
Show HN: Tenta – A private encrypted browser - tenta
https://tenta.com
======
laksjd
This just doesn't feel right to me. Firstly, what's a "Private Encrypted
Browser" supposed to be? What's making it private? What's even being
encrypted? There's a high density of buzzwords and a serious lack of
explanation.

While it's not always fair to judge a book by its cover, statements like
"Smart Incognito™ and Built In 256-bit Encryption" sure feel weird. Good
security doesn't come from random trademarked buzzwords or providing a bit
number without any context. Actually, those are major warning signs that the
product is probably not nearly as secure as it pretends to be. The fact that
this is not open-source just underlines that point nicely. Projects that are
serious about privacy and security as their main goals always provide source
code, not doing so is a sure sign that something other than privacy and
security is the main goal.

The entire project seems very flashy but it just gives of an odd smell. The
video,too, explains very little and leaves many more questions than it
answers. All this seems to be is a somewhat convenient frontend for a
proprietary vpn system which allows you to have multiple connections running
and associate them to tabs. That's not bad but it's certainly not some world
changing super-private thing and the fact that you're trying to present your
proprietary VPN solution as your great gift to humanity just rubs me the wrong
way.

It doesn't help that VPNs are basically pointless for anonymity since any
browsing experience that's usable by normal people (e.g. executes javascript)
can be trivially de-anonymised.

~~~
tenta
Your comments touch upon a challenge we had when deciding how to market Tenta.
At the end of the day, we want this to have mainstream appeal, which means
everyone should feel comfortable using and understanding the browser and not
necessarily have to know or care how the tech works, but that it simply works.
For example, a good test we went through during development was to ask our own
parents to review it, to make sure non-tech savvy folks understood the main
points and were willing to try this out. Having said that, as I mention below,
we are acutely aware that we have a trust and reputation issue since we're
brand new. We'll supplement our site with a more technical blog and provide
in-depth descriptions of how each feature works and our philosophy behind it.

So I totally understand your concern and we'll do our best to address it. If
there's anything specific that you'd love for us to write about on our blog,
let us know.

~~~
joecool1029
I don't know why you're marketing this outside of your background. If the
average internet user cared very much about state/company privacy we'd have
riots in the streets. But alas, we don't. The average HN reader is going to
care a lot more about privacy, but they're going to want you to give tech
specifics, they won't blindly adopt this based on marketing whizzbang.

Since you're from the adult background, why not market this browser to people
wanting to view porn at work and not get caught? I'm sure it'd get a lot more
adoption since legitimate use case, realistic goals.

~~~
tenta
We'll provide the tech specifics too. We know that's super important.

Yeah we're not going to run from our background. But having experience in that
industry for so long, we already know it will do well there. We're also
planning to reach out to people who already use and love incognito mode, ad
blockers, vpns/proxies, etc.

And to your first point, part of our job now is to do our part in educating
people why privacy matters and why Tenta exists. For example, explain why
tools like your average browser's incognito mode is useless. That term is
completely misleading/false and we will redefine the standard for what it
means to be incognito mode.

------
tenta
In light of the latest news of Comcast selling your data and almost weekly
reports of threats to privacy and censorship around the world, we want to now
share and invite HN folks to check out the public beta of Tenta Browser. It's
a private, encrypted browser with built-in 256bit encryption and OpenVPN.
We're in the early stages of development, but have a clear mission of
protecting your browsing data instead of selling it and every feature we
design is based on this foundation. To help make sure we do it right, we
appreciate any and all comments and feedback.

~~~
hyh1048576
> a private, encrypted browser with built-in 256bit encryption and OpenVPN

Can it be used to bypass censorship with the built-in tools? (VPN is not
enough for bypassing censorship in China though.)

~~~
crowell
vpn is enough to bypass censorship in china. How do you think international
corporations do it?

~~~
hyh1048576
There are ISPs allowed by Gov to provide uncensored internet access, those are
unblocked.

Otherwise personal use of VPN can be blocked by the gov. See for example:
[https://news.ycombinator.com/item?id=5357590](https://news.ycombinator.com/item?id=5357590)

See also the top comment of this:
[https://news.ycombinator.com/item?id=10101469](https://news.ycombinator.com/item?id=10101469)

------
rictic
* support for .bit domains out of the box is very very cool

* is it based on Firefox? Chromium?

* emphasizing the number of bits in your encryption can be the opposite of reassuring. is this encryption on the wire or of data at rest? what algorithm(s) do you use? do you use a standard implementation or your own?

~~~
tenta
Sweet, someone noticed the .bit domain support!

chromium.

We're writing up details in a blog post, since this question has come up in
various forms. We'll share the link in a bit.

------
peterwwillis
How do you hope to monetize your product, considering there are already free
secure browsers and paid VPN providers? Are you going to become your own VPN
provider as well as browser developer?

edit: Oh, I see all the other media apps now. You're trying to become a
"privacy platform", I guess? Just use our products so you don't have to think
about privacy? And locking down the access so once you put your media in
Tenta's valut only Tenta's apps can do anything with it, that's smart.
Downside: You're going to look very attractive to criminals.

Additional question: are you going to implement a warrant canary?

~~~
tenta
I just mentioned this note above, but to respond directly, the browser will
always be free. We believe everyone should be able to access the world's
information without censorship and you shouldn't have to pay to access that
right. Media Players and private storage are great ideas we've thought through
too. Currently the VPN is applied to the browser only, so we're thinking of
charging to switch the VPN on for device-wide protection. There's also
security and privacy extensions and customization support, such as adding
custom DNS or your own server location.

------
feklar
Since there's not one technical detail on their marketing site I'm going to
assume this is reskinned Firefox with SQLCipher dropped in.

~~~
tenta
Please see my relatedresponse above to laksjd. We're about to publish our
technical blog and will expand on the technical details.

------
sockopen
I noticed that the user-agent string still reveals my device type and build
number. Searching the device type reveals that the device was only sold in the
country I am in, defeating a lot of what this browser is supposed to be about.

Where is the privacy aspect when you're leaking my country, device type, and
even what build of Android my phone is using to literally every website I
visit?

~~~
peterwwillis
I can use existing products to identify your particular device even in a
completely encrypted connection; if I can see the requests' content, I can
tell even more, regardless of user agent string. And if I can see the
requests, I can probably inject a response, which allows for a large range of
probes and attacks to further identify your device. Worst case I can even use
your latency to identify where you are.

Privacy means that nobody but you and the site you are visiting have your
private information. Anonymity means the site you are using has no idea who
you are. They really need to clarify these things.

~~~
tenta
On the UA string, thats a good suggestion. We can look how much device info we
need to send and add some settings for that. On the privacy question, it
sounds like the zone you used was connected to a local connection instead over
the VPN connection. In the next build we're going to make this more obvious.
Tap on the flag or blue pin icon in the top right corner to open Zone settings
and you can see a drop down of locations to choose from.

Btw, it's not added yet, but we will make the default selection "Fastest
Connection".

As far as trusting us to run the VPN edge for you, we will work on variety of
ways to earn that trust as I've mentioned throughout my comments. But this is
also why we're working on a way to let people run their own edges.

Thanks for the feedback, we'll make sure to clarify this all on the site!

------
chaz6
I would like to know, does this support IPv6? Opera tried offering a built-in
browser VPN, but it only supported IPv4 websites.

~~~
tenta
Yeah we saw that too. We're working on this now. I'll get back to you with a
firm answer soon.

------
0xmohit
Are the sources for the browser available?

~~~
tenta
Great question. We do plan to open source the security and privacy code
because we know that's critical to building trust for this type of product.
We're still heads down to get through beta phase though, so it's just a bit
early to take that step. We're on version 0.99.5 now and once we get out of
beta, we will open up the code for 3rd party review

~~~
0xmohit
> we will open up the code for 3rd party review

Open for general access or limited to certain entities?

~~~
tenta
We'll open for general access. And to the other point, we're still in beta
development with a small team, so we will open up each portion as we go, so we
can manage and address the feedback properly

------
thebytebandit
Attempting to download the app from the Play Store leads me to a broken link
[1]

[1]
[https://play.google.com/store/apps/details?id=com.tenta.andr...](https://play.google.com/store/apps/details?id=com.tenta.android&ah=MbCeYCbpCE2sUXegsW58NIM14cU)

~~~
tenta
The main download link on the site should be:
[https://play.google.com/apps/testing/com.tenta.android](https://play.google.com/apps/testing/com.tenta.android)

We're using the Play Store's beta program, so you'll need to opt-in to be a
beta tester first, then download

Can you please let me know where you got that link and we'll fix it.

------
rm_-rf_slash
As a wrapper for the other instances of this question in this thread: why is
the source code not open and free to view by default? Afraid we'll notice tab-
indenting? ;)

~~~
tenta
Mainly because we're still getting beta feedback and in development. We're on
version 0.99.5 and working toward 1.0, so depending on what beta testers tell
us, there could potentially be sections of the app that change completely and
some features are simply not complete. We want to get it out of beta and into
1.0 first, otherwise it will be a distraction for our small team. ..so yeah
tab-indenting and lack of code comments. :)

------
paste0x78
Privacy policy?

~~~
tenta
We'll get that up today, thanks for asking. Overall, we're taking a zero
knowledge approach to your browsing data. We also do not store your keys on
any servers for additional security measure, which means we are simply unable
to provide access to your account to anyone.

------
codezero
Who makes this?

~~~
joecool1029
Tenta, LLC.

~~~
lisper
And how can a user be sure that Tenta, L.L.C. is not an agent of the NSA or
the Chinese government?

~~~
tenta
We know these type of questions would come up. We're thinking a lot about how
to build trust as a new player in the world of privacy tools and being
transparent about who we are is part of that plan. We've been in the mobile
startup world for almost ten years now and based in Seattle. We'll put up our
bios, share video intro and you'll be able to meet us at the conventions, etc.
Of course at the end of the day, that's not enough either. We'll also start
reaching out to other companies we admire in this industry to review our
product and we will work hard to earn their respect, so you can have real 3rd
party validation. Also love to hear what you would want to know from us to
make you give Tenta a try.

~~~
ktta
I understand your apprehension open sourcing the source code, but 90%~ of your
userbase will be people who don't trust closed source code (some even would
want to verify the app integrity somehow). So I really suggest you guys
seriously consider open sourcing. I don't really see any of the free browsers
using VPNs catch up because they are closed source, and although it might open
up possibilities of IP theft, the chance of this being a successful product
will be much greater.

And those great OSS contributors will help out too!

------
8d3d6c9b6a91c
Where can we report vulnerabilities? ;-)

~~~
tenta
support@tenta.io, we welcome your help. Please keep in mind we are in beta, so
you'll notice some feature will state that they are under construction, but
more feedback the better.

------
Falkon1313
Is this for android only? (It isn't mentioned, but download links go to Google
play store.)

I see no mention of ad-blocking, tracker blocking, or script blocking. Can it
use things like uBlock Origin, Privacy Badger, and Noscript?

~~~
tenta
We're starting with Android first (we'll make that clear on the site) and iOS
second. Then we'll decide what platforms to prioritize next.

Regarding the second question, the short answer is that we plan to support
this. It's just a matter of our time and what to focus on for the initial v1.0
launch. Long answer is that we do agree this is something that’s best solved
by an ecosystem of providers (like the ones you listed) where users can easily
block ads as they desire. So we'll take this approach rather than the browser
unilaterally determining which features websites are allowed to have. Even
major browsers with built-in ad blockers have false positives and break
websites inadvertently. Take our own website for example. We have zero ads on
it. It displays properly in Chrome, but completely ruined in Opera Mini which
has built-in ad blocker.

------
ktta
I assume this would be a paid service (and I have no problem with it), so a
concrete figure ($$$) or tentative figures (tier based?) would help potential
users either follow up and start using the beta or forget it.

~~~
tenta
By default, the browser will always be free. You should be able to browse
anonymously and control your data without paying. Currently the VPN is applied
to the browser only, so we're thinking of charging to switch the VPN on for
device-wide protection. Without getting ahead of myself too much, but we can
also consider offering other security and privacy extensions and
customization, such as custom dns or your own server location.

~~~
PeCaN
If the browser will always be free, what is your business model?

(No offense, but I just get _very_ skeptical of “security” products that are
‘free’.)

~~~
RussianCow
_If the browser will always be free, what is your business model?_

The answer is in the third sentence of the parent comment:

 _Currently the VPN is applied to the browser only, so we 're thinking of
charging to switch the VPN on for device-wide protection._

------
steaminghacker
How do i download this without loggin into google? thanks.

~~~
HuggerNuws
Wait until they opensource it so f-droid can build it :). Of course I could
upload the apk somewhere for you but how would you verify it's real (unless
theres virustotal for it already)

~~~
steaminghacker
Couldn't they put a direct APK link from the website?

------
shomyo
Nice try NSA.

