From ef33f88d803f0c5e04b101d153080ae04444b3dd Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Mon, 24 May 2021 09:17:14 -0400
Subject: [PATCH] document DHCP privacy improvement

---
 static/features.html | 10 ++++++----
 static/usage.html    |  9 ++++++---
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/static/features.html b/static/features.html
index d3bf52ba..c1b8796f 100644
--- a/static/features.html
+++ b/static/features.html
@@ -204,10 +204,12 @@
                     <li>PIN scrambling option</li>
                     <li><a href="/usage#lte-only-mode">LTE-only mode</a> to reduce cellular radio
                     attack surface by disabling enormous amounts of legacy code</li>
-                    <li><a href="/usage#wifi-privacy-associated">Default enabled per-connection MAC randomization</a>
-                    as an improvement over Android's default per-network MAC randomization reusing
-                    the same MAC address until the DHCP lease with that network expires (can still
-                    use the standard implementation or fully disable it)</li>
+                    <li><a href="/usage#wifi-privacy-associated">Per-connection MAC randomization
+                    option (enabled by default)</a> as a more private option than the standard
+                    persistent per-network random MAC.</li>
+                    <li>When the per-connection MAC randomization added by GrapheneOS is being
+                    used, DHCP client state is flushed before reconnecting to a network to avoid
+                    revealing that it's likely the same device as before.</li>
                     <li>Vanadium: hardened WebView and default browser — the WebView is what most
                     other apps use to handle web content, so you benefit from Vanadium in many apps
                     even if you choose another browser</li>
diff --git a/static/usage.html b/static/usage.html
index 1d07ed7d..2de00f96 100644
--- a/static/usage.html
+++ b/static/usage.html
@@ -508,9 +508,6 @@
                 <section id="wifi-privacy-associated">
                     <h3><a href="#wifi-privacy-associated">Associated with an Access Point (AP)</a></h3>
 
-                    <p>The DHCP client uses the anonymity profile rather than sending a hostname so it
-                    doesn't compromise the privacy offered by MAC randomization.</p>
-
                     <p>Associated MAC randomization is performed by default. This can be controlled
                     per-network with Settings ➔ Network &amp; Internet ➔ Wi-Fi ➔ &lt;network&gt; ➔
                     Advanced  ➔ Privacy.</p>
@@ -521,6 +518,12 @@
                     connecting to a network. It has 3 options available: "Use fully randomized MAC
                     (default)", "Use per-network randomized MAC" and "Use device MAC".</p>
 
+                    <p>The DHCP client uses the anonymity profile rather than sending a hostname
+                    so it doesn't compromise the privacy offered by MAC randomization. When the
+                    per-connection MAC randomization added by GrapheneOS is being used, DHCP
+                    client state is flushed before reconnecting to a network to avoid revealing
+                    that it's likely the same device as before.</p>
+
                     <p>GrapheneOS also disables support for stable link-local IPv6 addresses, since these
                     have the potential to be used as identifiers. It's more sensible to use typical
                     link-local address generation based on the (randomized) MAC address since link-local