grapheneos.org icon indicating copy to clipboard operation
grapheneos.org copied to clipboard

Published 20 hours ago verified publisher icon GrapheneOS

Hotspot and VPN Usage

Open Metr0pl3x opened this issue 2 years ago • 6 comments

Add documentation in usage or FAQ to explain how traffic routed via the hotspot is not directed via the handset/user profile VPN and any external device must have it's own VPN connection to protect traffic.

Metr0pl3x avatar Jul 14 '22 23:07 Metr0pl3x

Suggest including this as an onscreen warning / tick to confirm - as easy to miss / not intuitive, and consequence potentially high.

Vauxal avatar Oct 08 '22 07:10 Vauxal

VPNs are per-profile. I don't think it's unintuitive with that in mind.

thestinger avatar Oct 08 '22 15:10 thestinger

VPNs are per-profile. I don't think it's unintuitive with that in mind.

I was running a WhatsApp account' with shelter and a Instagram account in a work profile for a few months until I worked out that you need a separate VPN per profile. I would love to see a option to root all internet traffic through the Maine profile in the future, it would save a lot of time not needing to have a Separate VPN for every profile I have

tashijayla avatar Oct 04 '23 18:10 tashijayla

Using a separate VPN for each profile is useful even when you want to use the same VPN provider and app for every single profile, because it makes a separate tunnel for each one, providing improved privacy by not tying them together with IPs. We don't want to make things worse.

Using the Owner profile's VPN for tethering/hotspot clients or using the Owner profile's VPN for other user profiles would unnecessarily tie them together. We're against the approach taken to this elsewhere, which we see as more of an anti-privacy feature than a privacy one.

Metr0pl3x avatar Oct 04 '23 18:10 Metr0pl3x

Add documentation in usage or FAQ to explain how traffic routed via the hotspot is not directed via the handset/user profile VPN and any external device must have it's own VPN connection to protect traffic.

Interesting, I use a VPN in my Maine profile and I regularly connect my phone to public WiFi while sharing a hotspot with my computer, I thought my computer wouldn't be exposed to the network. I guess it's time for me to do a fresh reinstall 😕

tashijayla avatar Oct 04 '23 18:10 tashijayla

Android VPN support is per-profile instead of global as a privacy feature. Routing traffic through the Owner user is less private than each secondary profile and connected devices having their own tunnels. System connections not tied to profiles are part of Owner.

thestinger avatar Oct 04 '23 19:10 thestinger