Choosing Your Mobile Browser

[sky768]

Created a list of mobile browser which are privacy respecting and quite secure. it includes Mulch, Vanadium, Brave and Tor/Mull with a note.

Guide to Divest Recommended Browser Settings is also linked if someone wants to harden Brave and Mull. A note is added for Gecko Browsers Firefox-based Android browsers lack per-site process isolation.

Also it includes answers to the following questions

• Why use Vanadium over Brave Browser?
• Why don’t we recommend DuckDuckGo (DDG) Browser?

Safari is pending. This guide is completed for Android Browsers. Although I have added a sentence at the start for using Safari with Apple Private Relay.

[netlify]

✅ Deploy Preview for privsec-dev ready!

Built without sensitive environment variables

Name	Link
🔨 Latest commit	75f0784
🔍 Latest deploy log	https://app.netlify.com/sites/privsec-dev/deploys/65a194fa79d0980008a13aed
😎 Deploy Preview	https://deploy-preview-203--privsec-dev.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[TommyTran732]

This post contains many inaccuracies that needs to be sorted out:

Has to be open-source

There is no reason to require the browser to be open source. It has nothing to do with privacy and security. By that logic, we wouldn't be recommending Microsoft Edge desktop, which we do in practice because of the Enhanced Security Mode.

By default prohibits third-party cookies and should lessen cross-site tracking

We only care about configurability of the browser, not what the default is.

Vanadium by GrapheneOS, a browser which is based on Chromium. Vanadium has been hardened by default, and it is also used to power Vanadium System Web View. If needed, it can be used as an independent browser applications.

No, it isn't available as of now. That's the whole reason why Mulch is recommended outside of GrapheneOS.

It is the most secure browser after Safari as it comes with JIT disabled and network state partitioning, control-flow integrity enabled by default.

No. Safari is not "the most secure browser".

It makes use of Hardened Malloc and MTE

No, these are OS features on GrapheneOS.

GrapheneOS Team has been reportedly working on a content blocking solution like Brave Browser Shields. We advise you to wait for their release in few months, if possible. DNS based content blocking is another solution for those who want to block ads and trackers while browsing on the Internet. For that, Rethink DNS + Firewall or NextDNS/AdGuard DNS can be a great pick.

We do not care about adblocking. It's only nice-to-have. There's no reason to wait.

The attack surface may expand with an ad blocker, depending on how it is implemented, and also blocking ads is not a security benefit. It’s just for ease of use and providing little privacy from ads and tracker. if you want strong Fingerprint Resistance (FPR) Protection, tor browser is your only choice. Brave Browser can only block simple script, it will fail to block advanced scripts. Vanadium is recommended over Brave Browser if you don’t want content blocking.

This entire section does not make sense. Vanadium is recommended over Brave because adblocking may increase attack surface. BTW, Vanadium will have adblocking soon?

Based on Firefox, Mull Browser prioritizes privacy. It uses Arkenfox’s user.js configurations to enable several capabilities that are via the Tor project. Installing uBlock Origin is advised, especially with Divest recommended blocklists and browser settings. Mull is hardened by default, like the disabled JIT state for security. Furthermore, with uBlock you can enable Medium Blocking mode and disable JavaScript for increased security.

We absolutely will not be recommending the Manifest V2 variant of uBlockOrigin under any circumstances. It has full access to all what you are doing. The post just wrote about attack surface by adblockers before - this is the attack surface.

For low-risk web browsers, missing this capability probably won’t be a problem if they keep their browser updated, but if you visit higher-risk websites or are vulnerable to targeted or zero-day attacks, you should seriously consider switching to a Chromium-based browser.

No, not how this works. It's more like, if you don't login and is only casually browsing, you may get away with Gecko. If you do anything serious like banking you should be using a Chromium based browser.

If you’re a iOS user, we recommend you to stick to your default (First Party) web browser, which is Safari.

The reasoning here is off. By the way, iOS doesn't work well with site-per-process isolation as of now at all.

Since Brave Browser is based on the Chromium web-browser project, it ought to feel comfortable and have few problems with websites not working.

What???

Though, [Brave] doesn’t come with JIT state disabled, you have to manually do it.

How can you disable it? I don't think you can.

[TommyTran732]

This post needs a complete rewrite to be merged as I explained above.

[sky768]

This post needs a complete rewrite to be merged as I explained above.

@TommyTran732 I have made all the changes you mentioned