Fairphone 4 is making hundreds of unwanted connections per day, to the same addresses.
So I got Fairphone 4, with /e/ os, a couple of days ago.
When I connected it to my NextDNS I saw that it was trying to connect to some weird addresses, like every 5-10 minutes. I searched Internet a bit and found out that it was something with snapdragon cpu and location services. I travel a lot and use Organic Maps for navigation, so location was enabled almost all day on the phone. I turned off location services and connections stopped, and everything was fine for a couple of days.
Today I came home, checked logs in NextDNS and saw that phone started doing the same connections almost constantly even with location turned off.
Can I do something about this, other than allowing these connections?
These connections are probably so numerous because they are getting blocked. If I allowed them, phone would maybe call home once in a couple of hours. I would rather not allow them, but I don't want 20% of battery to be eaten by this.
On 4th and 5th generation Pixels (which use a Qualcomm baseband providing cellular, Wi-Fi, Bluetooth and GNSS in separate sandboxes), almanacs are downloaded from https://qualcomm.psds.grapheneos.org/xtra3Mgrbeji.bin which is a cache of Qualcomm's data. Alternatively, the standard servers can be enabled in the Settings app which will use https://path1.xtracloud.net/xtra3Mgrbeji.bin, https://path2.xtracloud.net/xtra3Mgrbeji.bin and https://path3.xtracloud.net/xtra3Mgrbeji.bin. GrapheneOS improves the privacy of Qualcomm PSDS (XTRA) by removing the User-Agent header normally containing an SoC serial number (unique hardware identifier), random ID and information on the phone including manufacturer, brand and model. We also always fetch the most complete XTRA database variant (xtra3Mgrbeji.bin) instead of model/carrier/region dependent variants to avoid leaking a small amount of information based on the database variant.
Note sure if e/OS/ has taken as much care as Graphene has to make the requests more private. Then again, they don't claim to be the most private OS, just De-Googled.
Everybody I know uses whatsapp, but they also use threema because every time I get asked for whatsapp I tell them that I am only on threema.
Worked out fine. Everybody that actually wants to chat with me got it. And after some privacy related whatsapp news they made their friends migrate and so on.
For other cases there is plain old calls and emails. Chat is really just a small convenience and not necessary at all. I'd never sacrifice my privacy for.
Ah, it's just a quirk of e/OS/. Nothing much - and you can run a DNS filter on your mobile to get rid of this problem (Bonus: won't take too much of battery since it'll not be operating a VPN since you're root)!
I haven't heard much about Ubuntu Touch - does it work well?
I am kind of new to all these privacy things. So what do you exactly mean by getting rid of this problem? I have DNS which blocks these connections but phone is still making them. How can I make the phone stop doing that?
Ubuntu Touch is just a linux distro for your phone. I actually haven't used it yet, but according to their website, the Fairphone 4 has really good support. So I might try it.
Ah, I didn't manage to recollect your mention of NextDNS in your post. There's no need to change anything regarding your DNS settings in such a case; it won't take much of your battery.
The SUPL-A/GPS case is well-know for a long time. Though it’s probably a low impact case in term of user’s privacy, we are evaluating how to prevent or mitigate it in /e/OS.
Options we have today:
Block SUPL requests using /e/OS’ Advanced Privacy tracker control. But that would probably kill the A/GPS service, making the GPS location service very, very slow.
Proxy SUPL requests to anonymize their originr. That’s an option but it can be blocked if we send too much traffic to the SUPL servers. This would likely happen because /e/OS has a lot of users, and would have an impact in term of service continuity.
Figure out how /e/OS users can use Advanced Privacy IP scrambling features to fake SUPL calls origin IP address.
…?
You might want to try option 1 and check. Please revert back to this comment after attempting to do so, so that others can benefit from this idea.
XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device
They just forgot to mention that this data is sent with no encryption (except in the xtra3grc.bin format, hope that they’re exclusively using that now…). Of course it should be blocked. But it’s necessary to allow one of those 3 domains in order to make the GPS work properly.
Thx for very detailed reply. I was trying to do the option 1, but I couldnt find how to do that.
I am guesing that because dns is blocking the requests they dont show in the app.
That would mean the app and dns are doing the same thing, so it doesnt really help.
I might just allow them, because I need the gps to work properly.
I don't have experience with e/OS/, I can only really say what I gather from their documentation.
Note that:
when I activate fake location in AP but keep location turned off in system settings the app organic maps does not show my fake location but asks me to enable location.
Therefore I presume: Yes, location off in system settings means no location for any app.
The thing about modern android and location settings is that when it is turned off that also means the GPS. So probably correct, no location for any app.
I would suggest utilising the Fake my location toggle for when you would not like apps to access your location, however, I am not sure if it will work against requests from low-level firmware such as directly from a Qualcomm chip. That's a question for the developers.
Another point that is mentioned in this post is the fact that tracker detection and blocking (which is now native to e/OS/) can't work with DoT providers like NextDNS. Indeed, the app and the DNS filters you're using with your DNS provider attempt to do the same thing here.
Note that the “tracker manager” of Advanced Privacy can’t work with DNS over TLS (DoT).
I use location only for/with Organic Maps, otherwise it is turned off, so using fake location seems pointless.
It looks like if I want to use gps without problems I have to allow these connections.
Or switch to pixel and GrapheneOS.
Other chip makers like mediatek, samsung probably have something similar, so that isnt option either.
I just got this FP4 and I like it alot, so I guess I'm stuck with qualcomm getting some telemetry.
Just a heads up -
Been following UT for some time and the major for me is that there is currently no VolTe support. Major bummer for US folks. There's workarounds, at least for pixel3a but its not 100% reliable.
Also SMS / MMS can be troublesome as well. Can't download images while on WiFi??? Group MMS doesn't work.
Great system, works well but I can't make it my daily driver