If the hash is unique per person, hackers need to build a new table per person. It doesn't matter if the hackers can get their hand on the salt; the point is that they cannot try the common passwords easily for all users; it takes N times as long where N is the number of users with a different salt (hopefully all of them)
Android throttles the hell out of WiFi requests since (I think) Android 9. You need to manually allow WiFi request spamming in developer options to let apps do something like determining location from it.
What does this mean? What prevents me from OCRing the pages on a video that quickly goes through it?