matchboxbananasynergy

@matchboxbananasynergy@infosec.exchange
462 Followers
48 Following
538 Posts

Community manager @grapheneos. Mod for a few open-source projects. This is a personal account and the hot takes you'll find here are exclusively my own.

#grapheneos #mollyim #accrescent

matchboxbananasynergyJun 4
Show threadGrapheneOSJun 4
Vanadium Config version 95 enables protection for local networks and loopback. The user interface for making per-site exceptions isn't available for Android yet. The overall feature can be disabled via chrome://flags if for some reason someone needs that functionality right now.
matchboxbananasynergyJun 3
Show threadGrapheneOSJun 3
For the non-WebRTC issue being abused by Yandex, Chromium 137 shipped a fix for it behind a feature flag that's being gradually rolled out. We can roll this out to 100% of Vanadium users through a Vanadium Config update. We can start Alpha testing for that new flag later today.
matchboxbananasynergyJun 3
Show threadGrapheneOSJun 3
Vanadium doesn't have billions or even millions of users which limits our ability to prevent fingerprinting. We plan to address this by launching it for use outside GrapheneOS including publishing it through the Play Store. We want to implement more of the planned features first.
matchboxbananasynergyJun 3
Show threadGrapheneOSJun 3
We have a list of most of the features provided by Vanadium at https://grapheneos.org/features#vanadium. There are dozens of additional privacy and security features planned along with data import/export and improved support for system backups. It takes time to implement these things properly.
GrapheneOS features overview

Overview of GrapheneOS features differentiating it from the Android Open Source Project (AOSP).

GrapheneOS
matchboxbananasynergyJun 3
Show threadGrapheneOSJun 3
The tracking technique described at https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/ is prevented by Vanadium's default "Disabled non-proxied UDP" value. It's also prevented by "Default public interface only", which does permit peer-to-peer connections but won't try to use the loopback interface for it.
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Ars Technica
matchboxbananasynergyJun 3
Show threadGrapheneOSJun 3

Vanadium provides a user-facing setting at Privacy and security > WebRTC IP handling policy.

From least to most strict:

Default
Default public and private interfaces
Default public interface only
Disable non-proxied UDP

For Vanadium, "Disabled non-proxied UDP" is the default.

matchboxbananasynergyJun 3
GrapheneOSJun 3
WebRTC is a peer-to-peer communications protocol for web sites and therefore causes numerous privacy issues through making direct connections between participants. By default our Vanadium browser disables the peer-to-peer aspect by only using server-based (proxied) connections.
matchboxbananasynergyApr 25
GrapheneOSApr 25

ReliableSite has provided two sponsored servers to replace our North American update servers. One is in Los Angeles and the other In Miami. Each has a 9900X, 196GB RAM, 2x 4TB NVMe and 10Gbps bandwidth. We greatly appreciate the support.

https://www.reliablesite.net/

matchboxbananasynergyApr 18
GrapheneOSApr 18
One of our two senior developers has been forcibly detained and conscripted to participate in a war. When they first went missing, we revoked their repository access as a precaution. We soon learned their disappearance was completely unrelated to GrapheneOS. Our priority has been keeping them safe.
matchboxbananasynergyApr 11
GrapheneOSApr 11

Secure PDF Viewer app version 28 released:

https://github.com/GrapheneOS/PdfViewer/releases/tag/28

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/21638-secure-pdf-viewer-app-version-28-released

#GrapheneOS #privacy #security #pdf #android

Release 28 · GrapheneOS/PdfViewer

Notable changes in version 28: add back JPEG 2000 image support unintentionally removed in PDF Viewer version 27 due to pdf.js splitting it out add JavaScript fallback for JPEG 2000 image support ...

GitHub