Slashdot Mirror
Epic: A Privacy-Focused Web Browser
Rob @CmdrTaco Malda writes
"I've been advising Epic Browser, a startup building a privacy-focused, Chrome-based browser that starts where incognito mode ends. Epic employs a host of tactics designed to make what happens inside your browser stay there, to the tune of a thousand blocks in a typical hour of browsing. They also provide a built-in proxy service. If the corporations and governments are going to watch us, there's no reason to make it any easier for them. Epic has Mac and Windows builds for now. Their site goes into far greater detail about how they block tracking methods most browsers don't."
But 1000 blocks an hour is way short of what Ad-block plus gets with the standard list.
You're basing this on a browser made by one of the companies known to have been cooperating with the NSA every step of the way, including the latest revelations about said companies inserting backdoors into their products?
Sounds like a good idea to me.
Liberty in your lifetime
Things like this only serve to foster and spread an illusion of security and privacy. It may make life a little harder for the commercial maggots, but the government worms? You're as good as owned already.
If it has not already been compromised, by technology or force of law, it soon will be. Bet on it.
Scruting the inscrutable for over 50 years.
The summary is incorrect. This browser is based on the open source Chromium, not Chrome, a subtle but important difference since Chrome has Google's extra tracking goodness. However, I have to wonder why they didn't start with Firefox, which is truly open source and not connected at all with Google, which has pretty much become the poster child of privacy invasion these days.
Proxy is a nice option, except when you don't know where the Proxy is... Easy to implement a Proxy and have a look at users communications...
Wouldn't using some special snowflake browser like this make you especially vulnerable to fingerprinting?
I'd try it..Linux pls..
that computing in the 21st century would become so exciting?
If Pandora's box is destined to be opened, *I* want to be the one to open it.
Sounds a lot like SRWare Iron* to me - that's a long existing Chromium-based fork altered for enhanced privacy.
At a first glance, I cannot make out any advantages of Epic over Iron. Aside from the removal of all user tracking which Chrome brings, they only provide a 1-click-proxy functionality. Which, if I used it, would leave me and my privacy at the mercy of an India based startup. Instead, I'd also rather suggest JAP** which is also long and well established.
So what am I missing that makes Epic Browser worth a Slashdot post?
[1] https://www.srware.net/en/software_srware_iron.php
[2] http://anon.inf.tu-dresden.de/
From their page::
... They get paid for searches they drive but those searches don't have any ads or tracking? Again, where does the money come from?
Epic like most browsers earns a commission on searches we drive. So the more you use Epic’s default search engine, the more you support Epic and our continued privacy efforts : - ) And best of all your searches always remain exceptionally private since they’re routed via a secure, encrypted connection over a proxy – so private by design when you use EpicSearch.me that we literally can’t know what you’re searching for nor anyone else. Ads and search results never include any personalized results or tracking of any sort and are only based on your search term and general geographical location.
So
+++ATH0 NO CARRIER
Closed source? Seems legit.
While blocking cookies or ads are fine, once the data is sent out into the ether its going to be picked up an decrypted, no browser is going to stop that.
If you want privacy on the web, stop using the web.
I haven't thought of anything clever to put here, but then again most of you haven't either.
Google is very upfront about what is collected and what they do with it and who they do and do not share what data with. As someone who actually follows this stuff closely and READS agreements and doesn't just rely on Slashdot hype, I am 100% comfortable with everything Google does and what they do with the data, and also with how hard they fight back against governments who want that data. Google doesn't sell your data to ANY third parties, they use it INTERNALLY for their own stuff. As such it is actually VERY private. The data you share with Google is a lot more private than the data you share with your telco or cable company or bank in this respect.
Compare this to Facebook or LinkedIn or even Twitter, who are NOT upfront about what is collected and shared, and who not only share data with governments, but ALSO 3rd party companies at will as part of their business models. As well as your bank, your telco, etc again - all of whom routinely sell client lists including names, addresses, and phone numbers.
Who is the poster child again?
No source code, no verifiable improvement over SRWare Iron, and the company gets paid from...
Epic like most browsers earns a commission on searches we drive. So the more you use Epicâ(TM)s default search engine, the more you support Epic and our continued privacy efforts : - ) And best of all your searches always remain exceptionally private since theyâ(TM)re routed via a secure, encrypted connection over a proxy â" so private by design when you use EpicSearch.me that we literally canâ(TM)t know what youâ(TM)re searching for nor anyone else. Ads and search results never include any personalized results or tracking of any sort and are only based on your search term and general geographical location.
by tying in to the industry that is even more hostile to the concept of user privacy than the USGov...
Thanks, but I'll pass.
Comment removed based on user account deletion
Chromium obviously is open source already, but they do plan to opensource their additions too.
So this could actually be the good stuff.
It is being made by an American company. Rest of the world does not and should not trust you anymore.
NSA: Hey Epic Exec, insert this complied module into your app
Epic Exec: Go fuck yourself NSA. We are all about protecting users here
NSA: I see. I also see that you visited a gay bar in SF last week and Boston the week before. Are you going to tell your wife and children or should we?
Epic Exec: Oh I see you are talking about National Security. Why didn't you say that before? Here at Epic we are loyal Murcans and we will be happy to help anyway we can.
NSA: That's a good bitch. Next time roll over and show your belly faster or else.....
I see nowhere on their site where the source code is available. That's just a scummy move.
Post the source.
Can either of them defeat Panopticlick? I don't see anything on Epic's site about hiding font lists. (And on that point, Epic is a bad name choice since it's vaguely synonymous with the death of objectivity in news reporting.)
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Same here and haven't had a problem with it and unlike this browser its used by millions (coming with Comodo Internet Security with VM mode for secure banking) so you are not gonna stick out like a sore thumb.
The problem with going TOO niche is it would make you stick out all the more, if everyone wears a blue shirt and your shirt is a slightly different hue of blue? probably not gonna be noticed and won't trip any flags, if your shirt is neon orange? You might as well be holding a giant neon sign that says "Look at me, I'm up to something!". Its no different than how guys carrying pot really shouldn't be driving flashy red sports cars but driving some boring blue 4 door instead, you want to go off the radar without attracting attention for doing so.
So while I'll keep an eye on this for the time being I'll stick with Comodo Dragon, it too has increased security and unlike this it is offered with most of Comodo's security products (and since nobody ever unchecks the defaults millions have it) and since it uses the same secure DNS that Comodo uses on their enterprise products you can just blend into the crowd. I wouldn't be surprised if some 3 letter agency has gotten a memo about this thing this very day, /. isn't exactly under the radar ya know.
ACs don't waste your time replying, your posts are never seen by me.
It lost me at "Chrome-based"...
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
Uhhhh...buying adblock would be as pointless as trying to "buy" Linux, there is already a dozen variations thanks to the source being out there. While I'm not a big fan of FOSS (since i think a lot of their so called "advantages" are built upon false premises) this is one thing they do have an advantage in, in that there really isn't any way to control any one project by buying it. If you are unsure of adblock there is adblock plus, one I think called "super adblock" or something like that, or if you want to go to the trouble you can do like old APK and mess with HOSTS or just run your own recursive DNS like I do, not hard to get blacklists of advertising servers these days.
As far as trusting Firefox? So don't, again not like you don't have options. There is Comodo Icedragon, Seamonkey, IceWeasel and Kmeleon, and those are just sticking with the gecko engine, if you were to add the Chromium engine you would have another half a dozen easy to choose from and then of course there are those that use their own engine like QTWeb (uses QT framework with Webkit from KHTML) or OffByOne. again no need to stick with something you aren't sure of, plenty of choices out there. Frankly if the NSA wants to follow you though they have access to the backbone, all the obfuscation in the world isn't gonna protect you from a MITM attack.
ACs don't waste your time replying, your posts are never seen by me.
If slashdice cared about, well, anything, they would also run a {slashdot}.onion site as well.
Do you even lift?
These aren't the 'roids you're looking for.
One wonders what is the excuse this time that the patches have not been submitted upstream to Chromium?
Uhhhh...its already been reported that NSA is running several Tor exit nodes to collect the data, you DO know this, right? There has also been people who had their doors kicked down and all their computers hauled off because they ran a Tor exit node and somebody supposedly used it to look at child porn so even running your own exit node carries significant risks.
I think everybody is just gonna have to accept the party is over and has been for awhile, and that any and every thing you do on the net needs to be treated like you were standing on a street corner holding up a sign as THAT is how little privacy you have now. And if the report is true that the NSA has the keys to HTTPS then running a proxy really isn't gonna do shit, they can set there with taps on the backbone and read it all in near real time and if they are doing a MITM on the backbone then that proxy isn't gonna do shit as those packets still have to get to your PC and they can just follow it back to the source.
ACs don't waste your time replying, your posts are never seen by me.
It's actually Chromium based, not Chrome
Chromium is open source:
http://www.chromium.org/
I don't read your sig. Why are you reading mine?
I was kinda curious what he meant, myself, so I checked out this old-ish paper.
http://crypto.stanford.edu/~dabo/pubs/papers/privatebrowsing.pdf
I don't know if things have changed much, but their fairly thorough review seems to indicate firefox and chrome are pretty similar.
Looking at their table, one possible area of concern they listed (that Chrome might no longer have a problem with) is zoom level.
That could give information to a site that it is the same person, if they cared, although, that seems to be a pretty minor leak, given all the other information you could be revealing even if you hid your IP (a la panopticlick).
Looks like Chrome retains it from the non-private session, Firefox does not. The download list thing doesn't seem like a big deal. Depends on what you're using it for I guess.
Some leaks they fixed...
http://code.google.com/p/chromium/issues/detail?id=3493
http://code.google.com/p/chromium/issues/detail?id=21341
Open issues:
http://code.google.com/p/chromium/issues/detail?id=867
http://code.google.com/p/chromium/issues/detail?id=34593 (I'm not a fan of this one either, but multiple private windows in Firefox do the same thing)
Back in 2010 Flash added support for private browsing in their plugin (that is, wrt local storage) in Firefox. I have no idea if/when that got added to Chrome.
I saw one complaint that disabled plugins (like Flash) in Chrome were reactivated in Incognito, but I don't know enough about the browser to check that.
Anyway, they seem pretty similar to me.
-- perl -e'print pack"H*","6e656d6f406d38792e6f7267"'
Uhhh...Comodo is an Indian company that does enterprise security products, don't know where you got your info from. they have a branch in the USA but more large corps do, that don't make 'em a US company.
I've personally been using them a couple of years now and have yet to see their browsers send a single bit of data I didn't specifically authorize and I do check my logs. If you opt in for their secure DNS then your DNS will naturally go through their servers (the same ones that they use for corporate deployments so its not like your data will be segregated, it'll be in the same pool as thousands of corps) and as far as their certs go? They had a break in, reported it to the public within a day and had the keys revoked upon finding out about the breach. personally I'd rather have a corp that admits when there is a breach, informs me, and then does everything they can to close the breach immediately than to have one that covers it up, but maybe that is just me. Again not like you don't have options and you can always build from source if none of them suit you.
ACs don't waste your time replying, your posts are never seen by me.
https://epic.org/ is EPIC, the Electronic Privacy Information Center, a stalwart defender of online privacy. EPIC does not appear to have any connection to this browser. This so-called "epic browser" doesn't look like much more than Iron, which was merely a ploy to make money off of ads on the download page. I'm not saying Epic Browser is that same ploy, but the browser doesn't really do anything that Chromium doesn't already do in Incognito mode (most of those 11 potential privacy leaks that epic blocks are Google features not available in Chromium or else can be disabled trivially).
This introduces a potential lag time in security updates (and updates to trackers pulled in from e.g. adblock or noscript) and rides on EPIC's good name. Shame on the developers for naming it so similarly.
Use my userscript to add story images to Slashdot. There's no going back.
Check out SecretAgent (for Firefox). It automatically rotates the user agent string the browser reports through a list of about 50 possibilities. Happens every time you restart the browser. Your browser may be unique today, it may be unique tomorrow, but it won't be identified as the same unique browser both times..
Epic is open source code. Sorry, we're a very small team and Chromium is a HUGE code base and we've made tons of code changes all over the place. We've been working very hard to get to this release, and haven't had a chance to release our code in an organized way. Anyone who wants to know any changes or see any code is more than welcome to e-mail me anytime -- alok@hiddenreflex dot com . Sorry for the delay again,
We've been Epic for awhile now (had a previous incarnation:-). It's difficult to hide font lists from Flash, and disabling flash effectively "breaks the internet". We block many fingerprinting scripts though -- and are working on methods that would make your browser un-fingerprintable but it's very difficult (that's why no one has done it!). With your support, I'm sure we can do it but it's not going to happen overnight (or again someone would have done it already!).
rotating on each request is a bad idea. Your ip remains valid for 12-24 hours, so the website can assume that two requests from the same ip are the same user. When the fingerprint is rotating, they have a good criteria: You're the only one with the paranoia plugin.
Better rotate it on browser start. New session, new identity.