this post was submitted on 28 May 2024
46 points (91.1% liked)
Privacy
31737 readers
637 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why would you use Chrome webview plus something else? You can't replace just pile on. Not a good idea. https://grapheneos.org/usage#web-browsing
Dont use system webview as your default browser. Webview is used by apps, your browser can and should be changed if privacy is your goal. Vanadium may be hardened, but it lacks any fingerprinting protection.
Your system webview is for in app usage. You aren't browsing the web using your system webview (generally). You can't blend into a crowd if you have no anti-fingerprinting. Firefox does this through RFP by normalizing settings between users, and on mobile there is partial support for screen size normalization through letterboxing. Vanadium isn't special, it is hardened chromium with some specific patches. You cannot form a crowd without special a lot of anti-fingerprint patching. See my other comment for details.
Firefox is missing per-site process isolation. This is theoretical an attack vector in the presence of multiple other major vulnerabilities. It has never been shown to be an attack vector in real world vulnerabilities. Don't call Firefox's sandboxing crap if you don't know why people have said that.
Anti-fingerprinting? By blocking javascript which the half-hearted privacy users can never afford? hahahahaha. Even privacy projects spread dirty javascripts.
Anti-fingerprinting isn't as simple as blocking JavaScript. There are dozens of other parameters. You can fingerprint with pure CSS. When I say anti-fingerprinting is necessary for a crowd, I am referring to data normalization. Like Firefox's Resistant Fingerprinting and letterboxing. I find most of RFP's effects unobtrusive, but it always for a crowd to form in specialized cases. Only Tor browser and Mullvad can reasonably form a crowd.
I dont know what you mean by privacy projects spreading dirty JS. I recommend you read up on actual anti-fingerprinting techniques. Your knowledge of anti/fingerprinting seems limited. Basic anti-fingerprinting is necessary on the modern web, same thing with a content blocker. Security and privacy sometimes come at the cost of convenience, but not always.
They are using js in their websites
I read your source and am not convinced. While I do agree that piling on modifications is often fruitless and counterintuitive, Vanadium doesn't have the Fingerprinting protection necessary to create a crowd. At best it can create many islands of crowd for each physical device graphene supports, for each version of the software installed, and only assuming all other method of fingerprinting don't work (for some reason theoretically for the sake of this best case scenario). Read cromite's patch list to see some of the changes needed to produce basic anti-fingerprinting (still not good enough to create a crowd).