Brave vs Vanadium

Adblocking is not a privacy or security feature. It is merely for convenience. Badness enumeration generally does not work.

Depending on the implementation, having an adblocker may increase attack surface. See this for an example:

https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css

As for fingerprinting resistance, if your threat model calls for it, the Tor Browser is your only option. Brave's resistance is only enough to fool naive scripts - more sophisticated ones like https://fingerprint.com/ can fingerprint it as usual. It's resistance is only nice-to-have, not something you can seriously rely on if this is the threat model.

Like @GrapheneOS said, what you are doing is the exact opposite of what you should be doing if fingerprinting is a concern. A crucial part of this is not using such a niche setup that you are the only one using it. Take for example, the Tor browser has 3 different privacy mode which changes NoScript configurations. You cannot use the safest mode, but you don't wanna do all the way down to the safer or standard mode. You go ahead and make your own NoScript configuration. Does that make you stick out from the rest of Tor Browser users? Yes it does.

As for what threat model a browser without fingerprinting resistance or adblocking would acceptable for - a lot of them, especially ones where you already login to an account that identifies you - banking, work, LinkedIn, GitHub and so on. I personally use Edge for most of these tasks for example, because with them security is what matters.

GrapheneOS The 2 posts you've made here are incredibly wrong and you're also giving harmful, extremely dangerous advice

I'm not giving any "advice" at all. I was merely answering @TommyTran732 's question and only sharing my thoughts out loud with the intention of open and friendly discussion so whats incorrect can be pointed out and falsehoods explored, and concepts challenged, with the aim of reaching a better collective understanding. Afterall any "bad" argument can be pulled apart and its falsehoods exposed for the betterment of everyone. One thinks out loud amongst "friends" to have them point out his faults. Assuming we are friends, and not here to just tear each other apart.

GrapheneOS You've derailed this thread with a whole bunch of misinformation and off topic tangents.

I haven't, I only answered a question. I didn't make any of my comments from the second post in the first one. I am responding to his inquiry, not voluntarily going off on a tangent. Him asking me why, is perhaps the tangent. Please be a little more fair in your assessment.

I don't know what you think this was, I thought I was having a friendly discussion with some people. Not a campaign of "misinformation".

GrapheneOS ou're also telling people to use a far less secure device for their web browsing.

I'm not telling people anything.

Thanks for your response @TommyTran732 .

I find this a very meaningful discussion to further pursue and at the very core of why we're all here. I do have a few questions and counter arguments to make. But, for the sake respecting @GrapheneOS wish and of not venturing outside the scope of the subject of this thread any further I'll stop my responses here and perhaps discuss in a separate thread.

Thanks for the link @TommyTran732, it was an eye opening read.

I'll just say, wouldn't using vanadium as you described then give a unique fingerprint of you to all those sites, and every other site you go to?

User2288 Vanadium will appear the same as any other Vanadium on the same device model, and we don't support a lot of device models. The screen resolution and performance of the device (both CPU and GPU) are essentially enough to identify the device on their own. Main language, time zone and your IP / DNS resolver are the main differentiation between users. If you change site-facing settings, that makes you stand out more. There is not really anything that Vanadium can do beyond completing state partitioning (in progress) and providing a way to set a standard language (US English) and time zone (perhaps UTC) as an override. Trying to hide other ways of differentiating between device models via GPU will amount to almost nothing. With a lot of changes, perhaps certain device models we support could appear the same to websites in most ways, but we don't support a lot of device models anyway. It can be easily detected which browser is used based on how it behaves. The more we change, the easier that is to detect. This is why a very niche, barely used browser trying to do anti-fingerprinting features ultimately doesn't work. Nothing can compare to the userbase of a browser like Chrome or Safari. Anti-fingerprinting works best in an enormously widely used browser. Getting rid of ways to detect device model only helps if it's used across many device models. Unless we normalize screen resolution somehow, there is no point.

OpenSource-Ghost Yes, but we can't count on the digital fingerprinting of a completely modified chomium browser... That's either chomium or vanadium in my question. Plus brave includes a von and crypto stuff so not good

[deleted]

Brave is the most modified because of all the crypto revenue stuff. Bromite is basically hardened and tweaked Ungoogled Chromium + ad-blocking + anti-fingerprinting. I'd stick with Vanadium if security is more important to you than anti-fingerprinting features and anti-ad features. Otherwise I'd use Uazo's builds of Bromite. I don't like Brave.