
Show HN: A remote browser product, open-sourced - slowenough
https://github.com/dosycorp/browsergap.ce
======
slowenough
This represents over 1 year of work.

Why am I open sourcing this?

I don't see any other RBI / CBII vendor open sourcing their platform and in
the security industry "closed source" can create issues.

But what about business defensibility?

I agree. Open sourcing removes the trade secret aspect that could make a
defensible business.

At the same time, a determined hacker would already have my source code. A
hacked "free wifi" connection here, a bit of social engineering there, and my
so-called "competitive advantage" could be easily removed. Access to GitHub,
Gitlab, other accounts would prove no obstacle for someone motivated, and open
sourcing is a way to remove the advantage any small group of parties has by
keeping it secret.

How do I self-host it?

There's instructions on the repository page.

~~~
FreeHugs
When you say over one year of work, do you mean one year of manpower (aka
~2000 hours) or that you started it about a year ago?

~~~
slowenough
Thanks for the thoughtful question.

For the CE release, I deleted the Git history (it became too difficult to deal
with branch rewrites trying to remove all the cruft and deployment secret keys
etc).

But the actual current working repo for the non-free version has ~ 2400
commits[0]. And the repo that I forked that from (~ 7 months ago), I'd closed
238 issues, and the repo I forked that project from I closed 200 issues. Those
previous repos are all my work built from the ground up within this last ~12
months as well. The current working repo has closed 124 issues.

My Gitlab contribs for the last year are at:
[https://gitlab.com/dosycorp](https://gitlab.com/dosycorp)

And it's actually a little bit over 1 year, and if I count the Gitlab contribs
show there, it's over 5500.

So, yeah it's been about 2000 hours I think. Working full time every week day
and most weekends, and often longer than regular hours (but also dividing the
work up in the day into sprints because that's how I manage myself to work
best).

It's definitely been a year.

[0]: [https://imgur.com/gallery/wpNhxS0](https://imgur.com/gallery/wpNhxS0)

~~~
FreeHugs
Awesome. Thanks for the detailed answer.

I dig your dedication! You well earned to be on the front page!

Who do you see as the main target audience? And do you have a business model
in mind?

~~~
slowenough
Thank you for this!

Main audience is people and organizations who are having problems with malware
and cyber attacks.

Business model I am still working on, but it's a mishmash of licensing (+
maintenance, for hybrid / on-prem) and pay per seat (for cloud-based). Could
be other ways to provide value.

What's your background? I'm open to new ideas.

~~~
mr__y
>people and organizations who are having problems with malware and cyber
attacks.

this sounds like (almost) everyone

------
dlandis
Could someone write a few sentences about what it is and how it works, and why
it is significant? I see neither this post, the GH repo, nor its website
really says much of anything on the subject. I only see info about why it’s
being open sourced and how to set it up. If someone were to go to all that
trouble, I am surprised they would stop short on just providing basic info.

~~~
slowenough
Sure, BrowserGap is a remote browser isolation product. RBI means accessing
the public internet through a browser that runs in the cloud, rather than
through a browser that runs on your device. This helps protect you from
attacks on the web.

~~~
slowenough
And, if you're interested, read on for more detail.

It works by providing a thin client over the web that you connect your regular
browser to. The thin client provides an interface to a remote browser that you
interact with the browser the public internet.

This is significant because the internet is a cesspool of attacks. Malware,
ransomware, virii, tracking, exploited PDFs, ways to deliver device zero days
over the web, browser zero days. All these things can lead to the security of
your device and network being compromised, causing significant inconvenience,
distress and loss for you.

BrowserGap and the RBI methodology acknowledges that not all threats can be
detected and neutralized (such as by virus scanners), in order to face that
reality, RBI adopts a "isolation" posture towards threats, effectively
isolating them in the remote machine and preventing them from reaching your
device.

With BrowserGap, in order to render the content of a web page, the only thing
we send to your device form the remote page is pixels. So no HTML, CSS,
JavaScript, etc from your browsing is ever executed on your device.

Cloud-based internet isolation is another name for this security practice and
it is an emerging industry. Symantec recently acquired a company in this
space, and Menlo Security was awarded[2] an agreement to build a CBII
prototype for DISA, after a June 2018 request for RBI solutions that could
eventually serve 60% of DoD's ~ 3 million users[0][1].

See more about RBI[1].

[0]:
[https://secureview.cloudbrowser.xyz/uploads/fileajqk.kkpgdih...](https://secureview.cloudbrowser.xyz/uploads/fileajqk.kkpgdih.pdf.html)

[1]:
[https://en.wikipedia.org/wiki/Browser_isolation](https://en.wikipedia.org/wiki/Browser_isolation)

[2]: [https://www.menlosecurity.com/press-releases-blog/disa-
cloud...](https://www.menlosecurity.com/press-releases-blog/disa-cloud-based-
internet-isolation-cbii-awarded-to-the-by-light-professional-it-services-llc-
and-menlo-security-team)

~~~
oefrha
Genuinely curious: who’s your customer base?

I mean, in theory the web is a cesspool of malware, but with reasonably good
content blocking (I’m not even in the completely-disable-JS crowd) and
conscious avoidance of shady sites, I managed to pretty easily stay clear of
all attacks so far, at least over the past decade.

Those way more paranoid than me still have the option of using local
VMs/containers without too much compromise. Then the attacker really needs an
exceptional exploit chain to escape all the way; it’s hard to imagine any
group blowing such a valuable chain on a drive-by.

So, why would anyone sacrifice the ability to interact with text, resolution,
color accuracy, frame rate, etc. to reduce the minuscule chance of drive-by
attacks (assuming otherwise reasonable opsec)? Extremely high value targets?

But then, why would extremely high value targets trust a MITM? (Self-hosting
apparently changes that to some extent.) Also, even if you run your browser in
the cloud, that browser could still be hacked and leak sensitive information
or actively modify traffic, no? So this isn’t even bulletproof for high value
targets.

~~~
o-__-o
I'll tell you the value of this software. I can build software for non prod
environments and allow my developers/testers access. for instance, with
wordpress, domains are hardcoded into the database leaving you with risky sed
commands against mysqldumps. With this I can launch wordpress into its own
environment where www.foobar.com resolves but I can run all dev code there.

I currently use a proxy and have instructions on how to use FoxyProxy to
access each env's environment. This will provide for a much nicer UX where you
simply click a link and you're brought to a virtual tab in that env. I'm sure
some things will break, so the proxy is a backup, but for 90% of our work I
think this is amazing!

Solves any app problem where you have the same hostname per environment

~~~
oefrha
Have you tried using this? When I said

> sacrifice the ability to interact with text, resolution, color accuracy,
> frame rate, etc.

it’s very much an understatement... Pretty sure your devs/testers won’t
appreciate the experience. Frontend devs in particular can’t possibly work
with this.

I fail to see why it’s hard for you to spin up (possibly gated) dev/staging
instances; certainly much easier and much less resource intensive than
something like this.

Anyway, your use case only makes sense when the code can be self-hosted, but
apparently this product / product category has customers before the source is
opened up, and that’s what I’m curious about.

~~~
slowenough
> genifnly curious: who's your customer base?

Customer base is people and organizations who are having problems with malware
and cyber attacks.

> Have you tried using this? When I said > sacrifice the ability to interact
> with text, resolution, color accuracy, frame rate, etc.

> it’s very much an understatement... Pretty sure your devs/testers won’t
> appreciate the experience. Frontend devs in particular can’t possibly work
> with this.

I totally agree the image quality can be much improved. So I'm really sorry
you had this experience today trying it out!

Would you be unwilling to mail me cris@dosycorp.com and I can contact you if
and when I have image improvements to share?

Initially, I used JPEG for all clients, then for clients with browsers that
support WebP (chrome) I switch on WebP since the quality increase is _a LOT_
(but WebP in FF looks pixelated, so I hope I can find a way around that), even
tho the bandwidth is the same.

For Safari and iOS the quality is on JPEG. It sounds like it has sacrificed
the ability ot interact with text, resolution, color accuracy and frame rate,
etc. I'm really sorry about this.

Some people seem okay to roll RBI out in a test deployment, without the code
being open-sourced. I can't speak directly for them, but I assume that
Symantec (who bought FireGlass Browser), Menlo, WEBGAP, Light Point, Ericom,
Authentic8, Citrix all have some customers even tho they are not OSS. I think
that, often, as long as the contract provides the ability to examine the code
if required (due diligence) even without publishing it openly, sales happen.

It sounds like you're unfamiliar with RBI, is that right? This is still an
emerging industry so it makes sense to me that even if you are in security you
are unfamiliar with RBI.

~~~
oefrha
Appreciate the detailed response. Over the past few years I've seen a couple
of similar remote browser services and was curious who actually need it, glad
you shared firsthand knowledge.

Now I can see that while this would probably be an overkill security-conscious
individuals, it might make sense for organizations because there are always
employees who can be easily tricked into clicking anything. I do wonder
whether it's more effective and productive to instead enforce host-based
blocking + browser-level content blocking + lightweight virtualization (like
Windows Sandbox? Not sure how well it works since I'm a Mac user for the most
part), but I'm in no position to evaluate for organizations.

Having checked Symantec's website, they seem to advocate falling back to a
remote browser when the site is potentially risky, which sounds reasonable.

> then for clients with browsers that support WebP (chrome) I switch on WebP
> since the quality increase is a LOT

Yeah, I first tried the service on my iPad Pro, image quality was terrible. I
have since tried it again in desktop Chrome and it's definitely passable.
That's unfortunate.

Anyway, I'm probably not in the target market, but best of luck to your
business.

~~~
slowenough
Thanks a lot for that response!

Interesting hearing you know about RBI. Did you evaluate any of the other
services? What did you feel about them?

I definitely think the approach you say (host level blocking, content blocking
and some lightweight virtualization, like Edge/Windows Sandbox, or a local VM)
is a valid one that reduces risks.

I think it comes down to considering, when attacks inevitably occur, where do
you want to be doing the cleanup? Zapping a few containers, or instances in
the cloud and starting them frehh, or decontaminating the local machines and
network?

That's the biggest convenience for me so far.

------
Legogris
Great work, and so great of you to open-source this - I really hope you keep
it that way!

Would be really cool to set this up and set the server up to do some proxy-
hopping to make IP tracking more difficult as well, regardless of client
device and when roaming.. While I'd be more leaning towards self-hosting, if
you set this up as a subscription service, your users will also benefit from
sharing the same pool of IPs (though I imagine you'd also face issues with
getting flagged/blacklisted/CAPTCHAd a lot through abusers and bots, that will
be significant work to polise if you go that route).

~~~
slowenough
Thank you for this!

------
throwaway58235
Darn... I'm working on almost exactly the same project. The big challenge is
getting access to server hardware that is actually meant for webbrowsing. Not
only are AWS et al expensive, they primarily offer "webservers" which are
optimized for very light not very CPU intensive workloads and needless to say
they also don't offer hardware accelerated video decoding.

~~~
slowenough
Hey! Sorry for taking so long to get back to you. I saw your comment and
wanted to respond, and I have been very busy today because of this post.

Thanks for sharing your feeling about this.

It looks like you're working on almost exactly the same project, and that the
big challenge is getting access to server hardware for webbrowsing, because
not only are AWS etc expensive, they primarily offer "webservers" optimized
for very light not very CPU intensive workloads, and needless to say they also
don't offer hardware accelerated video decoding.

Wow! Sounds like you're doing something interesting. Are you uninterested in
collaboration? I was thinking of ways to make the video better, but right now
I'm basically just using DIY "MJPEG" over websocket.

As for the server hardware, I was decided to join the Stripe Atlas program at
the start of 2017, and from that I was able to get 5K in AWS credits, and then
more Google Cloud credits, and I also applied to IBM and Digital Ocean on my
own and got credits from them as well.

So, so far I have been able to develop and then demo this (like today) without
significant monetary cost.

I also have some tips for you, because resource usage was one of my concerns,
but TBH I find Chrome headless actually always uses less CPU than I imagine.
It's all about the page that it is rendering. The page determines everything,
but Chrome itself is very light. So when I've budgeted for like 1 CPU per
user, it's actually possible to get much more than that. And memory is the big
thing that Chrome does lightly, it uses barely any RAM even with 100s of users
on a machine. I was surprised by that. 100 users running Chrome and only ~ 20
Gb of RAM used.

Also, regarding video, because I'm avoiding expensive video encoding (just
sending screenshots) I avoid the CPU load of doing that. I've experimented
with doing more processing of the frames, but it just throws the load way off.

I chose to keep it simple and I'm pleased with that. At the same time, I want
to explore ways to improve image quality.

~~~
gfodor
I did an experiment a while ago with streaming chrome to twitch from a gpu-
enabled ec2 node and it worked quite well. Was able to stream a webgl
experience at 60hz.

~~~
slowenough
That's good to know, thank you. What made you do that? Would it be too
annoying to share some more about it?

~~~
gfodor
We have a webgl app (hubs.mozilla.com) we wanted to determine the viability of
doing cloud streaming of remotely.

here's some personal notes from this. i didn't work on containerization, just
raw VM setup. had to get x11 up and running and then set ffmpeg up for
hardware streaming.

[https://gist.github.com/gfodor/3c88700ee81a10e01c783019b8a64...](https://gist.github.com/gfodor/3c88700ee81a10e01c783019b8a6420a)

~~~
slowenough
Hey, thanks a lot for that!

------
pcr910303
Hmm, I'm not sure if people in the western world can use it but in South Korea
(with a 1Gbps network) this is basically unusable.

It has too much latency, text doesn't get entered, scrolling doesn't work,
etc... Is the experience from US similar? Or is this just b.c. of server
latency?

~~~
slowenough
I'm really sorry you're having this trouble!

If you want, I can test it. I'll open up an "East Asia" instance and we can
see how if it's any better.

~~~
pcr910303
I would like to test it! It would be great to have an East Asia instance for
this.

~~~
slowenough
Cool! I'm just setting it up now. Please hold on a little bit.

Edit: Okay an instance in East Asia is up and running!

[https://hk.cloudbrowser.xyz](https://hk.cloudbrowser.xyz)

~~~
pcr910303
Okay, much better now. I’m writing this comment in the Cloud Browser on my
iPhone! :-)

It’s now ‘usable’, but definitely not a good environment. Scrolling is
unbearable, and once you start scrolling it doesn’t stop, so it’s a pain to
navigate.

~~~
slowenough
Hahah! That's awesome to hear you're writing it in the Cloud Browser on your
iPhone!

But I'm really sorry about the scrolling. Sounds like it's unbearable. I need
to fix that!

I added a "fast mode" for scrolling where if you scroll more than 40% of the
screen in one go, it accelerates the amount, so you could try scrolling
smaller, but I don't feel that's a satisfying solution for you. Scrolling is
really important to get right, I'm very sorry about that!

If you want, email me at cris@dosycorp.com and I will work on it and let you
know.

Edit: I've had other reports about Safari / iOS being really unusable today. I
just tried turning up the image quality for iOS / Safari it should make things
better.

------
slowenough
I just want to let everyone know there's also a version for Asia-pacific (in a
HK Google datacenter) that will probably be faster if you're not in a US
timezone.

[https://hk.cloudbrowser.xyz](https://hk.cloudbrowser.xyz)

------
wdrw
A while ago I wrote something very similar -
[https://fasterbadger.com](https://fasterbadger.com) \- see discussion at
[https://news.ycombinator.com/item?id=9679464](https://news.ycombinator.com/item?id=9679464)
\- based on PhantomJS - didn't put nearly as much work into it though, it's
still very much in prototype stage - the goal was different though, not so
much for privacy but for browsing JS- and CSS-heavy sites (e.g. most news
sites) on legacy devices/phones, especially where bandwidth is at a premium.

~~~
slowenough
That's very cool!

Thank you so much for sharing this.

I'm looking at your app and I _love_ the long scroll feature. How did you do
that? It's so cool how you can scroll down the page natively, and the image
updates, that's really incredible.

And I'm reading the initial discussion, and it's ... in 2015! Wow, how did you
do this back then! I think thing's are so much easier now with all the
features in the protocol.

I am really interested in how you did this and I love the site. It's very cool
and I prefer it to my own work in many ways. Would you be a terrible idea for
you to contribute to BrowserGap?

About half way through development, I was travelling and buying 4G data sims
and I also thought I needed to use it for that (easily use 50Mb just on a news
site).

So I made a HTML only version (no images, just stripped back HTML, you can see
the work in the various 'appminifier' subdirectories somewhere in the repo).
It saved me data, but introduced lots of quirks. At some point I realized it
was too difficult, and I was committed to another idea with it, rather than
this low bandwidth, so I stopped working on that feature.

Also, I love the _Open in new tab?_ feature you have. This really rocks. It
made me so happy to see this work! Thank you so much for sharing with me. :)

I wanted to get a scrolling feature like you have and I couldn't think of a
way to make it work. If yow could do that in BG I'd love it!

------
sdan
Get ready to be hired by Mighty XD.

Liked your product from your previous submission and liked this one as well. I
think it can help some people where censorship is present, but not
particularly for me.

~~~
slowenough
Thank you for this!

------
kpsychwave
Interested to hear about professional use cases for this kind of tool. I am
working on a cloud-based sandbox browser very similar to the OP here:
[https://www.sandboxbrowser.com/](https://www.sandboxbrowser.com/)

My target audience is software developers, QA engineers, and Ops people who
want a predictable isolated browser environment for doing various forms of
testing / hacking.

------
ComodoHacker
Cool idea at first, but on second thought, how is it supposed to mitigate
internet threats? Users need to download files, open them with local apps,
upload local files. All necessary channels for RCEs and exfiltration are still
there. Current malware codebase might get stuck with it, but it's a matter of
time and adoption. Other threats like clickjacking, cryptomining, phishing
would just work as before.

Am I missing something?

~~~
slowenough
First up that is some great feedback and raises a lot of really good points.

I don't know if you're missing anything but this feedback about files is on
point. I really appreciate it. And I'm surprised no one raise this until now.
Thank you for your time thinking about this and for making the space for me to
speak about it.

> Users need to download files, open them with local apps, upload local files.

Ideally, user's don't download files, they use the Secure remote file
viewer[0] (which currently handles PDFs, DOC/X, XLSX, etc), so that helps with
exploits from there (such as the Chrome zero day from PDFium that recently
occurred). No configuration is required, it automatically jumps in whenever a
download starts.

Also, because the browser is running in the cloud, that "download" actually
only happens between the web and the cloud. The file literally goes down to a
temporary directory on a server in the cloud, before being sent to the secure
file viewer. That file _never_ touches the client's device or network. And the
secure file viewer only sends pixels to the client, because it converts all
documents to images, and then, the browser sends a screenshot of that page. So
it's like... two layers of images.

Anyway, that helps mitigate the RCE threat from exploited file objects,
browser and device zero days. And no HTML,JS,CSS from the browsed page is ever
sent to your device.

As for opening with local apps, that's debatable with things like G Suite and
Office 365. But we can integrate with a corporation's SWG (secure web gateway)
and file policy so BG doesn't degrade their existing security, but it does
provide an extra layer.

As for uploading that is absolutely required, otherwise many things would be
unusable. I don't pretend that BG provides any sort of malware or virus
scanner (mainly because there is not download), but as for uploads, it's
possible to integrate into an organizations' existing SWG technology to gate-
keep content that leaves, and also white and black list accessible sites.

> Current malware codebase might get stuck with it, but it's a matter of time
> and adoption.

I agree that to some extent, security is an ongoing "arms race". But there
seems to be limits to what malware can achieve through the exploitation of
pixels sent to the device. It puts a big limit on their attack vectors.

It sounds like there's no point taking any steps, because malware can always
find a way through. When you say something like this, I feel like I'm wasting
my time talking security, because it looks like you'd never adopt a mitigation
anyway.

> Other threats like clickjacking, cryptomining, phishing would just work as
> before.

That's a great point. I don't think this tool can prevent against social
engineering threats like phishing, fraud and deception. It may even may them
worse by allowing users to feel "more secure" and therefore act more rashly.

No tool provides perfect protection, but BG can reduce the attack surface and
isolate and contain many threats away from the device and network of the
client. In the case of clickjacking, older browsers can be vulnerable because
of CSP headers, but with BG you always proxy through the latest chrome.

As for cryptomining that will simply not work well at all. We have monitoring
software that puts hard limits on CPU, memory and bandwidth for each browser
and each user. Please, go ahead and try it.

[0]: [https://imgur.com/gallery/Z32ZPg3](https://imgur.com/gallery/Z32ZPg3)

~~~
ComodoHacker
Remote file viewer is a good idea. The hard part is convincing users to a
workflow where they can't save their files, only view or print them. There are
tons of software with tons of proprietary file formats. One day you'll have to
give up and allow downloading.

But I see a certain segment of small business users who have everything cloud-
based, where this might take off.

~~~
slowenough
I agree that downloads are important, so I'm committed to integrating with
org's existing file/firewall policies and secure web gateways.

I'm interested in what you said. Would it be a terrible idea for you to tell
me some more about this certain segment of small business users?

~~~
ComodoHacker
I've seen a couple of them during my consulting gigs. They don't want to own
any infrastructure and don't want to keep IT staff to maintain it. They indeed
use G Suite, Office 365 and cloud varieties of line-of-business apps: order
processing, inventory, accounting etc. If an app doesn't have a suitable cloud
alternative, it's moved to VPS and accessed via RemoteApp (at this point you
apparently get some IT guy).

They keep client PCs as "thin" (read "cheap") as possible. They don't have a
"SWG" or "file/firewall policies" or anyone who can implement and enforce it.
It's just stock desktop AV software perhaps with some initial tuning. And this
resource-hungry beast is there only to scan incoming files for the ransomware-
of-the-day, either downloaded from the Internet or copied from USB thumb
drives. If they could deny users from downloading anything, disable thumb
drives and drop AV entirely, they'd be much happier, especially that poor IT
guy.

~~~
slowenough
Wow, this was really useful. Thanks for that! :)

------
wila
This is cool, but to me it sounds like you are building high value targets for
a hacker.

Hack one instance and get access to hundreds of users browsing the internet.

~~~
slowenough
The risk you point out is extremely true. That's one reason why corporate/paid
deployments are single-tenant. So everyone (not hundreds, it's more
compartmentalized than that) on an instance belongs to the same company, or if
desired, the same unit.

Even in this free demo, every user has their own browser process, with its own
uid owner, and that OS uid has its own limited permissions.

At the same time, it's not an insignificant risk at all and you raise a very
good point, which I'm surprised no one brought up before. Thank you for
bringing it to everyone's attention.

An instance is a single point of failure, it's also less attack surface. To
some extent, that's a tradeoff. Relative to all devices and network
infrastructure in a typical company that access the public web, there's less
attack surface if all web access funnels through a BG instance. On the other
hand, it's a concentration of the risks into one place. My belief is that
makes it easier to manage, and that the "gap" between the client
infrastructure and devices and the cloud (through which only pixels, and a
wire protocol of user intent pass), makes it more secure than accessing the
public web directly.

Even tho it's a single point of attack, a compromise of a cloud machine, is
not the same as a compromise of a device in a company intranet, or a mobile
phone of someone in the company. In order to exploit the user's local machine
or their organization's network, an attacker would still need to convert any
instance access they had into access of a company device or network. This
could happen through attack vectors in the pixels for the screen view (less
likely) or through compromising the source code that serves the thin client
(more likely). This is why monitoring of source code integrity is important.
Open Source is an important part of that.

At the same time, in these free demo versions the browsers only exist for 10
minutes, and, exactly as you say, hundreds of strangers are all browsing from
the same machine together.

TL;DR - It's a tradeoff of centralized infrastructure. There's less attack
surface, but there's also a single point of failure.

Also, if you want to responsibly dislcose any security vulnerabilities you
discover, please report to cris@dosycorp.com and if you want I can acknowledge
you here [https://github.com/dosycorp/vulnerability-
reports](https://github.com/dosycorp/vulnerability-reports)

------
vhodges
Some what relevant

[https://ungleich.ch/u/blog/how-to-run-your-browser-in-the-
cl...](https://ungleich.ch/u/blog/how-to-run-your-browser-in-the-cloud/)
(which will ultimately lead you to
[https://guacamole.apache.org/](https://guacamole.apache.org/))

------
infinitone
Just tried it acouple times and keep getting hit by google captcha...

Maybe this is the Google AI team trying to get more people to solv'em? ;-)

~~~
slowenough
Good point, let me temporarily switch the default search provider to
DuckDuckGo. This will take a while to propagate to the browsers.

A workaround in the meantime is to enter a URL in the box instead.

Edit: Switched to DDG as default search provider for this. Back up at 21:24
PST.

Edit @23:00 PST: I've opened an issue with Google Cloud Support (the system is
hosted on GCP even tho it is cloud-agnostic) and I don't expect they will be
able to provide a resolution because this is probably the CAPTCHA behaving
correctly.

BTW, it _could_ be the AI team getting some more data, who knows? ;)

Somehow tho I think whatever we do is simply a drop in a bucket for them.

------
Hitton
Surprisingly usable, considering it's on the other side of the globe.
Personally I don't see myself having a use for it, but I'm sure it could find
its users.

Two thing I noticed. You have to enter address including "http(s)" to avoid
searching it in DDG. And more annoyingly I couldn't select text on web page.

~~~
slowenough
Thanks for saying that!

As for text selection, the best I have so far is

right click to open context menu

select "Copy text from here"

And you should get a box pop up with text you can select. :)

------
rinchik
Just tried the demo on your website and it seems to be quite slow and
unresponsive. If this a load issue?

Also it gives me a feeling that I'm not in control of what's happening on the
screen. Could you please let me know how is this solution better (or more
secure) than using remote desktop with disposable VMs?

~~~
slowenough
I'm sorry about that! That's sounds like a really terrible experience you had
trying this out today. It must feel really uncomfortable to not be in control
of what's happening on screen.

Edit: the HK site is back up.
[https://hk.cloudbrowser.xyz](https://hk.cloudbrowser.xyz)

There's a couple of factors that could be playing into this. Primarily it's
likely just the application itself. It _is_ more slow, _and less responsive_
than using a regular browser on your device.

The frame-rate is capped very low, the image quality is lower, and there's
more lag to each interaction since it involves (at the very least) a WebSocket
round trip and a screenshot.

Secondly, you could be affected by geography, which has a very significant
effect. If you are close to the primary server (US East, Virginia) you'll have
a faster more responsive experience.

In a few minutes I'll have the HK server (Asia Pacific) back up ( I was just
resizing it down, it was seeing significantly less use than the US server),
and if you're closer to that you can try there.

Also, the free demo has many caps (so as to control costs). I cap the outgoing
bandwidth of each user to a very low 3Mbit/s, and I use multiple ways to cap
CPU usage, including (in extreme cases) killing the process. All of this means
that if the page you are using wants to eat a lot of CPU (happens sometimes)
then the app will slow right down for you (to preserve resources for everyone
else on the system).

I can say confidently that it is not about the number of users. We had More
100s at peak before and a single browser still felt snappy. So if you're
getting slow down I think it is (to summarise), either:

\- You are experiencing the app for the first time, it is different to using a
normal browser, interactions _are_ slower and more choppy (but page loads
should be as fast or faster).

\- The page you are browsing is hitting the resource monitoring and being
downregulated.

\- You are link-wise far from the server (which is often, but not always,
related to geography).

If you're interested to give it another try I'm at another time I'm happy to
arrange that. Would you be unwilling to leave your email at this form, and I
can let you know a quieter time? Also, if you just email me at
cris@dosycorp.com and let me know your approximate location, I can set up a
server near you and we can attempt to work out any leg issues still occurring.

------
danbmil99
Would this have problems with sites like LinkedIn that aggressively ban
address blocks from cloud providers?

~~~
slowenough
Thank you for this.

First up, have you had any issues with site banning or CAPTCHA?

After I saw your question I wanted to know so I just tried signing into my
LinkedIn from [https://hk.cloudbrowser.xyz](https://hk.cloudbrowser.xyz) and
I'll share my experience.

And first they sent a code to my email because "something seemed suspicious":

[https://imgur.com/gallery/2lflmjf](https://imgur.com/gallery/2lflmjf)

When I put in the code from my email I could sign in and it worked as usual.

I have noticed that everytime I land at
[https://bloomberg.com](https://bloomberg.com) I get a CAPTCHA (1 only) and
then I could read the site.

I opened a support ticket with BB but they said they don't need to do anything
right now.

I felt OK with that. 1 CAPTCHA is not too bad.

------
slowenough
Hey HN, thanks for all the love on this, and for helping me think about other
use cases for and how to communicate about this product. I really appreciate
this!

Also, I noticed I spent a lot of time maintaining the demo instances
(resizing). In a real deployment the number of users per machine is pretty
much static, but here I've had to deal with scaling and spikes.

It occurred to me today that I could probably put the free demos behind a load
balancer (smaller basic machines, and scale them up or down), so that I don't
have to manually resize the instance.

I've taken down the two demo sites (free & hk) for now, while I work on the
load balancer setup. Should be back up in a couple hours.

~~~
slowenough
Edit: Servers are back up

I moved from a single massive instance to a target pool behind a load balancer
with health checks based on if there's available queue.

[https://free.cloudbrowser.xyz](https://free.cloudbrowser.xyz)

[https://hk.cloudbrowser.xyz](https://hk.cloudbrowser.xyz)

I have not worked out how to geographically load balance both of those from a
single domain based on which you are closest too, but I want to see if these
new smaller instances in load balanced target group pools can scale to take
the load like a larger instance.

~~~
slowenough
The load balancing setup I used today has issues, which you can see if you're
using it now (very slow).

Namely, load balancing and scaling based on CPU is not a good metric, because
new instances (which are still serving multiple users), will keep absorbing
new users before the metric is triggered, and even when it is triggered, a new
instance will take a while to spin up and build some browsers, so scaling lags
too far behind load and the effect is existing instances get and stay
overloaded.

So, I have an idea for a new autoscaling system that puts 1 tiny machine per
user, but it will take some reconfiguring. So, in the meantime, I'm switching
back to the old system (massive instances, vertical scale).

I'll do that now and the servers should switch to the new system in about 30
mins.

------
ausjke
Just had a quick check, some web page will fail the click event(mouse click
won't do anything).

on the other hand I have been using novnc to do similar things for my own
testing purposes(running chrome inside chrome remotely), it worked very well
for me so far.

~~~
slowenough
Thanks for the report, it's very valuable and thanks for pointing me to noVNC,
it looks great!

I'm very serious about usability issues, would it be impossible for you to
provide some examples of sites where the click failed and what you clicked on?

I try to get those things fixed ASAP because the experience of using is so
important, I think it should be as familiar to a regular browser as possible.

------
AndrewThrowaway
Bleak future flashed in front of my eyes - Google Chrome v100 - browser runs
on google's cloud, you are just being streamed view to your Chrome Client™. So
secure and you are so out of control.

~~~
dijit
Which would definitely be in-line with what they're doing presently with
Stadia.

~~~
AndrewThrowaway
To be fair running browser sessions should be so much less demanding than
running triple A games.

~~~
dijit
I don't doubt it for a second, but if you can make one happen why _not_ the
other? if you already have a very powerful video compressor with low latency,
why not do hosted applications?

Totally makes sense because you unconstrain yourself from supporting all web-
browsers, rolling out features gradually, and it unconstrains you from
javascript too.

Imagine instead of google docs you had microsoft excel but surrounded by a
browser window, everything else is the same. I know people would pay for that.
(even if I personally prefer google docs)

------
gotts
I must be missing something but can someone please explain

how browsergap > self-host on your own machine (at home, or in a VPS, VPC or
the public cloud)

is more secure/private then just setting up a VPN on that machine?

~~~
angry_octet
As I understand it, it's like an extreme sandbox -- a completely separate
computer (or a VM) where all the web stuff happens (javascript etc), which
just ships pixels to your computer (phone/laptop etc). Ideally the complexity
of the client software is low, i.e. not a web browser, and there is strict
site isolation (VMs) at the sandbox side to prevent leakage from one site to
another. I'm a little vague as to how this implementation works.

So this is nothing to do with a VPN as such, but of course you could host it
in the cloud, or run a VPN to a cloud endpoint.

~~~
slowenough
Yes, that's correct, thank you for helping explain things! :)

~~~
o-__-o
What I used to do was launch a browser in an Xvnc or RDP session in a VM
somewhere. Then do all my browsing from there. Later, I worked somewhere where
RDP was blocked so I started using Guacamole (RDP/VNC over websocket).

What this author is providing is a similar and all-in-one npm solution for the
above. Also has use-cases outside of secure runtime environments...

~~~
slowenough
Thank you for your explanations here, you really get this category! I'm sorry
but do you mind if I ask what's your background?

I'd like to ask for your advice, I'm at cris@dosycorp.com .... Would you be
uninterested in discussing over email?

~~~
o-__-o
Hey Cris! I saw your email in another thread and I was gonna reach out but for
different reasons! My background is software dev with an emphasis on systems
infrastructure and release management. I’ve worked enterprise and startups and
my niche right now is M&A transitions. Look out for my email later today!

~~~
slowenough
Thanks, I'll be looking out for it!

~~~
slowenough
You might need to reach out at cris@dosyago.com I think the G Suite email
(dosycorp) is dropping mails.

------
jek_rock
I have a few questions. Does it update the whole screen each time something is
changed on the page? How have you got rid of Google captcha? I didn't get any
while I was using it.

~~~
slowenough
Yes, it listens for LayerTree.layerPainted events, and queues a screenshot on
that. It also queues screenshots on other things, such as on "clicks",
"scrolls" and a few other interactions.

After Screenshots are queued, they're throttled to a low framerate, and then
each frame is compared with the last sent, before it is sent to the client,
and dropped if there's no change.

I got rid of CAPTCHA by changing the search provider to DDG.

Thank you for your comments, I really appreciate it! :)

------
jtvjan
Does this support Flash Player? Having plugins like that RBI'd would be very
useful as they're big attack vectors and usually not supported on mobile.

~~~
slowenough
Not flash, but PDF and DOCX/XLSX should work okay.

I have not thought about Flash, but I totally get the point you make. It looks
like it would be very useful as they are big attack vectors and usually not
supported on mobile.

Thank you for this feedback.

------
throwaway444912
This makes little sense, it doesn't protect you from exploits, they just run
on the cloud instead.

If an attacker has a browser exploit, they can still..

\- read all your email

\- log all your passwords

\- wait for you to login to online banking and transfer all the money.

You also have to worry about the host being compromised, or the operator
logging your activity, etc.

If this is something you really want for some reason, why not just
RDP/VNC/Chrome Remote Desktop back to your office/home network.

~~~
arghwhat
> This makes little sense, it doesn't protect you from exploits, they just run
> on the cloud instead.

I am in no way endorsing this product (or the category of products), but it is
incorrect to say that it doesn't protect you from exploits.

It protects against _your machine_ being compromised, and while the browser VM
can be compromised, it can theoretically be ephemeral, possibly even only
having the lifetime of a single tab (some products in the space does this
IIRC).

It's all just a matter of what your threat model is.

> If this is something you really want for some reason, why not just
> RDP/VNC/Chrome Remote Desktop back to your office/home network.

You could make a minimal linux VM with only a web browser, keep good
discipline and never do anything else on it, and RDP into it.

However, these products commonly provide much smaller attack surface than such
a setup, and combined with something like VM-based tab isolation, you wouldn't
be anywhere near the security features of such a product.

------
mrskitch
Hey, this is super cool and interesting! Are you using puppeteer to do this?
Might be cool to partner on some of it if you’re looking into that (I run
browserless.io).

Best!

~~~
slowenough
Hey!

Thanks for the message. I like browserless!

I don't use puppeteer. I use Chrome DevTools Protocol heavily tho. I started
using chrome-remote-interface but hit limits in what it can do with Targets
(specifically, flat session mode) and the latest versions of the API. Now I
just use the WebSocket directly.

I'd like to partner. Email me cris@dosycorp.com

~~~
nurettin
Hi, is there any reason to avoid using puppeteer? Does it lack something you
need when using the devtools protocol? Is it buggy?

~~~
slowenough
Thank you for the great question.

Thinking back to when I started this I initially just wanted to keep
everything simple and so I avoided putting in a large and high-level lib like
pptr, and went with chrome-remote-interface.

I looked at pptr and IIRC at that time (~ 12 months ago) there was not a clear
way for me to handle multiple tabs (a key "real UI" use case). The same goes
for Cyrus' lib too.

With Cryus' lower level lib I could hack around that, by doing my own target
and session management, but at some point in the last couple months I hit a
wall with chrome-remote-interface. Cyrus' lib was not up to date with the
latest ToT API (specifically flat session mode) and I worked out I could
replace the entirety of chrome-remote-interface with some simple code that
sent messages down a WebSocket, saved a Promise (by message id) and returned
it, and resolved that promise when it received back a message tagged by
corresponding id. It was also simple to write an 'on' function to add
listeners for various events. So that was that.

Basically, the DevTools protocol is a well specced, well tested, simple
protocol and all these libs (like pptr and chrome-remote-interface) began
simply as wrappers around the WebSocket, with an API to map function calls to
protocol messages and add listeners for events. PPTR has evolved into much
more than that now, and during the same time period, I evolved my own "BG
protocol" atop the CDTP (Chrome DevTools Protocol). It became easier to deal
with the single source of truth that CDTP is, and get the full expressibility
of the latest ToT protocol than deal with the limitations and abstractions of
other things built atop that.

Specifically, PPTR did not (and I believe probably still does not, tho I have
not deeply checked) an easy way to control and manage multiple tabs. And even
if it does, I'd have no use for it, because I already have the code that does
all that anyway. Scanning PPTR docs now I see that I prefer the abstractions,
naming, etc of the CDTP protocol itself, rather than the ones PPTR provides.
Like I said, the CDTP protocol is very comprehensive, consistent and makes a
lot of sense, and I know it very well. For me and my use case, it's just a
better fit.

The way I think about this is not that "PPTR" has some problem, it's that the
"BG protocol" and PPTR (et al) are trying to solve (basically) fundamentally
different problems. PPTR (et al) try to provide a clean developer experience
for common tasks related to browser use cases (such as automation, getting
screenshots, PDFs, testing, etc). That's a particular domain, and not exactly
the same as what BG protocol does. BG protocol attempts to provide as
realistic and familiar as possible experience of using a browser (when you're
actually controlling a remote browser through the CDTP). That's not entirely
the same domain, because some things that users want, are not required in
automation, and some things that automation does are not required or done by
users.

One of the ways I code is by picking the right tool for the job, and if that
tool doesn't exist, or no longer works, I build the tool. I want to work with
tools that fit right. So for this domain and use case BG protocol is a better
fit than PPTR.

------
0x073
Is it more secure than Guacamole + libvirt + chromium os?

~~~
slowenough
If you mean running the VM locally, then that has a risk of any exploits being
able to escape the VM, and attack your machine directly.

That seems less secure than facing the risk of any exploits being able to
escape the hypervisor in the cloud, someohow come through the text protocol
connection to your computer, and exploit you there.

The extra layer of security provided by the remote cloud is important.

If, on the other hand, you mean using Guacamole to connect to a desktop
running headless in the cloud, I'd say that's a similar level of security to
BrowserGap.

~~~
hathym
What about a vm inside another vm?

~~~
stjohnswarts
I heard if you run VBox inside of QEMU inside of VMWare all running different
flavors of linux then you good, dawg.

------
z3t4
So is this using the canvas? What about accessability?

~~~
slowenough
That's a great point, and something I have not considered.

It's a big oversight, I'm sorry about that. Let me think about it.

There must be a way to do this.

~~~
z3t4
For screen readers you could run it server side. Then stream audio/video to
the client. Although I dont think this is the best sution to the problem. A
better solution would be to run the browser with a hardware abstraction layer,
like a virtual machine.

~~~
slowenough
That's a clever idea about running screen readers server side, thanks!

------
cicadas
BrowserGap recursion
[https://i.imgur.com/RRC5Eh6.png](https://i.imgur.com/RRC5Eh6.png)

~~~
ppf
The free version is kinda unstable, but this is as far as I got:

[https://imgur.com/QMQVDrk](https://imgur.com/QMQVDrk)

[https://imgur.com/E2ZZBaZ](https://imgur.com/E2ZZBaZ)

~~~
slowenough
Wow, that is far! It might have been the 10 minute time limit I put on the
free version. It used to be 30 minutes but today there were hundreds of people
and many people getting told it was already full, so I tried to let everyone
have a go.

But, haha, I'm really glad that little modal dialog bubbled up the layers! XD
It's kind of crazy when you think about what's happening ~~ you're chaining 7
browsers in row, using each to automate the next. It's crazy! Haha! XD

You really got me with this, it's so funny! Thanks for giving me a huge smile.

~~~
ppf
Also, what does the "saved" value refer to? It's quite easy to make it have
strange (negative, or very large) values.

~~~
slowenough
Oh, sorry. It compares the amount of data you are receiving, versus the amount
of data you _would be_ receiving if you were browsing directly.

Saved = (total resource weight of original browsing) - (screenshots +
protocol)

------
aloer
How does the Screen sharing work. Is it pixels out with noVNC or similar?

~~~
slowenough
It's just pixels out. It's very basic. It's just screenshots and compressed
with WebP (if client supports), and adjacent frames are dropped if they are
the same.

------
ppf
How is the user agent set? I'm trying out the free demo
(free.cloudbrowser.xyz), and two different browsers (Chrome and Firefox)
produce different and consistent user agents.

~~~
slowenough
Both the user agent and navigator platform strings are mirrored from the
client.

~~~
ppf
Could that cause any issues with browser-specific features? I'm not sure what
browser/renderer you are actually using, but if I'm using something different,
there could be a mismatch in advertised capabilities (through the user agent).

~~~
slowenough
Yes, but generally, web apps detect features not browser versions, because UAs
are already an unreliable signal of features, from long before BG.

Things like privacy extensions, screen readers, crawlers have various user
agents.

At the same time, you make a good point. I'll consider your reflection if I
come to re-decide if this is a sensible default.

------
Crinus
Does this run on raspberry pi? E.g. could i get a rpi4 (which seems powerful
enough), connect it to my router and install this on it?

~~~
slowenough
It should.

If you do this, please post an issue or PR on the REPO. I'd love to include
something cool like this in a "built with BG" section.

------
leowoo91
Can someone explain me the major difference of this with being on a vpn along
with a private tab? Thank you.

~~~
slhck
Browser fingerprinting, for one, is something that can be avoided.

------
cryptozeus
On ios safari, browergap is unusable. Screen is totally pixelated after
hitting the search button.

~~~
slowenough
Thanks a lot for your time on this report, and I'm really sorry about that! It
sounds like the screen is pixelated and unusable. That must be very annoying!

I don't have an iPhone next to me right now, and I have not tested in Safari
for about a week. Would you mind sharing a screenshot?

I know that because iOS Safari does not support WebP, I'm just using JPEGs
which means the quality is worse there.

As a short term workaround, I'll now turn up the JPEG quality. This will take
some time to propagate to browsers.

Again, I'm very sorry you had this experience today! I will test on iOS and
improve the usability. I've had other reports that scrolling is terrible in
iOS.

I'm just adding the iOS issues to the GitHub repo now. It could be great to
contribute your screenshot to there! :)

Edit: Also, I'm sorry but would you be able to tell me are you using
[https://free.cloudbrowser.xyz](https://free.cloudbrowser.xyz) or
[https://hk.cloudbrowser.xyz](https://hk.cloudbrowser.xyz)?

Because I am testing serving HK with imports rolledup for speed (less
requests), and wonder if this caused a further issue.

~~~
cryptozeus
Give me your email, i will send the screenshot of what I see. Any random emIl
is fine.

~~~
slowenough
Thanks for offering to send a screenshot of what you see!

Sorry I don't have a random email, but here you go: cris@dosyago.com

------
computator
Someone else already mentioned being hit by Google captchas and the developer
of this service said that he switched to DDG as the default search provider.
Nevertheless I tried Google and kept working through 15 (yes, fifteen)
captchas in a row and Google still wouldn't let me through, and then I gave
up. What the hell? Surely even after 1 captcha, Google should be amply
convinced that I'm not a robot and let me did a single search.

Can anyone explain the purpose of Google putting up an apparently impossible
barrier like that? Is it because my searches are comingled with dozens of
other people attempting Google searches at the same time from the same IP
address? Or Google decided to blacklist his IP address?

~~~
Nextgrid
That is a "feature" of ReCAPTCHA, and I believe there might even be a patent
on it. The idea is that if you are sure it's a bot and want to deny them
access you still waste their resources by making them solve impossible
captchas.

~~~
dmos62
It also happens if you have extensive anti-fingerprinting measures in place.
It doesn't go on forever though. 1 minute of captachas or so.

~~~
aplacelikethis
Not true. I've spent 5+ minutes trying to get through this captcha system
multiple times, never getting through.

It really fucks with you when you're on TOR, especially.

