Worth mentioning: 

I run KYC vpn (proton) in the first user profile w/o a killswitch since there are times when I'm willing to expose my IP if it means the difference between a usable connection or not.

On the secondary profile I run NoKYC vpn (mullvad) with the killswitch enabled since exposing my IP here could dox my nym usage to my physical device. If there is no connection available at the time, I'm willing to wait. I have multi-hop configured for additional assurance. 

 GrapheneOS is under estimated. Don't forget NOKYC for Mullvad. And use silent.link , this is real KYC free. 

 Maybe a dumb question but can't Google and other apps get a deviceid that can be linked to you and your phone regardless of profile? 

 I don't login to any google service, but backend magic could be done to correlate identity, yes. Not so different than how browser fingerprinting works.

The secondary apps are known to the owner profile even when the user content is isolated and encrypted, so that is one point of correlation.

If IMEI/SIM is available in local variable space and to apps, then it is another conduit to fingerprinting.

For me, I am willing to make that tradeoff. If you were trying to hide from a nation state (not recommended) you'd probably want physical seperation from true name/anon usage.

Same it true with your desktop, which explains the appeal of Qubes. Just be sure you really need it before attempting to absorb the extremely significant costs of maintaing such a setup. 

 If I cared, I would engage with the #GrapheneOS team in their new discord to hypothesize how fingerprinting might be done and determine how/if #GrapheneOS thwarts potential fingerprinting today. 

 My goal is to raise the cost of tyranny signifantly without pricing myself out of the usage/maintenance cost.

The model I layed forward would sufficiently defend you from IRL cohersion, but not from the security state.

If you are really trying to hide from the security state, God help you. cc @Snowden . 

 Understood, not knocking the strategy, just asking to understand tradeoffs 

 It's a good question, and I should have clarified. This setup makes in-person surveillance prohibitively expensive without sacrificing too much usability, allowing the device to be used as a daily driver. 

 Degoogled phones should be free of Google querying the modem for the IMEI. The towers will still see that though. IMSI is tied to Sim so change it often or  take it out cause it always broadcasts.  

 Robert Braxman of BraxMe sells degoogled phones that can have the imei changed to help thwart fingerprinting.  But they have tons of ways of get IDs of a person so not sure it's worth the trouble for most cases.  

 I've never heard of a custom Android ROM allowing IMEI changing. How does this work? 

 It's not with the rom it's worth the phone he uses. A generic mediatek device you update. 

Oh it looks like he made a vid recently on how it's a so so privacy and usage issue

https://odysee.com/@RobBraxmanTech:6/Imsi-x1:5?r=8r7eBm6hEAxmRgccRJtbAufGg2SSgHdX 

 I suddenly remembered I have a Doogee S40 Lite somewhere in a large box. Unlike the usual devices I tinker with, this one is Android-based, MT6580.  The IMEI editor code there is `*#*#8688#*#*`. Does it make it more privacy-friendly? Heck no. Doogee is notorious for inserting firmware-based trojans/adware in the past, so I still am looking for some alternative ROMs for that one. 

 THIS IS SMART. i will do what you do. Its just simpli better than how I use grapheme now 

 Dope af 

 Been thinking of moving over to a degoogled phone for a while. Because of work I always ran a Samsung. I do a similar process but using their secure Knox container and keystore. Separation of concerns like in software dev. Once I tire of it, or funds become abundant, I'll probably switch phones. 

 Interesting I like this approach, mine is the other way around. 

nostr:note19ar8jax6mtfu9zjnke0pw8yl9cqvmjne7zlxk02tcpc0qwxggusshzwtcg  

 eSIM usage requires sandboxed GP on the owner profile, and I like the ability to hold the power button and "log out" of the guest profile.

If you put your sensitive usage on the owner profile you wont be able to achieve full disk encryption on that usage without shutting off the device.  

 I put sensitive on owner profile. Meaning i csn not gice up pin code. Need to change so i csn give up pin code and still be fine. Meaning sensitive on profile 2 only. 

 Loving Graphene, thanks for the tips! Any downsides to having your main profile as your sandboxed Google play one? Someone else told me to leave the main profile stock and install everything else on separate profiles. 

Also, what do you do for cell service and your SIM? I’ve seen some no-KYC services, but wondering if it’s worth the trouble. 

 A common theme with #GrapheneOS folks is that they make their setup to complex and end up hating using it.

I like the basic "public" vs "private" profile setup that I lay out above. 

I use a SIM (Mint Mobile) and a couple eSIMs (Tello, Silent Link) which require sandboxed GP. I set those up on my public profile.

Instead of leaving the main one stock, put all your normie usage in there so if you are forced to give it up, the usage looks convincing.

The private profile gives YOU the choice to say "Fuck You I Lost It" -Saylor. 

 Instead of maximizing security, aim to balance practicality and privacy, instead. 

 Nice I think I’ll keep it simple like that. Thanks! What’s the benefit of multiple SIMs? 

 Depends on your situation.

For me:

SIM - always a local phone number to use IRL

Tello eSIM - I use Tello to keep previous IRL phone numbers around

Silent Link eSIM - international internet without KYC.

Payed SMS services - for registering NoKYC handles online (like with Twitter).
 

 So can I use both a physical sim with a new number and an eSIM with my old number at the same time? 

 The maintenance cost across user and profiles cannot be understated. It's similar to the cost of maintaining a complex #Bitcoin multisig where you have to manage a node, interfacing computer, and firmware on many devices. Don't underestimate how much friction that adds. 

 Said GN an hour ago but had to give a shout out here. Simple and elegant. I’ve been rocking graphene single profile with no sim for a few months getting used to it. About to through a sim in and like this approach. 

 The google play requirement for installing a SIM is the obligatory CIA/NSA touch point. 

 Maybe my next phone I’ll try to stay completely locked down. But at this point it would be an improvement for me just to break away from the Apple system. Still need a functioning phone. 

 The goal isn't to hide from the NSA, but to box out corporate surveillance and become sovereign within the civilian realm.

Folks running from government have an entirely different threat model that requires hardware isolation and, likely, no SIM/eSIM usage at all. 

 The NSA won't use their remote capabilities unless you become targeted. But unfortunately that likelihood goes up every day as the line between civilian and insurgent is a database entry. That targeting scales with AI. I know options are limited but the threat needs to be acknowledged and builders need to keep working on solutions. 

 In which pod he said that? I can't find it anymore .. but I know it must be recently.. 

 Sounds like a total weapon ,right on man. 

 Nothing but FOSS apps on my GrapheneOS. 

 Does this mean you have a normie phone for your normie usage? 

 Yes, the phone I just moved from.

However, my plan is to keep this degoogled GrapheneOS phone sim-free and FOSS for good and will add a dumb phone with a sim card in it. 

 I have owner with no google at all. Then I have a profile just for the banking app installed through Huawei app gallery so no google also, and then another profile where I have Google sandboxed with a burner Google account for aurora store mostly, this account I just use it if I really need for some reason.  

 I recommend against putting sensitive usage on the owner profile, since disk encryption cannot be activated unless the device is powered off.

Secondary profiles get disk encryption when logged out, so it's a more practical way to secure that while using the Owner profile for normie things. 

 Totally agree. In my case I don't have much sensative data even in the owner profile and my concern is more focused in privacy from big techs like google.  

 Still learning, but what privacy-focused email service would you recommend for User Profile 2? 

 For nyms I like something persistant, like onionmail.org or tutanota.

For anons, pay-per-email is probably best.

For true names, Skiff or Proton. 

 SIMs are dragnet location tracking devices and things like IMSI are unique and don't change. I recommend rotating the silent link once a month. Even better is PGPP, but it's not open source and even though you pay with surveillance money, they can't distinguish your device and you have no unique identifier, and they thwart triangulation which is pretty cool if you read the white paper - which I hope will inspire an open source implementation
https://invisv.com/ 

 I respect your efforts.  However, you will find yourself in a position where u eventually inadvertently dox yourself by having KYC and NonKYC on the same device. 

Dual users , work/personal profile....its gonna happen. Then all that work to keep the two separate will be fucked. 

Get another phone for KYC stuff and keep it in a Faraday bag when not needed. 

Have two seperste SIMs and don't ever connect the NonKYC phone to your home KYC/IP. Unless you setup a dual SSID system at your home.  

One SSID exits on clearnet.  The other exits over say a VPN you've acquired with anonish money.  

My experience, use pfsense as the router. Configure two interfaces. One of the two should have an always on connection to say Private Internet access (or whatever u want VPN) then configure vlan and assign that SSID to the vlan that sends all that NonKYC traffic through the VPN.  You'll need a switch and Access Points that support such tech. Ubiquity and or TPlink support such.

A plus to having pfsense at the head of your network is u can now connect to it over VPN. Then, ideally u can set your KYC device to always on connect to your home and then all your KYC traffic exits from your home IP. 

I know that's a lot to digest and it is a bit of work but its worth it. 

It also transcends any future devices u may acquire.