security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

update connectivity check documentation

Browse Source
This commit is contained in:
Daniel Micay 2020-11-26 09:23:38 -05:00
parent 3f0506f72b
commit d891cef95e
1 changed files with 23 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
static/faq.html
View File

@ -487,39 +487,18 @@
are designed to detect and handle captive portals which substitute the are designed to detect and handle captive portals which substitute the
expected empty 204 response with their own web page.</p> expected empty 204 response with their own web page.</p>
<p>By default, GrapheneOS leaves these set to the standard four URLs to blend <p>The connectivity checks are done by performing an empty GET request to a
into the crowd of billions of other Android devices with and without Google server returning an empty response with a 204 No Content response code. The
Mobile Services performing the same empty GET requests. For privacy reasons, request a standard, frozen value for the user agent and doesn't send any data
it isn't desirable to stand out from the crowd and changing these URLs or even to the server.</p>
disabling the feature will likely reduce your privacy by giving your device a
more unique fingerprint. GrapheneOS aims to appear like any other common
mobile device on the network.</p>
<p>These need use a very common domain and URL in order to bypass whitelisting
systems only permitting access to common domains / URLs so you may experience
issues if you choose to use connectivitycheck.grapheneos.org instead of the
standard URLs.</p>
<p>Standard frozen AOSP user agent for the GET request:</p> <p>Standard frozen AOSP user agent for the GET request:</p>
<p>Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36</p> <p>Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36</p>
<p>No query / data is sent to the servers and the response is unused beyond <p>No query / data is sent to the servers and the response is unused beyond
checking the response code.</p> checking the response code.</p>
<p>Standard URLs used by Android and when blending in with other devices on <p>By default, the GrapheneOS connectivity check server is used via the
GrapheneOS:</p> following URLs:</p>
<ul>
<li>HTTPS: https://www.google.com/generate_204</li>
<li>HTTP: http://connectivitycheck.gstatic.com/generate_204</li>
<li>HTTP fallback: http://www.google.com/gen_204</li>
<li>HTTP other fallback: http://play.googleapis.com/generate_204</li>
</ul>
<p>We have our own connectivity check server as an alternative to using the
standard URLs. The next release of GrapheneOS will use this by default with a
configuration option in the Settings app to toggle between the GrapheneOS
servers and the standard servers in order to preserve the option of blending
in with the crowd of billions of other Android devices.</p>
<ul> <ul>
<li>HTTPS: https://connectivitycheck.grapheneos.org/generate_204</li> <li>HTTPS: https://connectivitycheck.grapheneos.org/generate_204</li>
@ -528,9 +507,23 @@
<li>HTTP other fallback: http://connectivity.grapheneos.org/generate_204</li> <li>HTTP other fallback: http://connectivity.grapheneos.org/generate_204</li>
</ul> </ul>
<p>Similar connectivity checks are also performed by Vanadium. Configuration <p>You can change the connectivity check URLs via the Settings ➔ Network &amp;
will need to be extended to these, likely by reusing the OS configuration internet ➔ Advanced ➔ Internet connectivity check setting. At the moment, it
instead of it being separate.</p> can be toggled between the GrapheneOS server and the standard Google servers
used by billions of other Android devices. This can be used to blend in with
other Android devices, both with and without Play services. Changing this to
the Standard (Google) mode will use the same URLs used by AOSP and the stock
OS along with the vast majority of other devices:</p>
<ul>
<li>HTTPS: https://www.google.com/generate_204</li>
<li>HTTP: http://connectivitycheck.gstatic.com/generate_204</li>
<li>HTTP fallback: http://www.google.com/gen_204</li>
<li>HTTP other fallback: http://play.googleapis.com/generate_204</li>
</ul>
<p>Similar connectivity checks are also performed by Vanadium. We plan to make
it respect the OS configuration option added by GrapheneOS.</p>
</li> </li>
<li> <li>
<p>DNS connectivity and functionality tests</p> <p>DNS connectivity and functionality tests</p>