GrapheneOSJun 3
WebRTC is a peer-to-peer communications protocol for web sites and therefore causes numerous privacy issues through making direct connections between participants. By default our Vanadium browser disables the peer-to-peer aspect by only using server-based (proxied) connections.
Show threadGrapheneOSJun 3

Vanadium provides a user-facing setting at Privacy and security > WebRTC IP handling policy.

From least to most strict:

Default
Default public and private interfaces
Default public interface only
Disable non-proxied UDP

For Vanadium, "Disabled non-proxied UDP" is the default.

Show threadGrapheneOSJun 3
The tracking technique described at https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/ is prevented by Vanadium's default "Disabled non-proxied UDP" value. It's also prevented by "Default public interface only", which does permit peer-to-peer connections but won't try to use the loopback interface for it.
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica
Show threadGrapheneOSJun 3
We have a list of most of the features provided by Vanadium at https://grapheneos.org/features#vanadium. There are dozens of additional privacy and security features planned along with data import/export and improved support for system backups. It takes time to implement these things properly.
GrapheneOS features overview

Overview of GrapheneOS features differentiating it from the Android Open Source Project (AOSP).

GrapheneOS
Show threadGrapheneOSJun 3
Vanadium doesn't have billions or even millions of users which limits our ability to prevent fingerprinting. We plan to address this by launching it for use outside GrapheneOS including publishing it through the Play Store. We want to implement more of the planned features first.
Show threadUser
@GrapheneOS Thats rigth choice.
One suggestion, please add user scripts and user agent as it is done in cromite it is also open source
Jun 4 at 7:50amMastodon for Android
Show threadGrapheneOSJun 4

@userj

> add user scripts

This is bad for security.

> and user agent

This is bad for privacy and not a good approach to achieving what you probably want to accomplish.

> as it is done in cromite it is also open source

This browser makes many misguided changes and we highly recommend against it. Making more changes does not result in something being better especially when many are done incorrectly or directly significantly reduce security.

Show threadUserJun 6
@GrapheneOS Okay, I get it, it doesn't fit the purpose of your browser. By the way, I mentioned cromite and the fact that it's opensource. So that if you decide to incorporate these features into your browser you can see the open source code, or just as a resource where I've seen it.
Look, I don't really need a user agent, and I use user scripts only to be able to run YouTube or other streaming services in the background when the phone is turned off. Maby you can implement this feature.
Show threadUserJun 6
@GrapheneOS
And, I think I've seen such a switch in mobile brave browser. In general I would be very glad of a background media playback feature in your browser.
I am a graphene os user and appreciate and support what you are doing.
Show threadUserJun 6
@GrapheneOS And thanks for the advice to stop using the browser in favor of security