security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

reorder FAQ

Browse Source
This commit is contained in:
Daniel Micay 2020-03-02 05:16:55 -05:00
parent 77b304c92e
commit 70fc36a6e2
1 changed files with 40 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
static/faq.html
View File

@ -62,10 +62,10 @@
<ul>
<li><a href="#hardware-identifiers">Can apps access hardware
identifiers?</a></li>
<li><a href="#default-connections">Which connections do the OS and
bundled apps make by default?</a></li>
<li><a href="#cellular-tracking">What does GrapheneOS do about cellular
tracking and silent SMS?</a></li>
<li><a href="#default-connections">Which connections do the OS and
bundled apps make by default?</a></li>
<li><a href="#default-dns">Which DNS servers are used by default?</a></li>
<li><a href="#custom-dns">How do I use a custom DNS server?</a></li>
<li><a href="#private-dns-ip">Why does Private DNS not accept IP
@ -255,6 +255,44 @@
<p>GrapheneOS only makes a small change to remove a legacy form of access to the
serial number by legacy apps, which was still around for compatibility.</p>
<h3 id="cellular-tracking">
<a href="#cellular-tracking">What does GrapheneOS do about cellular tracking and
silent SMS?</a>
</h3>
<p>GrapheneOS always considers the network to be hostile and does not implement weak
or useless mitigations. Therefore, it does not have the assorted gimmicks seen elsewhere
providing privacy/security theatre to make users feel better about these issues. One
of the core tenets of GrapheneOS is being honest with users and avoiding scams/frills
based around marketing rather than real world privacy/security threat models.</p>
<p>Activating airplane mode will fully disable the cellular radio transmit and receive
capabilities, which will prevent your phone from being reached from the cellular
network and stop your carrier (and anyone impersonating them to you) from tracking the
device via the cellular radio. The baseband implements other functionality such as
Wi-Fi and GPS functionality, but each of these components is separately sandboxed on
the baseband and independent of each other. Enabling airplane mode disables the
cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular
radio again. This allows using the device as a Wi-Fi only device.</p>
<p>Even if interception of the connection or some other man-in-the-middle attack along
the network is not currently occurring, the network is still untrustworthy and
information should not be sent unencrypted. Legacy calls and texts should be avoided
as they're not secure and trust the carrier / network along with having weak security
against other parties. Trying to detect some forms of interception rather than dealing
with the root of the problem (unencrypted communications / data transfer) would be
foolish and doomed to failure.</p>
<p>Receiving a silent SMS is not a good indicator of being targeted by your cell
carrier, police or government because <em>anyone on the cell network can send
them</em> including yourself. Cellular triangulation will happen regardless of whether
or not SMS texts are being sent or received by the phone. Even if an SMS did serve a
useful purpose for tracking, a silent SMS would be little different than receiving
unsolicited spam. In fact, sending spam would be stealthier since it wouldn't trigger
alerts for silent SMS but rather would be ignored with the rest of the spam. Regardless,
sending texts or other data is not required or particularly useful to track devices
connected to a network for an adversary with the appropriate access.</p>
<h3 id="default-connections">
<a href="#default-connections">What kind of connections do the OS and bundled apps
make by default?</a>
@ -338,44 +376,6 @@
</li>
</ul>
<h3 id="cellular-tracking">
<a href="#cellular-tracking">What does GrapheneOS do about cellular tracking and
silent SMS?</a>
</h3>
<p>GrapheneOS always considers the network to be hostile and does not implement weak
or useless mitigations. Therefore, it does not have the assorted gimmicks seen elsewhere
providing privacy/security theatre to make users feel better about these issues. One
of the core tenets of GrapheneOS is being honest with users and avoiding scams/frills
based around marketing rather than real world privacy/security threat models.</p>
<p>Activating airplane mode will fully disable the cellular radio transmit and receive
capabilities, which will prevent your phone from being reached from the cellular
network and stop your carrier (and anyone impersonating them to you) from tracking the
device via the cellular radio. The baseband implements other functionality such as
Wi-Fi and GPS functionality, but each of these components is separately sandboxed on
the baseband and independent of each other. Enabling airplane mode disables the
cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular
radio again. This allows using the device as a Wi-Fi only device.</p>
<p>Even if interception of the connection or some other man-in-the-middle attack along
the network is not currently occurring, the network is still untrustworthy and
information should not be sent unencrypted. Legacy calls and texts should be avoided
as they're not secure and trust the carrier / network along with having weak security
against other parties. Trying to detect some forms of interception rather than dealing
with the root of the problem (unencrypted communications / data transfer) would be
foolish and doomed to failure.</p>
<p>Receiving a silent SMS is not a good indicator of being targeted by your cell
carrier, police or government because <em>anyone on the cell network can send
them</em> including yourself. Cellular triangulation will happen regardless of whether
or not SMS texts are being sent or received by the phone. Even if an SMS did serve a
useful purpose for tracking, a silent SMS would be little different than receiving
unsolicited spam. In fact, sending spam would be stealthier since it wouldn't trigger
alerts for silent SMS but rather would be ignored with the rest of the spam. Regardless,
sending texts or other data is not required or particularly useful to track devices
connected to a network for an adversary with the appropriate access.</p>
<h3 id="default-dns">
<a href="#default-dns">Which DNS servers are used by default?</a>
</h3>