mr_johnson22

Actually, it looks like it's not websites that see Google login status, but the browser itself. I say this because there was one time by chance that the login popup stayed visible for a moment when I entering the tab menu, meaning the popup must be a part of the browser UI and not in the webpage. The popup also stays the same size when zooming in/out of a page, and its text cannot be highlighted like other text on a page.

So it may very well be that websites aren't seeing Google cookie/login status after all, and Vanadium/Chrome happens to have a feature to detect a Google login session (which it has every right to do) & to offer a Google login on sites that support it. If that's the case, there'd be no 3rd-party cookie/session sharing involved, and I'd be satisfied :)

LocaLola I believe I'm not, as the Google Play store asks me to sign in, as do other Google apps. And no Google account is shown as enabled in Settings > Passwords, passkeys & accounts.

jarell Thanks for the advice. At this point I'll accept that what I'm really after is content filtering, which Vanadium intentionally doesn't have much of due to GOS' disapproval of badness enumeration as an effective privacy tactic. If I still can't live without it, I'll look more into the security benefits Vanadium provides over other browsers and decide whether what it offers is what I'm after.

GOS_Addict Will it replace regular Element when it has all features?

Yes, I believe that's the plan.

treenutz68 Yes, that would work. Something similar that would also work is using a separate Android profile to use for with Vanadium, to avoid the increased attack surface of having multiple web browsers installed.

I still wonder though, since Vanadium makes an effort to isolate tab processes from one another, isn't it also supposed to keep login information isolated between tabs as well? If Google login state is shared between tabs, then I assume other services' login state is too, so I wonder if I should be more stingy with which sites I log into in non-incognito tabs.

GOS_Addict Cross-signing is something you probably shouldn't disable, because it greatly simplifies usability of encrypted messaging & device trust.

Also, instead of Element Android, try using Element X, which is the new flagship Element-branded Matrix client for Android as of late September or so. It unfortunately doesn't support Spaces yet, though; for that, you can use SchildiChat Next or FluffyChat.

treenutz68 Thanks, but in my scenario I'm logged in only at the level of the web browser / Vanadium, not system-level or app-level. That means Google apps & device features still ask me to sign in (and don't mention anything about what account I'm using in the browser).

Was wondering this myself. In my case, ever since I signed into YouTube (on web), any other site that supports Google accounts shows that login popup with my Google account information displayed. I'd expect site isolation (as described in the Usage guide] and having disabled third-party cookies to prevent my account login from being detected on sites other than *.youtube.com, so perhaps I'm misunderstanding what kind of state really gets isolated between sites.

Zooming out a bit, is it even worth trying to prevent this? My understanding is that because my account login is accessible to the Google login popup on non-Google sites, it means that Google is able to track my visit to any site that has Google scripts in it, and I'd like to prevent that. But even if my account login were to be isolated between sites, Google scripts on any site I visit would still get a hit from my IP address (in the absence of content filtering), so they'd be able to identify me between sites anyways.