{"type":"rich","version":"1.0","title":"final [GrapheneOS] 📱👁️‍🗨️ wrote","author_name":"final [GrapheneOS] 📱👁️‍🗨️ (npub1c9…7sqfm)","author_url":"https://yabu.me/npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfm","provider_name":"njump","provider_url":"https://yabu.me","html":"For the people wishing to see on Nostr the features #GrapheneOS Vanadium browser has:\n\n- Type-based Control Flow Integrity enabled\n\n- Hardware memory tagging (MTE) enabled for the main allocator\n\n- Strict site isolation and sandboxed iframes\n\n- JavaScript JIT disabled by default with per-site override option\n\n- Native Android autofill implementation to avoid needing sandboxed Google Play for autofill support\n\n- WebGPU disabled for attack surface reduction\n\n- WebRTC IP handling policy toggle to control peer-to-peer WebRTC mode\n\n- Compiler hardening: automatic variable initialization, strong stack protector, well defined signed overflow\n\n- High performance content filtering engine using EasyList + EasyPrivacy with a per-site override option\n\n- More complete state partitioning without origin trial opt-out\n\n- High entropy client hints replaced with the frozen user agent values to avoid leaking device/OS info\n\n- Battery API always shows the battery as charging and at 100% capacity\n\n- Trivial subdomain hiding disabled\n\n- Consistent browser behavior across users without usage of feature flags and seed-based trials\n- Nearly all remote services disabled by default or removed. Only connects to GrapheneOS servers by default. There are only 2 default services: component updates such as certificate authority and certificate revocation updates and DNS-over-HTTPS connectivity checks when enabled\n\n- Web search and global search intents to replace the need for an OS search app\n\n- Option to always open links from other apps, custom tabs and search intents in Incognito mode\n\nBetter default settings, including non-user-facing flags:\n\n- Reduce Accept-Language header by default (only available via chrome://flags)\n\n- Third party cookies disabled by default\n\n- Payment support disabled by default\n\n- Website background sync disabled by default\n\n- Sensors access disabled by default\n\n- Protected media (DRM) disabled by default\n\n- Hyperlink auditing disabled by default\n\n- Do Not Track enabled by default mainly to avoid users differentiating themselves from others by enabling it since it has no real value\n\n- WebRTC IP handling policy set to the most private value by default instead of the least private value (turned into a user-facing option by Vanadium)\n\nnostr:nevent1qqstu7eafcpguaqfplrvh88vu5ked4ke6kcxh7svrllastrdh9vgnnspz3mhxue69uhkummnw3ezummcw3ezuer9wcpzps26tfjesmn6ksf5mm36hpf9fkjut49sfeutfutvs2phrykn25v9qvzqqqqqqyyjcwrn"}