From a9dfae5ced0e3abff74ddbb6e224dcbb6fc6e86d Mon Sep 17 00:00:00 2001 From: inference Date: Fri, 27 Oct 2023 06:52:26 +0000 Subject: [PATCH] Switch to proper paragraph formatting --- about.html | 91 +++++++++++++++++++++++------------------------------- 1 file changed, 39 insertions(+), 52 deletions(-) diff --git a/about.html b/about.html index bf48b43..407aade 100644 --- a/about.html +++ b/about.html @@ -5,7 +5,7 @@ - + @@ -240,11 +240,10 @@

Google Pixel - Google Pixel devices are the best Android devices +

Google Pixel devices are the best Android devices available on the market for - security and privacy.
-
- They allow locking the bootloader with a + security and privacy.

+

They allow locking the bootloader with a custom Android Verified Boot (AVB) key in order to preserve security and privacy features when installing a @@ -255,9 +254,8 @@ rollback protection which prevents an adversary from rolling back the OS or firmware version to a - previous version with known security vulnerabilities.
-
- They also include a + previous version with known security vulnerabilities.

+

They also include a hardware security module (Titan M2, improving on the previous generation @@ -279,24 +277,21 @@ ensures that Titan M2 firmware can be flashed only if the user PIN/password is already known, making it impossible to backdoor the - device without already knowing these secrets.
-
- Google Pixel device kernels are compiled with + device without already knowing these secrets.

+

Google Pixel device kernels are compiled with forward-edge control-flow integrity and backward-edge control-flow integrity to prevent code reuse attacks against the kernel. MAC address randomisation is - implemented well, along with minimal probe requests and randomised initial sequence numbers.
-
- Google releases + implemented well, along with minimal probe requests and randomised initial sequence numbers.

+

Google releases guaranteed monthly security updates, ensuring Google Pixel devices are up-to-date and quickly - protected against security vulnerabilities.
-
- Pixel 6-series and 7-series devices are a large + protected against security vulnerabilities.

+

Pixel 6-series and 7-series devices are a large improvement over the already very secure and private previous generation Pixel devices. They replace ARM-based Titan M with RISC-V-based Titan M2, reducing @@ -306,9 +301,8 @@ the highest level of vulnerability assessment. Google's in-house Tensor SoC includes Tensor Security Core, further improving device - security.
-
- Pixel 6-series and 7-series devices are supported for a + security.

+

Pixel 6-series and 7-series devices are supported for a minimum of 5 years from launch, an increase from previous generations' minimum support lifecycles of 3 years. @@ -317,7 +311,7 @@ putting it on the same support level as Apple; Google have even surpassed Apple in this regard, as Apple does not commit to a support timeframe - for their devices. + for their devices.

@@ -338,7 +332,7 @@

Gentoo Linux - Gentoo Linux +

Gentoo Linux is a highly modular, source-based, Linux-based operating system which allows vast customisation to tailor the operating system to suit @@ -347,9 +341,8 @@ ability to optimise the software for security, privacy, performance, or power usage; however, there are effectively unlimited other use cases, or a combination - of multiple use cases.
-
- I have focused on security hardening and privacy + of multiple use cases.

+

I have focused on security hardening and privacy hardening, placing performance below those aspects, although my system is still very performant. Some of the hardening I apply includes @@ -357,11 +350,10 @@ signed integer overflow wrapping, and GrapheneOS' hardened_malloc - memory allocator.
-
+ memory allocator.

You can find my Gentoo Linux configurations in my - configuration respository. + configuration respository.

Open source

(GPL-2.0-only) @@ -371,7 +363,7 @@

Chromium - Chromium +

Chromium is a highly secure web browser which is often ahead of other web browsers in security aspects. It has a dedicated security team and a very impressive @@ -382,7 +374,7 @@ site isolation, Binding Integrity memory hardening, and - control-flow integrity (CFI). + control-flow integrity (CFI).

Open source

(BSD-3-Clause) @@ -405,7 +397,7 @@

GrapheneOS - GrapheneOS +

GrapheneOS is a security-hardened, privacy-hardened, secure-by-default, Android-based operating system which implements extensive, systemic @@ -426,20 +418,17 @@ hardware-backed attestation (Auditor) to ensure the OS has not been corrupted or - tampered with.
-
- GrapheneOS only supports + tampered with.

+

GrapheneOS only supports high security and well-supported devices which receive full support from their manufacturers, including firmware updates, long support lifecycles, secure - hardware, and overall high security practices.
-
- For an extensive list of features GrapheneOS provides, + hardware, and overall high security practices.

+

For an extensive list of features GrapheneOS provides, visit its official features list - which provides extensive - documentation. + which provides extensive documentation.

Open source

(MIT) @@ -449,7 +438,7 @@

Vanadium - Vanadium is a security-hardened, privacy-hardened +

Vanadium is a security-hardened, privacy-hardened Chromium-based web browser which utilises GrapheneOS' operating system hardening to implement stronger defenses to the already very secure Chromium web @@ -458,11 +447,10 @@ disabling JavaScript just-in-time (JIT) compilation by default, stubbing out the battery status API to prevent abuse of it, and - always-on Incognito mode as an option.
-
- Vanadium's source code, including its Chromium patchset, + always-on Incognito mode as an option.

+

Vanadium's source code, including its Chromium patchset, can be found in its - official repository. + official repository.

Open source

(GPL-2.0-only) @@ -472,7 +460,7 @@

Molly - Molly +

Molly is a security-hardened, privacy-hardened Signal client which hardens Signal by using a @@ -483,10 +471,9 @@ and utilising Android StrongBox to protect user keys - using the device's hardware security module.
-
- Molly is available in - 2 flavours:
+ using the device's hardware security module.

+

Molly is available in + 2 flavours:

- +

Open source

(GPL-3.0-only) @@ -506,11 +493,11 @@

Conversations - Conversations +

Conversations is a well-designed Android XMPP client which serves as the de facto XMPP - reference client and has great usability. + reference client and has great usability.

Open source

(GPL-3.0-only)