GrapheneOSJun 3
WebRTC is a peer-to-peer communications protocol for web sites and therefore causes numerous privacy issues through making direct connections between participants. By default our Vanadium browser disables the peer-to-peer aspect by only using server-based (proxied) connections.
Show threadGrapheneOSJun 3

Vanadium provides a user-facing setting at Privacy and security > WebRTC IP handling policy.

From least to most strict:

Default
Default public and private interfaces
Default public interface only
Disable non-proxied UDP

For Vanadium, "Disabled non-proxied UDP" is the default.

Show threadGrapheneOSJun 3
The tracking technique described at https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/ is prevented by Vanadium's default "Disabled non-proxied UDP" value. It's also prevented by "Default public interface only", which does permit peer-to-peer connections but won't try to use the loopback interface for it.
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica
Show threadGrapheneOSJun 3
We have a list of most of the features provided by Vanadium at https://grapheneos.org/features#vanadium. There are dozens of additional privacy and security features planned along with data import/export and improved support for system backups. It takes time to implement these things properly.
GrapheneOS features overview

Overview of GrapheneOS features differentiating it from the Android Open Source Project (AOSP).

GrapheneOS
Show threadGrapheneOSJun 3
Vanadium doesn't have billions or even millions of users which limits our ability to prevent fingerprinting. We plan to address this by launching it for use outside GrapheneOS including publishing it through the Play Store. We want to implement more of the planned features first.
Show threadmath dealer 𑁍 ☮︎ ☾ 𖤓 ૐJun 3
@GrapheneOS no need to publish it on play store which is from google. publish it on F Droid instead!
Show threadMartinJun 3
@m4th1337 @GrapheneOS Tbh might as well put it on the Play Store too, I mean, users that will get it outside of GrapheneOS are almost surely using the Google Play Services.
And when you have the Play Services either way, whether you get the app on F-Droid or Play Store, it does not really change much in terms of privacy, but apparently the Play Store might (will?) be more secure.
Show threadGrapheneOS
@martin F-Droid is not a secure or trustworthy way to distribute apps. We already have our own app repository with far better security, proper automatic updates, dependency management, atomic updates and other important features. The preferred way to obtain Vanadium will be through our App Store. The reason to publish on the Play Store is so billions of people who use it will be able to easily use Vanadium without knowing how to install our App Store as an APK to obtain and then update it.
Jun 3 at 4:57pmWeb