Good instinct—get the bag. But a Faraday bag sitting on your desk while your phone is powered on and connected to Wi-Fi isn't doing anything.
If you want to actually minimize your footprint, the starting point is understanding the layers.
GrapheneOS is not magic. It's discipline expressed in software.
The physics don't care about your OS.
Your phone is a radio. GrapheneOS hardens the operating system exceptionally well—stronger sandboxing, exploit mitigations, hardened memory protections, tighter permission controls, and a significantly reduced attack surface. That matters.
But it does not change the underlying reality that a smartphone contains multiple radios—cellular (baseband), Wi-Fi, Bluetooth, and others. When those radios are active, the device emits signals that can be observed or correlated.
Edward Snowden summarized the principle in a 2019 tweet:
"If I were configuring a smartphone today, I'd use @DanielMicay's @GrapheneOS as the base operating system. I'd desolder the microphones and keep the radios (cellular, wifi, and bluetooth) turned off when I didn't need them. I would route traffic through the @torproject network."
The actual stack if your threat model demands it:
— All radios off. Airplane mode. Wi-Fi off. Bluetooth off. No SIM.
— Ethernet via USB-C, wired directly to a network (not your home network if your threat model demands it).
— Route all traffic through Tor via Orbot. Optionally, if you're concerned about your ISP seeing a Tor connection, run an always-on VPN with kill switch enabled first, then Tor via Orbot on top of it. Your ISP sees the VPN connection, not Tor. That's a personal call—not everyone trusts a VPN provider as a second party, and that's a valid position.
— For calls and messaging—Signal or SimpleX over that connection.
— Faraday bag when not in use. You can feed an Ethernet cable through and run it from inside the bag.
GrapheneOS says it kills the radios in software. I believe that. But I still keep that phone in a Faraday bag—because I don't fully trust software to kill hardware. A phone with physical kill switches would be better. Until that exists cleanly, the bag is your physical guarantee.
One note on Faraday bags: not all bags are equal. Buy quality and test them regularly. Put your phone in the bag, call it, text it. If anything gets through, the shielding isn't doing its job.
— A note on DNS: DNS leaks can expose your queries before, during, or after your tunnel is established—often resolved by your ISP without you knowing.
Your DNS resolver is also a separate trust decision. Even when your traffic is encrypted, whoever resolves your queries can see the domains you're visiting.
Confirm DNS leak protection is enabled and know who is actually handling your queries.
@npub18dlu...h8x3 Ghost has written some excellent field manuals on this topic.
The financial reality.
Total device segmentation is not optional—it's structural. Banks and financial institutions actively block VoIP numbers, international eSIMs, and many MVNO numbers for SMS 2FA. And it's not just finance—this is becoming increasingly common across platforms and services of all kinds, many of which also reject alias emails.
Your front-facing device with a real carrier SIM and a real email address isn't a compromise—it's a necessity if you participate in modern digital life.
Having a front-facing identity is also less suspicious than having none. A cell phone—GrapheneOS or stock—is tracked at the carrier level regardless. That's a conscious choice, not a failure.
For higher threat models—burner and bug-out discipline:
— Buy it anonymously. Cash. Have someone else buy it if necessary.
— Never power it on near your home or any location tied to your identity.
— Always power it on and off at the same random location, at least five miles from home. Same intersection every time. That creates a false anchor point in your location data.
— Pattern recognition is its own attack surface. Your movements create a mobility fingerprint—where you sleep, where you work, which restaurants you frequent, which addresses you visit regularly.
This is called mobility fingerprinting, and it can identify you from location data alone without your name ever being attached. Same time, same spot, even "randomly"—that's a fingerprint.
— Faraday bag. Always.
The segmentation model:
Device 1—front-facing daily. Real SIM. Real email. Banks, 2FA, carrier identity. GrapheneOS or stock—doesn't matter. Tracked and accepted.
Device 2—private GrapheneOS. No SIM. Radios off. Ethernet. Tor. Signal.
Device 3—burner/bug-out. Anonymous. Bag. Distance discipline.
One more thing worth saying: the Android ecosystem is shifting. Google has been locking down device trees and hardware drivers, making it harder for projects like GrapheneOS to operate, and pushing users toward KYC through the official Play Store. That landscape is worth watching.
None of this means you have to run a three-device stack to benefit from better privacy practices. This is tiered.
At minimum—kill your radios when you're done using your phone.
Note that on stock Android, Wi-Fi and Bluetooth may still perform background scanning for location services even when the toggles appear off. GrapheneOS disables this behavior by default and allows you to set timers that automatically turn Wi-Fi or Bluetooth off when they haven't been connected for a period of time.
Airplane mode costs nothing. GrapheneOS is an excellent step toward better mobile security and privacy. It's just not a finish line.
Total invisibility is a lie. But understanding the layers and building accordingly is how you stop being an easy target.
Know your threat model. Build accordingly.
#IKITAO #Privacy #OPSEC
X (formerly Twitter)
Edward Snowden (@Snowden) on X
If I were configuring a smartphone today, I'd use @DanielMicay's @GrapheneOS as the base operating system. I'd desolder the microphones and keep th...
The actual stack if your threat model demands it:
— All radios off. Airplane mode. Wi-Fi off. Bluetooth off. No SIM.
— Ethernet via USB-C, wired directly to a network (not your home network if your threat model demands it).
— Route all traffic through Tor via Orbot. Optionally, if you're concerned about your ISP seeing a Tor connection, run an always-on VPN with kill switch enabled first, then Tor via Orbot on top of it. Your ISP sees the VPN connection, not Tor. That's a personal call—not everyone trusts a VPN provider as a second party, and that's a valid position.
— For calls and messaging—Signal or SimpleX over that connection.
— Faraday bag when not in use. You can feed an Ethernet cable through and run it from inside the bag.
GrapheneOS says it kills the radios in software. I believe that. But I still keep that phone in a Faraday bag—because I don't fully trust software to kill hardware. A phone with physical kill switches would be better. Until that exists cleanly, the bag is your physical guarantee.
One note on Faraday bags: not all bags are equal. Buy quality and test them regularly. Put your phone in the bag, call it, text it. If anything gets through, the shielding isn't doing its job.
— A note on DNS: DNS leaks can expose your queries before, during, or after your tunnel is established—often resolved by your ISP without you knowing.
Your DNS resolver is also a separate trust decision. Even when your traffic is encrypted, whoever resolves your queries can see the domains you're visiting.
Confirm DNS leak protection is enabled and know who is actually handling your queries.
@npub18dlu...h8x3 Ghost has written some excellent field manuals on this topic.
The financial reality.
Total device segmentation is not optional—it's structural. Banks and financial institutions actively block VoIP numbers, international eSIMs, and many MVNO numbers for SMS 2FA. And it's not just finance—this is becoming increasingly common across platforms and services of all kinds, many of which also reject alias emails.
Your front-facing device with a real carrier SIM and a real email address isn't a compromise—it's a necessity if you participate in modern digital life.
Having a front-facing identity is also less suspicious than having none. A cell phone—GrapheneOS or stock—is tracked at the carrier level regardless. That's a conscious choice, not a failure.
For higher threat models—burner and bug-out discipline:
— Buy it anonymously. Cash. Have someone else buy it if necessary.
— Never power it on near your home or any location tied to your identity.
— Always power it on and off at the same random location, at least five miles from home. Same intersection every time. That creates a false anchor point in your location data.
— Pattern recognition is its own attack surface. Your movements create a mobility fingerprint—where you sleep, where you work, which restaurants you frequent, which addresses you visit regularly.
This is called mobility fingerprinting, and it can identify you from location data alone without your name ever being attached. Same time, same spot, even "randomly"—that's a fingerprint.
— Faraday bag. Always.
The segmentation model:
Device 1—front-facing daily. Real SIM. Real email. Banks, 2FA, carrier identity. GrapheneOS or stock—doesn't matter. Tracked and accepted.
Device 2—private GrapheneOS. No SIM. Radios off. Ethernet. Tor. Signal.
Device 3—burner/bug-out. Anonymous. Bag. Distance discipline.
One more thing worth saying: the Android ecosystem is shifting. Google has been locking down device trees and hardware drivers, making it harder for projects like GrapheneOS to operate, and pushing users toward KYC through the official Play Store. That landscape is worth watching.
None of this means you have to run a three-device stack to benefit from better privacy practices. This is tiered.
At minimum—kill your radios when you're done using your phone.
Note that on stock Android, Wi-Fi and Bluetooth may still perform background scanning for location services even when the toggles appear off. GrapheneOS disables this behavior by default and allows you to set timers that automatically turn Wi-Fi or Bluetooth off when they haven't been connected for a period of time.
Airplane mode costs nothing. GrapheneOS is an excellent step toward better mobile security and privacy. It's just not a finish line.
Total invisibility is a lie. But understanding the layers and building accordingly is how you stop being an easy target.
Know your threat model. Build accordingly.
#IKITAO #Privacy #OPSEC
