The purpose of this document was to respond to false claims from James
Donaldson about myself and GrapheneOS. He changed his story about what
happened many times since this was posted. He didn't move forward with
his attempt at taking us to court and this was never used beyond being
posted on our site as a public response.
Nearly all of his supporters realized he was misleading them and left
for greener pastures. Most of them are now using GrapheneOS. We don't
need to refute outdated attacks on GrapheneOS from a person that's now
almost completely irrelevant, especially since he's now trying not to
draw attention to this since he came out looking so terrible. He quietly
misleads people about what happened with his latest historical revisions
and those are countered better by our newer pages summarizing it.
Hint to browsers that we prefer per-origin process isolation. This
disables certain unsafe features regarding cross-origin same-site
resource sharing.
https://web.dev/origin-agent-cluster/#limitations
Specification link:
https://html.spec.whatwg.org/multipage/origin.html#origin-keyed-agent-clusters
This is just a hint to browsers. Depending on resource availability,
they may or may not actually allocate a process. For this reason, it's
not a robust security feature although it is preferable.
This header needs to be active on all pages from an origin for it to
work.
These still exist but have been moved to GrapheneOS-Archive and are only
used in the legacy 12.1-crosshatch branch. They don't need to be listed
on the source page anymore. The legacy branch will be dead soon.
