Switch to proper paragraph formatting
This commit is contained in:
parent
85ecd15f82
commit
a9dfae5ced
SSH Key Fingerprint:
SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
91
about.html
91
about.html
@ -5,7 +5,7 @@
|
|||||||
<!-- Copyright 2022 Jake Winters -->
|
<!-- Copyright 2022 Jake Winters -->
|
||||||
<!-- SPDX-License-Identifier: BSD-3-Clause -->
|
<!-- SPDX-License-Identifier: BSD-3-Clause -->
|
||||||
|
|
||||||
<!-- Version: 6.2.0-alpha.1 -->
|
<!-- Version: 6.2.0-alpha.2 -->
|
||||||
|
|
||||||
|
|
||||||
<html>
|
<html>
|
||||||
@ -240,11 +240,10 @@
|
|||||||
<td><img src="asset/img/google-pixel_8_pro.png" width="100px" height="100px"/><br>
|
<td><img src="asset/img/google-pixel_8_pro.png" width="100px" height="100px"/><br>
|
||||||
<br>
|
<br>
|
||||||
Google Pixel</td>
|
Google Pixel</td>
|
||||||
<td class="td-desc">Google Pixel devices are the best Android devices
|
<td class="td-desc"><p>Google Pixel devices are the best Android devices
|
||||||
available on the market for
|
available on the market for
|
||||||
<a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.<br>
|
<a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p>
|
||||||
<br>
|
<p>They allow locking the bootloader with a
|
||||||
They allow locking the bootloader with a
|
|
||||||
<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a>
|
<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a>
|
||||||
in order to
|
in order to
|
||||||
preserve security and privacy features when installing a
|
preserve security and privacy features when installing a
|
||||||
@ -255,9 +254,8 @@
|
|||||||
<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>
|
<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>
|
||||||
which prevents an adversary
|
which prevents an adversary
|
||||||
from rolling back the OS or firmware version to a
|
from rolling back the OS or firmware version to a
|
||||||
previous version with known security vulnerabilities.<br>
|
previous version with known security vulnerabilities.</p>
|
||||||
<br>
|
<p>They also include a
|
||||||
They also include a
|
|
||||||
<a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a>
|
<a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a>
|
||||||
(Titan M2, improving on
|
(Titan M2, improving on
|
||||||
the previous generation
|
the previous generation
|
||||||
@ -279,24 +277,21 @@
|
|||||||
ensures that Titan M2
|
ensures that Titan M2
|
||||||
firmware can be flashed only if the user PIN/password is
|
firmware can be flashed only if the user PIN/password is
|
||||||
already known, making it impossible to backdoor the
|
already known, making it impossible to backdoor the
|
||||||
device without already knowing these secrets.<br>
|
device without already knowing these secrets.</p>
|
||||||
<br>
|
<p>Google Pixel device kernels are compiled with
|
||||||
Google Pixel device kernels are compiled with
|
|
||||||
<a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a>
|
<a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a>
|
||||||
and
|
and
|
||||||
<a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a>
|
<a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a>
|
||||||
to prevent
|
to prevent
|
||||||
code reuse attacks against the kernel. MAC address
|
code reuse attacks against the kernel. MAC address
|
||||||
randomisation is
|
randomisation is
|
||||||
<a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.<br>
|
<a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p>
|
||||||
<br>
|
<p>Google releases
|
||||||
Google releases
|
|
||||||
<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>,
|
<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>,
|
||||||
ensuring
|
ensuring
|
||||||
Google Pixel devices are up-to-date and quickly
|
Google Pixel devices are up-to-date and quickly
|
||||||
protected against security vulnerabilities.<br>
|
protected against security vulnerabilities.</p>
|
||||||
<br>
|
<p>Pixel 6-series and 7-series devices are a large
|
||||||
Pixel 6-series and 7-series devices are a large
|
|
||||||
improvement over the already very secure and private
|
improvement over the already very secure and private
|
||||||
previous generation Pixel devices. They replace
|
previous generation Pixel devices. They replace
|
||||||
ARM-based Titan M with RISC-V-based Titan M2, reducing
|
ARM-based Titan M with RISC-V-based Titan M2, reducing
|
||||||
@ -306,9 +301,8 @@
|
|||||||
the highest level of
|
the highest level of
|
||||||
vulnerability assessment. Google's in-house Tensor SoC
|
vulnerability assessment. Google's in-house Tensor SoC
|
||||||
includes Tensor Security Core, further improving device
|
includes Tensor Security Core, further improving device
|
||||||
security.<br>
|
security.</p>
|
||||||
<br>
|
<p>Pixel 6-series and 7-series devices are supported for a
|
||||||
Pixel 6-series and 7-series devices are supported for a
|
|
||||||
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-pixel-pixel-pro-pixel-a-pixel-pixel-pro-pixel-fold">minimum of 5 years from launch</a>,
|
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-pixel-pixel-pro-pixel-a-pixel-pixel-pro-pixel-fold">minimum of 5 years from launch</a>,
|
||||||
an increase from previous generations'
|
an increase from previous generations'
|
||||||
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-g-pixel-pixel-a-g-pixel-a-pixel-xl-pixel">minimum support lifecycles of 3 years</a>.
|
<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-g-pixel-pixel-a-g-pixel-a-pixel-xl-pixel">minimum support lifecycles of 3 years</a>.
|
||||||
@ -317,7 +311,7 @@
|
|||||||
putting it on the same support level as Apple;
|
putting it on the same support level as Apple;
|
||||||
Google have even surpassed Apple in this regard,
|
Google have even surpassed Apple in this regard,
|
||||||
as Apple does not commit to a support timeframe
|
as Apple does not commit to a support timeframe
|
||||||
for their devices.</td>
|
for their devices.</p></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
@ -338,7 +332,7 @@
|
|||||||
<td><img src="asset/img/logo-gentoo_linux.png" width="100px" height="100px"/><br>
|
<td><img src="asset/img/logo-gentoo_linux.png" width="100px" height="100px"/><br>
|
||||||
<br>
|
<br>
|
||||||
Gentoo Linux</td>
|
Gentoo Linux</td>
|
||||||
<td class="td-desc"><a href="https://www.gentoo.org/">Gentoo Linux</a>
|
<td class="td-desc"><p><a href="https://www.gentoo.org/">Gentoo Linux</a>
|
||||||
is a highly modular, source-based,
|
is a highly modular, source-based,
|
||||||
Linux-based operating system which allows vast
|
Linux-based operating system which allows vast
|
||||||
customisation to tailor the operating system to suit
|
customisation to tailor the operating system to suit
|
||||||
@ -347,9 +341,8 @@
|
|||||||
ability to optimise the software for security, privacy,
|
ability to optimise the software for security, privacy,
|
||||||
performance, or power usage; however, there are
|
performance, or power usage; however, there are
|
||||||
effectively unlimited other use cases, or a combination
|
effectively unlimited other use cases, or a combination
|
||||||
of multiple use cases.<br>
|
of multiple use cases.</p>
|
||||||
<br>
|
<p>I have focused on security hardening and privacy
|
||||||
I have focused on security hardening and privacy
|
|
||||||
hardening, placing performance below those aspects,
|
hardening, placing performance below those aspects,
|
||||||
although my system is still very performant. Some of the
|
although my system is still very performant. Some of the
|
||||||
hardening I apply includes
|
hardening I apply includes
|
||||||
@ -357,11 +350,10 @@
|
|||||||
<a href="https://en.wikipedia.org/wiki/Integer_overflow">signed integer overflow wrapping</a>,
|
<a href="https://en.wikipedia.org/wiki/Integer_overflow">signed integer overflow wrapping</a>,
|
||||||
and GrapheneOS'
|
and GrapheneOS'
|
||||||
<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>
|
<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>
|
||||||
memory allocator.<br>
|
memory allocator.</p>
|
||||||
<br>
|
|
||||||
You can find my Gentoo Linux configurations in
|
You can find my Gentoo Linux configurations in
|
||||||
my
|
my
|
||||||
<a href="https://src.inferencium.net/Inferencium/cfg/">configuration respository</a>.</td>
|
<a href="https://src.inferencium.net/Inferencium/cfg/">configuration respository</a>.</p></td>
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(GPL-2.0-only)</td>
|
(GPL-2.0-only)</td>
|
||||||
@ -371,7 +363,7 @@
|
|||||||
<td><img src="asset/img/logo-chromium.png" width="100px" height="100px"/><br>
|
<td><img src="asset/img/logo-chromium.png" width="100px" height="100px"/><br>
|
||||||
<br>
|
<br>
|
||||||
Chromium</td>
|
Chromium</td>
|
||||||
<td class="td-desc"><a href="https://chromium.org/">Chromium</a>
|
<td class="td-desc"><p><a href="https://chromium.org/">Chromium</a>
|
||||||
is a highly secure web browser which is
|
is a highly secure web browser which is
|
||||||
often ahead of other web browsers in security aspects.
|
often ahead of other web browsers in security aspects.
|
||||||
It has a dedicated security team and a very impressive
|
It has a dedicated security team and a very impressive
|
||||||
@ -382,7 +374,7 @@
|
|||||||
<a href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a>,
|
<a href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a>,
|
||||||
<a href="https://www.chromium.org/Home/chromium-security/binding-integrity">Binding Integrity</a>
|
<a href="https://www.chromium.org/Home/chromium-security/binding-integrity">Binding Integrity</a>
|
||||||
memory hardening, and
|
memory hardening, and
|
||||||
<a href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.</td>
|
<a href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.</p></td>
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(BSD-3-Clause)</td>
|
(BSD-3-Clause)</td>
|
||||||
@ -405,7 +397,7 @@
|
|||||||
<td><img src="asset/img/logo-grapheneos.png" width="100px" height="100px"/><br>
|
<td><img src="asset/img/logo-grapheneos.png" width="100px" height="100px"/><br>
|
||||||
<br>
|
<br>
|
||||||
GrapheneOS</td>
|
GrapheneOS</td>
|
||||||
<td class="td-desc"><a href="https://grapheneos.org/">GrapheneOS</a>
|
<td class="td-desc"><p><a href="https://grapheneos.org/">GrapheneOS</a>
|
||||||
is a security-hardened,
|
is a security-hardened,
|
||||||
privacy-hardened, secure-by-default, Android-based
|
privacy-hardened, secure-by-default, Android-based
|
||||||
operating system which implements extensive, systemic
|
operating system which implements extensive, systemic
|
||||||
@ -426,20 +418,17 @@
|
|||||||
hardware-backed attestation
|
hardware-backed attestation
|
||||||
(<a href="https://attestation.app/about/">Auditor</a>)
|
(<a href="https://attestation.app/about/">Auditor</a>)
|
||||||
to ensure the OS has not been corrupted or
|
to ensure the OS has not been corrupted or
|
||||||
tampered with.<br>
|
tampered with.</p>
|
||||||
<br>
|
<p>GrapheneOS only supports
|
||||||
GrapheneOS only supports
|
|
||||||
<a href="https://grapheneos.org/faq#device-support">high security and well-supported devices</a>
|
<a href="https://grapheneos.org/faq#device-support">high security and well-supported devices</a>
|
||||||
which
|
which
|
||||||
receive full support from their manufacturers, including
|
receive full support from their manufacturers, including
|
||||||
firmware updates, long support lifecycles, secure
|
firmware updates, long support lifecycles, secure
|
||||||
hardware, and overall high security practices.<br>
|
hardware, and overall high security practices.</p>
|
||||||
<br>
|
<p>For an extensive list of features GrapheneOS provides,
|
||||||
For an extensive list of features GrapheneOS provides,
|
|
||||||
visit its
|
visit its
|
||||||
<a href="https://grapheneos.org/features/">official features list</a>
|
<a href="https://grapheneos.org/features/">official features list</a>
|
||||||
which provides extensive
|
which provides extensive documentation.</p></td>
|
||||||
documentation.</td>
|
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(MIT)</td>
|
(MIT)</td>
|
||||||
@ -449,7 +438,7 @@
|
|||||||
<td><img src="asset/img/logo-vanadium.png" width="100px" height="100px"/><br>
|
<td><img src="asset/img/logo-vanadium.png" width="100px" height="100px"/><br>
|
||||||
<br>
|
<br>
|
||||||
Vanadium</td>
|
Vanadium</td>
|
||||||
<td class="td-desc">Vanadium is a security-hardened, privacy-hardened
|
<td class="td-desc"><p>Vanadium is a security-hardened, privacy-hardened
|
||||||
Chromium-based web browser which utilises GrapheneOS'
|
Chromium-based web browser which utilises GrapheneOS'
|
||||||
operating system hardening to implement stronger
|
operating system hardening to implement stronger
|
||||||
defenses to the already very secure Chromium web
|
defenses to the already very secure Chromium web
|
||||||
@ -458,11 +447,10 @@
|
|||||||
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0081-Implement-UI-for-JIT-site-settings.patch">disabling JavaScript just-in-time (JIT) compilation by default</a>,
|
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0081-Implement-UI-for-JIT-site-settings.patch">disabling JavaScript just-in-time (JIT) compilation by default</a>,
|
||||||
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0051-stub-out-the-battery-status-API.patch">stubbing out the battery status API to prevent abuse of it</a>,
|
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0051-stub-out-the-battery-status-API.patch">stubbing out the battery status API to prevent abuse of it</a>,
|
||||||
and
|
and
|
||||||
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0084-Toggle-for-navigating-external-URL-in-incognito.patch">always-on Incognito mode as an option</a>.<br>
|
<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0084-Toggle-for-navigating-external-URL-in-incognito.patch">always-on Incognito mode as an option</a>.</p>
|
||||||
<br>
|
<p>Vanadium's source code, including its Chromium patchset,
|
||||||
Vanadium's source code, including its Chromium patchset,
|
|
||||||
can be found in its
|
can be found in its
|
||||||
<a href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</td>
|
<a href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</p></td>
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(GPL-2.0-only)</td>
|
(GPL-2.0-only)</td>
|
||||||
@ -472,7 +460,7 @@
|
|||||||
<td><img src="asset/img/logo-molly.png" width="100px" height="100px"><br>
|
<td><img src="asset/img/logo-molly.png" width="100px" height="100px"><br>
|
||||||
<br>
|
<br>
|
||||||
Molly</td>
|
Molly</td>
|
||||||
<td class="td-desc"><a href="https://molly.im/">Molly</a>
|
<td class="td-desc"><p><a href="https://molly.im/">Molly</a>
|
||||||
is a security-hardened, privacy-hardened
|
is a security-hardened, privacy-hardened
|
||||||
<a href="https://signal.org/">Signal</a>
|
<a href="https://signal.org/">Signal</a>
|
||||||
client which hardens Signal by using a
|
client which hardens Signal by using a
|
||||||
@ -483,10 +471,9 @@
|
|||||||
and
|
and
|
||||||
<a href="https://github.com/mollyim/mollyim-android/blob/a81ff7d120adc9d427be17239107343146bad704/app/src/main/java/org/thoughtcrime/securesms/crypto/MasterSecretUtil.java#L91">utilising Android StrongBox</a>
|
<a href="https://github.com/mollyim/mollyim-android/blob/a81ff7d120adc9d427be17239107343146bad704/app/src/main/java/org/thoughtcrime/securesms/crypto/MasterSecretUtil.java#L91">utilising Android StrongBox</a>
|
||||||
to protect user keys
|
to protect user keys
|
||||||
using the device's hardware security module.<br>
|
using the device's hardware security module.</p>
|
||||||
<br>
|
<p>Molly is available in
|
||||||
Molly is available in
|
<a href="https://github.com/mollyim/mollyim-android#free-and-open-source">2 flavours</a>:
|
||||||
<a href="https://github.com/mollyim/mollyim-android#free-and-open-source">2 flavours</a>:<br>
|
|
||||||
<ul>
|
<ul>
|
||||||
<li>Molly, which includes the same
|
<li>Molly, which includes the same
|
||||||
proprietary Google code as Signal to
|
proprietary Google code as Signal to
|
||||||
@ -496,7 +483,7 @@
|
|||||||
proprietary Google code to provide an
|
proprietary Google code to provide an
|
||||||
entirely open-source client.</li>
|
entirely open-source client.</li>
|
||||||
</ul>
|
</ul>
|
||||||
</td>
|
</p></td>
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(GPL-3.0-only)</td>
|
(GPL-3.0-only)</td>
|
||||||
@ -506,11 +493,11 @@
|
|||||||
<td><img src="asset/img/logo-conversations.png" width="100px" height="100px"><br>
|
<td><img src="asset/img/logo-conversations.png" width="100px" height="100px"><br>
|
||||||
<br>
|
<br>
|
||||||
Conversations</td>
|
Conversations</td>
|
||||||
<td class="td-desc"><a href="https://conversations.im/">Conversations</a>
|
<td class="td-desc"><p><a href="https://conversations.im/">Conversations</a>
|
||||||
is a well-designed Android
|
is a well-designed Android
|
||||||
<a href="https://xmpp.org/">XMPP</a>
|
<a href="https://xmpp.org/">XMPP</a>
|
||||||
client which serves as the de facto XMPP
|
client which serves as the de facto XMPP
|
||||||
reference client and has great usability.</td>
|
reference client and has great usability.</p></td>
|
||||||
<td>Open source<br>
|
<td>Open source<br>
|
||||||
<br>
|
<br>
|
||||||
(GPL-3.0-only)</td>
|
(GPL-3.0-only)</td>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user