Make Your Phone More Private
Summary
TLDRThis video script highlights the importance of smartphone privacy and introduces GrapheneOS, an open-source, privacy-focused mobile OS. It emphasizes the OS's security features, such as app isolation and selective service controls, and offers guidance on choosing Pixel devices for compatibility. The script provides tips on purchasing devices, using accessories like privacy screens, and optimizing settings to enhance privacy. It also covers topics like disabling 2G, using airplane mode, and configuring DNS for a more secure digital experience.
Takeaways
- đ Smartphones have become major tracking devices, capturing our movements, conversations, and clicks.
- đ± iOS and Android collect significant telemetry data, including location details and device interactions.
- đ Privacy-conscious users may opt for alternative operating systems like GrapheneOS, which prioritize privacy and security.
- đĄïž GrapheneOS enhances security by isolating apps and providing clear settings for disabling specific services.
- đČ GrapheneOS is compatible only with Pixel devices, which offer robust hardware security features and support for alternate OS installations.
- đ§ It's crucial to avoid carrier-locked or bootloader-locked devices when purchasing a Pixel to ensure compatibility with GrapheneOS.
- đł For added privacy, consider buying a Pixel device in person with cash and using a prepaid SIM card.
- đ” Disabling 2G networks and using airplane mode can enhance privacy by preventing potential security breaches and location tracking.
- đ Changing DNS settings or using a VPN can prevent ISPs from tracking online activities; however, avoid combining private DNS with VPN for better privacy.
- đ Additional GrapheneOS settings like scrambled PIN input, auto-reboot, and disabling notifications on the lock screen further protect privacy.
Q & A
Why are smartphones considered tracking devices?
-Smartphones are considered tracking devices because they monitor our movements, conversations, and online activities, often collecting a vast amount of personal data that can be used to understand our behavior and preferences.
What impact does the operating system have on phone privacy?
-The operating system greatly affects phone privacy as it determines the level of data collection, security features, and user control over privacy settings. Some operating systems are more privacy-focused than others.
Why might someone switch to GrapheneOS from iOS or Android?
-People might switch to GrapheneOS for its focus on privacy and enhanced security features, such as app isolation and clear settings for disabling internet connectivity for specific services, providing more control over personal data.
What are some unique security features of Pixel devices that make them suitable for GrapheneOS?
-Pixel devices have robust hardware security infrastructure, such as the Titan M2 security chip and Tensor security core, which ensure strong file encryption and protection against unauthorized access. They also support running alternate operating systems without compromising security features.
Why is it recommended to avoid buying a phone tied to a carrier contract?
-Buying a phone tied to a carrier contract often results in a 'carrier-locked' device that may also be 'bootloader-locked', preventing the installation of custom operating systems like GrapheneOS due to restrictions enforced by the carrier.
What precautions should be taken when purchasing a refurbished device for GrapheneOS installation?
-One should ensure that the refurbished device is not a variant device with a disabled OEM unlock option, as this would prevent the installation of GrapheneOS. It's also recommended to inquire whether the OEM unlock feature is available.
Why is using a privacy screen on a mobile device important for privacy-conscious users?
-A privacy screen is important because it prevents others from viewing the device's screen over the shoulder, protecting sensitive information from being seen and memorized by potential thieves or eavesdroppers.
What is the significance of disabling 2G network connections on a mobile device?
-Disabling 2G connections is significant for privacy as 2G uses weak encryption standards that can be cracked, and it only authenticates the mobile device, not the network, making it vulnerable to rogue base stations like IMSI catchers.
How does GrapheneOS handle network time synchronization differently from other Android devices?
-GrapheneOS, when set to not automatically update time from the network, stops making network time connections entirely, unlike other Android devices that may continue to sync time even after disabling the setting.
What are some best practices for optimizing privacy settings on a GrapheneOS device?
-Best practices include disabling 2G networks, using airplane mode when not in use, setting up private DNS providers like Quad9, choosing default apps carefully, managing lock screen and notification settings, adjusting screen timeout, and enabling auto-reboot features.
Why is it suggested to set the auto-reboot feature to 12 hours or less on a GrapheneOS device?
-Setting the auto-reboot to 12 hours or less ensures that the device returns to a secure 'at rest' state more frequently, where no profiles are logged in, and encryption keys are cleared, enhancing protection against unauthorized data access.
Outlines
đ± Smartphone Privacy and GrapheneOS
This paragraph discusses the importance of smartphone privacy in an increasingly connected world. It highlights how smartphones, powered by iOS or Android, can be invasive tracking devices due to the vast amount of data collected by Apple and Google. The speaker introduces GrapheneOS as a privacy-focused alternative, emphasizing its open-source nature, enhanced security features, and app isolation capabilities. The paragraph also mentions a tutorial for installing GrapheneOS and previews the video's content, which will include tips on choosing the right device, optimizing settings, and understanding the benefits of switching to GrapheneOS.
đĄïž Choosing the Right Device for Privacy
The second paragraph focuses on the selection of a device that supports GrapheneOS, which is limited to Pixel devices. It explains the benefits of using Pixel hardware, including robust security features like the Titan M2 chip and the Tensor security core, which protect against unauthorized access and ensure strong file encryption. The paragraph also addresses the misconception of using Google hardware for privacy by detailing how Pixel devices allow for alternate OS installations while maintaining security. Additionally, it points out the importance of purchasing an unlocked device with enabled OEM unlock to prevent carrier restrictions and ensure the ability to install GrapheneOS.
đ Enhancing Privacy with GrapheneOS Settings
This paragraph delves into the steps to optimize privacy settings on a GrapheneOS device. It advises disabling 2G networks due to their weak encryption and vulnerability to interception and rogue base stations. The speaker also recommends using airplane mode to prevent constant communication with cell towers, which can be used to track location and sell data. Furthermore, it suggests disabling automatic time synchronization to stop network time connections, and it touches on DNS settings, recommending the use of a VPN or a private DNS provider like quad9 to prevent ISP spying and encrypt DNS requests.
đ Auto-Reboot and Additional Security Measures
The final paragraph discusses the security benefits of auto-rebooting a device, which resets it to a state where no profiles are logged in, thus protecting data from unauthorized access. It suggests lowering the auto-reboot time from the default 72 hours to 12 hours or less for enhanced security. Additionally, it mentions the 'scramble PIN input layout' feature for added security against shoulder surfing. The paragraph concludes with a note on the importance of these settings in maintaining the security of a GrapheneOS device.
Mindmap
Keywords
đĄPrivacy
đĄSmartphone
đĄOperating System (OS)
đĄGrapheneOS
đĄTelemetry Data
đĄLocation Details
đĄPixel Devices
đĄTitan M2 Security Chip
đĄOEM Unlock
đĄPrepaid SIM Card
đĄPrivacy Screen
đĄAuto-Reboot
Highlights
Smartphones have become ultimate tracking devices, capturing every movement, conversation, and click.
The importance of the operating system in protecting phone privacy, with iOS and Android gathering extensive user data.
Introduction of GrapheneOS as an open-source, privacy-focused mobile OS with enhanced security.
GrapheneOS isolates apps to limit invasiveness and offers settings to disable internet connectivity for specific services.
Tutorial provided for installing GrapheneOS to enhance digital privacy.
GrapheneOS is compatible only with Pixel devices due to their robust hardware security infrastructure.
Pixel devices support alternate operating systems without compromising hardware security features.
Google's long-term security support for Pixel devices, extending up to 7 years.
Pixel 8's hardware support for memory tagging, enhancing security against memory corruption vulnerabilities.
Recommendation to choose the latest Pixel model for the longest security update support.
Warning against purchasing carrier-locked or bootloader-locked devices that restrict the installation of custom OS.
Advice on buying Pixel devices in person with cash for enhanced privacy.
Use of prepaid SIM cards without tying them to personal identity for privacy.
The effectiveness of physical cases and privacy screens in protecting device and screen privacy.
Optimizing GrapheneOS settings to disable 2G networks for enhanced security.
Explanation of the security risks associated with 2G networks, including weak encryption and IMSI catchers.
Benefits of airplane mode for privacy, including preventing constant communication with cell towers.
How to disable network time sync to stop automatic connections to cell towers for time updates.
DNS settings on GrapheneOS to prevent privacy leaks and protect against ISP spying.
Recommendations on using a VPN or switching to a private DNS provider like Quad9 for privacy.
Customizing default apps and managing notifications for privacy on GrapheneOS.
Adjusting screen timeout and touch sensitivity settings for privacy screen compatibility.
The importance of auto-reboot as a defense mechanism against physical access attacks on GrapheneOS.
Enabling scramble PIN input layout for added security during device unlocking.
Transcripts
ï»żWe want to help you with your phone privacy. In a world more connected than ever, our smartphones Â
have become the ultimate tracking devices. They see our every movement, conversation, Â
and click. They go with us everywhere we go, capture our memories, and often Â
sit next to our bed as we sleep. But it is possible to better protect this Â
data on our phones, and the operating system that you use makes a huge difference. Â
Most people use phones powered by either iOS or Android. Â
But Apple and Google gather a staggering amount of information from these operating Â
systems. Telemetry data revealing our interactions with the device. Precise Â
location details. This data gives them a scary amount of insight into our lives. Â
So if youâre privacy conscious like me, youâve probably switched to an Â
alternative operating system that prioritizes privacy. I personally use GrapheneOS. Â
It's an open-source, privacy-focused mobile OS with enhanced security features. Â
It isolates apps to limit their invasiveness, and it offers clear settings for selectively disabling Â
things like internet connectivity for specific services. It's a great choice for those who want Â
to reclaim their digital privacy. We have a tutorial that explains how Â
to install it on your device if you want to take the plunge. Â
In this video we're going to dive into more DETAILÂ about what makes Graphene great for privacy. Â
Thereâll be tips on how to get started, like what you need to know before you even buy your phone, Â
then weâll walk you through how to optimize your settings to really Â
get the most from your new device. Just to be clear, whether you customize Â
your settings or not, you're already doing a huge amount for your privacy just by making the switch Â
to Graphene. So you should feel awesome about that. And if you haven't yet taken the plunge, Â
this video will give you a glimpse of some of the cool features that await you when you do. Â
So to understand how to make your digital footprint as small as possible, Letâs start with Â
purchasing your device in the first place. GrapheneOS is only compatible with Pixel devices, Â
and this may seem like a contradiction for some people: How can I have a secure and private Â
device if Iâm using Google hardware! There are some great reasons why GrapheneOSÂ Â
has chosen to focus on supporting Pixel devices. Pixels have many features that Â
just arenât available on other phone models. First they come with a robust hardware security Â
infrastructure, such as the Titan M2 security chip and the Tensor security core. Â
These are key hardware features for ensuring strong file encryption on your device, Â
and providing solid protection against unauthorized access if someone has the Â
device in their physical possession. Weâll explain more about this a little later. Â
Second, Pixels allow you to run alternate operating systems, with user controlled Â
signing keys, whilst preserving all hardware security features, such as Â
It sounds super confusing, but essentially what this means is that with Pixels, Â
users can replace or modify the operating system without breaking the device's ability to verify Â
the integrity of the software at boot time. It is possible to install alternate operating Â
systems on a variety of Android devices, but it's usually done in an insecure way or by crippling Â
security features. Pixels are different, in that they officially support this functionality and Â
allow you to maintain the device's full security features when doing so. Â
Google also provides long-term security support for Pixel devices, Â
meaning regular security updates that last for many years, up to 7 years on the Pixel Â
8! This is a longer support period than any other manufacturer of Android devices. Â
And finally, one other cool feature that Pixel 8 added is Â
hardware support for memory tagging. Memory tagging is a security feature that Â
helps protect a system against certain types of memory corruption vulnerabilities, such as double Â
free and use-after-free bugs. Again, it sounds confusing, Â
but basically it's a feature that will drastically improve the security of your Â
device against targeted attacks, and GrapheneOSÂ is taking full advantage of this feature. Â
So if you decide to install GrapheneOS, which Pixel device should you choose? Well, Â
probably the latest model of Pixel within your budget constraints â right Â
now the latest model is the Pixel 8. This will give you the longest support for Â
security updates, which is important because you don't want to keep using hardware that's no Â
longer getting security updates. Next, youâll be tempted to buy a phone Â
that is cheaper because itâs been tied to a carrier contract. Â
Stop, there are super important things you need to know about this first! Â
If you're buying your device while signing a contract with a carrier, you'll likely Â
be sold a 'carrier-locked' device. These are restricted to a specific cell network, Â
binding the user to a carrier contract. But they're often not just carrier-locked. Â
Sometimes they're what's called "variant devices" that are also âbootloader-lockedâ. Â
Carriers like Verizon are notorious for this: on their variant devices, the OEM unlock option Â
has been disabled, and there's nothing you can do to get it enabled again. Â
OEM unlock is what allows you to unlock the bootloader, so that you can install a custom Â
operating system on the device. If this is grayed out, it means you won't be able to Â
install GrapheneOS on your phone. The reason some carriers disable this Â
option is to ensure that the software on the device remains unchanged, Â
and to enforce the terms of the contract or installment plans associated with the Â
device. But the real problem with these variant devices is that, if that phone was initially a Â
carrier-locked variant, it will stay a variant, and that OEM unlock feature still won't work, Â
even if the carrier contract has expired, and even if it's been refurbished. Â
So you have to be really careful what kind of device you purchase. Â
Our tips: Donât purchase Â
a phone in conjunction with a carrier plan, you must ensure that it's not a variant device, and Â
make sure that OEM unlock is enabled on it. Second, be careful of refurbished devices. Â
You may not know whether it's actually a variant device that was originally locked into Â
a phone carrier contract. So before purchasing a refurbished phone, make sure you ask the seller Â
whether OEM unlock is grayed out or not. Final tip for purchasing a device: We recommend Â
buying your Pixel in person from a physical store using cash. Itâs more private than Â
purchasing online with a credit card in your name and a delivery to your home address. Â
Next is your carrier â If you want to be able to use your phone to make calls and access the Â
internet anywhere you go, youâll need a sim card. Ideally you should purchase a prepaid sim card Â
with cash without tying it to your identity. In the US in most states this is very easy, Â
but if youâre somewhere else in the world this may be more difficult. Michael Bazzelâs book Â
âextreme Privacy for Mobile Devicesâ has some good solutions for international people. Â
Personally I prefer not to have a SIM in my phone at all, and in an upcoming video in our phone Â
privacy series, I explain why, and whether or not this is the right choice for most people. Â
Now letâs think about mobile accessories: A physical case is great just for protecting Â
your device in general. And to protect your privacy Â
I highly recommend a privacy screen: If you think the personal information on Â
your phone is safe because it's locked with a passcode, it's not. Bad guys can Â
look over your shoulder, memorize your passcode and then snatch your phone Â
If youâve ever sat in an auditorium or on a plane or next to someone in a queue, youâll know Â
that you can see everything that person types on their phone, even from a long distance away. Â
A privacy screen makes it far more difficult for someone to see whatâs on your phone and is Â
essential for a privacy-conscious person. Now letâs dive into ways you can optimize your Â
phone settings once you have GrapheneOS installed. Â
While graphene defaults are already really awesome, there are further steps you can take Â
to lock down your device even more. For example you can make sure that your Â
device doesnât connect with 2g networks. Under settings, Go to Network & internet, select Â
SIMs, select your SIM, and scroll to the bottom where it says âAllow 2Gâ. Toggle that off. Â
Organizations like EFF have been sounding the alarm against the security and privacy Â
problems of 2G for years, so letâs talk about why this is an important setting to disable. Â
First, 2G networks use a weak encryption standard thatâs easier to crack. Â
Obviously your cell provider can access your phone calls and messages regardless of which network Â
youâre using, but when you use 2g your mobile phone calls and text messages can potentially be Â
intercepted and decoded by 3rd parties in-between your phone and the cell tower too. Â
Also, in 2G, only the mobile device is authenticated by the network, but not vice versa. Â
This makes it easier to set up rogue base stations known as "IMSI catchers" or "Stingrays" that Â
pretend to be legitimate cell towers. Devices then connect to these fake towers, allowing attackers Â
to intercept and monitor communications. Even if you have more secure 3g or 4g networks Â
available on your phone, attackers can force a device to "downgrade" and use Â
the less secure 2G network, and then intercept your communications. Â
So you should disable 2g. Now let's look at airplane mode. Â
It can be really helpful for privacy to put your phone into airplane mode whenever you Â
are not using it, but be aware that you wonât be able to receive calls through Â
your regular cell network if you do this. The reason itâs good for privacy is because your Â
phone is constantly communicating with nearby cell towers. Â
Cell providers are able to use this communication to monitor your real-time location, Â
and they actually have a long history of selling this location data. Â
Airplane mode is the only setting that stops your phone constantly pinging cell towers. Â
Itâs worth noting that your phone is actually pinging cell towers whether you have a SIM in Â
your phone or not, performing all kinds of functions. One of them is something Â
called âtime syncâ, where phones connect to cell towers to retrieve accurate time data, Â
synchronizing with the network's time. Network time can actually be disabled: Â
Go to Settings Â
System Date & time Â
and then un-enable âSet time automaticallyâ On AOSP or the stock OS of other android devices, Â
your phone will keep making these network connections, even after disabling this Â
setting --your phone just stops setting time based on these connections. Â
But when you un-enable "set time automatically" on GrapheneOS, Â
your phone actually stops making these network time connections entirely. Â
Putting your phone in airplane mode ALSO stops your phone connecting Â
to cell towers for time sync. So airplane mode is a great privacy Â
tool regardless of whether there's a SIM in your phone, and weâll dive further into this in an Â
upcoming video in this series. Now letâs look at DNS settings Â
on your GrapheneOS device. DNS stands for Domain Name System, Â
and itâs how your device translates human readable URLs into IP addresses that your Â
device can understand. It can be a big privacy leak, Â
because by default your cell provider probably handles these DNS requests for you, Â
so they see which websites you visit, and they are also notorious for selling your private data. Â
There are different ways to address this. You can install a VPN app on the device, Â
and your VPN provider will usually handle your DNS requests for you, as well as encrypt Â
the traffic out of your device so that it canât be seen by your cell provider. Â
Or you can change your DNS settings via the "private dns" feature, so that your cell provider Â
is no longer in charge of those requests. Be aware though that you'll have issues if Â
you do BOTH these things: private DNS will override the DNS settings of the VPN app. Â
Basically enabling Private DNS makes your phone stop using network DNS and replaces it with the Â
Private DNS server. When you use a VPN, the VPN DNS is your network DNS for everything Â
other than connectivity checks. And so enabling private DNS AND using Â
a VPN can actually make you stand out more, because someone using quad9 DNS on a Mullvad Â
IP address for example will be somewhat unique. This makes you more trackable. Â
Just using a VPN is generally a good choice, and Mullvad and ProtonVPN Â
are both highly regarded options. You would just download the VPN app to set it up. Â
If you do decide to switch out your DNS provider instead, quad9 is a good choice for private DNS. Â
They're a non-profit DNS resolver that blocks malicious sites, and they also help prevent your Â
ISP or cell provider from spying on your online activities by encrypting requests as it travels Â
from your device to Quad9. To set this up Â
Go to Settings Network & internet Â
Scroll Down Select "Private DNS" Â
*Select "Private DNS provider hostname" then enter "dns.quad9.net" Â
Now letâs look at how to set default apps If you go to settings Â
Apps And select âdefault appsâ Â
you can set your favorite default apps there. For example you might set Brave as your default Â
browser, if thatâs an app that you like. Vanadium is also a great choice for a browser, Â
which is already your default. Then thereâs notifications. Â
under settings and Notifications, Â
you can choose whether you want notifications to appear on the lock screen. Â
I select âdonât show any notificationsâ because I donât want people to be able to get ANY data about Â
my phone activities when itâs locked. now Â
Under settings, display, and lock screen, you can disable âwake screen for notificationsâ. This Â
prevents unintended exposure of notifications by keeping the screen dark instead of turning Â
on each time you get a notification. Screen timeouts is another setting you might Â
want to tweak: Under settings Â
and Display You'll see screen Â
timeout. Itâs a good practice to keep your phone locked as soon as you have a period Â
of inactivity. We recommend selecting 1 minute, and this also aids in battery conservation. Â
If you have a privacy screen on your device you might want to consider tweaking some settings Â
for the touch screen: Under settings, Â
and display Thereâs an Â
option to Increase touch sensitivity: This can be a helpful setting to turn on, Â
to ensure accurate touch response despite the additional privacy screen layer. Â
Now letâs look at auto reboot. Rebooting your device is a valuable Â
defense against attackers with physical access to the device as it puts your device into a Â
state known as âat restâ, where encryption keys and memory are cleared out. Â
While data in storage is always encrypted, as soon as you log in to a profile after it's rebooted, Â
ie put in your pin and unlock the device, the encryption key becomes available to the device. Â
So as long as the phone has been logged into at least once since the last time it was rebooted, Â
if a malicious actor has the device in their possession, they could get access Â
to your data even if the screen is locked. On Graphene, you can set your phone to auto-reboot Â
if the device hasn't been unlocked within a specified period. This reboot will frequently Â
take your device back to the initial state where no profiles are logged in, and so no one can get Â
access to data within profiles if they manage to get hold of your device. In this state, Â
the Titan M2 chip will also prevent brute forcing of the device passcode, so your data will remain Â
secure until you unlock the phone. By default, GrapheneOS sets auto-reboot Â
to 72 hours, but we recommend that most people lower it to 12 hours or less. Â
To do this, go to settings, Security, Â
then select 12 hours or less under auto-reboot Â
Then thereâs pin layout go to settings Â
select Security and enable âscramble PIN input layout.
Browse More Related Video
SER 100% ANĂNIMO en INTERNET en SOLO 9 PASOS
Hablo con Rave Privacy: El mĂłvil mĂĄs SEGURO del MUNDO!, Todo sobre PRIVACIDAD y GrapheneOS...
iOS 18: 10 FunçÔes para ATIVAR URGENTE na nova ATUALIZAĂĂO đ±
iOS 18 Settings To Turn ON Now! (& Our #1 iPhone Battery Fix!)
5 Ways to Protect Your Internet Privacy
Is iPhone SAFER Than Android?
5.0 / 5 (0 votes)