From ca16c492509b020f0e62fd6f57578910dd32dfda Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Mon, 9 May 2022 18:03:46 -0400 Subject: [PATCH] split out privacy by default section --- static/features.html | 58 +++++++++++++++++++++++++++++++++----------- 1 file changed, 44 insertions(+), 14 deletions(-) diff --git a/static/features.html b/static/features.html index 0661fde1..6193b1ad 100644 --- a/static/features.html +++ b/static/features.html @@ -116,6 +116,7 @@
  • Private screenshots
  • Closed device identifier leaks
  • PIN scrambling
    • +
  • Privacy by default
  • Supports longer passwords
  • More secure fingerprint @@ -589,6 +590,49 @@ physical proximity or a side channel.

    +
    +

    Privacy by default

    + +

    GrapheneOS doesn't include or use Google apps and services by default and + avoids including any other apps/services not aligned with our privacy and + security focus. Google apps and services can be used on GrapheneOS as regular + sandboxed apps without any special access or privileges through our sandboxed Google Play feature, but we don't + include those apps by default to give users an explicit choice on whether they + want to use those apps and which profiles they want to use it in.

    + +

    We change the default settings to prefer privacy over small conveniences: + personalized keyboard suggestions based on gathering input history are + disabled by default, sensitive notifications are hidden on the lockscreen by + default and passwords are hidden during entry by default.

    + +

    Some of our changes for attack surface + reduction can also improve privacy by default by not exposing unnecessary + radios, etc. by default and avoiding the impact of potential privacy bugs with + the hardware.

    + +

    By default, we also use GrapheneOS servers for the following services + instead of Google servers:

    + +
      +
    • Connectivity checks
      • +
    • Attestation key provisioning
      • +
    • GNSS almanac downloads (PSDS) on 6th generation Pixels
      • +
    • Network time
      • +
    + +

    We provide a toggle to switch back to Google's servers for connectivity + checks, attestation key provisioning and GNSS almanac downloads along with + adding proper support for disabling network time connections. This combines + with other toggles to allow making a GrapheneOS device appear to be an AOSP + device. This is only particularly important for connectivity checks since the + other connections get routed through a VPN which is needed to blend in on a + local network in practice.

    + +

    See our default connections FAQ entry + for much more detailed information.

    +
    +

    Supports longer passwords

    @@ -698,31 +742,17 @@ certificate / key expiry, etc.
  • Proper support for disabling network time updates rather than just not using the results
    • -
  • Connectivity checks via a first party server with the option to revert to the - standard checks (to blend in) or to fully disable them
    • -
  • Attestation key provisioning via a first party server with the option to - revert to the standard server
    • -
  • GNSS almanac downloads (PSDS) via a first party server with the option to - revert to the standard server (not available for all GPS vendors yet)
  • Hardened local build / signing infrastructure
  • Seamless automatic OS update system that just works and stays out of the way in the background without disrupting device usage, with full support for the standard automatic rollback if the first boot of the updated OS fails
  • Require unlocking to access sensitive functionality via quick tiles
    • -
  • Minor changes to default settings to prefer privacy over small conveniences: - personalized keyboard suggestions based on gathering input history are disabled by - default, sensitive notifications are hidden on the lockscreen by default and - passwords are hidden during entry by default
  • Minimal bundled apps and services. Only essential apps are integrated into the OS. We don't make partnerships with apps and services to bundle them into the OS. An app may be the best choice today and poor choice in the future. Our approach will be recommending certain apps during the initial setup, not hard-wiring them into the OS.
    • -
  • No Google apps and services. These can be used on GrapheneOS but only if - they avoid requiring invasive OS integration. Building privileged support for - Google services into the OS isn't something we're going to be doing, even if - that's partially open source like microG.