Over in the discussion forum of GrapheneOS, there was an interesting topic, or so I thought, titled: “Brave vs Vanadium“. In it, someone asked about how the Brave browser did seemingly offer better protection against tracking and fingerprinting vs. the hardened Vanadium browser of GrapheneOS, tho this one might be more secure. Some others mentioned tests I hadn’t seen before, so my interest was piqued, I got curious myself, and wanted to see results. So here we go.
First, the Brave browser on my Arch Linux, with a test from fingerprint.com:
Aha. As expected, I saw my IP (that comes from the router, not my machine), the slightly false geolocation (our IPs always resolve way too far East for some reason), and a unique visitor ID. So there’s no “hiding”, trackers and advertisers always know exactly where you are as long as you don’t use VPNs or the onion routing network.
Second test, same browser, with EFF:
And yes, this is where Brave shines in my opinion. Randomized fingerprint plus ads and trackers blocked, that’s what I expected to see.
Third test, also found recently, the real blocking of ads:
Ouch. 72% or 108 of 150 tests blocked, here I expected something better…
Ok, someone in that discussion thread mentioned Edge, so same tests with that one:
Ouch again, this one’s definitely out. A unique fingerprint and no ad and tracker blocking whatsoever, this is one of the worst I’ve seen.
Onto my main operating system and browser of choice, Firefox (with uBlock Origin) on Debian:
Wow, far better than I had expected! A unique fingerprint according to EFF, okay, but that’s probably due to some extensions like WindowSizer and so on… but that it was 10% better than Brave in the real world ad & tracker tests, I must say that I’m impressed!
Ok, now it gets interesting – we’re on a phone operating system’s discussion forum, so let’s take phones into the equation, shan’t we? I have a Google Pixel 6a with stock Android from Google on which I normally use Firefox (also with uBlock Origin), so let’s see:
Cool… we’re down to “nearly unique”, and to 87% blocking of real ads & trackers… the best so far, isn’t it?
Wait, what about Vanadium? That I have on a Pixel 3a with GrapheneOS, so let’s see:
Also strong protection with a nearly unique fingerprint, but these 90% blockings of ads and trackers, that’s what I wanted to see, wow…
Subjectively, I see less ads in other browsers, so I guess I still have to continue reading and understanding it all – but kudos to the team over at GrapheneOS, you did a marvelous job!
As always, thanks for reading.
Update, from August 3rd, in the evening back at home:
Some people in the mentioned discussion forum over at GrapheneOS asked if I had an ad-blocking DNS provider configured in the Vanadium browser on that Pixel 3a phone, and another one asked to please also repeat a test using the Brave browser on a phone instead of a Linux machine.
Point 1: doh… (me silly, mea culpa, and so on) – of course I had set up a more or less secure environment with Graphene on that older Pixel phone, and that included setting up a secure DNS which also uses ad-blocking. So I had to repeat that test, could do it only today as I haven’t been home for a few days. So here you go, with:
Vanadium on GrapheneOS on a Pixel 3a, *without* an ad-blocking DNS configured:
Ouch! 4% block rate only, that wasn’t good… interestingly, with the same secure DNS configured again, at the first try it was raised to about 29 or 30% only, but that could have been session-related I guess; a later test with the browser newly opened went back to the 90% which I had before.
Point 2: the test with Brave on a phone. Did that while I was away, so here you go:
The fingerprint test, as you can see that was from a different location and IP address…
EFF’s Coveryourtracks test again, as good as before, and
The real world blocking test, exactly the same as on the desktop with Arch.
Now the *real* question was/is still unanswered, namely how both would compare under the same conditions, and from mobile phones. So to be fair to the Brave browser, I set up the same ad-blocking secure DNS provider in its settings, et voilà:
95%, and only 7 of the 150 tested “attacks” left unblocked, that’s the top position of my tests so far.
So how to answer that initial question about which one to choose? Hard to say, maybe I will install and leave both on that Pixel 3a with GrapheneOS, for me Vanadium will most likely always stay the default browser on Graphene (and its web view part anyway), but I will further test Brave when in doubt, or when I see something unusual and/or new.
I’m sorry that my first test attempt was a bit misleading, and I hope this additional one could clear up things a bit? In any case, and as usual, thanks very much for reading.