Vanadium is more security focused. I doubt it sends anything to Google. Maybe you can try the bromite browser? It's more focused on privacy, however, I am not sure the project is actively being updated.

    locked Dumdum Bromite is an insecure, dead project and we recommend against using Cromite since it rolls back security and adds a bunch of questionable changes. It's also not a trustworthy project. It may be marked with a warning in the future.

      It's more focused on privacy

      Adding a bunch of low quality changes trying to improve privacy does not mean it's more privacy focused.

        TheGodfather That's wrong. Firefox lacks a strong sandbox and completed site isolation on desktop. Their seccomp-bpf filter is not a complete sandbox and you are claiming to know their perspective when you do not. Flatpak packages for browsers have weaker internal sandboxing than traditional ones but you're wrong about what the differences are.

          locked Vanadium is more security focused

          Vanadium is security and privacy focused, not only security focused. The entire project uses security for privacy-protecting features. GOS aims to offer a highly secure, private and usable mobile OS.

          As written by the official project account, Bromite is dead and replacing Vanadium with Cromite is worse than better.

          GrapheneOS but you're wrong about what the differences are.

          What are the differences?

          GrapheneOS and adds a bunch of questionable changes.

          GrapheneOS Adding a bunch of low quality changes trying to improve privacy does not mean it's more privacy focused.

          Can you please go more in details and explain what?
          I'm very interested in it.
          Thanks a lot

          GrapheneOS also not a trustworthy project. It may be marked with a warning in the future.

          Why is this? Can you supply more info? I always thought Cromite had a good rep with the privacy community.

          TheGodfather

          Thanks for the warning.

          Could you recommend a different browser fingerprinting test tool?

          Would be interested to read resources that explain modern browser fingerprinting methods in more detail.

          Thanks again ~

          GrapheneOS What would be, from a security perspective, the better choice then: Firefox as flatpak, Firefox as a distribution package, or tar.bz2 from the Mozilla website?

            wojon
            Firefox as a distribution package running inside of Firejail with seccomp, AppArmor and noroot.

              wojon

              Long time firefox desktop user here:

              You want to go with your distributions package. 2nd best are the mozilla tars.

              As a user, I risk severe moderation or even banishment for baselessly claiming things in the forum, without some kind of 'proof' to my claim. Can a representative of the project please add some clarity to the claims against Cromite. I ask, as I use Cromite! Its a project often lauded in privacy circles, as Bromite was before it. I'm probably not the only one now a little concerned that the makers of the phone os we use states that a previously considered 'safe' browser is actually 'untrustworthy' in their opinion. Thanks.

                mmmm Did they state that it was unsafe? I think what they have implied is that it does not meet the project's standards for security.

                • mmmm replied to this.

                  locked Did they state that it was unsafe?

                  They said:

                  GrapheneOS Bromite is an insecure, dead project and we recommend against using Cromite since it rolls back security and adds a bunch of questionable changes. It's also not a trustworthy project. It may be marked with a warning in the future.

                    Cromite makes a lot of choices that make it a subpar choice, and in my opinion, doesn't prioritize security.

                    Some examples of this:

                    • Addition of JPEG-XL, which is a lot of additional attack surface over Chromium.
                    • Addition of Eyeo's adblocking engine, written in C++ (memory unsafe). Eyeo is the company that bought "uBlock" (not uBlock Origin) and does "acceptable ads". Their code contains tracking that the maintainer of Cromite has to remove. Missing something there wouldn't be good. It's a very strange choice to add to the browser.
                    • Cromite does not support CFI. It used to, but then it broke, and instead of fixing the issue, they simply stopped using it.
                    • Of course, they also don't use MTE, which Vanadium does on devices supporting it.

                    Cromite is the successor to Bromite, a now-dead project that changed its licensing to GPLv3 and wouldn't share patches with Vanadium despite taking from it. All in all, I personally see no reason why it's so widely recommended in so called "privacy circles".

                      • Edited

                      matchboxbananasynergy they're all choices one makes when deciding in a browser to use for whatever task they choose.

                      I was more referring to the 'untrustworthy' label the project was designated by GraoheneOS a couple of comments ago. Its one thing having and opinion of unsatisfactory security, totally another to be deemed untrustworthy in general. I just really wanted to know why they're apparently untrustworthy as a whole.

                      Just to edit, I'm not arguing or making any point. I use Cromite for one aspect of my browsing and I am surprised by the designation.

                        mmmm Taking from Vanadium while preventing sharing code the other way is trustworthy behavior to you? The person behind Cromite was with Bromite too, although not the main person there. They can't do that anymore due to Vanadium being licensed GPLv2 now, but they do still have Vanadium patches in their browser, of course.

                        Being okay with groups that have been hostile to GrapheneOS numerous times in the past is also something we're unlikely to consider trustworthy, too.