Make Your Phone More Private
Summary
TLDRThis video script highlights the importance of smartphone privacy and introduces GrapheneOS, an open-source, privacy-focused mobile OS. It emphasizes the OS's security features, such as app isolation and selective service controls, and offers guidance on choosing Pixel devices for compatibility. The script provides tips on purchasing devices, using accessories like privacy screens, and optimizing settings to enhance privacy. It also covers topics like disabling 2G, using airplane mode, and configuring DNS for a more secure digital experience.
Takeaways
- 🔒 Smartphones have become major tracking devices, capturing our movements, conversations, and clicks.
- 📱 iOS and Android collect significant telemetry data, including location details and device interactions.
- 🔐 Privacy-conscious users may opt for alternative operating systems like GrapheneOS, which prioritize privacy and security.
- 🛡️ GrapheneOS enhances security by isolating apps and providing clear settings for disabling specific services.
- 📲 GrapheneOS is compatible only with Pixel devices, which offer robust hardware security features and support for alternate OS installations.
- 🔧 It's crucial to avoid carrier-locked or bootloader-locked devices when purchasing a Pixel to ensure compatibility with GrapheneOS.
- 💳 For added privacy, consider buying a Pixel device in person with cash and using a prepaid SIM card.
- 📵 Disabling 2G networks and using airplane mode can enhance privacy by preventing potential security breaches and location tracking.
- 🌐 Changing DNS settings or using a VPN can prevent ISPs from tracking online activities; however, avoid combining private DNS with VPN for better privacy.
- 🔋 Additional GrapheneOS settings like scrambled PIN input, auto-reboot, and disabling notifications on the lock screen further protect privacy.
Q & A
Why are smartphones considered tracking devices?
-Smartphones are considered tracking devices because they monitor our movements, conversations, and online activities, often collecting a vast amount of personal data that can be used to understand our behavior and preferences.
What impact does the operating system have on phone privacy?
-The operating system greatly affects phone privacy as it determines the level of data collection, security features, and user control over privacy settings. Some operating systems are more privacy-focused than others.
Why might someone switch to GrapheneOS from iOS or Android?
-People might switch to GrapheneOS for its focus on privacy and enhanced security features, such as app isolation and clear settings for disabling internet connectivity for specific services, providing more control over personal data.
What are some unique security features of Pixel devices that make them suitable for GrapheneOS?
-Pixel devices have robust hardware security infrastructure, such as the Titan M2 security chip and Tensor security core, which ensure strong file encryption and protection against unauthorized access. They also support running alternate operating systems without compromising security features.
Why is it recommended to avoid buying a phone tied to a carrier contract?
-Buying a phone tied to a carrier contract often results in a 'carrier-locked' device that may also be 'bootloader-locked', preventing the installation of custom operating systems like GrapheneOS due to restrictions enforced by the carrier.
What precautions should be taken when purchasing a refurbished device for GrapheneOS installation?
-One should ensure that the refurbished device is not a variant device with a disabled OEM unlock option, as this would prevent the installation of GrapheneOS. It's also recommended to inquire whether the OEM unlock feature is available.
Why is using a privacy screen on a mobile device important for privacy-conscious users?
-A privacy screen is important because it prevents others from viewing the device's screen over the shoulder, protecting sensitive information from being seen and memorized by potential thieves or eavesdroppers.
What is the significance of disabling 2G network connections on a mobile device?
-Disabling 2G connections is significant for privacy as 2G uses weak encryption standards that can be cracked, and it only authenticates the mobile device, not the network, making it vulnerable to rogue base stations like IMSI catchers.
How does GrapheneOS handle network time synchronization differently from other Android devices?
-GrapheneOS, when set to not automatically update time from the network, stops making network time connections entirely, unlike other Android devices that may continue to sync time even after disabling the setting.
What are some best practices for optimizing privacy settings on a GrapheneOS device?
-Best practices include disabling 2G networks, using airplane mode when not in use, setting up private DNS providers like Quad9, choosing default apps carefully, managing lock screen and notification settings, adjusting screen timeout, and enabling auto-reboot features.
Why is it suggested to set the auto-reboot feature to 12 hours or less on a GrapheneOS device?
-Setting the auto-reboot to 12 hours or less ensures that the device returns to a secure 'at rest' state more frequently, where no profiles are logged in, and encryption keys are cleared, enhancing protection against unauthorized data access.
Outlines
📱 Smartphone Privacy and GrapheneOS
This paragraph discusses the importance of smartphone privacy in an increasingly connected world. It highlights how smartphones, powered by iOS or Android, can be invasive tracking devices due to the vast amount of data collected by Apple and Google. The speaker introduces GrapheneOS as a privacy-focused alternative, emphasizing its open-source nature, enhanced security features, and app isolation capabilities. The paragraph also mentions a tutorial for installing GrapheneOS and previews the video's content, which will include tips on choosing the right device, optimizing settings, and understanding the benefits of switching to GrapheneOS.
🛡️ Choosing the Right Device for Privacy
The second paragraph focuses on the selection of a device that supports GrapheneOS, which is limited to Pixel devices. It explains the benefits of using Pixel hardware, including robust security features like the Titan M2 chip and the Tensor security core, which protect against unauthorized access and ensure strong file encryption. The paragraph also addresses the misconception of using Google hardware for privacy by detailing how Pixel devices allow for alternate OS installations while maintaining security. Additionally, it points out the importance of purchasing an unlocked device with enabled OEM unlock to prevent carrier restrictions and ensure the ability to install GrapheneOS.
🔒 Enhancing Privacy with GrapheneOS Settings
This paragraph delves into the steps to optimize privacy settings on a GrapheneOS device. It advises disabling 2G networks due to their weak encryption and vulnerability to interception and rogue base stations. The speaker also recommends using airplane mode to prevent constant communication with cell towers, which can be used to track location and sell data. Furthermore, it suggests disabling automatic time synchronization to stop network time connections, and it touches on DNS settings, recommending the use of a VPN or a private DNS provider like quad9 to prevent ISP spying and encrypt DNS requests.
🔄 Auto-Reboot and Additional Security Measures
The final paragraph discusses the security benefits of auto-rebooting a device, which resets it to a state where no profiles are logged in, thus protecting data from unauthorized access. It suggests lowering the auto-reboot time from the default 72 hours to 12 hours or less for enhanced security. Additionally, it mentions the 'scramble PIN input layout' feature for added security against shoulder surfing. The paragraph concludes with a note on the importance of these settings in maintaining the security of a GrapheneOS device.
Mindmap
Keywords
💡Privacy
💡Smartphone
💡Operating System (OS)
💡GrapheneOS
💡Telemetry Data
💡Location Details
💡Pixel Devices
💡Titan M2 Security Chip
💡OEM Unlock
💡Prepaid SIM Card
💡Privacy Screen
💡Auto-Reboot
Highlights
Smartphones have become ultimate tracking devices, capturing every movement, conversation, and click.
The importance of the operating system in protecting phone privacy, with iOS and Android gathering extensive user data.
Introduction of GrapheneOS as an open-source, privacy-focused mobile OS with enhanced security.
GrapheneOS isolates apps to limit invasiveness and offers settings to disable internet connectivity for specific services.
Tutorial provided for installing GrapheneOS to enhance digital privacy.
GrapheneOS is compatible only with Pixel devices due to their robust hardware security infrastructure.
Pixel devices support alternate operating systems without compromising hardware security features.
Google's long-term security support for Pixel devices, extending up to 7 years.
Pixel 8's hardware support for memory tagging, enhancing security against memory corruption vulnerabilities.
Recommendation to choose the latest Pixel model for the longest security update support.
Warning against purchasing carrier-locked or bootloader-locked devices that restrict the installation of custom OS.
Advice on buying Pixel devices in person with cash for enhanced privacy.
Use of prepaid SIM cards without tying them to personal identity for privacy.
The effectiveness of physical cases and privacy screens in protecting device and screen privacy.
Optimizing GrapheneOS settings to disable 2G networks for enhanced security.
Explanation of the security risks associated with 2G networks, including weak encryption and IMSI catchers.
Benefits of airplane mode for privacy, including preventing constant communication with cell towers.
How to disable network time sync to stop automatic connections to cell towers for time updates.
DNS settings on GrapheneOS to prevent privacy leaks and protect against ISP spying.
Recommendations on using a VPN or switching to a private DNS provider like Quad9 for privacy.
Customizing default apps and managing notifications for privacy on GrapheneOS.
Adjusting screen timeout and touch sensitivity settings for privacy screen compatibility.
The importance of auto-reboot as a defense mechanism against physical access attacks on GrapheneOS.
Enabling scramble PIN input layout for added security during device unlocking.
Transcripts
We want to help you with your phone privacy. In a world more connected than ever, our smartphones
have become the ultimate tracking devices. They see our every movement, conversation,
and click. They go with us everywhere we go, capture our memories, and often
sit next to our bed as we sleep. But it is possible to better protect this
data on our phones, and the operating system that you use makes a huge difference.
Most people use phones powered by either iOS or Android.
But Apple and Google gather a staggering amount of information from these operating
systems. Telemetry data revealing our interactions with the device. Precise
location details. This data gives them a scary amount of insight into our lives.
So if you’re privacy conscious like me, you’ve probably switched to an
alternative operating system that prioritizes privacy. I personally use GrapheneOS.
It's an open-source, privacy-focused mobile OS with enhanced security features.
It isolates apps to limit their invasiveness, and it offers clear settings for selectively disabling
things like internet connectivity for specific services. It's a great choice for those who want
to reclaim their digital privacy. We have a tutorial that explains how
to install it on your device if you want to take the plunge.
In this video we're going to dive into more DETAIL about what makes Graphene great for privacy.
There’ll be tips on how to get started, like what you need to know before you even buy your phone,
then we’ll walk you through how to optimize your settings to really
get the most from your new device. Just to be clear, whether you customize
your settings or not, you're already doing a huge amount for your privacy just by making the switch
to Graphene. So you should feel awesome about that. And if you haven't yet taken the plunge,
this video will give you a glimpse of some of the cool features that await you when you do.
So to understand how to make your digital footprint as small as possible, Let’s start with
purchasing your device in the first place. GrapheneOS is only compatible with Pixel devices,
and this may seem like a contradiction for some people: How can I have a secure and private
device if I’m using Google hardware! There are some great reasons why GrapheneOS
has chosen to focus on supporting Pixel devices. Pixels have many features that
just aren’t available on other phone models. First they come with a robust hardware security
infrastructure, such as the Titan M2 security chip and the Tensor security core.
These are key hardware features for ensuring strong file encryption on your device,
and providing solid protection against unauthorized access if someone has the
device in their physical possession. We’ll explain more about this a little later.
Second, Pixels allow you to run alternate operating systems, with user controlled
signing keys, whilst preserving all hardware security features, such as
It sounds super confusing, but essentially what this means is that with Pixels,
users can replace or modify the operating system without breaking the device's ability to verify
the integrity of the software at boot time. It is possible to install alternate operating
systems on a variety of Android devices, but it's usually done in an insecure way or by crippling
security features. Pixels are different, in that they officially support this functionality and
allow you to maintain the device's full security features when doing so.
Google also provides long-term security support for Pixel devices,
meaning regular security updates that last for many years, up to 7 years on the Pixel
8! This is a longer support period than any other manufacturer of Android devices.
And finally, one other cool feature that Pixel 8 added is
hardware support for memory tagging. Memory tagging is a security feature that
helps protect a system against certain types of memory corruption vulnerabilities, such as double
free and use-after-free bugs. Again, it sounds confusing,
but basically it's a feature that will drastically improve the security of your
device against targeted attacks, and GrapheneOS is taking full advantage of this feature.
So if you decide to install GrapheneOS, which Pixel device should you choose? Well,
probably the latest model of Pixel within your budget constraints – right
now the latest model is the Pixel 8. This will give you the longest support for
security updates, which is important because you don't want to keep using hardware that's no
longer getting security updates. Next, you’ll be tempted to buy a phone
that is cheaper because it’s been tied to a carrier contract.
Stop, there are super important things you need to know about this first!
If you're buying your device while signing a contract with a carrier, you'll likely
be sold a 'carrier-locked' device. These are restricted to a specific cell network,
binding the user to a carrier contract. But they're often not just carrier-locked.
Sometimes they're what's called "variant devices" that are also “bootloader-locked”.
Carriers like Verizon are notorious for this: on their variant devices, the OEM unlock option
has been disabled, and there's nothing you can do to get it enabled again.
OEM unlock is what allows you to unlock the bootloader, so that you can install a custom
operating system on the device. If this is grayed out, it means you won't be able to
install GrapheneOS on your phone. The reason some carriers disable this
option is to ensure that the software on the device remains unchanged,
and to enforce the terms of the contract or installment plans associated with the
device. But the real problem with these variant devices is that, if that phone was initially a
carrier-locked variant, it will stay a variant, and that OEM unlock feature still won't work,
even if the carrier contract has expired, and even if it's been refurbished.
So you have to be really careful what kind of device you purchase.
Our tips: Don’t purchase
a phone in conjunction with a carrier plan, you must ensure that it's not a variant device, and
make sure that OEM unlock is enabled on it. Second, be careful of refurbished devices.
You may not know whether it's actually a variant device that was originally locked into
a phone carrier contract. So before purchasing a refurbished phone, make sure you ask the seller
whether OEM unlock is grayed out or not. Final tip for purchasing a device: We recommend
buying your Pixel in person from a physical store using cash. It’s more private than
purchasing online with a credit card in your name and a delivery to your home address.
Next is your carrier – If you want to be able to use your phone to make calls and access the
internet anywhere you go, you’ll need a sim card. Ideally you should purchase a prepaid sim card
with cash without tying it to your identity. In the US in most states this is very easy,
but if you’re somewhere else in the world this may be more difficult. Michael Bazzel’s book
“extreme Privacy for Mobile Devices” has some good solutions for international people.
Personally I prefer not to have a SIM in my phone at all, and in an upcoming video in our phone
privacy series, I explain why, and whether or not this is the right choice for most people.
Now let’s think about mobile accessories: A physical case is great just for protecting
your device in general. And to protect your privacy
I highly recommend a privacy screen: If you think the personal information on
your phone is safe because it's locked with a passcode, it's not. Bad guys can
look over your shoulder, memorize your passcode and then snatch your phone
If you’ve ever sat in an auditorium or on a plane or next to someone in a queue, you’ll know
that you can see everything that person types on their phone, even from a long distance away.
A privacy screen makes it far more difficult for someone to see what’s on your phone and is
essential for a privacy-conscious person. Now let’s dive into ways you can optimize your
phone settings once you have GrapheneOS installed.
While graphene defaults are already really awesome, there are further steps you can take
to lock down your device even more. For example you can make sure that your
device doesn’t connect with 2g networks. Under settings, Go to Network & internet, select
SIMs, select your SIM, and scroll to the bottom where it says “Allow 2G”. Toggle that off.
Organizations like EFF have been sounding the alarm against the security and privacy
problems of 2G for years, so let’s talk about why this is an important setting to disable.
First, 2G networks use a weak encryption standard that’s easier to crack.
Obviously your cell provider can access your phone calls and messages regardless of which network
you’re using, but when you use 2g your mobile phone calls and text messages can potentially be
intercepted and decoded by 3rd parties in-between your phone and the cell tower too.
Also, in 2G, only the mobile device is authenticated by the network, but not vice versa.
This makes it easier to set up rogue base stations known as "IMSI catchers" or "Stingrays" that
pretend to be legitimate cell towers. Devices then connect to these fake towers, allowing attackers
to intercept and monitor communications. Even if you have more secure 3g or 4g networks
available on your phone, attackers can force a device to "downgrade" and use
the less secure 2G network, and then intercept your communications.
So you should disable 2g. Now let's look at airplane mode.
It can be really helpful for privacy to put your phone into airplane mode whenever you
are not using it, but be aware that you won’t be able to receive calls through
your regular cell network if you do this. The reason it’s good for privacy is because your
phone is constantly communicating with nearby cell towers.
Cell providers are able to use this communication to monitor your real-time location,
and they actually have a long history of selling this location data.
Airplane mode is the only setting that stops your phone constantly pinging cell towers.
It’s worth noting that your phone is actually pinging cell towers whether you have a SIM in
your phone or not, performing all kinds of functions. One of them is something
called “time sync”, where phones connect to cell towers to retrieve accurate time data,
synchronizing with the network's time. Network time can actually be disabled:
Go to Settings
System Date & time
and then un-enable ”Set time automatically” On AOSP or the stock OS of other android devices,
your phone will keep making these network connections, even after disabling this
setting --your phone just stops setting time based on these connections.
But when you un-enable "set time automatically" on GrapheneOS,
your phone actually stops making these network time connections entirely.
Putting your phone in airplane mode ALSO stops your phone connecting
to cell towers for time sync. So airplane mode is a great privacy
tool regardless of whether there's a SIM in your phone, and we’ll dive further into this in an
upcoming video in this series. Now let’s look at DNS settings
on your GrapheneOS device. DNS stands for Domain Name System,
and it’s how your device translates human readable URLs into IP addresses that your
device can understand. It can be a big privacy leak,
because by default your cell provider probably handles these DNS requests for you,
so they see which websites you visit, and they are also notorious for selling your private data.
There are different ways to address this. You can install a VPN app on the device,
and your VPN provider will usually handle your DNS requests for you, as well as encrypt
the traffic out of your device so that it can’t be seen by your cell provider.
Or you can change your DNS settings via the "private dns" feature, so that your cell provider
is no longer in charge of those requests. Be aware though that you'll have issues if
you do BOTH these things: private DNS will override the DNS settings of the VPN app.
Basically enabling Private DNS makes your phone stop using network DNS and replaces it with the
Private DNS server. When you use a VPN, the VPN DNS is your network DNS for everything
other than connectivity checks. And so enabling private DNS AND using
a VPN can actually make you stand out more, because someone using quad9 DNS on a Mullvad
IP address for example will be somewhat unique. This makes you more trackable.
Just using a VPN is generally a good choice, and Mullvad and ProtonVPN
are both highly regarded options. You would just download the VPN app to set it up.
If you do decide to switch out your DNS provider instead, quad9 is a good choice for private DNS.
They're a non-profit DNS resolver that blocks malicious sites, and they also help prevent your
ISP or cell provider from spying on your online activities by encrypting requests as it travels
from your device to Quad9. To set this up
Go to Settings Network & internet
Scroll Down Select "Private DNS"
*Select "Private DNS provider hostname" then enter "dns.quad9.net"
Now let’s look at how to set default apps If you go to settings
Apps And select “default apps”
you can set your favorite default apps there. For example you might set Brave as your default
browser, if that’s an app that you like. Vanadium is also a great choice for a browser,
which is already your default. Then there’s notifications.
under settings and Notifications,
you can choose whether you want notifications to appear on the lock screen.
I select “don’t show any notifications” because I don’t want people to be able to get ANY data about
my phone activities when it’s locked. now
Under settings, display, and lock screen, you can disable “wake screen for notifications”. This
prevents unintended exposure of notifications by keeping the screen dark instead of turning
on each time you get a notification. Screen timeouts is another setting you might
want to tweak: Under settings
and Display You'll see screen
timeout. It’s a good practice to keep your phone locked as soon as you have a period
of inactivity. We recommend selecting 1 minute, and this also aids in battery conservation.
If you have a privacy screen on your device you might want to consider tweaking some settings
for the touch screen: Under settings,
and display There’s an
option to Increase touch sensitivity: This can be a helpful setting to turn on,
to ensure accurate touch response despite the additional privacy screen layer.
Now let’s look at auto reboot. Rebooting your device is a valuable
defense against attackers with physical access to the device as it puts your device into a
state known as “at rest”, where encryption keys and memory are cleared out.
While data in storage is always encrypted, as soon as you log in to a profile after it's rebooted,
ie put in your pin and unlock the device, the encryption key becomes available to the device.
So as long as the phone has been logged into at least once since the last time it was rebooted,
if a malicious actor has the device in their possession, they could get access
to your data even if the screen is locked. On Graphene, you can set your phone to auto-reboot
if the device hasn't been unlocked within a specified period. This reboot will frequently
take your device back to the initial state where no profiles are logged in, and so no one can get
access to data within profiles if they manage to get hold of your device. In this state,
the Titan M2 chip will also prevent brute forcing of the device passcode, so your data will remain
secure until you unlock the phone. By default, GrapheneOS sets auto-reboot
to 72 hours, but we recommend that most people lower it to 12 hours or less.
To do this, go to settings, Security,
then select 12 hours or less under auto-reboot
Then there’s pin layout go to settings
select Security and enable “scramble PIN input layout.
Voir Plus de Vidéos Connexes
SER 100% ANÓNIMO en INTERNET en SOLO 9 PASOS
Hablo con Rave Privacy: El móvil más SEGURO del MUNDO!, Todo sobre PRIVACIDAD y GrapheneOS...
iOS 18: 10 Funções para ATIVAR URGENTE na nova ATUALIZAÇÃO 😱
iOS 18 Settings To Turn ON Now! (& Our #1 iPhone Battery Fix!)
5 Ways to Protect Your Internet Privacy
Is iPhone SAFER Than Android?
5.0 / 5 (0 votes)