already have an iPhone, it won't be a downgrade.

              I already read about the tracking but thought mabye GOS does something more to make it harder to track you while using the sim (Don't know how that would technically be possible though). Also what do you mean with "It wont be a downgrade" i don't understand what im not downgrading from.

              p338k That is a personal decision. Apps can see what other apps are installed in the same profile. They can also communicate with one another if designed to do so (e.g. presumably Facebook and Instagram). It is easier to use a single profile, so I would recommend that unless you have specific apps that you don't want others to see or communicate with. Separate profiles also have separate encryption keys, so you might find some reason to put particularly sensitive apps/data that you use infrequently in a separate profile.

              I will only be using 1 app per mega corpo i think i will use WhatsApp, Discord and Spotify atleast but im already looking to see if instead i can slowly move towards things like Signal and other FOSS alternatives.

              p338k The services may or may not "forget" your previous (unaliased) email address, but it could help with when they get breached. It won't hurt privacy and could help.

              Thats what i was thinking with the breaches and its already been agreed upon twice in this discussion that switching to aliases for most of my online accounts might be a good idea privacy and security wise. So i'll look into it if i decide to upgrade to proton unlimited or maybe proton pass

              • mmmm

                I've been switching all my accounts to my 1 free Proton email address.

                So you're saying if i decide to go unlimited i should.

                1. Switch all my accounts over to an Simple-login alias.
                2. Create a new proton email address that i only use to login to my Proton Account.
                • mmmm replied to this.
                • Greetings everyone, I've been lurking the forums for a bit and after some deliberation decided that my next phone was going to be a pixel 8 on which i would install GrapheneOS. And so here i am now, slowly migrating from my previous phone, the iPhone X (10). I also bought 2 Yubikeys to secure important accounts.

                  Anyways i have a low threat model and was wondering how a user like me should best go about transitioning to a more secure and private online life while still maintaining a good amount of convenience. starting with the phone.

                  What I've already done with my GrapheneOS phone:

                  Installed Software:
                  ├── Google Play
                  ├── The entire Proton suite
                  └── Aegis (2FA App)
                  
                  Settings:
                  │
                  ├── Network & Internet
                  │   │
                  │   ├── Internet
                  │   │   │
                  │   │   └── Network preferences
                  │   │       ├── Notify for public networks (Off)
                  │   │       └── Turn OFF Wi-Fi automatically (ON 1 min)
                  │   │
                  │   └── VPN
                  │       └── Proton VPN (Always on & Block connections without VPN)
                  │
                  ├── Connected devices
                  │   │
                  │   └── Connection Preferences
                  │       │
                  │       ├── Bluetooth
                  │       │   └── Turn OFF Bluetooth automatically (ON 1 min)
                  │       │
                  │       ├── NFC
                  │       │   └── Require device unlock for NFC (ON)
                  │       │
                  │       └── Printing
                  │           └── Default Print Service (OFF)
                  │
                  └── Apps
                      │
                      └── All Apps
                          │
                          └── App Permissions
                              │
                              └── Google
                                  │
                                  ├── Play services
                                  │   └── Network + Sensors + Allow background battery usage
                                  │
                                  ├── Play Store
                                  │   └── (Same as Play Services) + Notifications
                                  │
                                  └── Services Framework
                                      └── (Same as Play Services)
                                      
                  Security
                  ├── Screen-lock (PIN)
                  ├── Fingerprint Unlock (none)
                  ├── USB-C port (Charging-only when locked)
                  └── Scramble PIN input layout (ON)

                  As far as I'm aware, this is all I've changed. Anything not in this list is set as the default option.

                  Things I'm thinking of and would like thoughts or advice on:

                  1) Putting the SIM card currently in my iPhone into my GrapheneOS phone. (How much privacy and security do I lose by using my current sim or a sim in general?)

                  2) Should I use a second profile for non-FOSS apps, or is it fine to have them on the owner profile? Non-FOSS apps would be WhatsApp, Discord, Spotify, Banking, etc. (Do I even gain much privacy or security from using a second profile since the apps are already sandboxed anyway?)

                  3) I'm slowly migrating all my accounts from Google to Proton. Is it worth investing in a Proton unlimited plan? I would be using all the features (More then 1 Email, VPN on all my devices, backing up photos and temporary files, Password manager with simple-login, calendar for planning and also probably upcoming notes)

                  3.1) Does changing account emails to email aliases improve privacy? For instance changing my Spotify or Discord email from example@gmail.com or example@proton.me to an email alias.

                  Any advice, information or opinions on these thoughts and settings is appreciated.

                  Also if this post isn't structured correctly or i should separate the questions into different discussions please let me know for the future.