• General
  • Questions about GrapheneOS and related topics

This is a big list of questions I have about GrapheneOS. Sorry for the size. I recently installed GrapheneOS and it's working well.

Please keep in mind that I have read the entire GrapheneOS documentation in full, carefully, though my memory is not superhuman. I admit I don't understand some technical things but I think I understood the basics. Also, I want to point something out that I feel obligated to point out after asking for technical advice on various different services on the internet over the years, hopefully without sounding too arrogant: people generally underestimate what I know about the service and misinterpret the question. I can re-word the question if needed. Some questions may sound easy to answer but the answer might not be so self evident. As I said, I've read the documentation, and yet I still have questions.

Any answers involving "RTFM" do not apply here and I will completely ignore them. Secondly, I'm intolerant to toxicity and unwelcoming answers - if you have a problem with my question, if you think my questions are dumb, kindly don't answer. I only seek honest, thoughtful and friendly answers, without any of the vindictive, antagonizing, elitist bullshit. Lastly, I'm very aware that privacy and security are not the same thing, but the line between the two can be fuzzy. I'm more security focused but still have a high interest in privacy, and my threat model is higher than average. I left questions that are less specific to GrapheneOS at the end. I'm only asking these questions because I couldn't find the answer anywhere else, so please don't tell me to "Google it". Please take these into account before answering.

  1. Security of Vanadium browser vs Tor Browser. "The Tor Browser's security is weak which makes the privacy protection weak.". This is the first I've heard of Tor Browser being insecure from a security and privacy perspective. On GrapheneOS, is using Vanadium over the Tor network more secure and private than using Tor Browser? As described in the docs, Vanadium is more secure than Tor on GrapheneOS (technical reasons that I don't remember or understand), but I've always heard using Tor Browser is the most secure browser to use over the Tor network (I know this is mostly applicable to desktop but unclear on if it applies to phones too). Why should I use Vanadium (with Orbot) over Tor (with Orbot)? And what makes Tor insecure from a security and privacy perspective?

  2. "Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface" I'd like a technical elaboration. Why is Vanadium so much more secure than other browsers on GrapheneOS, and does Vanadium have the same level of security and privacy on other operating systems? Side note, I'm aware that default desktop Firefox is insecure, but hardened with Arkenfox, it becomes the most robust browser for privacy and security. What's stopping developers from developing an arkenfox based fork of Firefox for Android? Would it be as strong on Android as it is for desktop? And if Vanadium is better than Firefox on GrapheneOS, could it be adapted to desktop and still out-compete other browsers for privacy and security? I assume there's a fundamental difference in the architecture of AOSP over desktop that make this complicated.

  3. "Tor itself makes people into much more of a target (both locally and by the exit nodes)". I'd like more information. Is it talking about the browser, or the network? Using Tor properly, without bridges, in a country that doesn't ban the use of Tor, your ISP might flag you, but other than that they have no idea what you're doing. Using bridges, I don't see how using Tor makes you a target, and even if it did, given how much better Tor is compared to VPNs or the clearnet, there's no better option available that I'm aware of.

  4. "If you're using a VPN, you should consider using the standard DNS service provided by the VPN service to avoid standing out from other users.", does this suggest using other DNS providers like cloudfare, Google and Quad9 make you stand out, or that not using any DNS provider makes you stand out?

  5. https://grapheneos.org/faq#custom-dns, "Private DNS takes precedence over VPN-provided DNS". Some VPNs provide their own DNS, whether you specify that DNS on "Private DNS" or not. Say for example I use Mullvad VPN. I could leave the Private DNS blank, and use the VPN, which will still use its own DNS. However, they also allow you to specify the DNS manually (https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/#using-android). Is there a difference to specifying the DNS manually in Private DNS, to using the default DNS provided by the VPN? Are they the same address, and how do I find out? If Private DNS takes precedence over VPN-provided DNS, is there any use in specifying the VPN-provided DNS in Private DNS? I would assume it would make a difference on what setting the VPN is on; whether "Block All Connections" is on or not. If Private DNS is specified, all DNS requests made would use that DNS, while if I used the VPN only, the VPN would have to be in Always On mode. If I've got this wrong, let me know. Also, does DNS over TLS apply to all DNS addresses you use in Private DNS, or does the DNS address itself have to support DNS over TLS?

  6. Is it worth using a root level firewall on GrapheneOS?. Do root firewalls take up a VPN slot? Does this section (https://grapheneos.org/faq#ad-blocking-apps) only apply to non-root based firewalls like NetGuard (an app I have used and enjoy, but I prefer RethinkDNS), or does it also include root firewalls like AFWall (an app I've never used and don't know anything about). I'm not really educated on the differences between root firewalls and non-root firewalls, except that non-root firewalls typically rely on a device-hosted VPN (I'm unclear on the security of this).

  7. RethinkDNS (non-root firewall) has the following options to secure the network.

  • Block all apps when device is locked
  • Block any app not in use (background apps)
  • Block connections when source app is unknown
  • Block all UDP traffic except DNS and NTP
  • Block connections when DNS is bypassed
  • Block newly installed apps by default
  • Block connections on metered network
  • Block port 80 (insecure HTTP) traffic
  • Block individual IP addresses and allow apps and IP addresses on a blacklist/whitelist basis.
  • Monitor network traffic and display it in a GUI
  • Display a list of all apps and allow convenient toggling of wifi/cellular access for each app on a single page.
  • Allow or deny individual domains
  • On-device blocklists
  • Other features (eg. allows using Orbot, SOCKS5, DNS, etc)

Does the architecture or software of GrapheneOS make any of these security features irrelevant? I want more granular control over the network and only third party firewalls provide that. I'm not looking for a false sense of security, rather, I want to know if these toggles are necessary in GrapheneOS and if so, how they can be implemented. If they are useful but GrapheneOS doesn't mitigate these problems, then GrapheneOS should work toward providing us with these options, and in the meantime, I wonder if RDNS is worth using despite not having root access.

  1. Should I use multiple profiles to increase security and/or privacy? Given app sandboxing within profiles, it seems redundant to separate identities in different profiles. Keep in mind that I'm aware all apps operate in a sandbox (except those few with root permissions?), and that apps can communicate with other apps in the same profile with permission, but can't communicate to apps in other profiles. I've also heard, in not so specific words, that the owner profile is not "special". However, the owner profile does have options that the other profiles do not, options that seem to be security sensitive. That being said, what special privileges does the Owner profile have over other profiles, and what would I NOT want to do in Owner that I should do in other profiles? Since each app is sandboxed, putting all your apps in the Owner profile seems perfectly acceptable. Is running the owner profile as your main profile secure, or is it like using an admin account on linux/windows desktop for daily use (ie. not secure)? The docs do recommend keeping different profiles for different identities, but I'm unclear on how that actually helps if each app is sandboxed. I read that apps can identify what profile they're in, but what are the security implications of this? What I'm really asking is how granular I should be with my profiles/identities (which I know is subjective but I'd like more information). On the extreme ends, I could put every app in its own profile, or put them all in one. Besides convenience, I'm unclear on exactly what the differences would be. It's often said that you should put Google apps in one profile, but is there a security disadvantage to putting apps that you have downloaded from other sources (F-Droid, Aurora, Github) in the same profile as apps downloaded from the Google Play store? Since the apps and Google can't speak to each other without permission, I don't see a problem with that.

  2. Given the VPN slot limitation, what is the most secure service to use that VPN slot with? For maximum network security I would imagine using Orbot with VPN mode enabled is the most secure (side note, I don't know how Orbot works without VPN mode enabled). Since Tor is blocked on many sites and services (in my experience), I still need to use a VPN. On another device, I tended to switch back and forth between my VPN and Orbot, which was inconvenient, it would be nice if there was an app that allowed you to use both (not simultaneously, but to switch between the two easily, or make use of split tunnelling). I came across this article (https://itsignacioportal.github.io/netguard-pdnsf-any-vpn-combo/), I haven't read it but it doesn't say anything about Orbot. Then there are firewalls, which the GrapheneOS docs say are not recommended, though I don't know if it applies to root level firewalls too, and I personally feel like some firewalls (like RethinkDNS, which is non-root) have a lot of granular features that I like and find it hard to square with the simple phrase "they aren't recommended". To be fair, I didn't fully understand the explanation in the docs. However, RethinkDNS has some good features that I'm not sure GrapheneOS has or makes irrelevant (I have a question on this above).

  3. https://grapheneos.org/usage#wifi-privacy-scanning

I literally have no idea what any of this means.

"since all known hidden SSIDs end up being broadcast as part of scanning for networks to find them again." I think what this sentence is saying is that APs broadcast the BSSID/MAC address even if the SSID is hidden, and that the AP can still be mapped as part of Google's network mapping and visible on sites like wigle.net. I think it's also saying that you will still automatically reconnect to hidden networks using the list of saved networks on the device, and I remember hearing that the list itself can be broadcasted when scanning for new networks (I heard this from Naomi Brockwell on youtube). Ultimately, I don't understand how this is a reason not to connect to hidden networks since non-hidden APs work the same way.

"SSIDs are not broadcast for standard non-hidden APs". This sentence does not compute.

"Hidden APs are only hidden when no devices are connected." If it's suggesting the SSID is only hidden if no devices are connected, then that is simply false. If it's suggesting the BSSID is only hidden if no devices are connected, then that's news to me but doesn't explain why you shouldn't connect to hidden networks.

"It makes little sense as a privacy feature" and "The feature reduces your privacy rather than increasing it". What does, connecting to a hidden network, or hiding your own SSID? Hiding your own SSID might not hide the BSSID but it's better than keeping it visible. How does hiding the SSID decrease privacy? Regardless of whether the BSSID is still being broadcast, hiding your SSID means there's one less piece of information that your neighbors, hackers, and sites like wigle.net will have access to.

"especially for a non-mobile AP where knowing the AP exists can't be used for tracking it since it doesn't move". I don't know what this means.

"If you need to use a hidden AP, make sure to delete the saved network afterwards.". This is true for all public networks regardless of whether it's hidden or not.

  1. What's the security benefit of sideloading updates?

The following questions are not specific to GrapheneOS. If they don't belong in this section I can just edit them out at request.

  1. If you haven't seen Side of Burritos' videos on app repositories and the security problems they have, you may not understand this question (and I recommend watching them). According to Side of Burritos, the most secure (albeit not most private) way to download apps is through the official Google play store (not Aurora). I can understand why Google Play Store is more secure than F-Droid but I can't imagine that the security advantages would outweigh the privacy disadvantages. The way I see it, this is the order that I would prioritize downloads in: Direct from Github/Gitlab, Droidify, F-Droid, Aurora, Google. I know getting apps directly from github can be risky, but there are risks associated with all other methods too but without the tracking that comes along with it. Also, devs push updates directly to Github, so I'm getting the latest updates via an RSS reader, while other sources have a delay before being updated. Should I really prioritize installing apps through Google over the others given that apps are sandboxed and I have granular control over their permissions?

  2. Is there any security advantage of using MAC randomization while connected to your home network?

  3. How does Wifi calling work if you still need a SIM card inserted? You can't make WiFi calls unless you have a SIM card. It's still using the phone carrier's unencrypted network, right?

  4. How does Orbot work without VPN mode enabled? Doesn't VPN mode need to be enabled for all traffic to be routed through the network?

  5. This question is more broad and probably more theoretical than practical (I will probably ask the same question on Reddit). Can a device with Airplane mode on still communicate to/from external devices? Are there any known vulnerabilities, like side-channel attacks? I'm asking this out of curiousity.

  6. What are your thoughts on the apps Duress and Wasted? I think GrapheneOS is planning on implementing Duress passwords, I'm keen on that update.

  7. Why do some sites (eg. com.google.android.gsf) start with com? Usually the TLD is at the end. Is this because they are CDNs? If so, why do CDNs have the TLD at the beginning of the URL?

  8. Not really a question but an observation. I'm highly excited for FIDO2 support. I'd like to be able to unlock my phone using a hardware key, either through NFC or inserting the key directly into the phone and tapping it. I'd also like to be able to use WebAuthn on the phone, which is what most people will use, although I'm personally more excited for device decryption with a hardware key. The more services and devices that support hardware keys the better. I think hardware keys should be mainstream at this point, but I understand this will take a long time and a lot of resources to implement on a global scale.

    To add to the OP (I can no longer edit it): I looked at deviceinfo.me on Vanadium. It's leaking WebRTC and WebGL information, can be tracked, and allows fingerprinting. Also, no fingerprinting resistance is detected, and cookies are allowed.

    These are all major security and privacy concerns. How does Vanadium mitigate these problems?

    Hi there! Thanks for reaching out. There are a lot of questions here, and I will attempt to answer as many as I can to the best of my ability, however it might take some time. This comment is just to express interest that I'm willing to take this thread on. :)

    Keep in mind that I will most likely be making multiple posts to address 1-2 questions at a time, both because some of these answers may require further research on my part, and I don't want to postpone answers to questions I can answer immediately, and because I believe it will make the thread more readable tin the long run.

    Stay tuned. ^_^

    gk7ncklxlts99w1 Why do some sites (eg. com.google.android.gsf) start with com? Usually the TLD is at the end. Is this because they are CDNs? If so, why do CDNs have the TLD at the beginning of the URL?

    These are not sited but Android package names

    Any Android package (app) name begins with com, so for example, com.mycompany.myapp

      Volen Just a brief interjection here. It is true that this seems to be a package name and not a site, but it's not necessary for it to begin with .com, it can be any TLD like .org, .io etc.

      gk7ncklxlts99w1 Is it worth using a root level firewall on GrapheneOS?. Do root firewalls take up a VPN slot? Does this section (https://grapheneos.org/faq#ad-blocking-apps) only apply to non-root based firewalls like NetGuard (an app I have used and enjoy, but I prefer RethinkDNS), or does it also include root firewalls like AFWall (an app I've never used and don't know anything about). I'm not really educated on the differences between root firewalls and non-root firewalls, except that non-root firewalls typically rely on a device-hosted VPN (I'm unclear on the security of this

      In order to use Root firewall, you need to root your device which is not recommended because it will create a huge security hole in your device (imagine a malicious app getting root access). Plus many apps, especially, banking apps, will not work.

      What you want to achieve with root firewall? - blocking network? - GOS has a native Network toggle that does it properly. Disabling apps? - you can do it natively with GOS. Blocking ads? - you can use a free service, for example, Adguard Personal DNS and configure your lists. It allows up to 300k hosts per month without having to pay so for me its a great option. Alternatively, install any non-root adbkocker - Tracker Control, Blockada, etc. You might not need it at all depending on what apps are you going to install (plain GOS does not spy nor do many FOSS apps).

        Volen I thought "rooting" your device was the same thing as flashing an OS/ROM on it. How does rooting a device differ from flashing, and from unlocking the bootloader, and from jailbreaking? (i'm going to google this in the mean time to be clearer on it).

        If you root your device to use a root firewall, only the firewall app will have root access, right? Or does it expose other apps too?

        I'm not necessarily saying I want a non-root firewall but whether it's worth using or not. Also, firewalls tend to give you more granular control over your network, like blocking IPs specifically, which GrapheneOS doesn't do. Also, RethinkDNS (which isn't a root firewall) has a lot of features that I'm not sure GrapheneOS addresses. GrapheneOS doesn't recommend non-root firewall apps.

        Basically, firewalls tend to give you more granular control. That's what I want, if it's necessary.

          gk7ncklxlts99w1 "Rooting" an Android device means that you expose the ability to gain... well, root. It is not possible to grant that kind of access to a specific app.

          Furthermore, rooting is different from unlocking the the bootloader or flashing an alternative OS. For example, the reason why Pixels are chosen for GrapheneOS is because they allow you to flash an alternative OS (like GrapheneOS) and then lock the bootloader again, and by doing that, retain all of the hardware security features and keeping them intact.

          This is not the case with other devices that don't provide first-class support for alternative OSes. Some devices irreversibly neuter hardware security features the moment you unlock the bootloader in a way that doesn't bring them back even if you decide to later flash the Stock OS of that device again and re-lock the bootloader. They achieve this by blowing a fuse in the hardware that permanently disables these features forever on that device.

          https://www.privacyguides.org/os/android-overview/#avoid-rooting provides some information on rooting and why it should be avoided if you're planning to have a reasonably secure (and by extension, private) device.

            gk7ncklxlts99w1

            matchboxbananasynergy provided a great answer about rooting. It is a completely different process vs flashing.

            As for granular control - as I mentioned, you can use a DNS server that allows you to track, monitor, block and unblock every single host that your phone processes, for example, Adguard Private DNS.

            If you don't want to use a DNS, then you can configure Netguard or other similar software that will show you which app established a connection to a host.

            Generally speaking, you don't even need this if you use FOSS apps as most of them do not track users. As long as you are careful on what app you install, you might never need an adblocker (for browsers, you can install uBlock or just use browsers that have built-in adblockers).

              gk7ncklxlts99w1 Security of Vanadium browser vs Tor Browser. "The Tor Browser's security is weak which makes the privacy protection weak.". This is the first I've heard of Tor Browser being insecure from a security and privacy perspective. On GrapheneOS, is using Vanadium over the Tor network more secure and private than using Tor Browser? As described in the docs, Vanadium is more secure than Tor on GrapheneOS (technical reasons that I don't remember or understand), but I've always heard using Tor Browser is the most secure browser to use over the Tor network (I know this is mostly applicable to desktop but unclear on if it applies to phones too). Why should I use Vanadium (with Orbot) over Tor (with Orbot)? And what makes Tor insecure from a security and privacy perspective?

              It all depends what your threat model is: do you want privacy or security?

              Privacy means you don't want any website to know who you are.
              Security means your browser is protected as much as possible against zero-day and recent threats and vulnerabilities.

              Whilst Tor Browser is not as secure, it provides maximum privacy (anonymity). People use it if they don't want any website to identify them. Tor browser is not good for websites where you need to login (social, banking, etc).

              Vanadium (and other similar browsers) provide more security, which means they are great for day-to-day browsing, logging in to your preferred websites etc.

              Using Vanadium (and any other browser) over Tor/Orbot will ultimately make you unique as each browser has a unique fingerprint based on some of the configs, etc. And websites will see its you as your browser will have the same unique fingerprint with or without Tor.

              Using Tor browser (with default settings) means every single person who is using Tor browser will have the same browser fingerprint so websites will not be able to identify you. This is why it is strongly recommended to not touch any Tor browser settings, not install any extra add-ons, etc - just browse the web using default settings, to avoid fingerprinting.

                gk7ncklxlts99w1 "Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface" I'd like a technical elaboration. Why is Vanadium so much more secure than other browsers on GrapheneOS, and does Vanadium have the same level of security and privacy on other operating systems? Side note, I'm aware that default desktop Firefox is insecure, but hardened with Arkenfox, it becomes the most robust browser for privacy and security. What's stopping developers from developing an arkenfox based fork of Firefox for Android? Would it be as strong on Android as it is for desktop? And if Vanadium is better than Firefox on GrapheneOS, could it be adapted to desktop and still out-compete other browsers for privacy and security? I assume there's a fundamental difference in the architecture of AOSP over desktop that make this complicated.

                You can find some answers here: https://www.privacyguides.org/mobile-browsers/

                Firefox on Android (and any other fork based on Firefox) does not support site isolation (in comparison with Firefox Desktop).
                Chrome-based browsers on Android do support this feature, hence they are recommended for enhanced security.

                Using Arkenfox on Android Firefox won't improve this as site isolation is something that needs to be added via codding to original Firefox code. Arkenfox tweaks Firefox settings - it cannot tweak something which is not present in Firefox source code. So in order to Firefox on Android to support this, the devs need to add the relevant feature via codding.

                Desktop version is different - Desktop version does support site isolation (Total Cookie Protection) + you can use containers if you, for example, want to login to the same website using 2 accounts in the same session.

                  gk7ncklxlts99w1 "Tor itself makes people into much more of a target (both locally and by the exit nodes)". I'd like more information. Is it talking about the browser, or the network? Using Tor properly, without bridges, in a country that doesn't ban the use of Tor, your ISP might flag you, but other than that they have no idea what you're doing. Using bridges, I don't see how using Tor makes you a target, and even if it did, given how much better Tor is compared to VPNs or the clearnet, there's no better option available that I'm aware of.

                  It is talking about Network.

                  ISPs can see that you are using Tor network (they see that your computer connects to one of the entry Tor nodes) hence they might or might not (no one knows this for sure - it depends on country, ISP, etc, etc - no one knows for sure!) flag you as using Tor often associates with doing shady things.

                  If you use bridge then it will try to mask your entry node so your ISP won't see you are connecting to Tor network so you are unlikely to become a target.

                  Its again boils down to the question: what you want to achieve? You can't use Tor for social media, banking, etc. Whilst you can use VPN for these (although, some streaming or other services might block the access if they think you are on VPN).

                  You can use a trusted VPN for your day-to-day activities so that it will hide your traffic from ISP (some ISPs are known for monitoring and selling your data)

                    gk7ncklxlts99w1 "If you're using a VPN, you should consider using the standard DNS service provided by the VPN service to avoid standing out from other users.", does this suggest using other DNS providers like cloudfare, Google and Quad9 make you stand out, or that not using any DNS provider makes you stand out?

                    It says the following "if you are using a VPN provider, its better to use their own DNS server". Because the sites will see: Mullvad VPN with Mullvad DNS is connecting - hmmm, there are thousands of people using Mullvad VPN + Mullvad DNS - so its hard for us to find the person.

                    If you use a custom DNS, then the websites will see: Mullvad VPN with 3rd party DNS is connecting - lets see, it seems much less people are using this config, so we can probably guess who it is.

                    Also, using a 3rd party DNS with your VPN provider means trusting 2 parties: your VPN and DNS as both will see part of your traffic. You ideally want to avoid this as the less parties see you traffic, the better it is.

                    If you don't use VPN at all, its good to use a privacy-friendly DNS.
                    You can find a good comparison here: https://www.privacyguides.org/dns

                    If you are using Mullvad, then just add their own adblocking DNS as your Android Private DNS and then it will be used both with and without VPN: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/

                      Volen I suppose a DNS blocklist would be able to block specific IPs, but it doesn't have the same convenience as a firewall app like RethinkDNS, where you can easily see which IPs are being accessed in real time, and block or allow them easily. The ability to actually monitor your network activity is really handy.

                      Again, the documentation says not to use apps like Netguard.

                      Most apps I install probably aren't tracking me, but there are a few nasty ones like Amazon, which is something I can't live without (I like being able to quickly add books to my wishlist).

                      Also, the privacy and security features provided by RethinkDNS have not been addressed yet.

                        matchboxbananasynergy How does GrapheneOS gain root? Sorry, I'm not really clear on the process of how to root a device (I will google this, and read the article you mentioned). So just to be clear, when you root a device, you're actually exposing all apps that you install?

                          Volen

                          Vanadium (and other similar browsers) provide more security, which means they are great for day-to-day browsing, logging in to your preferred websites etc.

                          Does this also suggest Chromium based browsers would be better for logging into accounts with on desktop? Since Chromium is more secure than Firefox/Gecko, why aren't Chromium browsers touted as being better for security in the desktop space (any browser privacy guide worth it's salt recommends firefox over chromium, I have not heard of any recommendation for using chromium (eg. Brave) for logins).

                          Using Vanadium (and any other browser) over Tor/Orbot will ultimately make you unique as each browser has a unique fingerprint based on some of the configs, etc. And websites will see its you as your browser will have the same unique fingerprint with or without Tor.

                          So are you suggesting there's no way to prevent browser fingerprinting on Android, with or without Tor? If that's the case, then that sucks. I would like to know what specific configs make the browser unique (if you're able to provide that information).

                          Using Tor browser (with default settings) means every single person who is using Tor browser will have the same browser fingerprint so websites will not be able to identify you. This is why it is strongly recommended to not touch any Tor browser settings, not install any extra add-ons, etc - just browse the web using default settings, to avoid fingerprinting.

                          This contradicts the previous paragraph, but I'll just assume you meant "any other browser besides Tor".

                          So to summarize, it sounds like the best option for Android is to use Vanadium for logins, and Tor with default settings (which is how Tor is meant to be used) is best used for non-logins and general browsing where speed is not important. I don't want to put words in your mouth (or hands, in this case...) so correct me if I'm wrong.

                            Volen replying to https://discuss.grapheneos.org/d/2061-questions-about-grapheneos-and-related-topics/13

                            That guide doesn't tell me much. It just says to avoid Firefox because it doesn't have site isolation or IsolatedProcess, use Chromium because they do, and use Tor for anonymity. It then proceeds to show information for Brave, which is not as secure as Vanadium, which means I won't be using it, and the rest of the section talks about iOS making the guide mostly irrelevant for me.

                            It does provide a bit more information about site isolation (here, which I'll read up on.

                            I see your point about Arkenfox, but that shouldn't prevent someone from making a Firefox fork that tweaks the source code to enable site isolation / IsolatedProcess. I'm not a developer, so I don't know the hurdles associated with such a change.

                            Containers are considered dead, as this guy explains.

                            Also, I want to mention that the GrapheneOS documentation explains that Tor has poor security, therefore has poor privacy. But as you mentioned, and as the guide that you linked mentions, Tor is the only browser that has the capacity to be truly anonymous. If Tor has poor privacy, then Vanadium must have even worse privacy. Something doesn't add up.

                              Volen replying to https://discuss.grapheneos.org/d/2061-questions-about-grapheneos-and-related-topics/14. That sounds fair, but the phrase "Tor itself makes people into much more of a target" sounds very ominous and overly dramatic. I suppose it depends on the country you're in, if you live in a country that really doesn't like people using Tor, then ISP's might end up cancelling your internet. I don't see how it would end up in you being targeted by a state government or hackers (as the phrase might suggest, at least to me).