security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

document DHCP privacy improvement

Browse Source
This commit is contained in:
Daniel Micay 2021-05-24 09:17:14 -04:00
parent 16d1b072e0
commit ef33f88d80
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
static/features.html
View File

@ -204,10 +204,12 @@
<li>PIN scrambling option</li> <li>PIN scrambling option</li>
<li><a href="/usage#lte-only-mode">LTE-only mode</a> to reduce cellular radio <li><a href="/usage#lte-only-mode">LTE-only mode</a> to reduce cellular radio
attack surface by disabling enormous amounts of legacy code</li> attack surface by disabling enormous amounts of legacy code</li>
<li><a href="/usage#wifi-privacy-associated">Default enabled per-connection MAC randomization</a> <li><a href="/usage#wifi-privacy-associated">Per-connection MAC randomization
as an improvement over Android's default per-network MAC randomization reusing option (enabled by default)</a> as a more private option than the standard
the same MAC address until the DHCP lease with that network expires (can still persistent per-network random MAC.</li>
use the standard implementation or fully disable it)</li> <li>When the per-connection MAC randomization added by GrapheneOS is being
used, DHCP client state is flushed before reconnecting to a network to avoid
revealing that it's likely the same device as before.</li>
<li>Vanadium: hardened WebView and default browser — the WebView is what most <li>Vanadium: hardened WebView and default browser — the WebView is what most
other apps use to handle web content, so you benefit from Vanadium in many apps other apps use to handle web content, so you benefit from Vanadium in many apps
even if you choose another browser</li> even if you choose another browser</li>

9
static/usage.html
View File

@ -508,9 +508,6 @@
<section id="wifi-privacy-associated"> <section id="wifi-privacy-associated">
<h3><a href="#wifi-privacy-associated">Associated with an Access Point (AP)</a></h3> <h3><a href="#wifi-privacy-associated">Associated with an Access Point (AP)</a></h3>
<p>The DHCP client uses the anonymity profile rather than sending a hostname so it
doesn't compromise the privacy offered by MAC randomization.</p>
<p>Associated MAC randomization is performed by default. This can be controlled <p>Associated MAC randomization is performed by default. This can be controlled
per-network with Settings ➔ Network &amp; Internet ➔ Wi-Fi ➔ &lt;network&gt; per-network with Settings ➔ Network &amp; Internet ➔ Wi-Fi ➔ &lt;network&gt;
Advanced ➔ Privacy.</p> Advanced ➔ Privacy.</p>
@ -521,6 +518,12 @@
connecting to a network. It has 3 options available: "Use fully randomized MAC connecting to a network. It has 3 options available: "Use fully randomized MAC
(default)", "Use per-network randomized MAC" and "Use device MAC".</p> (default)", "Use per-network randomized MAC" and "Use device MAC".</p>
<p>The DHCP client uses the anonymity profile rather than sending a hostname
so it doesn't compromise the privacy offered by MAC randomization. When the
per-connection MAC randomization added by GrapheneOS is being used, DHCP
client state is flushed before reconnecting to a network to avoid revealing
that it's likely the same device as before.</p>
<p>GrapheneOS also disables support for stable link-local IPv6 addresses, since these <p>GrapheneOS also disables support for stable link-local IPv6 addresses, since these
have the potential to be used as identifiers. It's more sensible to use typical have the potential to be used as identifiers. It's more sensible to use typical
link-local address generation based on the (randomized) MAC address since link-local link-local address generation based on the (randomized) MAC address since link-local