• Off Topic
  • Why is Vanadium better than a hardened version of Brave?

I saw this set up recommendation for Brave. And i'm wondering how is Vanadium more secure/privacy friendly than Brave with this configuration? Thank you

    poubellier Brave is a fine choice. Brave has anti-fingerprinting measures that will fool naive scripts. If you need something more than that, you should consider using Tor Browser.

    One killer feature that puts Vanadium above Brave from a security perspective is the fact that JIT is disabled by default, and there's a per-site toggle for sites that absolutely require it.

    A lot of vulnerabilities hinge on JIT being enabled, so having it disabled is a huge boost to security. Apple's lockdown mode also disables JIT in Safari. It's a very important feature.

      One could say that, but on the other hand, if you're truly looking for privacy/anonymity, you should be using Tor Browser.

      Brave has some nice features like Brave Sync if you use it on other devices, and they have an integrated ad blocker which is very convenient. If you don't care about features like that, though, I would personally just use Vanadium for all of the additional security it provides.

        matchboxbananasynergy What i like with Brave that Vanadium has not (yet?) is that there is a clear-everything-setting everytime you close a tab/the app. That way it deletes browse history, and most important cookies. I've never found such an option on Vanadium and i feel like keeping all my cookies is a breach to privacy... Maybe i'm wrong or there is something i miss... At least i hope so

          matchboxbananasynergy

          I'm undecided about the current situation with Vanadium lacking blocking. That said, I have been using it for a few weeks to see how I feel about it.

          Third party scripts served by sites are clearly a threat to privacy and have been used as an attack vector. Ad and third-party script blocking in a browser (I user uBlock on my desktop) serves as a first-line defence against these.

          I use Pi-hole (and via a personal VPN when on cell data) to defend my phone and desktops. But it cannot be as capable a blocker as one in-browser. Most users probably don't use Pi-hole 100% of the time if at all, so do not have any protection; there is no defence in-depth.

            poubellier In Vanadium's settings > privacy and security, there is an option called "open external links in incognito". That's something you can use.

            To emulate the effects of an "always incognito mode" beyond that, you can long press on Vanadium in your home screen, and you'll see an incognito window shortcut. Long press that and drag it elsewhere to make a shortcut for it. That way, you'll be launching Vanadium in incognito mode every time you open it. :)

            I hope that helps!

              ve3jlg If you want to set up blocking, you can do that via DNS. Vanadium plans to eventually use Chromium's content filtering engine to implement something similar, but that's not done yet.

              matchboxbananasynergy I'll try this way. But I hope someday Vanadium will see this being improved. Or Firefox will work to make their Android version as secure as desktop's.
              Thank you for your help tho!

              4 days later

              I've been using the ad and tracker blocking from Mullvad and that works OK. Not as good as uBlock Origin on Android Firefox or Mull or whatever, which can clean up the white space, but it's servicable.

              I think the main thing I'm missing is dark mode support. Having most of my OS be a comfortable dark theme (sure do wish we'd get AMOLED configurable as a theme option in AOSP so I didn't have to set it in every app) but then getting flashbanged whenever I need to use the browser is not great in terms of accessibility.

                • [deleted]

                Not as efficient as some extensions (some icons are displayed badly), but it's possible to set a dark mode by default in chrome://flags and enable"auto dark mode for web contents".

                  matchboxbananasynergy This is realistically something that should be supported by sites and not forced by the browser

                  Very unlikely to happen soon, if at all. There are tons of sites out there that do not support dark mode at all or you need to log in just to read to enable dark mode, so you are now tracked.

                  A browser on a Pixel with a LED display should be conveniently supporting, easy user-switchable, lifetime-preserving (for both battery and screen) dark mode in 2023. (I realize that it won't be perfect in some sites.)

                  Have a look at the general way that IETF standards are mostly developed, and the excellent approach that a receiver should gracefully accommodate flaws in a sender's transmission / protocol sequence.

                  [deleted] it's possible to set a dark mode by default in chrome://flags and enable"auto dark mode for web contents".

                  Fantastic - thanks! I had no idea about this (or the chrome://flags) being a longtime FF user. This will be very useful.

                  matchboxbananasynergy In Vanadium's settings > privacy and security, there is an option called "open external links in incognito".

                  Users should be aware this incognito mode disables screenshots (apparently).

                  I was trying to make a screenshot today and received the notice "Disabled by admin". I was looking all over my current profile and owner settings to see what I had accidentally changed. I finally clued in that I was in an incognito tab (opened from another app IIRC).

                  It is a time-wasting, unhelpful message, and the behaviour is not helpful. I use the mode to help protect my privacy, not protect others from my saving of their web page.

                  Is this configuration part of Vanadium or Chromium?

                    ve3jlg In my experience, there hasn't even been any noticeable slowness, really, except for some websites. In those cases, JIT can be selectively enabled for that site on Vanadium.

                    I've also heard the same about people using Apple's Lockdown Mode which also disables JIT for Safari; you mostly don't notice it, but the benefit in security is significant.

                    ve3jlg I believe that screenshots being disabled on Vanadium is part of Chromium, not something that Vanadium explicitly added.