mythodical
Thanks for the quick reply. I can confirm that "Open external links in incognito mode" is enabled for me and I remember I've seen the incognito mode icon when apps called the browser. But no such thing with Fairemail today, that's why I'm confused.
Vanadium - privacy questions
"Close tabs on exit" does work. You need to make sure that you remove vandium from not running in the backround. Open vanadium then put your finger at the very bottom of your phone on the plastic part (below the screen) and then slowly drag your finger to the screen. You will now see a list of apps running in background that you recently used. Now just remove Vanadium and this is you "exiting" completely and should now result in your tabs being closed.
Another pressing privacy question is about how Vanadium handles fingerprinting. The EFF provides a website (coveryourtracks) where browser privacy can be tested. Even if you remove all browsing history etc. in Vanadium it still has the same canvas fingerprint and WebGL fingerprint. I might be mistaken but to my knowledge that basically means that one is uniquely identifiable on the web. Are there any plans to address those privacy issues or is this out of scope for GrapheneOS?
- Edited
sugseg52 I had the same question too a while back but I do not think Vanadium is intended to be made as a browser to make you annonymous but instead to make you as secure as possible when you browser the internet.
The best browser for privacy and anonnymity seems to be the tor browser.
So you can use vanadium for day to day use and for things you want to remain anonymous for use the tor browser.
I also feel like coveryourtracks does not take into consideration some fingerprintable information. For example, if i still remember correclty it includes screen resolution but not the size of your browser window.
[deleted]
- Edited
I blocked Vanadium on my Pixel and use Privacy Browser.
There is no comparison when it comes to privacy settings.
[deleted] Privacy browser, as far as I can tell uses your system's webview. So you're still using Vanadium's WebView with it.
I would also recommend not disabling Vanadium even if you're not going to use it, as you can potentially break things that require the system browser to function properly.
- Edited
If you're looking to defeat fingerprinting, despite its security weaknesses, use the Tor Browser.
Beyond that, the best you can do is fool naive fingerprinting. Someone who actually puts effort in doing that will not be fooled by the usual tactics that other browsers employ.
If someone doesn't want to use Vanadium and doesn't want anonymity (in which case Tor Browser would be the best), I would recommend Brave.
Brave has anti-fingerprinting defenses that will, again, fool naive scripts, so you can use it for your day-to-day, if you prefer.
Thank you for some more insight, your explanation, and suggestions. I find it hard to make an informed decision on what browser might be best for security and privacy equally.
Millions of dollars are invested in making browsers like Chrome and Firefox and again millions of dollars are invested in making them secure. So I really wonder if such projects like Privacy Browser (which is using a forked webview with the coming major version), Mull, Brave Browser, etc. really can deliver on their security promises.
I wonder how they achieve what others achieve only by putting so much money into this challenge. If they lack those ressources what does it mean for their security and robustness?
Is there something like a comprehensive compare of recent browsers security?
sugseg52 Brave is a Chromium fork, so it already benefits from the security features that Chromium provides by default.
On top of that, they add some rudimentary fingeprinting protections (as best as you're going to get unless you're using Tor Browser), and they also feature adblocking without the need of an extension among other things. If you don't want to use Vanadium, it's the only other browser I can really recommend for day-to-day browsing.
https://www.privacyguides.org/mobile-browsers/ is a resource that may help you.
Kind reminder to everyone that it's best to stick to technical discussions and not political ones, as this is not the place for that. Choosing not to use a piece of software for non-technical reasons is absolutely fine and everybody's right, but I don't want this thread (or any thread here) to turn into anything that's not a discussion based on technical merit.
Following on from my colleague matchboxbananasynergy I have cleaned up the thread of said non technical posts.
Unfortunately while the conversation remained civil, we look to reference threads across social platforms and point people to the forum as an asset.
Thankyou for your understanding and continued good natured discourse.
[deleted]
MetropleX Following on from my colleague matchboxbananasynergy I have cleaned up the thread of said non technical posts.
It's meaningful approach. Thank you for that. ;)
matchboxbananasynergy Brave is a Chromium fork, so it already benefits from the security features that Chromium provides by default.
On top of that, they add some rudimentary fingeprinting protections (as best as you're going to get unless you're using Tor Browser)
Does that mean that brave is a better option as vanadium for fingerprinting protection?
In which situations is vanadium a better option than brave?
bartenderstoneware test it out for yourself. Go to coveryourtracks.eff.org with both Brave and Vanadium (or even Tor Browser) and take your own conclusions...
bartenderstoneware Vanadium provides additional security. One of the biggest benefits to Vanadium is that it disables JIT by default, which is a huge benefit, since many exploits rely on it to work. Brave doesn't have that.
The website PrivacyTests.org is helpful and provides data-driven results regarding the ability to block and mitigate fingerprinting for major Internet browsers. Vanadium, though, is not included in the tests.
The maintainer of the project is a current Brave employee, as per his About page in his website. I, personally, don't think this affects the results, but I think it's fair to mention it.
matchboxbananasynergy is it possible to disable JIT in Brave or other browsers?
bartenderstoneware Kind of. I don't think you can realistically do it on Brave Android, but you can kind of do it on the desktop version, by launching the browser with a specific flag. More info here:
https://github.com/brave/brave-browser/issues/19872
The issue with this approach is that it disables JIT across the board, and there's no per-site toggle to enable/disable it as you please. You'll eventually run into breakage and won't have an option other than to enable it again.
Microsoft Edge also has this, but I'm not sure if it's available on the Android version.
matchboxbananasynergy
Thank you for your fast and detailed answer. I'll read through.
I'm wondering if it's possible to get NoScript as an add-on on vanadium? And if yes, is it recommendable do add it?