TLDR: 'why do we have to be connected to the internet to OEM unlock?'

Hello Channel,

First, thank you all for creating a community where people have shared (sec) interests. And not to forget - providing a ROM for us.

I'm fairly new to this whole world. Not more than 2+ years and defiantly feel like I only scratch the surface and often completely miss the point of how everything fits/works together. So if I ask a stupid question, please understand I'm still exploring the whole realm.

Quite recently I flashed this OS and I needed to be connected to the internet to OEM unlock. Which is new for me, I thought writing a command like 'oem unlock' worked as well in the past.

On the website it says that connecting to the internet is for security reasons like a stolen phone.

What I'm wondering - since I tried to be conscious how to order the flashed phone (not with card and gifted to me) - doesn't connecting to the internet not opens me up to all kind of threads?!

E.g.

- WiFi triangulation
- Nearby devices (Bluetooth, Ultrasounds and such)
- Relationship mapping (same as above)
- Fingerprint the device (same as above and much more I guess that I don't understand yet)
- Data points, on everything that's already gathered e.g.: same as above and altitude and so on.
- Google Ad ID
- if inserted the IMEI of the SIM

Hope my questions makes sense. Since I don't grasp the workings of this *eco system/world* But does connecting to the internet to OEM unlock, not influence the purpose of installing GrapheneOS?'  Or is this an good example for the difference between Security vs Privacy?

Feels like Google still has enough data points to connect any flashed Pixel to an real identity or am I missing something? If so, I hope someone could explain or guide me with some reading material to understand.  

Thank you for reading this long message!