Thank you for your reply GrapheneOS

I know that the kernel and firmware updates from that Pixel3a were from last year August or so, and that it's not officially supported by GrapheneOS anymore - sorry in case it sounded wrong, never meant that.

And although it's a bit off-topic in this thread (maybe we can start another one for this?), I'm a bit reluctant to send perfectly working hardware to the landfill, and the same will apply to my daughter's Pixel 4a 5G coming November or so. We both love the headphone jacks, so for her a 7a wouldn't be a good replacement. So what would be your advice for older hardware, without kernel and firmware support from companies like Qualcomm and Google? "Giving away" such hardware only puts the problems on others' shoulders...

    wjl [...] I'm a bit reluctant to send perfectly working hardware to the landfill [...]

    It's a very real issue. But these days so much of the device is software, including firmware, that the device can't be "perfectly working" if the software is vulnerable to remote exploit.

    To their credit, Google is trying to move the needle with longer support for their newer hardware. Interestingly, moving more parts of the device in-house is part of that - similar to Apple. Part of the problem with buying parts from a bevy of suppliers is that software for the device as a whole ends up at the mercy of all of those parties. Over time the landscape may improve. One thing that could help would be for a phone manufacturer targeting longevity (such as Fairphone) to sit down with the GrapheneOS team to get some solid security advice, and make changes accordingly.

    As a practical matter, once a device falls out of GrapheneOS support if you have low-security uses for it you might look at some other platforms such as DivestOS.

      de0u As a practical matter, once a device falls out of GrapheneOS support if you have low-security uses for it you might look at some other platforms such as DivestOS.

      That is very good advice I think - especially because the dev of DivestOS also recommends GrapheneOS for those who can easily afford new Pixel devices... thanks!

      I've always used hardened Brave with Proton VPN but since Proton Pass has been a cluster with Brave on Android I've been using hardened Firefox Nightly. Is it a better practice to use Vanadium with Proton Netshield enabled?

        NightSky that depends mostly on your threat model. On Android, Cromium based browsers are inherently more secure than Firefox based Browsers. I'll leave the details to the pros since my knowledge is far from ironclad here. You're okay with ProtonPass though, which is relatively new and untested (compared to for example Bitwarden or KeePassDX) and can be a security concern as well. So Firefox and ProtonPass could just be right for what you want to achieve. If you're looking for highest security, I assume Vanadium (plus KeePassDX) would be recommended here, compared to Brave or pretty much anything else.

        Let's not forget that this thread is about Brave and Vanadium, so for deeper comparisons to Firefox you might want to open a separate thread.

        3 months later
        • [deleted]

        • Edited

        matchboxbananasynergy The issue with Brave is it may give you a false sense of privacy.

        Hi, I understand your overall position but how can you say, like @Paflechien , that Brave only gives a "false sense of security" while it EFFECTIVELY passes, following privacytests.org,

        • all the state partitioning test
        • blocks all the tracking query parameter
        • Tracker content blocking tests
          ?

        I mean, this is no theories. Brave really does something !

        It really blocks Adobe
        Adobe Audience Manager
        Amazon adsystem
        AppNexus
        Bing Ads
        Chartbeat
        Criteo
        DoubleClick (Google)
        Facebook tracking
        Google (third-party ad pixel)
        Google Analytics
        Google Tag Manager
        Index Exchange
        New Relic
        Quantcast
        Scorecard Research Beacon
        Taboola
        Twitter pixel
        Yandex Ads
        !

          Icecube
          Sadly, using a DoH provider as your only adblocker won't be as effective as using Brave or Cromite.

            • [deleted]

            What I don't understand is why people are still asking questions about safety. Vanadium is installed natively, it's the most secure browser, it has no equivalent on android, you won't find better. All the others are inferior. If you want to block ads, you'd better change the DNS at system level, it's written on the website. After that, you can install whatever browser you want, but they'll only be less efficient.

              • [deleted]

              • Edited

              [deleted]
              What you do not understand is that people like me admit that YES Vanadium is more secure and that YES we know that blocking via DNS level is great for privacy, but not as effective as Brave. Just look at privacytests.org and compare to you own browser privacytests.org/me.html ...

              Icecube
              Its great that it's enough for you, but it's not enough for me sadly.

              I'm using DuckDuckGo for the most part, it used WebView so most of the security should carry over. If you don't want to use a WebView browser there is always Cromite.

              • [deleted]

              [deleted] Refer to Daniel's response here

              Also, Arthur (Who seems to be the main developer of privacytests.org) responded to thestinger's response here.

              a month later
              16 days later

              I tested both browsers for several weeks in a university fingerprinting study (I wanted to leave my fingerprint rather for academical research rather than at fingerprint.com).

              The study measures the browser fingerprint based on e.g. navigator, audio, canvas, screen, plugin, connection, WEBGL, mathematical constants and much more.

              The study determines whether the site:

              • has seen this fingerprint before
              • if you are the only participant with this fingerprint and
              • if you can be tracked uniqueliy over time

              Without Javascript, both browsers performed equally well in my tests according to the standards of the university project.

              With Javascript enabled, both browsers always left a unique fingerprint.

              In the categories "seen fingerprint before" and "can be tracked uniqueliy over time", Brave regularly performed better in my case: Vanadium was trackable over time and could be assigned to my previous fingerprints which was not the case with Brave.

              Better to do your own comparisons than listen to strangers on the Internet: https://browser-fingerprint.cs.fau.de/?lang=en

              So for most things I use Brave, when I open sites where I'm more concerned with security than privacy I use Vanadium.

              10 months later
              • [deleted]

              NightSky how do you harden Firefox nightly out of curiosity? Sorry for reviving an old thread lol.