Device or group identity is assigned intentionally, with separate policy for sensitive contexts.
Privacy posture checklist
Privacy posture should be observable, not assumed.
The Gateway can help verify route, DNS, fallback, and leak behavior, but it does not guarantee anonymity by itself.
Resolver, upstream, rewrite, and filtering behavior match the intended policy.
Route ownership is visible before apply and direct escape paths are blocked or documented.
Fallback behavior is explicit, tested, and aligned with privacy expectations.
DNS, WebRTC, QUIC, and route behavior are checked where applicable.
Remaining browser, account, endpoint, payment, and support-bundle risks are written down.