Forgot your password?
typodupeerror
Privacy The Internet Software

Epic: A Privacy-Focused Web Browser 223

Posted by Soulskill
from the i-know-what-you-googled-last-summer dept.
Rob @CmdrTaco Malda writes "I've been advising Epic Browser, a startup building a privacy-focused, Chrome-based browser that starts where incognito mode ends. Epic employs a host of tactics designed to make what happens inside your browser stay there, to the tune of a thousand blocks in a typical hour of browsing. They also provide a built-in proxy service. If the corporations and governments are going to watch us, there's no reason to make it any easier for them. Epic has Mac and Windows builds for now. Their site goes into far greater detail about how they block tracking methods most browsers don't."
This discussion has been archived. No new comments can be posted.

Epic: A Privacy-Focused Web Browser

Comments Filter:
  • by i kan reed (749298) on Friday September 06, 2013 @10:45AM (#44774651) Homepage Journal

    But 1000 blocks an hour is way short of what Ad-block plus gets with the standard list.

  • by spivster (1136769) on Friday September 06, 2013 @10:49AM (#44774717) Homepage
    The summary is incorrect. This browser is based on the open source Chromium, not Chrome, a subtle but important difference since Chrome has Google's extra tracking goodness. However, I have to wonder why they didn't start with Firefox, which is truly open source and not connected at all with Google, which has pretty much become the poster child of privacy invasion these days.
  • Proxy ? (Score:3, Interesting)

    by Jimpqfly (790794) on Friday September 06, 2013 @10:51AM (#44774741) Homepage Journal
    Proxy is a nice option, except when you don't know where the Proxy is... Easy to implement a Proxy and have a look at users communications...
  • Re: Interesting (Score:5, Interesting)

    by Anonymous Coward on Friday September 06, 2013 @10:51AM (#44774743)

    Wouldn't using some special snowflake browser like this make you especially vulnerable to fingerprinting?

  • Why another? (Score:5, Interesting)

    by mwissel (869864) on Friday September 06, 2013 @10:53AM (#44774793) Homepage

    Sounds a lot like SRWare Iron* to me - that's a long existing Chromium-based fork altered for enhanced privacy.

    At a first glance, I cannot make out any advantages of Epic over Iron. Aside from the removal of all user tracking which Chrome brings, they only provide a 1-click-proxy functionality. Which, if I used it, would leave me and my privacy at the mercy of an India based startup. Instead, I'd also rather suggest JAP** which is also long and well established.

    So what am I missing that makes Epic Browser worth a Slashdot post?

    [1] https://www.srware.net/en/software_srware_iron.php [srware.net]
    [2] http://anon.inf.tu-dresden.de/ [tu-dresden.de]

  • by kullnd (760403) on Friday September 06, 2013 @10:56AM (#44774829)
    From their page::

    Epic like most browsers earns a commission on searches we drive. So the more you use Epic’s default search engine, the more you support Epic and our continued privacy efforts : - ) And best of all your searches always remain exceptionally private since they’re routed via a secure, encrypted connection over a proxy – so private by design when you use EpicSearch.me that we literally can’t know what you’re searching for nor anyone else. Ads and search results never include any personalized results or tracking of any sort and are only based on your search term and general geographical location.

    So ... They get paid for searches they drive but those searches don't have any ads or tracking? Again, where does the money come from?
  • Feedback (Score:5, Interesting)

    by danheskett (178529) <danheskett AT gmail DOT com> on Friday September 06, 2013 @11:11AM (#44774987)

    #1 - The installation process is as crappy as Google's. Namely, download a stub, then download the whole thing. It looks like you are using Rackspace's CDN, which is powered by Akiami, which is not very privacy friendly. Improvement is to allow users to download the entire installation package as a non-executable, extract, and then install or run from the extracted directory.

    #2 - The proxy is not transparent. Hard to find out where it even goes. Have to dig in the FAQ.

    #3 - Must have source and repeatable build process. Trust doesn't work, it is the enemy of security. Transparency works, it is the friend of security.

    #4 - Some of the configuration options look like you just searched/replaced Google/Chrome for Epic. What does sign into Epic mean? Where are you signing into? At least with Chrome we know what we are signing into.

  • Re:Interesting (Score:5, Interesting)

    by Samantha Wright (1324923) on Friday September 06, 2013 @11:50AM (#44775439) Homepage Journal
    Can either of them defeat Panopticlick [eff.org]? I don't see anything on Epic's site about hiding font lists. (And on that point, Epic is a bad name choice [makingithappen.co.uk] since it's vaguely synonymous with the death of objectivity in news reporting.)
  • Re:Interesting (Score:4, Interesting)

    by hairyfeet (841228) <bassbeast1968@NOspaM.gmail.com> on Friday September 06, 2013 @12:19PM (#44775809) Journal

    Same here and haven't had a problem with it and unlike this browser its used by millions (coming with Comodo Internet Security with VM mode for secure banking) so you are not gonna stick out like a sore thumb.

    The problem with going TOO niche is it would make you stick out all the more, if everyone wears a blue shirt and your shirt is a slightly different hue of blue? probably not gonna be noticed and won't trip any flags, if your shirt is neon orange? You might as well be holding a giant neon sign that says "Look at me, I'm up to something!". Its no different than how guys carrying pot really shouldn't be driving flashy red sports cars but driving some boring blue 4 door instead, you want to go off the radar without attracting attention for doing so.

    So while I'll keep an eye on this for the time being I'll stick with Comodo Dragon, it too has increased security and unlike this it is offered with most of Comodo's security products (and since nobody ever unchecks the defaults millions have it) and since it uses the same secure DNS that Comodo uses on their enterprise products you can just blend into the crowd. I wouldn't be surprised if some 3 letter agency has gotten a memo about this thing this very day, /. isn't exactly under the radar ya know.

  • Re:Chrome? (Score:4, Interesting)

    by poetmatt (793785) on Friday September 06, 2013 @12:35PM (#44776017) Journal

    There's no browser company that doesn't have backdoors, including Mozilla. Whether willingly or not, well - only IE does it willingly.

    What do you think encryption research from FIPS 140 is for? Gov't has been given the keys to OS-level encryption for over 8 years, now.

  • Re:Chrome? (Score:4, Interesting)

    by hairyfeet (841228) <bassbeast1968@NOspaM.gmail.com> on Friday September 06, 2013 @12:44PM (#44776147) Journal

    Noooo but it DOES mean that a certain lie about FOSS must be faced the "many eyes" myth which is just that. Show of hands, how many here have actually done an extensive code audit of the latest Chromium source code? Firefox? Libre Office? What are your qualifications? Because the obfuscated C code contest shows you had better be DAMNED SKILLED to spot a malicious code insert, so how many years of security training do you have?

    The myth, which common sense can disprove, is that because something CAN be done it HAS been done. Well there COULD be werewolves but I don't think I really need to keep a pocket full of silver bullets, do you? Projects like Chromium and Firefox can easily get into tens and even hundreds of thousands of lines of code and that code is constantly changing. Since you have ZERO way of knowing if the changes are malicious you would need to audit not ONLY the code itself but also all changes AND compare what those changes did to not only the area the change occurred but to the entire program, because after all we have seen nasties in the wild that were harmless by themselves but when combined with code from another pwned program allowed an attacker entrance to the system.

    So now I hope that everyone can see why merely HAVING source code means nothing, because for it to mean anything you HAVE to have 1.- Security experts going over each and EVERY release with a fine tooth comb, 2.- Certifying that they have done so and its clean and 3.- be sure that said experts haven't been bought. The "many eyes" myth simply makes assumptions that are easily disproved and might have worked when the entire Linux source code could be handed over on a couple of floppies, when the kernel alone is over a million lines of code? Sorry but it just doesn't hold water folks.

  • by hairyfeet (841228) <bassbeast1968@NOspaM.gmail.com> on Friday September 06, 2013 @12:51PM (#44776233) Journal

    Uhhhh...its already been reported that NSA is running several Tor exit nodes to collect the data, you DO know this, right? There has also been people who had their doors kicked down and all their computers hauled off because they ran a Tor exit node and somebody supposedly used it to look at child porn so even running your own exit node carries significant risks.

    I think everybody is just gonna have to accept the party is over and has been for awhile, and that any and every thing you do on the net needs to be treated like you were standing on a street corner holding up a sign as THAT is how little privacy you have now. And if the report is true that the NSA has the keys to HTTPS then running a proxy really isn't gonna do shit, they can set there with taps on the backbone and read it all in near real time and if they are doing a MITM on the backbone then that proxy isn't gonna do shit as those packets still have to get to your PC and they can just follow it back to the source.

Forty two.

Working...