Wi-Fi privacy section for features page

This commit is contained in:
Daniel Micay 2022-05-09 17:43:23 -04:00
parent 6e1494aa52
commit d9d370dd83

View File

@ -112,6 +112,7 @@
can be disabled</a></li>
<li><a href="#broad-carrier-support">Broad carrier support without invasive carrier access</a></li>
<li><a href="#lte-only-mode">LTE-only mode</a></li>
<li><a href="#wifi-privacy">Wi-Fi privacy</a></li>
<li><a href="#private-screenshots">Private screenshots</a></li>
<li><a href="#closed-device-identifier-leaks">Closed device identifier leaks</a></li>
<li><a href="#pin-scrambling">PIN scrambling</a></li>
@ -510,6 +511,29 @@
bleeding edge code (5G).</p>
</section>
<section id="wifi-privacy">
<h3><a href="#wifi-privacy">Wi-Fi privacy</a></h3>
<p>GrapheneOS supports per-connection MAC randomization and enables it by
default. This is a more private approach than the standard persistent
per-network random MAC used by modern Android.</p>
<p>When the per-connection MAC randomization added by GrapheneOS is being
used, DHCP client state is flushed before reconnecting to a network to avoid
revealing that it's likely the same device as before.</p>
<p>GrapheneOS also applies fixes for serious flaws with the Linux kernel IPv6
privacy address implementation which allow using it as an identifier not just
for connections to the same network but also across different networks. We
don't need to apply these changes for the Pixel 6 and later since this was
fixed in the Linux kernel upstream, but hasn't been backported to earlier
kernel LTS branches so we still need to take care of it there.</p>
<p>See our <a href="/usage#wifi-privacy">usage guide section on Wi-Fi privacy
for more general information</a> rather than only our improvements to the
standard Wi-Fi privacy approach.</p>
</section>
<section id="private-screenshots">
<h3><a href="#private-screenshots">Private screenshots</a></h3>
@ -639,13 +663,6 @@
still keeping sensitive data in user profiles without fingerprint unlock)</li>
<li>Support for using the fingerprint scanner only for authentication in apps
and unlocking hardware keystore keys by toggling off support for unlocking.</li>
<li><a href="/usage#wifi-privacy-associated">Per-connection MAC randomization
option (enabled by default)</a> as a more private option than the standard
persistent per-network random MAC.</li>
<li>When the per-connection MAC randomization added by GrapheneOS is being
used, DHCP client state is flushed before reconnecting to a network to avoid
revealing that it's likely the same device as before.</li>
<li>Improved IPv6 privacy addresses to prevent tracking across networks</li>
<li>Vanadium: hardened WebView and default browser — the WebView is what most
other apps use to handle web content, so you benefit from Vanadium in many apps
even if you choose another browser</li>