Replying to Avatar final [GrapheneOS] 📱👁️‍🗨️

Our features page now has a section listing the features added by our Vanadium browser and WebView:

https://grapheneos.org/features#vanadium

It explains the approach to content filtering, anti-fingerprinting and state partitioning including current limitations. Major improvements are coming.

#GrapheneOS

Avatar
final [GrapheneOS] 📱👁️‍🗨️ 1y ago

For the people wishing to see on Nostr the features #GrapheneOS Vanadium browser has:

- Type-based Control Flow Integrity enabled

- Hardware memory tagging (MTE) enabled for the main allocator

- Strict site isolation and sandboxed iframes

- JavaScript JIT disabled by default with per-site override option

- Native Android autofill implementation to avoid needing sandboxed Google Play for autofill support

- WebGPU disabled for attack surface reduction

- WebRTC IP handling policy toggle to control peer-to-peer WebRTC mode

- Compiler hardening: automatic variable initialization, strong stack protector, well defined signed overflow

- High performance content filtering engine using EasyList + EasyPrivacy with a per-site override option

- More complete state partitioning without origin trial opt-out

- High entropy client hints replaced with the frozen user agent values to avoid leaking device/OS info

- Battery API always shows the battery as charging and at 100% capacity

- Trivial subdomain hiding disabled

- Consistent browser behavior across users without usage of feature flags and seed-based trials

- Nearly all remote services disabled by default or removed. Only connects to GrapheneOS servers by default. There are only 2 default services: component updates such as certificate authority and certificate revocation updates and DNS-over-HTTPS connectivity checks when enabled

- Web search and global search intents to replace the need for an OS search app

- Option to always open links from other apps, custom tabs and search intents in Incognito mode

Better default settings, including non-user-facing flags:

- Reduce Accept-Language header by default (only available via chrome://flags)

- Third party cookies disabled by default

- Payment support disabled by default

- Website background sync disabled by default

- Sensors access disabled by default

- Protected media (DRM) disabled by default

- Hyperlink auditing disabled by default

- Do Not Track enabled by default mainly to avoid users differentiating themselves from others by enabling it since it has no real value

- WebRTC IP handling policy set to the most private value by default instead of the least private value (turned into a user-facing option by Vanadium)

nostr:nevent1qqstu7eafcpguaqfplrvh88vu5ked4ke6kcxh7svrllastrdh9vgnnspz3mhxue69uhkummnw3ezummcw3ezuer9wcpzps26tfjesmn6ksf5mm36hpf9fkjut49sfeutfutvs2phrykn25v9qvzqqqqqqyyjcwrn

Reply to this note

Please Login to reply.

Discussion

Avatar
shitCoiner 1y ago

Thank you for your hard work! Please, just let me make a suggestion for a future release: create a widget that can be added to the home screen that opens vanadium in incognito mode. Just a regular vanadium icon that defaults to incognito. Thank you and keep up the good work #vanadium #grapheneos

f4
Nomad 1y ago

I didn't know Vanadium was so great. Thanks for the efforts 👍

Avatar
final [GrapheneOS] 📱👁️‍🗨️ 1y ago

Hopefully adding the changes to the site helps users. There is a lot more to Vanadium than people suggest and it's far from just a Chromium build without Google integrations. Some people use other browsers because they miss a certain feature not realizing Vanadium will have similar or there is a security degradation involved in that browse having that feature.

Avatar
final [GrapheneOS] 📱👁️‍🗨️ 1y ago

browser* nice!

Avatar
kyrastonington 1y ago

I love my phone, thank you.

Avatar
Adarnit 1y ago

What are the chances that Vanadium could be ported over to non #GrapheneOS devices? And if not, what are they reasons it can't be done?

Avatar
final [GrapheneOS] 📱👁️‍🗨️ 1y ago

Vanadium hasn't been developed for other OSes in mind currently, it directly inherits the security enhancements from GrapheneOS like production MTE support and more rather than adding it's own inside Vanadium. MTE is currently exclusive to GrapheneOS since the stock Pixel OS only provides it as a development option with major caveats and Vanadium is the only browser incorporating it in production.

Even for platforms without MTE like other devices not Pixel 8 and later, having Vanadium elsewhere would be downgrade in comparison to Vanadium on GrapheneOS. Vanadium needs more before it could be positively received elsewhere.

Avatar
Sito 1y ago

And two hard boiled eggs.

Avatar
AU9913 1y ago

Any chance there is a comparison between vanadium and brave

Avatar
final [GrapheneOS] 📱👁️‍🗨️ 1y ago

Brave is currently the only other browser we recommend. It keeps the same security as mobile Chromium while adding additional state partitioning, anti-fingerprinting improvements and the most advanced content filtering engine. Content filtering is the best on Brave. Vanadium needs to improve on some of these but we also have state partitioning and we discuss our approach to anti-fingerprinting a little different to how Brave does it. Brave randomizes data while we reduce the data that could be used and make all Vanadium users look the same as each other where possible.

However, Vanadium is more secure and has greater security enhancements and exploit mitigations than Brave. Vanadium is the only browser incorporating Memory Tagging in production for Pixel 8 and later. Vanadium also has Control Flow Integrity which is disabled upstream and other browsers like Cromite tried to enable and failed. Vanadium is designed to be extremely resistant to exploitation, JS JIT is off by default and has a toggle while Brave doesn't have.

As work on Vanadium uplifts continue we hope to improve the content filtering. Vanadium to Chromium is what GrapheneOS is to AOSP. Brave is solid as a browser but I cannot make a result on their services as I refuse to use them.

Avatar
Islamic Audiobooks Central 1y ago

Did you mean Do Not Track *disabled* by default?

Avatar
final [GrapheneOS] 📱👁️‍🗨️ 1y ago

Enabled. If it was disabled by default people may get the urge to enable it and stand out. It's unlikely people would choose to disable DNT.