I started expanding the overview on web browsers and Vanadium in particular at grapheneos.org/usage#web-brow. It's still just an overview but it's way beyond the scope of the usage guide and needs to be split into a separate page. Maybe it could go into the Vanadium README with a link.
Conversation
> At the moment, the only browser with any semblance of privacy is the Tor Browser but there are many ways to bypass the anti-fingerprinting and state partitioning. The Tor Browser's security is weak which makes the privacy protection weak.
1
> The need to avoid diversity (fingerprinting) creates a monoculture for the most interesting targets. This needs to change, especially since Tor itself makes people into much more of a target (both locally and by the exit nodes).
Tor Browser approach needs to be done elsewhere.
Replying to
Enumerating badness and ignoring the tracking by first parties, including on behalf of third parties, is not a viable approach to privacy. IP addresses are the most basic building block for tracking, alongside state (cookies, cache, connection pools, [...]) and fingerprinting.
1
1
Tor Browser approach is to work towards addressing the actual problems rather than an AntiVirus approach based on enumerating badness that's fundamentally unable to provide any real privacy. May give people the illusion of privacy but largely just makes them stand out far more.
1
1
The comforting illusion is that doing work to improve your privacy gives your privacy. Changing settings, installing assorted extensions and dealing with the compatibility issues + friction those extensions create. It adds up to standing out from the crowd to an extreme extent.
1
6
Meanwhile, you'd be far better off using Safari on an iPhone with default settings, one of the most popular content blockers and a popular VPN so sites see a shared IP. Moving the trust from ISP -> VPN is a separate topic. Tor + Tor Browser tries to do better with mixed results.
1
7
There's a reason the Tor Browser doesn't come with a content filtering feature with a choice of filter lists that are dynamically updated separately from the browser and user rules / exceptions. Would sense to have a hard-wired list on/off, and it'd deter people screwing this up.
1
2
twitter.com/DanielMicay/st
By the way, in this context, Cloudflare, Amazon (AWS), Microsoft (Azure, GitHub), etc. are first parties. The middleware from third parties run on servers is first party too. I'm referring to first party origin, not the organization the site represents.
Quote Tweet
Enumerating badness and ignoring the tracking by first parties, including on behalf of third parties, is not a viable approach to privacy. IP addresses are the most basic building block for tracking, alongside state (cookies, cache, connection pools, [...]) and fingerprinting.
Show this thread
1