Timezone and Vanadium

unclamped_vocally

How much am I exposed when using a VPN with Vanadium, since it doesn't randomize the timezone like cromite does. I heard cromite weakens security
and privacy, and how much weaker is cromite in comparison to vanadium?

unclamped_vocally

Anyone?

ryrona

You can use browserleaks.com to test yourself what you are leaking and not.

I guess Mullvad Browser would be the most private one, since it is designed to be used with anonymous VPNs, which Vanadium isn't.

wuseman

ryrona to my knowledge, Mullvad Browser isn't available for Android. And if it is, the security blows due to not using Chromium.

ryrona

wuseman Oh, you are right, it is not available for Android. I just assumed they built it for all platforms Tor Browser is available for, since they share code base.

And you are right security on Chromium based web browser are far better than for Firefox based web browsers. It is a bit unfortunate Firefox web browsers have always been better at privacy. One is forced to pick between security and privacy today, unfortunately. If there is a Chromium based web browser that has been patched with proper first-party domain isolation, and proper fingerprinting resistance, I would love to hear about it.

ryrona

Apparently, I read today, Chromium will eventually get proper first-party domain isolation and proper fingerprinting resistance as the default behavior of the browser, not even as a patch series forks can apply, but in the original browser as the default behavior. They are calling the initiative Privacy Sandbox, and they are implementing many new APIs to keep advertisers happy, with the goal to remove all the privacy invasive means of tracking and fingerprinting advertisers use today. I would say the privacy is good in Chromium based web browsers as soon as they lock all state such as cookies and cache to first-party domain, and remove the common fingerprinting vectors. So maybe Vanadium will get all this for free in the future, and there would no longer be a need to run another browser.

However, they have expressively said they will not try to prevent tracking of country, and thus also not timezone. That does not leak enough information to uniquely track a user, and advertisers want to know what country the user is in. So they likely will not go all the way like the Tor Browser patch series have done.