Module 01 — Foundations & GrapheneOS
📚 1. Why Foundations Matter
If you get the basics wrong, no amount of tools will save you. This module gives you a mental model for how CommsBlack Training thinks about protection: security, privacy and anonymity are related but not the same.
| Goal | What it means | Typical focus |
|---|---|---|
| Security 🔐 | Keep your device and accounts from being compromised. | Updates, hardened OS, lockscreen, strong authentication. |
| Privacy 🕶️ | Limit who can see your data and digital activity. | End-to-end encryption, data minimisation, permissions. |
| Anonymity 🕵️ | Hide who you are, even if someone can see activity. | Compartmented devices, Tor, careful behaviour. |
Most mistakes come from assuming one of these automatically gives you the others. A hardened phone can still leak identity; an anonymous account can still be compromised if security is weak.
📱 2. GrapheneOS in Plain Language
GrapheneOS is a hardened Android-based operating system focused on exploit resistance and privacy controls rather than eye-candy or vendor bloat.
✅ Capabilities
- Hardened memory management to make many exploits significantly harder.
- Stronger app sandboxing and strict permission controls.
- Improved lockscreen and full-disk encryption defaults.
- Per-app network, sensor and storage controls.
- Profile separation for clean “compartments” on one device.
🛡️ What it mitigates
- Reduces success rate of remote and local exploitation attempts.
- Makes quiet, background data exfiltration by apps more difficult.
- Improves protection of data at rest when the device is powered off.
🚫 Limitations
- Cannot fix risky behaviour or poor choices in apps and accounts.
- Does not make you anonymous by itself.
- Content visible on an unlocked device can still be read, photographed or recorded by someone nearby.
Think of GrapheneOS as the foundation of your kit: it removes many “easy win” attack paths so you can focus on higher-level risks.
🚨 3. Duress PIN: Last-Resort Protection
A duress PIN is a special code you can enter on the lockscreen that looks like a normal unlock attempt but instead triggers a defensive action (for example, wiping a profile). It is designed for high-pressure situations where you are being forced to unlock a device.
How it helps
- Lets you respond under pressure in a way you have rehearsed.
- Can rapidly protect the highest-risk data if you no longer expect to control the device.
- Creates a clear mental rule: “If X happens, I enter this PIN, not my everyday one.”
When it is realistic
- You still physically hold the device long enough to enter a code.
- You have decided in advance what will be destroyed and what will remain.
- You understand that it protects local data, not information already stored with third-party services.
Important cautions
- It is not a magic reset button; it cannot undo actions already taken on an unlocked device.
- It does not remove past backups, logs or records held by providers or authorities.
- Laws and expectations around device access vary by jurisdiction; always consider the legal and ethical context before using such features.
You will see how duress strategies fit into broader anti-forensics thinking later in Module 12 — Anti-Forensics Awareness.
✅ 4. Quick Self-Check
- Can you clearly explain the difference between security, privacy and anonymity?
- Do you understand what GrapheneOS gives you — and what it doesn’t?
- Have you decided whether a duress PIN is appropriate for your situation, and if so, practiced when you would use it?