Hey @GrapheneOS, just one idea for you to consider.
First off, let me say we are all in agreement that many important apps (many would even say essential) in Denmark are very finicky and don't work in GrapheneOS due to a lot of security theater bullshit. That's on them, that's not GrapheneOS' fault.
But being realistic, whoever lives in Denmark cannot avoid these apps. Maybe some, almost certainly not all. It's just how the government/society is set up. What's going to happen is either:
- they need to use some workarounds, such as different browsers (or worse: making them the default)
- they stop using GrapheneOS
In both of these scenarios, the user privacy is greatly compromised compared if they could stay using the option provided by GOS. Even though GOS made the right technical choice, it didn't really help the user since they're forced to use something else instead which is much worse for them.
Now, here comes the suggestion for you to think about. What if Vanadium offered the choice to relax the "header hardening" setting (for the lack of a better expression) on a per-domain basis? This could be an expert setting that is very hidden (like tap 5 times somewhere) so you can't just stumble upon it, but if you really need it like the users in this thread, then you could enter the particular problematic domains, and then it would solve the issue for these users. No need to even allow disabling on a global basis.
Sure, this compromises privacy for these domains, but it's going to be compromised anyway because the users here are forced to install Chrome or something else. And worse, make those the default browser which ends up affecting everything else. With the suggestion above, they could relax the headers just for mitid.dk
, and mobilepay.dk
(or whatever other domain they need) with a much lesser privacy risk, as they can continue to use a hardened browser for their daily needs with the full protection that it brings.
You may have considered this already, I don't know. But I wanted to put this suggestion out there because it may be a good compromise, as it solves the immediate Danish users' needs, and they will also come less often here to vent. :-)