Slashdot Mirror
Epic: A Privacy-Focused Web Browser
Rob @CmdrTaco Malda writes
"I've been advising Epic Browser, a startup building a privacy-focused, Chrome-based browser that starts where incognito mode ends. Epic employs a host of tactics designed to make what happens inside your browser stay there, to the tune of a thousand blocks in a typical hour of browsing. They also provide a built-in proxy service. If the corporations and governments are going to watch us, there's no reason to make it any easier for them. Epic has Mac and Windows builds for now. Their site goes into far greater detail about how they block tracking methods most browsers don't."
But 1000 blocks an hour is way short of what Ad-block plus gets with the standard list.
You're basing this on a browser made by one of the companies known to have been cooperating with the NSA every step of the way, including the latest revelations about said companies inserting backdoors into their products?
Sounds like a good idea to me.
Liberty in your lifetime
The summary is incorrect. This browser is based on the open source Chromium, not Chrome, a subtle but important difference since Chrome has Google's extra tracking goodness. However, I have to wonder why they didn't start with Firefox, which is truly open source and not connected at all with Google, which has pretty much become the poster child of privacy invasion these days.
Proxy is a nice option, except when you don't know where the Proxy is... Easy to implement a Proxy and have a look at users communications...
Wouldn't using some special snowflake browser like this make you especially vulnerable to fingerprinting?
that computing in the 21st century would become so exciting?
If Pandora's box is destined to be opened, *I* want to be the one to open it.
Sounds a lot like SRWare Iron* to me - that's a long existing Chromium-based fork altered for enhanced privacy.
At a first glance, I cannot make out any advantages of Epic over Iron. Aside from the removal of all user tracking which Chrome brings, they only provide a 1-click-proxy functionality. Which, if I used it, would leave me and my privacy at the mercy of an India based startup. Instead, I'd also rather suggest JAP** which is also long and well established.
So what am I missing that makes Epic Browser worth a Slashdot post?
[1] https://www.srware.net/en/software_srware_iron.php
[2] http://anon.inf.tu-dresden.de/
From their page::
... They get paid for searches they drive but those searches don't have any ads or tracking? Again, where does the money come from?
Epic like most browsers earns a commission on searches we drive. So the more you use Epic’s default search engine, the more you support Epic and our continued privacy efforts : - ) And best of all your searches always remain exceptionally private since they’re routed via a secure, encrypted connection over a proxy – so private by design when you use EpicSearch.me that we literally can’t know what you’re searching for nor anyone else. Ads and search results never include any personalized results or tracking of any sort and are only based on your search term and general geographical location.
So
+++ATH0 NO CARRIER
Google is very upfront about what is collected and what they do with it and who they do and do not share what data with. As someone who actually follows this stuff closely and READS agreements and doesn't just rely on Slashdot hype, I am 100% comfortable with everything Google does and what they do with the data, and also with how hard they fight back against governments who want that data. Google doesn't sell your data to ANY third parties, they use it INTERNALLY for their own stuff. As such it is actually VERY private. The data you share with Google is a lot more private than the data you share with your telco or cable company or bank in this respect.
Compare this to Facebook or LinkedIn or even Twitter, who are NOT upfront about what is collected and shared, and who not only share data with governments, but ALSO 3rd party companies at will as part of their business models. As well as your bank, your telco, etc again - all of whom routinely sell client lists including names, addresses, and phone numbers.
Who is the poster child again?
Comment removed based on user account deletion
It is being made by an American company. Rest of the world does not and should not trust you anymore.
NSA: Hey Epic Exec, insert this complied module into your app
Epic Exec: Go fuck yourself NSA. We are all about protecting users here
NSA: I see. I also see that you visited a gay bar in SF last week and Boston the week before. Are you going to tell your wife and children or should we?
Epic Exec: Oh I see you are talking about National Security. Why didn't you say that before? Here at Epic we are loyal Murcans and we will be happy to help anyway we can.
NSA: That's a good bitch. Next time roll over and show your belly faster or else.....
I see nowhere on their site where the source code is available. That's just a scummy move.
Can either of them defeat Panopticlick? I don't see anything on Epic's site about hiding font lists. (And on that point, Epic is a bad name choice since it's vaguely synonymous with the death of objectivity in news reporting.)
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Same here and haven't had a problem with it and unlike this browser its used by millions (coming with Comodo Internet Security with VM mode for secure banking) so you are not gonna stick out like a sore thumb.
The problem with going TOO niche is it would make you stick out all the more, if everyone wears a blue shirt and your shirt is a slightly different hue of blue? probably not gonna be noticed and won't trip any flags, if your shirt is neon orange? You might as well be holding a giant neon sign that says "Look at me, I'm up to something!". Its no different than how guys carrying pot really shouldn't be driving flashy red sports cars but driving some boring blue 4 door instead, you want to go off the radar without attracting attention for doing so.
So while I'll keep an eye on this for the time being I'll stick with Comodo Dragon, it too has increased security and unlike this it is offered with most of Comodo's security products (and since nobody ever unchecks the defaults millions have it) and since it uses the same secure DNS that Comodo uses on their enterprise products you can just blend into the crowd. I wouldn't be surprised if some 3 letter agency has gotten a memo about this thing this very day, /. isn't exactly under the radar ya know.
ACs don't waste your time replying, your posts are never seen by me.
If slashdice cared about, well, anything, they would also run a {slashdot}.onion site as well.
Do you even lift?
These aren't the 'roids you're looking for.
Uhhhh...its already been reported that NSA is running several Tor exit nodes to collect the data, you DO know this, right? There has also been people who had their doors kicked down and all their computers hauled off because they ran a Tor exit node and somebody supposedly used it to look at child porn so even running your own exit node carries significant risks.
I think everybody is just gonna have to accept the party is over and has been for awhile, and that any and every thing you do on the net needs to be treated like you were standing on a street corner holding up a sign as THAT is how little privacy you have now. And if the report is true that the NSA has the keys to HTTPS then running a proxy really isn't gonna do shit, they can set there with taps on the backbone and read it all in near real time and if they are doing a MITM on the backbone then that proxy isn't gonna do shit as those packets still have to get to your PC and they can just follow it back to the source.
ACs don't waste your time replying, your posts are never seen by me.
I was kinda curious what he meant, myself, so I checked out this old-ish paper.
http://crypto.stanford.edu/~dabo/pubs/papers/privatebrowsing.pdf
I don't know if things have changed much, but their fairly thorough review seems to indicate firefox and chrome are pretty similar.
Looking at their table, one possible area of concern they listed (that Chrome might no longer have a problem with) is zoom level.
That could give information to a site that it is the same person, if they cared, although, that seems to be a pretty minor leak, given all the other information you could be revealing even if you hid your IP (a la panopticlick).
Looks like Chrome retains it from the non-private session, Firefox does not. The download list thing doesn't seem like a big deal. Depends on what you're using it for I guess.
Some leaks they fixed...
http://code.google.com/p/chromium/issues/detail?id=3493
http://code.google.com/p/chromium/issues/detail?id=21341
Open issues:
http://code.google.com/p/chromium/issues/detail?id=867
http://code.google.com/p/chromium/issues/detail?id=34593 (I'm not a fan of this one either, but multiple private windows in Firefox do the same thing)
Back in 2010 Flash added support for private browsing in their plugin (that is, wrt local storage) in Firefox. I have no idea if/when that got added to Chrome.
I saw one complaint that disabled plugins (like Flash) in Chrome were reactivated in Incognito, but I don't know enough about the browser to check that.
Anyway, they seem pretty similar to me.
-- perl -e'print pack"H*","6e656d6f406d38792e6f7267"'
Uhhh...Comodo is an Indian company that does enterprise security products, don't know where you got your info from. they have a branch in the USA but more large corps do, that don't make 'em a US company.
I've personally been using them a couple of years now and have yet to see their browsers send a single bit of data I didn't specifically authorize and I do check my logs. If you opt in for their secure DNS then your DNS will naturally go through their servers (the same ones that they use for corporate deployments so its not like your data will be segregated, it'll be in the same pool as thousands of corps) and as far as their certs go? They had a break in, reported it to the public within a day and had the keys revoked upon finding out about the breach. personally I'd rather have a corp that admits when there is a breach, informs me, and then does everything they can to close the breach immediately than to have one that covers it up, but maybe that is just me. Again not like you don't have options and you can always build from source if none of them suit you.
ACs don't waste your time replying, your posts are never seen by me.
https://epic.org/ is EPIC, the Electronic Privacy Information Center, a stalwart defender of online privacy. EPIC does not appear to have any connection to this browser. This so-called "epic browser" doesn't look like much more than Iron, which was merely a ploy to make money off of ads on the download page. I'm not saying Epic Browser is that same ploy, but the browser doesn't really do anything that Chromium doesn't already do in Incognito mode (most of those 11 potential privacy leaks that epic blocks are Google features not available in Chromium or else can be disabled trivially).
This introduces a potential lag time in security updates (and updates to trackers pulled in from e.g. adblock or noscript) and rides on EPIC's good name. Shame on the developers for naming it so similarly.
Use my userscript to add story images to Slashdot. There's no going back.