improve Network permission docs in FAQ

2023-07-09 15:54:49 -04:00 · 2023-07-09 15:54:49 -04:00 · cf26b8423d
commit cf26b8423d
parent 0c8c05fd07
1 changed files with 19 additions and 11 deletions
--- a/static/faq.html
+++ b/static/faq.html
@ -1305,18 +1305,26 @@
                <article id="firewall">
                    <h3><a href="#firewall">Does GrapheneOS provide a firewall?</a></h3>

-                    <p>Yes, GrapheneOS inherits the deeply integrated firewall from the Android Open
-                    Source Project, which is used to implement portions of the security model and various
-                    other features. The GrapheneOS project historically made various improvements to the
-                    firewall but over time most of these changes have been integrated upstream or became
-                    irrelevant.</p>
+                    <p>Yes, GrapheneOS inherits the deeply integrated firewall from the Android
+                    Open Source Project, which is used to implement portions of the security model
+                    and various other features. The GrapheneOS project historically made various
+                    improvements to the firewall but over time most of these changes have been
+                    integrated upstream or became irrelevant.</p>

-                    <p>GrapheneOS adds a user-facing Network permission toggle providing a robust way to
-                    deny both direct and indirect network access to applications. It builds upon the
-                    standard non-user-facing INTERNET permission, so it's already fully adopted by the app
-                    ecosystem. Revoking the permission denies indirect access via OS components and apps
-                    enforcing the INTERNET permission, such as DownloadManager. Direct access is denied
-                    by blocking low-level network socket access.</p>
+                    <p>GrapheneOS adds a user-facing Network permission toggle providing a robust
+                    way to deny both direct and indirect network access to applications. It builds
+                    upon the standard non-user-facing INTERNET permission, so it's already fully
+                    adopted by the app ecosystem. Revoking the permission denies indirect access
+                    via OS components and apps enforcing the INTERNET permission, such as
+                    DownloadManager. Direct access is denied by blocking low-level network socket
+                    access. A packet-based firewall would only block direct access so our approach
+                    is much more complete. Additionally, GrapheneOS pretends that the Network is
+                    down for most APIs when the Network permission is disabled. For example, it
+                    won't run scheduled jobs depending internet availability and most APIs for
+                    checking the state of the network will report it as down and internet access
+                    as unavailable. This means apps won't try to keep trying to access the
+                    internet and draining battery because they'll treat it the way they do when
+                    internet access is genuinely unavailable.</p>
                </article>

                <article id="ad-blocking">