What is Nostr?
final [GrapheneOS] 📱👁️‍🗨️
npub1c9d…sqfm
2024-02-21 00:20:34

final [GrapheneOS] 📱👁️‍🗨️ on Nostr: For the people wishing to see on Nostr the features #GrapheneOS Vanadium browser has: ...

For the people wishing to see on Nostr the features #GrapheneOS Vanadium browser has:

- Type-based Control Flow Integrity enabled

- Hardware memory tagging (MTE) enabled for the main allocator

- Strict site isolation and sandboxed iframes

- JavaScript JIT disabled by default with per-site override option

- Native Android autofill implementation to avoid needing sandboxed Google Play for autofill support

- WebGPU disabled for attack surface reduction

- WebRTC IP handling policy toggle to control peer-to-peer WebRTC mode

- Compiler hardening: automatic variable initialization, strong stack protector, well defined signed overflow

- High performance content filtering engine using EasyList + EasyPrivacy with a per-site override option

- More complete state partitioning without origin trial opt-out

- High entropy client hints replaced with the frozen user agent values to avoid leaking device/OS info

- Battery API always shows the battery as charging and at 100% capacity

- Trivial subdomain hiding disabled

- Consistent browser behavior across users without usage of feature flags and seed-based trials
- Nearly all remote services disabled by default or removed. Only connects to GrapheneOS servers by default. There are only 2 default services: component updates such as certificate authority and certificate revocation updates and DNS-over-HTTPS connectivity checks when enabled

- Web search and global search intents to replace the need for an OS search app

- Option to always open links from other apps, custom tabs and search intents in Incognito mode

Better default settings, including non-user-facing flags:

- Reduce Accept-Language header by default (only available via chrome://flags)

- Third party cookies disabled by default

- Payment support disabled by default

- Website background sync disabled by default

- Sensors access disabled by default

- Protected media (DRM) disabled by default

- Hyperlink auditing disabled by default

- Do Not Track enabled by default mainly to avoid users differentiating themselves from others by enabling it since it has no real value

- WebRTC IP handling policy set to the most private value by default instead of the least private value (turned into a user-facing option by Vanadium)

Our features page now has a section listing the features added by our Vanadium browser and WebView:

https://grapheneos.org/features#vanadium

It explains the approach to content filtering, anti-fingerprinting and state partitioning including current limitations. Major improvements are coming.

#GrapheneOS
Author Public Key
npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfm