I think we’re ignoring the elephant in the room here, which is that Vanadium is only available on a single operating system. Coupled with the fact that it is missing powerful privacy and content blocking features, I don’t really see where Vanadium fits in here, and I would argue that Brave on GrapheneOS still makes sense for most users.
The only real advantage I see here is disabling JIT (even on a per-site basis, neat!), which is not actually relevant to most people for the same reason Lockdown Mode is not actually relevant to most people. If all things were the same it’d be good, but all things are not the same here, Brave is actually significantly better on the privacy front:
I’ll note that my current understanding is that Vanadium scores the same as Chrome on PrivacyTests.org, i.e. significantly worse than Brave. I could be wrong, because PrivacyTests.org does not actually test Vanadium itself, so I don’t have its actual results handy. However, I do have their browser tests running locally now, so I can test Vanadium itself against this and report back here later.
Disabling JIT is not ad/tracker blocking, by the way.
Content filtering is not a privacy or security feature. It is merely for convenience. Badness enumeration generally does not work, and depending on the implementation, having an adblocker may increase the attack surface.
Brave’s fingerprinting resistance is a nice to have. If fingerprinting is your concern, Tor Browser is there. Brave’s implementation becomes useless when someone decides not to rely on naive or basic scripts for fingerprinting.
A browser with a focus on security and without content filtering or fingerprint resistance is good for a lot of threat models. Especially logging in to accounts like banking, GitHub, or any other personal account.
Vanadium will appear the same as any other Vanadium on the same device model; GrapheneOS doesn’t support a lot of models.
I think that Privacy GUIDEs should GUIDE users to choose their tools, and I should have the ability to pick between a security-focused browser that’s clean and a browser with content filtering and fingerprint resistance that’s bloated and has done some shady things in the past.
When talking about shady things that have happened with Brave, there is also trust consideration. I already trust GrapheneOS by using its OS so I do trust their browser too. If I choose to use Brave, I will add attack surface to my phone, and now I have another party to trust that has done some shady things with their browser.
I daily drove Vanadium with DNS filtering for a really long time, with JIT disabled, and I couldn’t remember seeing an ad or especially being annoyed or interrupted by it.
Especially when you use NewPipe, LibreTube or any other amazing tools instead of relying on content filtering. You can literally visit piped.kavin.rocks or piped.mha.fi and have a ad-less, sponsor-less experience of YouTube. There are some kinds of frontends for almost everything.
This just shows how overrated browser content filtering is and how it entirely depends on a user and use case. None of the browsers is a silver bullet.
Realistically, how many privacy-invasive sites does one visit that have basic or naive scripts that Brave protects against? And doesn’t use any personal information, at which point browser fingerprinting is irrelevant. Not many…
And how hard is to just open Tor Browser which is a proper tool for this and use that if fingerprinting is your concern? Not hard…
Why are you implying I am insulting you?
The only thing disabled JIT will do is cause JavaScript to run slower and WASM to be disabled, it will not block ads.
(Microsoft is supposedly trying to upstream a patchset that lets WASM run when JIT is off.)
I’m not. I wouldn’t be saying these things about JIT if I hadn’t tested it myself. I’m not a JIT expert, but even if it didn’t block anything, it still stopped the ads from interrupting my browsing, which is a win in my book.
Yes. Enabling JIT would introduce ads or cookie consent prompts on some sites that weren’t present without JIT. It might be because it wasn’t quick enough to load, but in any case, it didn’t interrupt me, so I consider it a win.
Since Privacy Guides caters to users of all devices and all OSes, I think Brave is a better recommendation, at least until Vanadium is released for all Android OSes, not just GrapheneOS. For GrapheneOS users, there can be a note or something added saying that Vanadium is also recommended to use, with maybe a short summary of the features Vanadium has and those it lacks.
The main reason why I created this discussion is to stop people from believing that they need Brave on GrapheneOS.
A lot of people rely on PG for their tool choices, and only seeing Brave there without any mention of Vanadium makes them believe that they need it even though there is a high chance they don’t.
Users should be informed about both options and their pros and cons so they can make an informed choice for themselves.
This is the part which hasn’t been demonstrated in this thread, I think. I would say that there is actually a low chance most readers would prefer Vanadium over Brave, and there isn’t really clear evidence that people are worse off using Brave either.