Comment by drnick1
8 days ago
Since you seem to be one of the developers, one thing that I wish Graphene focused on more is browser fingerprinting. This is is probably the number one threat against privacy nowadays. Vanadium is very usable, but it seems to be quite easily fingerprintable.
GrapheneOS does focus on browser fingerprinting with a long term approach that's being implemented. That's why adblocking is implemented the way that it is with a specific list of filters and then regional/language filters activated based on which languages are enabled. Vanadium does provide good protection against instances of Vanadium being distinguished from each other in ways other than the IP addresses, language, time zone, etc. Adding support for using a universal UTC time zone in Vanadium is one of many planned features for countering fingerprinting. Expanding the Vanadium userbase beyond GrapheneOS would be the main way to reduce fingerprinting since it heavily depends on the number of people using the browser so we eventually plan to launch it for use outside of GrapheneOS once it has more features.
Brave has the best anti-fingerprinting on Android right now but it's not all implemented in a good way and they have a lot of features with privacy and security downsides too. Vanadium is gradually working towards having stronger anti-fingerprinting than it. It will take time. In general, our approach is focusing on doing things properly with the long term in mind. It takes longer but the end results will be better as can be seen for what we ship in many areas. Our network-based location implementation is a nice example among many others.
The founder, afaik, not just a developer.
Tor Browser seems to be a project that requires multiple full time developers. I don't think GrapheneOS have the resources right now to do this alongside their OS development, device support and app overhaul plans.
Also please don't take this as any criticism of your suggestion, but there have been multiple 'privacy' browser projects based on Chromium for Android. It's a little frustrating that they couldn't collaborate some base like this to the open source community.
> Tor Browser seems to be a project that requires multiple full time developers. I don't think GrapheneOS have the resources right now to do this alongside their OS development, device support and app overhaul plans.
We're in the process of hiring a bunch of full time developers and will have more people working on Vanadium soon. The bottleneck isn't money but rather building out the organization and hiring people. We get a lot of donations and are going to be greatly expanding the project, particularly with the funding being offered by Vitalik Buterin for hiring 5 more full time developers.
> Also please don't take this as any criticism of your suggestion, but there have been multiple 'privacy' browser projects based on Chromium for Android. It's a little frustrating that they couldn't collaborate some base like this to the open source community.
Many aren't using permissive licensing and a lot of it is a mess that's not possible to include in Vanadium rather than making our own implementation that's more focused on correctness and maintainability. GrapheneOS is going to have an increasingly large amount of resources so we wouldn't get much from working with tiny projects. We could hire people to work on Vanadium instead. Working with Brave would be compelling but not much else. Brave has a lot of stuff we want but usually it's quite messy and complex compared to what we want to have. We're using work from Microsoft on Chromium hardening that's not used in Chrome / Chromium such as the WebAssembly interpreter.
I missed this in the bustle of this thread but that's fantastic news. Hugely appreciative of the work yourself and your team at GrapheneOS are doing and it is great to hear it will be expanding/growing too.
> 'privacy' browser projects based on Chromium for Android
As far as I know none of these projects have tackled the JS fingerprinting problem. The most earnest attempts seem to be Brave and Firefox with the Arkenfox user.js, but they have their own problems. The basic issue is that JS gives websites far too much control over the user's device. The JS spec should have never allowed websites control over the clipboard (e.g. to disable paste), to know if the user is active, when the mouse is being moved, etc. Since it is too late now, short of disabling JS entirely, there will be usability tradeoffs, but I think these are necessary (at least optionally) in an OS like Graphene.
Unfortunately, browsers have often done too little, too late when it comes to privacy. For example, until recently, most browsers allowed third party cookies by default.
GrapheneOS has a lot planned for Vanadium. It could become a project almost as large as the core OS project. We're going to be greatly expanding our team and that needs to happen before Vanadium can have substantially more changes than it currently does. Full state partitioning including for cookies is a much better approach than disabling third party cookies. Vanadium does disable third party cookies but that doesn't really do as much as you'd think because the way third party cookies are defined and what disabling them means is not intuitive. Third party cookies would not be a significant issue if cookies were fully partitioned by the top level site. Chromium has implemented state partitioning for the vast majority of the state but specifically not cookies by default where it's opt-in, so we need to handle that ourselves. They do support partitioned cookies but it's opt-in. Strictly partitioning cookies breaks a lot of cross-site functionality so no mainstream browser is doing it but rather they use heuristics to support cases like cross-site login and their partitioning is easy to bypass through that.
Fundamentally, almost all "innovation" in browser and JS development for the last 20 years has been about giving new powers to website authors, not to the people actually using the browser. The idea of telling website authors "no, you can't do that" seems to be anathema to browser authors and standards groups. The result is that they make it easy for website authors to wrap their content in shinier and shinier wrapping paper and then tell users how great it is that they can now see all that shininess. Probably 50% of what a website can do today is stuff we would be better off not having available.