I remember talk, but I was hoping the idea was back on the radar. I get it though. Makes sense, but damn. FF forks FTW I guess. Would be nice to have a trustworthy security/privacy Chromium based browser on desktop. Guess I'll stick to LibreWolf and keep using the isolated QubesVM I have set aside with Chrome/Chromium installed for flashing hardware. Thanks!
Discussion
Brave is a top choice when it comes to content filtering and state partitioning. A big issue with Brave is how much, in my opinion, random nonsense they want you to use with it. Fortunately it never bugs you again once you disable it, but there could be better.
Secureblue (security-hardened Fedora Atomic images) uses a hardened Chromium with Vanadium patches, but it's part of Secureblue for the most part. It also uses our Hardened Malloc.
Thanks. Definitely not a fan of Brave or its CEO. Secureblue looks interesting, but the fact that they state they won't have anything to do with degoogled chromium is not awesome.
Seems like it might be better than stock Chrome with the hardening. Github only shows 243 stars, but it's new so that's understandable.
Have you tried flashing any hardware with it?
The Chromium itself is still patched to disable data collection and opt-in metrics according to the developer and since it uses Vanadium patches I could attest to that. Always better to use the Chromium as a base and build with own patches rather than centipeding someone's fork like ungoogled-chromium. Since if they delay, then you delay.
These forks also aren't security hardened like Vanadium is, forks will just amateurly take out anything that mentions Google which leads to some regressions.
Secureblue is not endorsed but both have a similar user share and the maintainers are frequent GrapheneOS community members. It's listed as an example of other OSes using hardened_malloc on our site.
It's usable, but hardened_malloc will break certain apps the same way they do on GrapheneOS for security. Electron apps are an example. I don't daily-driver secureblue though and the barrier for entry is higher than it is to get started with GrapheneOS.
fyi I am aware of other projects using Hardened Malloc as well, for example this hardened Void Linux build has hardened malloc and other hardening:
https://0xacab.org/optout/plagueos
https://0xacab.org/optout/plagueos/-/wikis/Security-Considerations
https://0xacab.org/optout/plagueos/-/wikis/FAQ
It sounds very interesting butI (and I think anyone I know) have never used it though. Can't make a recommendation. Using smaller projects is at your own risk.
Gotcha. Thanks for the detailed and honest reply. I've got some things to look into. Much appreciated.