12
Vanadium Improvements For WebRTC (grapheneos.social)
submitted 3 days ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments

WebRTC is a peer-to-peer communications protocol for web sites and therefore causes numerous privacy issues through making direct connections between participants. By default our Vanadium browser disables the peer-to-peer aspect by only using server-based (proxied) connections.

Vanadium provides a user-facing setting at Privacy and security > WebRTC IP handling policy.

From least to most strict:

DefaultDefault public and private interfacesDefault public interface onlyDisable non-proxied UDP

For Vanadium, "Disabled non-proxied UDP" is the default.

The tracking technique described at https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/ is prevented by Vanadium's default "Disabled non-proxied UDP" value. It's also prevented by "Default public interface only", which does permit peer-to-peer connections but won't try to use the loopback interface for it.

We have a list of most of the features provided by Vanadium at https://grapheneos.org/features#vanadium. There are dozens of additional privacy and security features planned along with data import/export and improved support for system backups. It takes time to implement these things properly.

Vanadium doesn't have billions or even millions of users which limits our ability to prevent fingerprinting. We plan to address this by launching it for use outside GrapheneOS including publishing it through the Play Store. We want to implement more of the planned features first.

For the non-WebRTC issue being abused by Yandex, Chromium 137 shipped a fix for it behind a feature flag that's being gradually rolled out. We can roll this out to 100% of Vanadium users through a Vanadium Config update. We can start Alpha testing for that new flag later today.

Vanadium Config version 95 enables protection for local networks and loopback. The user interface for making per-site exceptions isn't available for Android yet. The overall feature can be disabled via chrome://flags if for some reason someone needs that functionality right now.

no comments (yet)
sorted by: hot top new old
there doesn't seem to be anything here
this post was submitted on 10 Jun 2025
12 points (100.0% liked)

GrapheneOS [Unofficial]

2562 readers
82 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 4 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]