
Epic, The Privacy Browser - romaniv
http://epicbrowser.com/
======
hngiszmo
WTF??? Guys, wake up! If it is not open source, it does not protect your
privacy. Period. We see how other companies got coerced into breaking privacy
for some dollars. The company-driven closed source development is flawed as
long as we grant governments this power.

What we need is not yet another startup that tries to make money on our
private data (yeah, read Epic's FAQ how they make money). We need a stack of
hardware and software you can easily trust. My dream is to use a computer that
is produced on an open design by one of hundreds of fabs that would call out a
competitor that puts backdoors into the chips to boost their own reputation.
My dream is a software stack that is completely signed by tons of trustful
developers with the possibility to easily add my signature after bit-
reproducibly compiling code I checked. If this comes true, people will
identify easier the packages that were developed by companies only and find
ways to replace them for a trustworthy stack.

Open source apps distributed via Android market for example are closed source
apps compiled by the developer from code he maybe shared and that was possibly
modified by google running on video-audio-multi-sensor-bugs with several
agencies having a direct wire to them. If you still use windows, your PC is
not better than that. Think about it. Thanks to Snowden we can finally talk
about these issues without a single person calling us paranoid.

~~~
metastart
Epic is open source...anyone who wants our source code, just write us!! Sorry
we've been struggling to get the product ready and hadn't prepared to release
all the code yet but will do it fast. Chromium is a huge code base & we're a
small team so we hadn't gotten to it yet.

We don't make any money from anyone's private data or any data (period). We
make revenues at this point exclusively from searches you do via our private
search engine & always protect your searches' privacy.

Thanks for other ideas...others can comment...

~~~
Sir_Cmpwn
GitHub. Just make a GitHub repo.

------
nrivadeneira
I still can't figure out why my browsing data being sold is objectively a bad
thing. I don't see how it makes my day-to-day worse in any way. There are
plenty of smart people who feel that it's bad, so maybe I'm just missing
something, and I'm open to sound logic that convinces me that it's going to
make my life worse.

Also, the example they make at the bottom asking the reader to imagine
hundreds of people following them around and watching their every move is a
bit disingenuous. It's more like a handful of people following millions. At
that point in time, you're not much more than a data point.

~~~
hannibal5
Because it it gives companies advantage over you.

For example banks and insurance companies want to know everything possible
about you. So do potential employers. Profiling people and putting them into
categories and calculating their risk profiles makes their position weaker.

For example: Google "lump in the testicles" and browse medical sites. Then
wait one week and try to get mortgage or insurance.

~~~
kllrnohj
Except companies like Mozilla and Google (even Microsoft) don't give that data
to those companies, and have no incentive to do so. Indeed, to a company like
Google that would be corporate suicide as it would undermine their main source
of revenue. Google's money comes from being a middle man, they want to keep
their competitive advantage (your data to target ads) secret more than you do.

So your scenario doesn't exist.

~~~
abraxasz
1) "Google [...] doesn't give that data to those companies". What about
selling that data? That's in line with what you call "being a middle man" I
think.

2) "[they] have no incentive to do so". They have no incentive in trumpeting
that they are doing it. But without having read their ToS, I'm sure they got
that covered.

Of course this is pure speculation and I have exactly zero proof that this is
the case. I would actually never have believed those claims 6 months ago, but
today, I wouldn't be surprised.

~~~
aiiane
So you admit not even having read the ToS, but now you're ready to believe
that it happens, despite the fact that (for example) Google has a fairly
straightforward privacy policy that enumerates what they use data for:
[http://www.google.com/policies/privacy/](http://www.google.com/policies/privacy/)

As the person who originally replied to you mentioned: it'd be political
suicide for Google to provide the information they use for their own ad
targeting to others, even for a fee, beyond users' explicit consent. It'd also
be business suicide, given that it would allow people to cut Google out of the
loop, rather than using Google as the advertising platform.

------
M4v3R
This is a nice initiative, but I would like to see the source code of this
browser. Without it, I cannot be 100% sure that what Epic devs say is true and
it's not an elaborate NSA trick to get our data :). No hard feelings, just in
the light of current events as reported by NY Times/Guardian about NSA
backdooring popular apps and crypto implementations the paranoid inside me has
gotten more active lately.

~~~
metastart
Source Code coming soon. We've made changes to many chromium files & we're a
small team, so haven't had a chance to open source it all in a manageable way.
In the meantime, don't hesitate to write us if you want to see any code or
know any changes we've made. Or use Wireshark to see requests going in/out!
Our philosophy is exactly that -- we don't want you to "trust" us, it should
be private by design -- that's how Epic works. So for example, address bar
auto-fill is all done locally in your system because we don't believe all your
browsing should be passing through anyone's servers.

~~~
mahyarm
You guys are using something like git right? You have a tag for the build you
created right? Why not just release a read only github account or tarball of
the source released with epic to give people audit peace of mind now. Add a
bunch of disclaimers saying 'we are not ready yet, please only use this to
audit for now, we'll have a proper open sourcing setup soon'.

~~~
metastart
Great suggestion - thanks! Meant to put that in the faq that all code and
changes would be available soon. Will do that very very soon! We haven't slept
much the past week so give us a bit of time!!

------
genetik
Is this a re-launch of the Epic browser originally released in 2010 which
targeted Indian users?

[https://en.wikipedia.org/wiki/Epic_(web_browser)](https://en.wikipedia.org/wiki/Epic_\(web_browser\))

~~~
megantic
Looks like an attempt at pivoting, jumping of the privacy bandwagon. Doesn't
really make a good case that this browser is based on belief of privacy as
stated in their faq.

------
vjeux
You actually lose quite a lot in term of ease of use and performance when
trying to be fully anonymous :(

History, Password saving, Auto-suggest, Web Cache, Automatic Browser Updates,
Spell check, DNS pre-fetching & cache.

~~~
metastart
Privacy isn't "free", you're right. Epic supports password saving -- since
it's the user's choice, we determined that we could leave it in. Many things
can be done in a private way, so for example we have implemented local address
bar auto-fill, so you can type "f" and have facebook.com appear but it's not
based on your history nor any query to a web server. We will be building in
more such services to make using Epic both private and convenient!! Epic does
by the way auto-update for Windows though we hope to make it optional in the
future for the extremely privacy conscious. For the Mac, it will give you a
pop-up when there's an update so it's just about as simple as auto-updating.

~~~
qbproger
Can't spell check be a completely local feature without hitting any outside
servers? I didn't understand why that was disabled.

~~~
metastart
Yes you're right spell check surely can be! We'll work on it. Chromium is
difficult to work with as something like spell check will be built to be
supported as a web service so migrating it to a local service takes a bit of
time. Great idea though and something we will work on!

------
jfasi
I find it a little suspicious that a browser that purports to be private gives
a unique fingerprint on panopticlick...

[https://panopticlick.eff.org](https://panopticlick.eff.org)

~~~
autodidakto
It mentions fingerprinting as a threat, but doesn't do anything specific
against it. Probably because no one is quite sure how to stop it. From the
FAQ:

How does Epic protect against browser fingerprinting?

There is no agreed-upon way to prevent browser fingerprinting or device
fingerprinting at this point. There are many fingerprinting techniques which a
solution would need to protect against. While we are working on a more
thorough solution [...]

I imagine it could send the default plugin/header/user agent of
IE/Chrome/Firefox, or random stuff each time...

~~~
metastart
Epic at present blocks tons of fingerprinting scripts. Comments above seem
right to us as well that user-agent doesn't make sense to use from a
fingerprinting perspective. Fonts+Plugins do though. We actually do and
could've released things to protect against fingerprinting actively right now
BUT it wouldn't have been comprehensive or defended against some of the key
things we'd imagine a fingerprinter would use e.g. flash fonts call & more. So
there's more work to be done - please join our forums and help us come up with
more thorough solutions for fingerprinting.

------
3825
I don't mean to offend you but how does Hidden Reflex make money from and/or
fund Epic, the Privacy Browser?

~~~
metastart
Search. We earn revenues whenever you make searches via Epic. Note though your
searches are always private and sponsored/unsponsored results are only based
on your query and rough geo-location. We will base any results on tracking or
allow any searches or browsing to be tracked. It's not really required either
-- Google tracks you and saves your data to target non-search ads (search ads
via your search term can be naturally targeted)!!

~~~
jaryd
Is this why I'm having such a hard time changing my default search engine...?
:)

------
appamatto
What is being done here to combat browser fingerprinting? This seems like the
most challenging threat to anonymity.

~~~
metastart
We block tons of fingerprinting scripts. More coming soon (fingerprinting is
tough!).

------
megantic
I cringe when I read their claim to be "the first-ever privacy-focused browser
built on chromium". Iron[1] was first released in 2008 to circumvent privacy
issues with chrome.

I wonder if they did a really poor job at researching what already exists and
are truly clueless about iron, or if they outright lied for marketing
purposes. Hopefully they're not clueless about privacy and are not lying about
features, though I would not bet my privacy on "hopefully" specially when epic
browser website lacks an https version and epic browser bears a unique
fingerprint on panopticlick.

[1]
[https://www.srware.net/en/software_srware_iron.php](https://www.srware.net/en/software_srware_iron.php)

~~~
metastart
SRware is focused on removing google stuff...not really privacy in general, at
least from our view.

------
untothebreach
I see under the download button it says, 'more versions coming soon'...happen
to know when us linux users will get some love?

~~~
metastart
Soon we hope...we LOVE linux!!!! We're also a bit paranoid about backdoors and
use linux often ourselves...

~~~
kamjam
From recent news, I doubt Linux (or any OS) is safe from that intrusion...

------
hellbanTHIS
This is cool and I'm going to use it but I want people make money too, so
personally I'd be fine if you took my geographic location and served me ads
based on that.

I _want_ to know what's on sale at the nearest grocery store, and I wouldn't
be too creeped out if you knew where I was geographically. But maybe that's
just me.

------
tptacek
Sounds awesome. I'll definitely use this instead of the browser project whose
TLS stack is maintained by one of the best known crypto software developers on
the Internet, and run by the company that has almost singlehandledly
mainstreamed TLS forward secrecy.

~~~
psycr
Well, for the unenlightened, which one is that? Firefox? Chrome?

~~~
hoers
Chrom(ium), the open source foundation of chrome

~~~
psycr
But... that's what these guys are building on top of, in which case I'm not
sure I understand the sarcasm?

~~~
tptacek
It was pointless snark on my part.

------
RandomSpamMan
Out of interest, has anyone noticed anything outside of the ordinary? My
antivirus (Kaspersky) is flagging it as a Trojan.
[http://i.imgur.com/qTW8zPu.png](http://i.imgur.com/qTW8zPu.png)

~~~
dsl
Kaspersky identifies modified versions of popular applications. I suspect they
don't know Epic is a "legitimate" modification of Chromium yet.

------
jwcrux
> Epic automatically routes your searches through its proxy to protect them.

Sounds sketchy.

~~~
metastart
Sorry through a third-party proxy service powered by Spotflux. You're right
that if it was powered by us, it would be sketchy in terms of a privacy
improvement!

~~~
dsl
A third-party proxy that I don't select is still sketchy.

I've never heard of Spotflux before, and don't know that they aren't owned and
operated by one of your advertising partners.

------
user2
Companies are trying capture as much information about you as possibly by
casting a wide net of "trackers".

The truth is companies don't know what to do with all of your data.

------
devx
I like it, but can you at least add Startpage/Ixquick and DDG as options for
search engines? Options are good and people might not use it without having
those options.

~~~
metastart
Thanks!! Working on more search options!!

------
lowmagnet
I like the functionality of the 'umbrella' button. Is it something developed
specifically for epic? I didn't see it out there for regular chrome.

~~~
metastart
Thanks! Yes, only for Epic as it integrates all our services. A lot of things
in Epic are only available in Epic:-)

------
metastart
@spolu, we do block fb widgets and such...but a like link should work. You can
via our "umbrella button" allow third-party cookies on any website.

~~~
umsm
You should use the reply link directly below the comment you're replying to.
This helps keep things organized :)

~~~
metastart
Good point -- will do from now on!

------
philip1209
cURL - the most secure way to browse the internet.

~~~
ynniv
Stallman (still?) uses wget over email: [http://www.stallman.org/stallman-
computing.html](http://www.stallman.org/stallman-computing.html)

------
cji
Interesting choice of name considering [http://epic.org/](http://epic.org/)

~~~
metastart
We've been the Epic Browser for years now - were stuck with the name
contractually!

------
metastart
@devx thanks! Will be adding both those search engines to the search options
in an update soon.

------
spolu
Is there a white listing for third-party cookies? Does it break facebook likes
currently?

------
richardlblair
This second this is on github, I will download it. I look forward to it.

------
Sagat
There is probably a backdoor for government agencies anyway.

~~~
metastart
If you find one in Chromium PLEASE let us know!!!

------
alan_cx
Any one know how this compares with SRWare Iron?

------
diN0bot
how to use epic with 1password plugin?

~~~
metastart
Plugins work with Epic - another user has said 1password works in Epic.

------
CoreLogic
Nice try NSA...

