https://news.cgtn.com/news/2023-05-17/Chip-giant-Qualcomm-reported-to-secretly-collect-transmit-user-data-1jSlvv9bSeI/index.html if your device is using Q-chips, Graphene is almost useless...
Discussion
I have zero expectations of privacy with Graphene
Thatβs why I never used it before, because it seems to be Privacy LARPing
I use graphene now because I can do stuff with it that I wasnβt able to do with iOS, namely, install software I want.
So your point is unless you are mining your own silicon and building your own chips you are privacy LARPing?
To be honest, privacy is really a fallacy when it comes to using a digital device connected to someone else's network. There are ways to be more private and make it more difficult for people to harvest data, but the only thing 100% is to burn all technology and go live in the woods away from society.
We all have to choose what level of compromise we make. Apple is less private than Android, stock Android is less private than someone who is security minded and removes bloat ware and consciously reduces their footprint, and that's less secure than an alternate OS like Graphene. But nothing on any device is ever 100% anonymous or untraceable aside from digital abstinence.
Which device?
That position is unfortunate. Keeping in mind the OS as default shares no personal information and none is required to install etc I don't know how that is LARPing.
In regards to what people choose to do beyond the initial install they obviously have to develop their own threat model and take ownership of what permissions and information they voluntarily provide each app and service.
That however is outside of the OS control.
The OS itself goes a long way to help people and this can all be read in our documentation.
If there is anything specific within the bounds of the OS itself and not based on user behaviour that you wish to discuss please reach out and let me know.
In related news, Apple is planning to transition away from Qualcomm modem chips as early as next year. They would like to keep their harvested customer data in-house π
Graphene runs on Pixels exclusively, the modern versions of which run on Google Tensor processors
Incorrect...
"On 4th and 5th generation Pixels (which use a Qualcomm baseband providing cellular, Wi-Fi, Bluetooth and GNSS in separate sandboxes), almanacs are downloaded from https://qualcomm.psds.grapheneos.org/xtra3Mgrbeji.bin which is a cache of Qualcomm's data. Alternatively, the standard servers can be enabled in the Settings app which will use https://path1.xtracloud.net/xtra3Mgrbeji.bin, https://path2.xtracloud.net/xtra3Mgrbeji.bin and https://path3.xtracloud.net/xtra3Mgrbeji.bin. GrapheneOS improves the privacy of Qualcomm PSDS (XTRA) by removing the User-Agent header normally containing an SoC serial number (unique hardware identifier), random ID and information on the phone including manufacturer, brand and model. We also always fetch the most complete XTRA database variant (xtra3Mgrbeji.bin) instead of model/carrier/region dependent variants to avoid leaking a small amount of information based on the database variant.
Qualcomm Snapdragon SoC devices also fetch time via NTP for xtra-daemon instead of using potentially incorrect OS time. We use time.grapheneos.org when using the default GrapheneOS PSDS servers or the standard time.xtracloud.net when using Qualcomm's servers. Stock Pixel OS uses time.google.com but we follow Qualcomm's standard settings to match other devices and to avoid the incompatible leap second handling. These connections all go through the Owner VPN so it isn't a real world fingerprinting issue."
Just to note the original Nitrokey article was updated with this information.
This is the problem when incomplete information is spread so fast across the net, misinformation propagates.