From e055d7283066bd4475e0c83ef8a414736144632a Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sun, 12 Apr 2020 20:42:31 -0400 Subject: [PATCH] document Wi-Fi privacy --- static/usage.html | 60 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/static/usage.html b/static/usage.html index 752ee66e..0df08201 100644 --- a/static/usage.html +++ b/static/usage.html @@ -66,6 +66,13 @@
  • Camera
  • Exec spawning
  • Bugs uncovered by security features
    • +
  • + Wi-Fi privacy + +

    • @@ -327,6 +334,59 @@ relevant crash and filter out information you don't want to send. However, it will be more difficult to debug if you provide less of the information. If the app doesn't work with sensitive information, just send the whole tombstone.

    + +

    + Wi-Fi privacy +

    + +

    Wi-Fi on GrapheneOS is very privacy-friendly and is essentially anonymous as long + as apps do not leak uniquely identifying information to the network. GrapheneOS avoids + allowing itself to be fingerprinted as GrapheneOS, other than connections which are + documented (see the FAQ) and can be easily disabled or forced through a VPN + service.

    + +

    + Scanning +

    + +

    MAC randomization is always performed for Wi-Fi scanning. Pixel + phones have firmware support for scanning MAC randomization going + significantly beyond a native implementation + On many other devices, there are identifiers exposed by Wi-Fi scanning beyond the MAC + address such as the packet sequence number and assorted identifying information in the + probe requests.

    + +

    Avoid using hidden APs (i.e. APs not broadcasting their SSID) since known hidden + SSIDs end up being broadcast to find them again. SSIDs are not broadcast for standard + non-hidden APs.

    + +

    Wi-Fi and Bluetooth scanning for improving location detection are disabled by + default, unlike the stock OS. These can be toggled in Settings ➔ Location ➔ Wi-Fi and + Bluetooth scanning. These features enable scanning even when Wi-Fi or Bluetooth is + disabled, so these need to be kept disabled to fully disable the radios when Wi-Fi and + Bluetooth are disabled. GrapheneOS doesn't yet have an implementation of a coarse + location service to supplement GPS location, so enabling these options doesn't + actually do anything at the moment. Implementing a supplementary location service is + planning but we need a robust, secure and private implementation via a local database. + The initial focus will likely be a cell phone tower database, so these features still + wouldn't be relevant.

    + +

    + Associated with an Access Point (AP) +

    + +

    The DHCP client uses the anonymity profile rather than sending a hostname so it + doesn't compromise the privacy offered by MAC randomization.

    + +

    Associated MAC randomization is performed by default. This can be controlled + per-network with Settings ➔ Network & Internet ➔ Wi-Fi ➔ <network> ➔ + Advanced ➔ Privacy.

    + +

    In the stock OS, the default is to use a unique persistent random MAC address for + each network. It has 2 options available: "Use randomized MAC (default)" and "Use + device MAC". In GrapheneOS, the default is generating a new random MAC address when + connecting to a network. It has 3 options available: "Use per-connection randomized + MAC (default)", "Use per-network randomized MAC" and "Use device MAC".