Forgot your password?
typodupeerror
Privacy The Internet Software

Epic: A Privacy-Focused Web Browser 223

Posted by Soulskill
from the i-know-what-you-googled-last-summer dept.
Rob @CmdrTaco Malda writes "I've been advising Epic Browser, a startup building a privacy-focused, Chrome-based browser that starts where incognito mode ends. Epic employs a host of tactics designed to make what happens inside your browser stay there, to the tune of a thousand blocks in a typical hour of browsing. They also provide a built-in proxy service. If the corporations and governments are going to watch us, there's no reason to make it any easier for them. Epic has Mac and Windows builds for now. Their site goes into far greater detail about how they block tracking methods most browsers don't."
This discussion has been archived. No new comments can be posted.

Epic: A Privacy-Focused Web Browser

Comments Filter:
  • by i kan reed (749298) on Friday September 06, 2013 @10:45AM (#44774651) Homepage Journal

    But 1000 blocks an hour is way short of what Ad-block plus gets with the standard list.

    • But 1000 blocks an hour is way short of what Ad-block plus gets with the standard list.

      Ok, now it makes sense. I'd originally read that as 1000 BUCKS an hour in the summary and was trying to figure out what the hell they meant!

  • Chrome? (Score:4, Insightful)

    by J'raxis (248192) on Friday September 06, 2013 @10:46AM (#44774653) Homepage

    You're basing this on a browser made by one of the companies known to have been cooperating with the NSA every step of the way, including the latest revelations [theguardian.com] about said companies inserting backdoors into their products?

    Sounds like a good idea to me.

    • Re:Chrome? (Score:5, Informative)

      by Anonymous Coward on Friday September 06, 2013 @10:49AM (#44774709)

      Based off Chromium, not Chrome. The first is open source.

      • Which, in my experience, means it's the same thing but less polished and stable.

        My first experience with Chromium was running it on a fresh install of Ubuntu, and getting the window *STUCK* on my mouse pointer when I tried to drag it around. No matter what keys or clicks, it wouldn't stop following the mouse. Even after restarting X, it wouldn't go away.

        Ended up having to reboot, then when it happened a second time, uninstall Chromium.

    • Re:Chrome? (Score:4, Interesting)

      by poetmatt (793785) on Friday September 06, 2013 @12:35PM (#44776017) Journal

      There's no browser company that doesn't have backdoors, including Mozilla. Whether willingly or not, well - only IE does it willingly.

      What do you think encryption research from FIPS 140 is for? Gov't has been given the keys to OS-level encryption for over 8 years, now.

  • I can decript my data, use browsers to erase cookies, but without spoofing IP addresses, the websites know where I am accessing from and when I access the site. If I would then use a major email (instead of my own email server), then the NSA has their hands on my emails and any cloud stuff I save. Everything in the internet needs to be reworked for privacy, not just the browser...

    Of course the The United Surveilla^H^H^H^H^H^H^H^H States Government is not going to let that happen.
    • by h4rr4r (612664)

      That is what proxies are for, and things like tor.

      Literally spoofing an IP will not work since it if does not match your network segment your provider is not going to route that traffic.

      • by hairyfeet (841228) <bassbeast1968&gmail,com> on Friday September 06, 2013 @12:51PM (#44776233) Journal

        Uhhhh...its already been reported that NSA is running several Tor exit nodes to collect the data, you DO know this, right? There has also been people who had their doors kicked down and all their computers hauled off because they ran a Tor exit node and somebody supposedly used it to look at child porn so even running your own exit node carries significant risks.

        I think everybody is just gonna have to accept the party is over and has been for awhile, and that any and every thing you do on the net needs to be treated like you were standing on a street corner holding up a sign as THAT is how little privacy you have now. And if the report is true that the NSA has the keys to HTTPS then running a proxy really isn't gonna do shit, they can set there with taps on the backbone and read it all in near real time and if they are doing a MITM on the backbone then that proxy isn't gonna do shit as those packets still have to get to your PC and they can just follow it back to the source.

        • by number11 (129686)

          Uhhhh...its already been reported that NSA is running several Tor exit nodes to collect the data, you DO know this, right?

          You don't have to be an exit node to run Tor. You don't even have to run as a relay, though if you can, that helps everybody's speed.

          • by hairyfeet (841228)

            Wow, thanks, I so rarely get to say this...WHOOSH! Kinda missed the point friend which was Tor is pointless if the NSA runs the exit nodes that you happen to go through because you just handed them the data, understand?

            To say Tor is the answer when its been reported several major exit nodes are NSA is like saying "I'm against MITM attacks!" so you just send your data to the NSA directly. You haven't changed anything, all you have done is make it easier for the one that is spying on you, that's all.

    • At this point, using a VPN is kind of a must if we want to have even a bit of privacy. I've been doing my homework starting with things like TorrentFreak's Guide To VPN Services That Take Anonymity Seriously, 2013 Edition [torrentfreak.com] and the informational comments left on that article, and hopefully this month I'll finally have figured out which to go with.

  • I have said for years that Private Browsing in Firefox is what Incognito Mode wants to be when it grows up. Looks like that is about to happen.

  • by some old guy (674482) on Friday September 06, 2013 @10:48AM (#44774699)

    Things like this only serve to foster and spread an illusion of security and privacy. It may make life a little harder for the commercial maggots, but the government worms? You're as good as owned already.

    If it has not already been compromised, by technology or force of law, it soon will be. Bet on it.

    • After reading your comment, I got the distinct feeling that everything was hopeless and we should all give up. You're not some old guy are you?
  • by spivster (1136769) on Friday September 06, 2013 @10:49AM (#44774717) Homepage
    The summary is incorrect. This browser is based on the open source Chromium, not Chrome, a subtle but important difference since Chrome has Google's extra tracking goodness. However, I have to wonder why they didn't start with Firefox, which is truly open source and not connected at all with Google, which has pretty much become the poster child of privacy invasion these days.
    • I haven't looked at it in some years, but I suspect that, being a younger project, Chromium's codebase is a lot cleaner and easier to work with than Firefox's.

      NB: It's in the nature of code to build up cruft. This isn't intended as an endorsement or insult to either group's coding or design styles and abilities.

    • by brunes69 (86786) <slashdot&keirstead,org> on Friday September 06, 2013 @11:07AM (#44774941) Homepage

      Google is very upfront about what is collected and what they do with it and who they do and do not share what data with. As someone who actually follows this stuff closely and READS agreements and doesn't just rely on Slashdot hype, I am 100% comfortable with everything Google does and what they do with the data, and also with how hard they fight back against governments who want that data. Google doesn't sell your data to ANY third parties, they use it INTERNALLY for their own stuff. As such it is actually VERY private. The data you share with Google is a lot more private than the data you share with your telco or cable company or bank in this respect.

      Compare this to Facebook or LinkedIn or even Twitter, who are NOT upfront about what is collected and shared, and who not only share data with governments, but ALSO 3rd party companies at will as part of their business models. As well as your bank, your telco, etc again - all of whom routinely sell client lists including names, addresses, and phone numbers.

      Who is the poster child again?

      • by UdoKeir (239957)

        Google is very upfront about what is collected and what they do with it

        Except when that collection and disclosure is requested via a national security letter.

        • by gottabeme (590848)

          That's true, but the only solution to those is to not use the Internet at all. Since you're on Slashdot, and not even AC, I'm guessing that's not an option you're considering.

          I don't think Google's as not-evil as it used to be, but I'm guessing that they are less evil and more privacy-advocating and -protecting than most corporations, such as...every major ISP.

          As much as I'm against mass surveillance, the bottom line hasn't changed in many years: if you need serious privacy, either use strong encryption or

        • by mattack2 (1165421)

          Aren't they legally prohibited from doing so? If I'm correct, then are you suggesting they should blatantly break the law, and thus presumably be fined?

      • Then he said, google's customers don't care about privacy and would gladly sell google the rope used to hang them.

        http://quotes.liberty-tree.ca/quote/vladimir_lenin_quote_068c [liberty-tree.ca]

      • by hairyfeet (841228)

        And if you believe that? I have a bridge you might be interested in. Its already been reported that the NSA has had access to the Google and Yahoo DBs [bloomberg.com] and a security letter trumps any and all subscriber agreements so if you are betting on that to keep your data out of big bro's hands? you are wasting your time dude.

        The moral of the story is thus: If a company is in the USA or UK? Give it up, the data is now in the hands of the NSA, it does not matter what the company says, if they are on US soil its NSA's

      • Compare this to Facebook or LinkedIn or even Twitter, who are NOT upfront about what is collected and shared, and who not only share data with governments, but ALSO 3rd party companies at will as part of their business models. As well as your bank, your telco, etc again - all of whom routinely sell client lists including names, addresses, and phone numbers.

        Who is the poster child again?

        Oh I get it. The problem is everyone EXCEPT Google. Thanks for clearing that up.

        • by PRMan (959735)
          Google is fighting it better than most and is even trying to make the point (without the NSA's help, because it will expose what other companies are doing (AT&T)), that they only comply with very limited warrants the numbers of which are quite reasonable for actual crime.
      • by thoromyr (673646)

        Wait, you claim to have actually read Google's revised AUP? And your fine with the "we protect the correlated data so that only those we knowingly give it to (contractors, customers and the government) can have it"? It isn't stated *quite* that succinctly, but it wasn't far removed from it either. I haven't read it since the change and at the time they were revising it without notice (next day to get a quote for someone and the wording had been altered) but I seriously doubt that the gist of it is any diffe

    • by GrBear (63712)

      Perhaps they wanted to build off a browser that doesn't crash all the time and has feature creep/bloat.

    • by phoebe (196531)
      Firefox isn't truly open source either, you are probably after IceWeasel if you want the Mozilla route.
  • Proxy ? (Score:3, Interesting)

    by Jimpqfly (790794) on Friday September 06, 2013 @10:51AM (#44774741) Homepage Journal
    Proxy is a nice option, except when you don't know where the Proxy is... Easy to implement a Proxy and have a look at users communications...
    • Re: (Score:3, Informative)

      by emilv (847905)

      Indeed. And accessing using HTTPS isn't even guaranteeing anything in this browser since the proxy service and the browser is provided by the same party, so they can trivially add their own CA and sign certificates for whatever sites they want.

  • by SuperCharlie (1068072) on Friday September 06, 2013 @10:51AM (#44774755)
    I'd try it..Linux pls..
  • by StripedCow (776465) on Friday September 06, 2013 @10:52AM (#44774775)

    that computing in the 21st century would become so exciting?

  • Why another? (Score:5, Interesting)

    by mwissel (869864) on Friday September 06, 2013 @10:53AM (#44774793) Homepage

    Sounds a lot like SRWare Iron* to me - that's a long existing Chromium-based fork altered for enhanced privacy.

    At a first glance, I cannot make out any advantages of Epic over Iron. Aside from the removal of all user tracking which Chrome brings, they only provide a 1-click-proxy functionality. Which, if I used it, would leave me and my privacy at the mercy of an India based startup. Instead, I'd also rather suggest JAP** which is also long and well established.

    So what am I missing that makes Epic Browser worth a Slashdot post?

    [1] https://www.srware.net/en/software_srware_iron.php [srware.net]
    [2] http://anon.inf.tu-dresden.de/ [tu-dresden.de]

    • So what am I missing that makes Epic Browser worth a Slashdot post?

      The founder of Slashdot sent it in.

    • So what am I missing that makes Epic Browser worth a Slashdot post?

      EPIC is well-known in the electronic privacy realm and their actions are frequently a Slashdot topic.

      Wait, this is the Electronic Privacy and Information Chromium, right? Because market-confusion among names would be pretty confusing.

  • by kullnd (760403) on Friday September 06, 2013 @10:56AM (#44774829)
    From their page::

    Epic like most browsers earns a commission on searches we drive. So the more you use Epic’s default search engine, the more you support Epic and our continued privacy efforts : - ) And best of all your searches always remain exceptionally private since they’re routed via a secure, encrypted connection over a proxy – so private by design when you use EpicSearch.me that we literally can’t know what you’re searching for nor anyone else. Ads and search results never include any personalized results or tracking of any sort and are only based on your search term and general geographical location.

    So ... They get paid for searches they drive but those searches don't have any ads or tracking? Again, where does the money come from?
    • by Anonymous Coward on Friday September 06, 2013 @11:01AM (#44774869)

      Ads and search results never include any personalized results or tracking

      So, ads yes, tracking no. Or in other words, what search engine ads were like before Google. Something relevant to exactly what you typed in, nothing more.

      Or at least that's the claim.

    • They get paid for searches they drive but those searches don't have any ads or tracking?

      Read the text you quoted. There are ads. These ads do not include tracking, they're based only on your search terms and general location.

  • by jopet (538074) on Friday September 06, 2013 @11:02AM (#44774897) Journal

    Closed source? Seems legit.

  • by TheSkepticalOptimist (898384) on Friday September 06, 2013 @11:05AM (#44774927)

    While blocking cookies or ads are fine, once the data is sent out into the ether its going to be picked up an decrypted, no browser is going to stop that.

    If you want privacy on the web, stop using the web.

  • a software product company founded by Alok Bhardwaj and based in Washington DC

    In the "About Us" section of the web site. US-based, so it won't protect your privacy against the spooks (Patriot Act *wink* *wink*). Neverthless, it's nice to see more software made with privacy in mind.

  • by geminidomino (614729) on Friday September 06, 2013 @11:08AM (#44774943) Journal

    No source code, no verifiable improvement over SRWare Iron, and the company gets paid from...

    Epic like most browsers earns a commission on searches we drive. So the more you use Epicâ(TM)s default search engine, the more you support Epic and our continued privacy efforts : - ) And best of all your searches always remain exceptionally private since theyâ(TM)re routed via a secure, encrypted connection over a proxy â" so private by design when you use EpicSearch.me that we literally canâ(TM)t know what youâ(TM)re searching for nor anyone else. Ads and search results never include any personalized results or tracking of any sort and are only based on your search term and general geographical location.

    by tying in to the industry that is even more hostile to the concept of user privacy than the USGov...

    Thanks, but I'll pass.

  • What will keep a NSL from telling them to give the NSA the key's to their proxy?

  • Feedback (Score:5, Interesting)

    by danheskett (178529) <{danheskett} {at} {gmail.com}> on Friday September 06, 2013 @11:11AM (#44774987)

    #1 - The installation process is as crappy as Google's. Namely, download a stub, then download the whole thing. It looks like you are using Rackspace's CDN, which is powered by Akiami, which is not very privacy friendly. Improvement is to allow users to download the entire installation package as a non-executable, extract, and then install or run from the extracted directory.

    #2 - The proxy is not transparent. Hard to find out where it even goes. Have to dig in the FAQ.

    #3 - Must have source and repeatable build process. Trust doesn't work, it is the enemy of security. Transparency works, it is the friend of security.

    #4 - Some of the configuration options look like you just searched/replaced Google/Chrome for Epic. What does sign into Epic mean? Where are you signing into? At least with Chrome we know what we are signing into.

    • by melikamp (631205)
      #5 Claims of either privacy or security on either Windows or OS X are bogus. Both operating systems are irreparably compromised by the respective manufacturers, affiliates, and the law enforcement, and so all claims about an app being able to deliver privacy are lies.
    • Bingo! You nailed it!

      There are some other good comments but I like yours.

      Turns out "Sign into Epic" ... means NOTHING!!

      Because wanna see what happens when you actually click it? (I sacrificed my click for the good of Slashdot!)

      Wait for it ...

      "Sign in to Epic with your Google Account to save your personalized browser features to the web and access them from Epic on any computer. You'll also be automatically signed in to your favorite Google services."
      AND
      "Sign in to ******Chrome******
      Sign in to get your bookm

  • A privacy-focused browser is fine as far as it goes, but the problem is more with the network transporting data insecurely, and on the server side, where you put your trust into faceless entities that have their own interests at heart, not yours. So I don't see this helping much, if at all.
  • Epic fail (Score:4, Funny)

    by Taantric (2587965) on Friday September 06, 2013 @11:37AM (#44775261)

    It is being made by an American company. Rest of the world does not and should not trust you anymore.

    NSA: Hey Epic Exec, insert this complied module into your app
    Epic Exec: Go fuck yourself NSA. We are all about protecting users here
    NSA: I see. I also see that you visited a gay bar in SF last week and Boston the week before. Are you going to tell your wife and children or should we?
    Epic Exec: Oh I see you are talking about National Security. Why didn't you say that before? Here at Epic we are loyal Murcans and we will be happy to help anyway we can.
    NSA: That's a good bitch. Next time roll over and show your belly faster or else.....

  • by stewsters (1406737) on Friday September 06, 2013 @11:43AM (#44775351)
    Post the source.
  • Chromium is at least open source.

    Can I opt out of slashvertisements?

  • Can any Chromium-based browsers do real ad blocking? That's the main thing keeping me on Firefox these days. Adblock Plus on Firefox can keep embedded ad images and crap from even loading at all, but the last time I checked, Chrome could only hide them from view (you're still wasting your bandwidth and risking your privacy downloading the ad garbage from their domain). Has that changed?

  • How does that help to have no address bar? Just make sure the web server cannot read it. People need to have a way to be sure they actually got to the site they intended to go to.

  • This is *not* EPIC (Score:4, Insightful)

    by Khopesh (112447) on Friday September 06, 2013 @04:29PM (#44778837) Homepage Journal

    https://epic.org/ [epic.org] is EPIC, the Electronic Privacy Information Center, a stalwart defender of online privacy. EPIC does not appear to have any connection to this browser. This so-called "epic browser" doesn't look like much more than Iron [wikipedia.org], which was merely a ploy [wikipedia.org] to make money off of ads on the download page. I'm not saying Epic Browser is that same ploy, but the browser doesn't really do anything that Chromium doesn't already do in Incognito mode (most of those 11 potential privacy leaks that epic blocks [epicbrowser.com] are Google features not available in Chromium or else can be disabled trivially).

    This introduces a potential lag time in security updates (and updates to trackers pulled in from e.g. adblock or noscript) and rides on EPIC's good name. Shame on the developers for naming it so similarly.

  • 1. They will be sued until they are broke.
    2. The search engines will be told to blacklist their site.
  • ... at least their top 11 are just annying chrome functions disabled. So use firefox (disable some annoying functions as well) and be happy.

I bet the human brain is a kludge. -- Marvin Minsky

Working...