final [GrapheneOS] 📱👁️‍🗨️ wrote

rich1.0final [GrapheneOS] 📱👁️‍🗨️ wrotefinal [GrapheneOS] 📱👁️‍🗨️ (npub1c9…7sqfm)https://yabu.me/npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfmnjumphttps://yabu.meFor the people wishing to see on Nostr the features #GrapheneOS Vanadium browser has: - Type-based Control Flow Integrity enabled - Hardware memory tagging (MTE) enabled for the main allocator - Strict site isolation and sandboxed iframes - JavaScript JIT disabled by default with per-site override option - Native Android autofill implementation to avoid needing sandboxed Google Play for autofill support - WebGPU disabled for attack surface reduction - WebRTC IP handling policy toggle to control peer-to-peer WebRTC mode - Compiler hardening: automatic variable initialization, strong stack protector, well defined signed overflow - High performance content filtering engine using EasyList + EasyPrivacy with a per-site override option - More complete state partitioning without origin trial opt-out - High entropy client hints replaced with the frozen user agent values to avoid leaking device/OS info - Battery API always shows the battery as charging and at 100% capacity - Trivial subdomain hiding disabled - Consistent browser behavior across users without usage of feature flags and seed-based trials - Nearly all remote services disabled by default or removed. Only connects to GrapheneOS servers by default. There are only 2 default services: component updates such as certificate authority and certificate revocation updates and DNS-over-HTTPS connectivity checks when enabled - Web search and global search intents to replace the need for an OS search app - Option to always open links from other apps, custom tabs and search intents in Incognito mode Better default settings, including non-user-facing flags: - Reduce Accept-Language header by default (only available via chrome://flags) - Third party cookies disabled by default - Payment support disabled by default - Website background sync disabled by default - Sensors access disabled by default - Protected media (DRM) disabled by default - Hyperlink auditing disabled by default - Do Not Track enabled by default mainly to avoid users differentiating themselves from others by enabling it since it has no real value - WebRTC IP handling policy set to the most private value by default instead of the least private value (turned into a user-facing option by Vanadium) nostr:nevent1qqstu7eafcpguaqfplrvh88vu5ked4ke6kcxh7svrllastrdh9vgnnspz3mhxue69uhkummnw3ezummcw3ezuer9wcpzps26tfjesmn6ksf5mm36hpf9fkjut49sfeutfutvs2phrykn25v9qvzqqqqqqyyjcwrn