SecureVault Browser is a hardened Chromium-based browser designed for maximum privacy and security. This guide details all privacy and security features.
- Removed: All Google telemetry and crash reporting
- Result: Zero data sent to Google or any third party
- Implementation: Compiled without metrics collection code
- Status: Enabled by default
- Benefit: Encrypted DNS queries prevent ISP snooping
- Providers: Uses privacy-focused DNS providers
- Configuration: Can be customized in settings
- Status: Enabled by default
- Protection: Prevents real IP address leaks
- Mode:
default_public_interface_only - Benefit: Protects VPN/proxy users
- Status: Enabled by default
- Impact: Blocks cross-site tracking cookies
- Exception: User can allow per-site
- Benefit: Reduces tracking by advertisers
- Removed Services:
- Google Sync
- Google Translate
- Google Safe Browsing phone-home
- Cloud Print
- Hangouts
- Google Now
- Benefit: Complete independence from Google ecosystem
- Canvas Fingerprinting: Randomized
- Font Fingerprinting: Limited fonts exposed
- WebGL Fingerprinting: Restricted data
- Benefit: Makes tracking via fingerprinting difficult
- Default: Strict referrer policy
- Benefit: Doesn't leak browsing history to third parties
- Mode:
no-referrer-when-downgrade
- Philosophy: User-controlled updates
- Benefit: No silent background connections
- Note: User responsible for staying updated
- Status: Enabled for all sites
- Mode: Strict site isolation
- Benefit: Prevents Spectre-style attacks
- Performance: Slight memory increase, major security gain
- Level: Maximum sandbox restrictions
- Benefit: Contains renderer process exploits
- Platform: OS-level sandboxing used
- Status: Automatic HTTPS upgrades
- Behavior: Attempts HTTPS before HTTP
- Warning: Shows warning for HTTP-only sites
- Benefit: Protects against MITM attacks
- Default: Stricter CSP headers
- Inline Scripts: Restricted
- Eval: Disabled by default
- Benefit: Prevents XSS attacks
- Features:
- Bounds checking
- Stack canaries
- ASLR enabled
- DEP enabled
- Benefit: Reduces exploit success rate
- Policy: Extensions must be manually approved
- Source: Only install from trusted sources
- Benefit: Prevents malicious extension installation
- Encryption: OS-level credential storage
- Linux: libsecret/gnome-keyring
- Benefit: Encrypted password storage
- Default: DuckDuckGo
- Reason: Privacy-focused search
- Customizable: Yes, user can change
- Content: Blank page
- No: Suggested articles, ads, or tracking
- Benefit: No data leakage on new tab
- Default: Disabled
- Permission: Requires explicit user grant
- Benefit: No location tracking
- Default: Blocked for all sites
- Permission: Requires explicit user grant
- Benefit: Reduces fingerprinting and annoyance
- Default: Blocked
- Permission: Explicit grant per session
- Indicator: Always shows when in use
chrome://settings/content/javascript
Disables all JavaScript for maximum privacy.
chrome://settings/content/images
Faster browsing and reduced tracking.
Configure to automatically clear:
- Browsing history
- Cookies
- Cache
- Download history
Enhanced private mode with:
- No disk cache
- No history
- No cookies persistence
- WebRTC disabled
SecureVault runs with these privacy flags by default:
--disable-background-networking
--disable-breakpad
--disable-crash-reporter
--disable-sync
--disable-translate
--disable-domain-reliability
--disable-component-update
--disable-client-side-phishing-detection
--disable-default-apps
--no-first-run
--no-default-browser-check
--no-service-autorun
--no-pings
--dns-over-https-mode=secure
--enable-features=WebRTCHideLocalIpsWithMdns
--force-webrtc-ip-handling-policy=default_public_interface_onlyThe following Chromium features are completely removed:
- Google API Keys: No Google API access
- RLZ Tracking: Google promotional tracking removed
- Google Cloud Messaging: Push notification service removed
- Chrome Web Store: Extensions must be manually installed
- Chrome Sync: No account sync
- Safe Browsing Phone-Home: Uses local lists only
- Usage Statistics: No UMA/metrics collection
- Crash Reporting: No crash dumps sent
- Usage statistics
- Crash reports
- Search suggestions (unless explicitly enabled)
- Page prefetching
- DNS prefetching (optional)
- Omnibox predictions
- Safe Browsing data (except local checks)
All network connections can be monitored in:
chrome://net-internals
- Use VPN or Tor
- Clear cookies on exit
- Use private browsing mode
- Install privacy-focused extensions (uBlock Origin, Privacy Badger)
- Disable JavaScript for untrusted sites
- Keep browser updated
- Use strong, unique passwords
- Enable site isolation (default)
- Don't install untrusted extensions
- Verify HTTPS on sensitive sites
- Mass surveillance and tracking
- ISP monitoring (with DoH/VPN)
- Advertiser tracking
- Browser fingerprinting
- WebRTC leaks
- Cross-site tracking
- Nation-state level targeting (use Tor)
- Physical access to computer
- Keyloggers or malware
- Social engineering
- Website-level tracking (login-based)
- Check DNS: https://dnsleaktest.com
- Check IP: https://ipleak.net
- Check WebRTC: https://browserleaks.com/webrtc
- Check Fingerprint: https://amiunique.org
- ✅ No Google tracking
- ✅ No telemetry
- ✅ Privacy by default
- ✅ No Google services
- ✅ Simpler, less bloat
- ✅ No crypto features
- ✅ No BAT tokens
⚠️ Brave has built-in ad blocker (SecureVault requires extension)
⚠️ Chromium engine (better compatibility)- ✅ Simpler privacy settings
⚠️ Firefox has more customization
⚠️ Not for anonymity (use Tor for that)- ✅ Faster performance
- ✅ Better compatibility
- ✅ Daily driver suitable
All privacy features can be verified by inspecting the source code and build configuration. See README.md for build instructions.
For privacy concerns or questions, review:
- This documentation
- Source code in
patches/ - Build configuration in
branding/
Check for updates manually:
cd ~/securevault-browser
git pull
./build.shSecureVault Browser is open source under the same BSD-style license as Chromium.