From de8c03b604a8a92010222eed78def47f3c024c41 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sun, 28 Apr 2024 09:49:10 -0400 Subject: [PATCH] add hybrid PQC to Vanadium features --- static/features.html | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/static/features.html b/static/features.html index a1b0c39e..d42289d2 100644 --- a/static/features.html +++ b/static/features.html @@ -880,19 +880,23 @@
  • Type-based Control Flow Integrity (CFI)
  • Hardware memory tagging (MTE) enabled for the main allocator
  • Strict site isolation and sandboxed iframes
  • -
  • JavaScript JIT disabled by default with per-site toggle via drop-down permission menu
  • +
  • JavaScript JIT disabled by default with per-site toggle via drop-down + permission menu
  • Native Android autofill implementation to avoid needing sandboxed Google Play for autofill support
  • WebGPU disabled for attack surface reduction
  • WebRTC IP handling policy toggle to control peer-to-peer WebRTC mode
  • -
  • Compiler hardening: automatic variable initialization, strong stack protector, well-defined signed overflow
  • +
  • Compiler hardening: automatic variable initialization, strong stack + protector, well-defined signed overflow
  • High performance content filtering engine using EasyList + EasyPrivacy with per-site toggle via drop-down permission menu
  • More complete state partitioning without origin trial opt-out
  • -
  • High entropy client hints are replaced with the frozen user agent values to avoid leaking device/OS info
  • +
  • High entropy client hints are replaced with the frozen user agent values + to avoid leaking device/OS info
  • Battery API always shows the battery as charging and at 100% capacity
  • Trivial subdomain hiding disabled
  • -
  • Consistent browser behavior across users without usage of feature flags and seed-based trials
  • +
  • Consistent browser behavior across users without usage of feature flags + and seed-based trials
  • Nearly all remote services disabled by default or removed. Only connects to GrapheneOS servers by default. There are only 2 default services: component updates such as certificate authority and certificate revocation @@ -903,6 +907,9 @@ and share intents in Incognito mode
  • Option to reduce or disable sending cross-origin referrer information sharing where a link was opened
  • +
  • Hybrid post-quantum cryptography enabled by default to match the + behavior of Chromium on desktop since the devices we support are more + than fast enough
  • Better default settings, including non-user-facing flags: