Hello guys. I recently acquired a Pixel 8A and it was Google stock os I bought it from a man locally all with cash I brought It home and I flashed grapheneos onto this phone.

What else needs to be done to anonymous this phone and make it a privacy phone and a spy free phone no tracking phone no interception phone and no monitored phone.

Any advice welcome!

Thanks.

  • Lemongrab@lemmy.one
    link
    fedilink
    arrow-up
    3
    ·
    5 months ago

    Vanadium doesn’t have good/any fingerprinting protection. Cromite or Mull would be better, Tor would be best.

    • Jako301@feddit.de
      link
      fedilink
      arrow-up
      4
      ·
      5 months ago

      Vanadium is purposefully made this way. It tries to minimise profiling by making your actions noise in a big mass of users. That only works if you use the standard config without anything to discern you.

      Mull is the other extreme of this. They try to eliminate fingerprinting by reducing the amount of trackable things in your browser.

      It’s hard to say what really is the better option. You can’t completely eliminate fingerprinting, and the more you try, the more you will stick out of the masses.

      • Lemongrab@lemmy.one
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        5 months ago

        You can’t blend in with a crowd of vanadium users with the amount of data points given away by the browser. Your fingerprint will be decernable from other users. Without actual anti-fingerprinting, which theoretical can allow for a crowd only when fingerprinting of user browsers results in the same fingerprint ID, the best you can hope to do is thwart naive fingerprinting. Vanadium doesn’t have any anti-fingerprint built in, so the slightest differences between user can be used to easily fingerprint. Vanadium also has no strong method of in browser content blocking (eg an adblocker like uBlock) which is required on the modern web to remove JS tracking scripts (or straight allow and deny lists for specific web contents). Adblock is cyber security: https://www.ic3.gov/Media/Y2022/PSA221221

        Examples of metrics include, but are not limited to, the following: Timezone, system and browser fonts (often automatically fetched by websites as a remote font that is cached by the browser), language, screen metrics (DPI, height x width, refresh rate, pixel ratio), canvas, CSS fingerprint, useragent, browsing mode (standard/private), video autoplay policy, audio device fingerprinting, installed plugins, cookie policy, device theme, and of course IP.

        As a graphene OS vanadium user, assuming that the browser stays default, you would still have screen, audio, other hardware metrics, canvas (this one is a killer), IP, user agent (differences in installed versions of plugins and vanadium itself), timezone, remote Fonts, and others. Fingerprinting is an insane science which needs actual protection against to even begin hoping to create a crowd.

        See some more details below.

        Info on fingerprinting (about choosing a desktop browser but still relevant info): https://www.privacyguides.org/en/desktop-browsers

        Browser comparison: https://divestos.org/pages/browsers

        Fingerprinting test site: https://abrahamjuliot.github.io/creepjs/

      • Lemongrab@lemmy.one
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        Dont use system webview as your default browser. Webview is used by apps, your browser can and should be changed if privacy is your goal. Vanadium may be hardened, but it lacks any fingerprinting protection.

        • LoveSausage@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago
          1. That makes no sense.
          2. Vanadium have a different approach than trying to block it , blend in instead.
          3. Gecko based browser have crap sandboxing
          4. Again if you have 1 problem adding 1 more makes 2 problems.
          • Lemongrab@lemmy.one
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            5 months ago

            Your system webview is for in app usage. You aren’t browsing the web using your system webview (generally). You can’t blend into a crowd if you have no anti-fingerprinting. Firefox does this through RFP by normalizing settings between users, and on mobile there is partial support for screen size normalization through letterboxing. Vanadium isn’t special, it is hardened chromium with some specific patches. You cannot form a crowd without special a lot of anti-fingerprint patching. See my other comment for details.

            Firefox is missing per-site process isolation. This is theoretical an attack vector in the presence of multiple other major vulnerabilities. It has never been shown to be an attack vector in real world vulnerabilities. Don’t call Firefox’s sandboxing crap if you don’t know why people have said that.

            • scratchandgame@lemmy.ml
              link
              fedilink
              Tiếng Việt
              arrow-up
              1
              ·
              5 months ago

              You can’t blend in with a crowd of vanadium users with the amount of data points given away by the browser. Your fingerprint will be decernable from other users. Without actual anti-fingerprinting, which theoretical can allow for a crowd only when fingerprinting of user browsers results in the same fingerprint ID, the best you can hope to do is thwart naive fingerprinting. Vanadium doesn’t have any anti-fingerprint built in, so the slightest differences between user can be used to easily fingerprint. Vanadium

              Anti-fingerprinting? By blocking javascript which the half-hearted privacy users can never afford? hahahahaha. Even privacy projects spread dirty javascripts.

              • Lemongrab@lemmy.one
                link
                fedilink
                arrow-up
                1
                ·
                5 months ago

                Anti-fingerprinting isn’t as simple as blocking JavaScript. There are dozens of other parameters. You can fingerprint with pure CSS. When I say anti-fingerprinting is necessary for a crowd, I am referring to data normalization. Like Firefox’s Resistant Fingerprinting and letterboxing. I find most of RFP’s effects unobtrusive, but it always for a crowd to form in specialized cases. Only Tor browser and Mullvad can reasonably form a crowd.
                I dont know what you mean by privacy projects spreading dirty JS. I recommend you read up on actual anti-fingerprinting techniques. Your knowledge of anti/fingerprinting seems limited. Basic anti-fingerprinting is necessary on the modern web, same thing with a content blocker. Security and privacy sometimes come at the cost of convenience, but not always.

                • scratchandgame@lemmy.ml
                  link
                  fedilink
                  Tiếng Việt
                  arrow-up
                  1
                  ·
                  5 months ago

                  I dont know what you mean by privacy projects spreading dirty JS

                  They are using js in their websites

      • Lemongrab@lemmy.one
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        I read your source and am not convinced. While I do agree that piling on modifications is often fruitless and counterintuitive, Vanadium doesn’t have the Fingerprinting protection necessary to create a crowd. At best it can create many islands of crowd for each physical device graphene supports, for each version of the software installed, and only assuming all other method of fingerprinting don’t work (for some reason theoretically for the sake of this best case scenario). Read cromite’s patch list to see some of the changes needed to produce basic anti-fingerprinting (still not good enough to create a crowd).