paul_le_roux

  • Joined Apr 4, 2024
  • ūʇɨ ɴՏᎯ Ꭵӎ ҫǘ Ჽᵢ

  • Clueless I'm very excited for the duress feature! What do you think about putting a little label with the duress PIN on the inside of the phone case in case some nosey person thinks they can just access ones phone?

    Someone actually brought this up in our chat rooms, and I think it's a fantastic use of the feature. A phone snatcher is more likely to want to wipe the phone and sell it, which you as the owner kinda have to accept, but if they try to sign in to see if they can find anything that'll help them making more profit, there are two ways to combat the scenario:

    1. The duress PIN could be a PIN that someone trying random common PINs would try. It could be a birth year that seems to be around your actual age (the thief might start guessing how old you were based on when they saw you and might trip the feature in this way), or something really common like "1234" or similar.

    2. Is what you mentioned. A small sheet of paper in the phone case that contains a few dummy passwords for non-existent accounts (to add legitimacy to what's about to follow) and another entry which you can name "phone PIN" or just "PIN" if you don't want to make it too obvious. That PIN would of course be the duress PIN, which would wipe the device and any eSIMs you have, so that they can no longer try accessing any of the data on it.

    Clueless I also read that Google is planning a Theft Detection Feature for later this year: "Theft Detection Lock is coming later this year and helps you keep your personal and financial data safe if your phone is ever snatched from you. This powerful new feature uses Google AI to sense if someone snatches your phone from your hand and tries to run, bike or drive away with it. If a theft motion is detected, it will be quickly locked down to keep your information out of the wrong hands."

    This will be part of sandboxed Google Play. I don't imagine it'll be able to work without privileges, but it's not 100% certain. Maybe it does. There is an open issue on our tracker to implement something similar. It's something that we might look into in the future.

    • Graphs

      Conclusion

      • On my Pixel 8, stock seems to offer better battery life compared to GrapheneOS, with a mean SOT of 06:51 on stock, versus a mean SOT of 06:03 on GOS.
      • I can't be sure where the difference in battery life is coming from, but it may be due to stock's adaptive battery function that is not available on GOS.
      • However, the slight increase in battery life on stock is not worth the amazing privacy and security benefits that GOS provides over stock, so I will be sticking to GOS.

      Context

      • I wrote a similar post to this one based on the tracking and analysis I did while I tested out stock Android before switching to GrapheneOS (Lemmy), and I wanted to complete my battery tracking by also seeing how GOS battery life compares to stock Android.
      • Similar to my testing while on stock, I used my phone as normal on GOS, with the below configurations:
        • LTE only (I don't have a 5G plan)
        • 120hz refresh rate
        • Owner user, with separate work profile managed by Shelter
        • Sandboxed Google Play Services enabled for both main profile and work profile on the owner account
        • Dark mode
        • Bluetooth on, always connected to my Galaxy Watch 6 Classic and very often connected to other BT audio devices
      • With the above configurations, I used the phone normally, then took screenshots once I got the low battery warning notification at 20%. I started including the screenshots for the per-systems screen after seeing that the SYSTEM (IDLE) stats would be useful to track, but since I only have these datapoints for 11 charging cycles on GOS, I've excluded them from the analysis, although I am including the per-systems battery usage screen for reference.

      Personal usage patterns & use-case

      • I try to achieve a balance between privacy and convenience, so I am using Sandboxed Google Play Services and only use one user. However, I minimize unnecessary permissions and try to install only FOSS apps on my main profile while installing as many proprietary apps into my work profile as possible.
      • The way I used my phone across stock Android and GOS was quite similar, although I did try to take advantage of GOS features whenever possible, such as enabling memory tagging, toggling off network permissions for apps that don't need them, etc.
      • Depending on your privacy threat model, you can use a more strict setup without sandboxed Google Play Services, which may actually decrease battery life due to constantly active web sockets, or you may use multiple users to compartmentalize different apps into different profiles, which may save more battery versus my compartmentalization via Shelter.

      Notable observations

      • Although I got less SOT in general using GOS, I was still able to push the SOT past 9 hours with an idle time of 26:58 on my heaviest day (link), which is amazing battery life.
      • Streaming music on Spotify seems to be a huge battery hog, and other Pixel users have noticed the same (link). The worst SOT I got, which was 02:13, seems to be largely due to at least an hour of music streaming on Spotify.
      • On a related note, the background time tracking of Spotify is unreliable, as there were days when I was streaming music for about an hour (link), which led to a 10% battery decrease, but the battery usage screen says Spotify was active in the background for less than a minute (link).

      Data & screenshots

      | date | OS | SOT (h) | main | full_apps | full_systems |
      | ---------- | ------------- | ----------- | --------------------------------- | ------------------------------------ | --------------------------------- |
      | 2024-02-21 | Stock Android | 07:26 | link | link | - |
      | 2024-02-24 | Stock Android | 06:59 | link | - | - |
      | 2024-02-26 | Stock Android | 05:07 | link | - | - |
      | 2024-02-28 | Stock Android | 05:22 | link | link | - |
      | 2024-03-02 | Stock Android | 03:56 | link | - | - |
      | 2024-03-04 | Stock Android | 05:10 | link | - | - |
      | 2024-03-05 | Stock Android | 07:16 | link | link | - |
      | 2024-03-06 | Stock Android | 04:56 | link | link | - |
      | 2024-03-08 | Stock Android | 04:31 | link | link | - |
      | 2024-03-09 | Stock Android | 05:26 | link | link | - |
      | 2024-03-11 | Stock Android | 08:06 | link | link | - |
      | 2024-03-12 | Stock Android | 10:24 | link | album | - |
      | 2024-03-14 | Stock Android | 02:33 | link | link | - |
      | 2024-03-16 | Stock Android | 04:28 | link | link | - |
      | 2024-03-18 | Stock Android | 03:55 | link | link | - |
      | 2024-03-20 | Stock Android | 06:34 | link | link | - |
      | 2024-03-22 | Stock Android | 05:41 | link | link | - |
      | 2024-03-23 | Stock Android | 07:35 | link | link | - |
      | 2024-04-16 | GrapheneOS | 04:16 | link | link | - |
      | 2024-04-18 | GrapheneOS | 05:29 | link | link | - |
      | 2024-04-19 | GrapheneOS | 04:20 | link | link | - |
      | 2024-04-21 | GrapheneOS | 03:04 | link | link | - |
      | 2024-04-23 | GrapheneOS | 05:12 | link | link | - |
      | 2024-04-24 | GrapheneOS | 02:13 | link | link | - |
      | 2024-04-26 | GrapheneOS | 04:56 | link | link | link |
      | 2024-04-27 | GrapheneOS | 09:03 | link | link | link |
      | 2024-04-29 | GrapheneOS | 05:56 | link | link | link |
      | 2024-05-01 | GrapheneOS | 04:03 | link | link | link |
      | 2024-05-03 | GrapheneOS | 07:13 | link | link | link |
      | 2024-05-05 | GrapheneOS | 03:20 | link | link | link |
      | 2024-05-08 | GrapheneOS | 08:45 | link | link | link |
      | 2024-05-11 | GrapheneOS | 04:27 | link | link | link |
      | 2024-05-13 | GrapheneOS | 06:09 | link | link | link |
      | 2024-05-15 | GrapheneOS | 02:56 | link | link | link |
      | 2024-05-16 | GrapheneOS | 04:45 | link | link | link |

    • paul_le_roux for "monitoring networks, checking ports, checking security vulnerabilities" full Nethunter seems to be the best option.

      Yeah, Kali + a MikroTik router with RouterOS. (You can custom build them if you want.)
      ROS+Wireshark

      • paul_le_roux
        I've been using it this way for months, it's very easy to add in site exceptions, just go to the URL bar and click on the symbol on the right, right where you normally allow JavaScript JIT, ads and third-party cookies. There will be a new toggle for allowing JavaScript on that website there. The only thing I wish is it would have a more granular control like NoScript on Firefox.

        I've been using NoScript for 15-ish years, I can't actually remember when I started using it it's been so long now! It is excellent, you can allow just the top level site automatically, which is how I ran it for a long time while getting used to blocking scripts. That way you allow the site that is usually needed (or WAS usually needed back then on the earlier web at least, nowadays site content often relies on third party content....) while blocking JavaScript on the slew of other third-party websites that are embedded into that site. There are usually A LOT of them!

        Nowadays I block the top level site as well by default. Just reading a website usually doesn't require scripts. NoScript can also now be configured to block or allow, on the "Default" "Trusted" or "Untrusted" profiles selectively things like LAN access, Pings, Unrestricted CSS. (those three are blocked by default on Trusted in TOR browser on Safest and Default and how I configure NoScript as Well) There are many other options, like allowing or disallowing frames, fonts, objects, media and WebGL too! There is also a "Custom" option that lets you customize exactly what to block on a particular website, which is just awesome!

        I highly encourage everyone to check it out! I think there is a light version available for Chromium based browsers, and the full version is available for Firefox based browsers, but it has been a very long time since I've looked for the Chromium based ones so you'll need to check, maybe the full version is available now. If I could only have one extension, most people would choose uBlock Origin since it can also block scripts in Advanced Mode, but it does it with a blunt tool. I would choose NoScript, since it's a scalpel!

        • [deleted]

        paul_le_roux I am using it this way too, since I rediscovered it a few days ago. But thanks for your thoughtfulness.

      • Its in "site settings." I disable JavaScript globally in Vanadium, and add site exemptions.

        Site Settings in Vanadium settings.