Hey y’all,
Hoping to get some advice using split tunneling as a tool for compartmentalization. Didn’t find much discussion on the forum in particular about this, but saw one response from Jonah that at least supports the idea of split tunneling being a valid tool for compartmentalization
Threat model/Info I’d like to protect:
2 identities/personas
- IRL/professional identity, used where real identity is a prerequisite for desired outcome, e.g. banking, groceries, whatever. Not super relevant to the discussion at hand besides from noting I’m not trying to take privacy to the extreme and live an entirely off grid lifestyle.
- General browsing, psuedonymous personas, etc. I would like to have freedom from basic surveillance capitalism mechanisms for random browsing, research I don’t want to be easily tied to my professional identity. With the current administration in the US, and the amount of money being dumped into palantir and the like, the push for id verification, I feel like Americans are destined for our own social credit score very soon. Ultimately, I just want to freedom to browse without having to worry about it affecting a potential rating like that.
I have no reason to believe I’d be at risk from targeted attacks.
I’m kind of a nobody, I doubt a global passive adversary would be something I need to defend against, beyond something like AI and automated info feeding into something like a social credit score lol.
So with that out of the way, my question:
I run grapheneos, I have an owner profile that has strictly open source, privacy respecting apps (yes I’m aware of the open source = risk free fallacy and have done my due diligence). I have a secondary profile with play services for a small selection of apps I occasionally need to use that requires play services. I hardly ever use this profile.
So, in this regard, I have things compartmentalized by app and its perceived level of privacy invasiveness. On the owner profile, I use vanadium for accounts related to identity 1 - banking, shopping, etc. I use Thunderbird, but have a couple of gmail accounts loaded there (it’s on my todo list to transition my primary email away from gmail, I’ll get to it eventually). All that to say, the owner profile services both identity 1 and 2.
For identity 2, I have a separate browser and a mullvad subscription. I dont see the point for me to connect to a VPN for banking/shopping/etc.
Because my current setup is thus, I have the VPN on with split tunneling. I have excluded everything from the VPN tunnel (including system apps) from the VPN except for my alt browser and a couple of other apps associated with Identity 2. And the two system apps that seem to handle downloads because I figure they’d be a part of handling downloads..
I do not have ‘block connections outside of VPN’ turned on for conveniences sake so I can jump back and forth between the two seamlessly.
Okay, now I’m really getting to my question. Is this sufficient for the threat model above?
I value convenience. Having a separate profile for ID 2 would cause friction and I’m not sure I’d stick with it. That being said, I have seen some people say that split tunneling is not ideal as it allows DNS leaks. And some other reasoning I didn’t quite follow.
Would love some input from those with greater technical understanding 
