Sorry but I don't get it. Not a Dev or anything so may, and likely is my ignorance, but having skimmed the GitHub and comments here I don't know what this is for still. Can someone ELI5?
It's essentially a website with an interactive video stream of Chrome, a browser inside your normal browser (but not necessarily running on your PC). Like a remote desktop connection (e.g. RDP, VNC), but only for streaming a browser.
Good description. This is browser isolation (aka remote browser isolation, or RBI, or "cloud-based internet isolation", or CBII), with co-browsing (i.e, multiplayer mode, in HyperBeam's excellent parlance!) and other extensions (like remote devtools) built in: it’s basically a building block for many applications. But i see i’m going to have to do a lot better with the copy!
Just wanted to thank everyone for the lovely, heart-warming, encouraging and constructive response here. Lots of great ideas and new love on the repository, and to those of you who have emailed us, thank you we are working through a large backlog so we will get back to you! :)
Essentially, it is remote desktop for the browser, converting rendered pages into images that are transmitted to the client instead of html. The demo shows interacting with Youtube and watching a video.
Thanks! Definitely the README could be more clear. It's a product that sits at the nexus of a few different things. Just briefly some companies that are doing somewhat similar things (I may have missed some, there are a lot!):
- defensive cybersecurity: remote browser isolation is another layer to protect against browser zero-days from compromising your devices and network. So called "zero trust" approach of assuming compromise.
- email attachment and link opening: people can open email attachments in the secure document viewer and open dodgy looking links without risking their local workstation
- pentesting and malware analysis: researchers can investigate potential malware from a distance
Process integration and automation:
- you can embed browsers in your website in a way that circumvents iframe restrictions. This can make it easier to build dashboards and integration portals.
- you can use BrowserBox Pro to attach to your running Puppeteer / Playwright or other Chrome instances and interact with them in real time. People find it useful for debugging automation issues and getting them unstuck from bot-tests and errors. It's like driving manual for a challenging stretch on your FSD!
Remote work:
- co-browsing as a way to collaborate: you can have multiple people interacting with a web site in real time. Userful for remote teams who need to debug an issue or discuss content and design
- co-browsing as a way to socialize: some people enjoy doing watch parties and syncing up their viewing with friends
- co-browsing as a way to educate: trainers use it to deliver interactive lessons and as a way to monitor and aid development skills in apps
VPN and remote desktop:
- people use it as a way to circumvent country specific blocking by spinning up a VM in another zone and accessing the content they want from there
- people use it to access web-based apps, which in some areas have largely replaced desktop apps. It's like a lighter weight remote desktop in that case.
Random and miscellaneous use cases:
- honestly we're quite surprised at the way people use it sometimes. One of the first customers wanted it as a way to manage multiple online personas for their own privacy. Somehow they preferred that to having multiple local browser profiles.
Currently I wouldn't say it's particularly optimized for any of these subsets. But it's a great starting point for people building any of these applications. While we have a rough idea, as shown above, now we're in the process of asking people exactly how they use it and deciding if we should narrow our focus to a particular customer set, or keep it broad, and build out multiple feature domains in parallel.
In the last category the most prominent is circumventing local internet restrictions.
You didn't really ask about the following, but I think it's interesting: at least that's what our customers tell us their use is. As we haven't (yet) launched hosted service, and currently don't track usage analytics, we don't actually know for certain if these uses are legit, but they seems so.
That's paying customers. I estimate around 250% more people are using it "black", so either ripped off the source code before we went open source (there were a few hacks that seemed like they might have been breaches that could have accessed source code), or just using it unlicensed right now. I'm not sure what those folks use it for either. We get hundreds of git clones every day~~we probably should be tracking that, but we don't have a good idea how to do it without borking the privacy expectations people have!
We've had reach outs from places that we can't easily do business with as well (like Iran).
I don't understand the cloak-and-dagger interest (besides the fact that we may be the only source-available product out there (although there's Neko, and other similar things with different targets, so shrug)), maybe it's just corporate espionage, rather than hacking to use. It seems more likely that an orthogonal technology (using chrome headless, rather than RDP, DOM mirroring, or some custom browser engine), like we do, would be more attractive to a competitor than to a customer, as if you really need a similar solution and don't care about the finer points, you can just set up RDP pretty easily.
That's one of the things that convinced me to go open-source, because it limits the asymmetric advantage that anyone who hacked us for source code may have had. But I also figured we were halfway there with a limited-feature product, so may as well go all in.
It's too early to say if it's the right choice or not! :)
This is the exact thing I was looking for for a long time. I'm gonna use it to provide a browser inside the Safari on Apple devices. This allows me to use extensions which cannot be changed by the client, specificially my planned GPT productivity extension:
- Don't allow the user to browse social media websites like Hackernews.
You’ll need to port the extension to a custom content script and add it in tho: the reason is that we running headless, so we don’t support extensions out of the box.
I’ve had plans for shimming the extension API for a long time. I think it’ll be a cool project, but there hasn’t been that much demand for it!
Well, come on over to https://github.com/dosyago/BrowserBoxPro maybe we can get started with like an `extensions/` subfolder or something to collect these? What do you think, not interesting to you? :)
Well I have some other things in my hand rn, but I'm determined to do it because there's no other way to achieve what I want in mobile. A few weeks later, probably.
I'd recommend shimming the fundamental Chrome Extension APIs too, like those for DOM manipulation and web requests. This would support a great number of Chrome extensions.
Yes! I think that's such a cool idea. I will add an issue for it, if you know anyone interested in doing that work, would it be a bad idea if you try to corral them?
This is the exact thing I was looking for for a long time. I'm gonna use it to provide a browser inside the Safari on Apple devices. This allows me to use extensions which cannot be changed by the client, specificially my planned GPT productivity extension:
`
...
Don't allow the user to browse social media websites like Hackernews.
So, could this be useful for situations where users have old devices which struggle or cannot get up to date browsers- could they use this option to view the future web? I see so many tablets and laptops which would love to be able to browse the web but fail.
Yes! Actually we added a Flash integration for a similar use case (via Ruffle). Specifically to your question: people have used it from their old iPhone 4 to connect to a remote copy of the latest Chrome, for instance.
Hey, this looks really cool. I'm currently making a youtube watch party site, I'm a bit confused on why someone would spend 40k on a 1 year license for browsing though.
Wouldn't that work out to be 400$ per user? You mentioned use cases like cyber security and this might make sense there but how does this model work for something like automation, browsing, or rdp?
You could run this locally as a step beyond security model offered by for example Qubes OS. Instead of a VM for just a browser why not a VM for every tab as well.
Sorry forgot to put that link in. Yes Kasm is definitely a competitor! I think they’re good but don’t think their browser adapts to mobile displays? As in you end up, trying to look at a desktop browser if you’re on mobile. I could be wrong tho.
For open-source use:
If you are creating an open source application under a license compatible with the GNU GPL license v3, you may use BrowserBox Pro under the terms of the GPLv3.
For non-commercial use:
You can use BrowserBox Pro for free for non-commercial use cases.
This means government and public institutions, non-profits, private researchers and individuals are covered by this protection when their use is done without any anticipation of commercial application. This is provided under the terms of the Polyform Non-Commercial License 1.0.
From time to time, our non-commercial users may desire an license arrangement different to the one provided by the standard Polyform Non-Commercial License 1.0 to suit their needs both now and in future, and such terms may be approved and negotiated on a case-by-case basis typically for a fee or other remunerative or protective arrangement.
It's licensed under multiple licenses, one of which is the GPLv3 which is not only open source, it's also free software. By every definition this is open source software.
> "If you are creating an open source application" is a usage restriction/discrimination. That's not allowed for open source licenses.
No it is not. "If you are creating an open source application you may use the software under the GPLv3 or later" means "if you want to comply with the GPLv3+, you may use it under that license".
This is just licensing all the software under 3 separate licenses:
3. For commercial, closed source use you can buy a commercial license.
That's fully acceptable for GPLv3 and open source licensing in general as long as the software can be licensed by you under each of those 3 licenses separately (i.e. the dependencies are all compatible with each license and all contributors have either signed over their rights or have documented agreement to the above licensing conditions).
This is for the exact same reason that you can find dual GPLv3 (or AGPLv3) and closed source commercial licensed projects. It takes a bit of work on the IP management side but it's perfectly acceptable.
If you wanted to improve the wording of your licensing, I'd do the following:
In the licensing section for your README.md:
BrowserBoxPro is licensed separately under the following licenses:
- GNU General Public License v3 (or later) (linked to LICENSES/GPL-3.0.txt)
- Polyform Non-Commercial License 1.0 (link to LICENSES/PolyForm-Noncommercial-1.0.0.txt)
- BrowserBox Pro perpetual commercial license (link to LICENSES/LicenseRef-BBP-Commercial-Perpetual.txt).
- BrowserBox Pro subscription commercial license (link to LICENSES/LicenseRef-BBP-Commercial-Subscription.txt).
What does this mean for me?
Are you using BrowserBox Pro as it ships?
You may use BrowserBox Pro under the terms of the GPLv3 (or later).
Are you modifying BrowserBox Pro or developing software that uses BrowserBox Pro and willing to license those changes under the GPL?
You may use BrowserBox Pro under the terms of the GPLv3 (or later).
Are you using BrowserBox Pro, modifying BrowserBox Pro, or developing software that uses BrowserBox Pro in a non-commercial capacity but do not wish to comply with the license terms of the GPLv3?
You may use BrowserBox Pro under the terms of the Polyform Non-Commercial License 1.0.0.
Are you using BrowserBox Pro, modifying BrowserBox Pro, or developing software that uses BrowserBox Pro in a commercial capacity but do not wish to comply with the license terms of the GPLv3?
You may purchase a perpetual or subscription based commercial license (link to commercial licensing docs).
LICENSE.md:
SPDX-License-Identifier: GPL-3.0-or-later OR PolyForm-Noncommercial-1.0.0 OR BBP-Commercial-Perpetual OR BBP-Commercial-Subscription
BrowserBoxPro is licensed separately under the following licenses:
- GNU General Public License v3 (or later) (linked to LICENSES/GPL-3.0.txt)
- Polyform Non-Commercial License 1.0 (link to LICENSES/PolyForm-Noncommercial-1.0.0.txt)
- BrowserBox Pro perpetual commercial license (link to LICENSES/LicenseRef-BBP-Commercial-Perpetual.txt).
- BrowserBox Pro subscription commercial license (link to LICENSES/LicenseRef-BBP-Commercial-Subscription.txt).
Download the following linked files and put them under the names listed in the repo.
I think that should clear up any confusion (I am not a lawyer but am decently familiar with licensing). You could also include a "or contact us for special licensing" section like you did for OEM licensing in the README.
jacoblambda I have made a PR^0 with your suggestions, did you want to come over to make a token change so you can sign our CLA, or are you OK for me to use this and give your agreement in a HN comment here (or at the link if you're bothered) to our CLA: https://cla-assistant.io/dosyago/BrowserBox?pullRequest=240
Thanks! I know it's confusing, and I'm a little unsure about whether it's "Open Source" if like this, too. If anyone can tell me this is false, that's good as it's important to get right. But I think it's fine.
The condition they provided was effectively "if you want to use GPLv3 you can use GPLv3". That's perfectly acceptable for GPL. What they are doing on top of this is saying "if you can't/don't want to use GPLv3 but meet some other conditions, we will dual license it under one of these other licenses for you".
Let's say I have an open source project under the GPLv3 which only contains a foo.txt.
"If you are creating an open source application under a license compatible with the GNU GPL license v3, you may use BrowserBox Pro under the terms of the GPLv3."
So I can merge the BrowserBox Pro under GPLv3 to become part of my project.
Now I remove the foo.txt and my project will be a BrowserBox Pro clone under GPLv3 without the commercial restriction.
IANAL, but I'm wondering if this license really is GPL3? Because it's like a modified version of it - "GPL3 with a condition". From there, that possibly non-GPL3 license says that you can "use" the software, but not redistribute it.
But anyway it sounds like he needs to decide what he wants, and that's probably a non-open source license, if he doesn't want commercial use.
The license for the project is not GPLv3 but if my project is GPLv3 then the non-GPLv3 license for the project grants me a GPLv3 license if I include it.
Which shows the problem with this specific license in a single sentence.
I think that's a little too reductive—foo.txt wasn't a real app.
Nonetheless, I agree with your broad point: that if somebody can use it under the GPL, they can redistribute it and then all those downstream users can use it under the GPL.
But I disagree there is anything to fix. It's copyleft FOSS but businesses are encouraged to buy a license. Everybody wins.
My suggestion would be to license it under the AGPLv3+ for everyone, and then continue to sell commercial licenses to anyone who wants an alternative to the AGPL. Most corporations will refuse to use that license even though they're allowed to (e.g., https://opensource.google/documentation/reference/using/agpl...) and it's 100% FOSS.
I think the confusion over the licensing definitely indicates there is an opportunity for us to communicate better about this.
In terms of there being an actual better solution, though? I don't know. We're doing what other products are doing.
We remain open to that possibility there could be a better solution tho. But we haven't yet seen anything to convince us we're not on the money as we are.
> if he wants his license to enforce being paid for commercial use.
Then it wouldn't be open source, so I am not rooting for that.
However, for better or worse, large successful businesses can be built on scaring companies to pay for a commercial proprietary license and/or support, for copyleft open source.
No, an extra restriction ("For open-source use") is added on top of the GPLv3 license, which violates the license, actually (see §7):
> All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.
It's better to license under the stricter AGPLv3 and not put any extra conditions.
keepamovin doesn't have or need a licence at all (GPL or otherwise) so can't be violating it. He is distributing his program by virtue of being the author/copyright holder, not by virtue of owning a (GPL) licence for it. He doesn't need a distribution licence (from himself).
In LICENSE.MD, he declares that I (for example) may take a copy of his program provided I choose one of the licences he is willing to offer me. One of the choices is known as the GPL. Let's say I choose that. Now he's given me a copy of the program and granted me an unmodified, unrestricted GPL licence to use and distribute it. Let's write the terms down in a file called licence.gpl. (This is just a copy of the GPL itself.) I don't hold the program's copyright. I don't have a licence to distribute the program further under his LICENSE.md but I do now own a licence to use/distribute my copy of it as described in the licence he's granted me, licence.gpl.
My distribution licence (licence.gpl) doesn't allow me to add extra restrictions when distributing. So people I distribute to under the terms of my licence.gpl will automatically be granted a GPL licence by keepamovin (not me) to distribute further.
keepamovin as the author and perpetual sole copyright holder is different from me and people I distribute his program to, who are all mere licencees never copyright holders. We all hold licences he has granted to us directly and individually. (We don't grant licences to each other, having no right to do so. The GPL allows me to distribute my copy of the program to you at which point keepamovin will automatically give you a licence. (A licence is more abstract than a licence file.))
All distributions rooted in my copy should probably make clear that they are under licence.gpl not LICENSES.md. But that's something for any program offered under a choice of licences to solve.
The copy of the program at the site above is offered by keepamovin under an open source licence (GPL) and also other licences. The site thus does have an open source offering of the program. So it's true that "BrowserBox Pro goes open-source".
(Just as a licence is more abstract than a licence file, a program here is more abstract than a copy of a program. A person's giving a program to another person means ownership has transferred. So I was careful to write "copy of the program" above, as none of this distribution/redistribution involves transferring ownership of the program, which abstract work remains forever only keepamovin's.)
Fair enough, I stand corrected. Worth noting that differences over interpeting the relevant provisions of GPL led to a lawsuit and the court didn’t rule in favour of the side that relied on these provisions: https://www.theregister.com/2022/04/02/court_neo4j_ruling/
From a quick glance, that lawsuit seems qualitatively different. It's about a hybrid licence that I'll call AGPLCCL here. One side thought it therefore wasn't an internally consistent licence and the court ruled that it was.
keepamovin is offering to grant me an unadulterated (i.e. non-hybrid) GPL licence to use/distribute my copy of his program. I'm treating as axiomatic that the unadulterated GPL is an internally consistent and open-source licence.
While you are right that Neo4j license was altered more substantively, @keepamovin still made a rather big restriction by stating that GPLv3-licensed BrowserBox is only available "For open-source use" (thus it's no longer "unadulterated"). It restricts me from using that software under the terms of GPLv3 without making my system open-source. That's why I suggested AGPLv3 if @keepamovin wants to ensure that applications relying on open-source version of BrowserBox remain open-source.
LICENSE.md declares that if I have an intended use in an open source application, I can apply for and automatically be granted a pure GPL licence to then copy BrowserBox Pro directly from that site. Even if only some but not all people are similarly eligible, it still becomes true that "BrowserBox Pro goes open-source". That some people are ineligible for a licence to directly copy from that site doesn't change that.
> It restricts me from using that software under the terms of GPLv3 without making my system open-source.
If your system is closed source, then you are one of the people ineligible for receiving a GPL licence from that site that will allow you to copy the program directly from that site. It is not that you get some restricted licence. You get no licence at all to copy from that site. (We'll put the non-commercial and commercial licences aside for the moment.)
Next, let's look at how the situation isn't too bad even for the ineligible sods. If by "it" you meant "your licence" then that's false as you don't have a licence at all. If by "it", you meant "that site", then that's somewhat true. The site doesn't restrict you from using the software, it only prevents you from getting a licence and downloading the software from that site. If a GPL licencee gives you a copy of his copy of the software, keepamovin automatically and unconditionally grants you a pure GPL. That is, when the copying takes that path, he will grant you a GPL even if you don't have an open-source application of your own. You can use that copy of the software in your closed-source system (to whatever extent the pure GPL's terms allow).
Now consider Alice who makes a promise P1 to keepamovin saying she intends to use BrowserBox Pro in an open-source project. This makes her eligible for a pure GPL licence to directly copy BrowserBox Pro from the site above. So she does. What prevents her from subsequently making her project closed source and using BrowserBox Pro in it? It's not the GPL but her promise P1. If she closes her own sources she wouldn't have violated her (GPL) licence but she would have broken her eligibility promise P1 and thus defrauded keepamovin into granting her the GPL in the first place. Her situation is complicated not because she has a complicated hybrid licence but because she has two legal documents to satisfy, P1 and the pure GPL. P1 was used to obtain the pure GPL. (This is where I remind myself that this is all just my point of view.)
What about Bob who has an open-source and a closed-source project? Call them O and C respectively. He promises (P2) keepamovin that he is creating an open source application, so gets a pure GPL licence directly from the site above, as well as a copy of BrowserBox Pro. He uses this in O. Can he make a copy of his own copy of BrowserBox Pro for use in C, or download a fresh copy from the site above for use in C? I believe he can do both. LICENSE.md reads "If you are creating an open source application under a license compatible with the GNU GPL license v3, you may use BrowserBox Pro under the terms of the GPLv3." Thus Bob, having got a GPL legitimately by virtue of O, can also use BrowserBox Pro anywhere else his licence (pure GPL) permits him to, such as possibly C. Using BrowserBox Pro in C will not have made his promise P2 false. So unlike Alice, he will not have defrauded keepamovin in regards to his application for a GPL licence. The pure GPL Bob received from keepamovin tells him "You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force."
It's easy for Alice to become like Bob by having a token open source project making her eligible for a GPL licence directly from the site above.
What about Carol, who wants to use BrowserBox Pro commercially but doesn't want to pay? She can ask any GPL licencee, such as Bob above, for a copy of the program. keepamovin will implicitly and automatically grant Carol a pure GPL licence, since that's what Bob's licence assures Bob. Carol can use this copy of BrowserBox Pro commercially to the extent allowed by the pure GPL. LICENSE.md is irrelevant to Carol except for telling her that keepamovin is the author and copyright holder and the one granting her the GPL. And she needs to remember that she got her copy of the program from Bob who said he had a GPL and thus permission from keepamovin to make a copy for her.
Nobody gets a BrowserBox Pro licence from the site above that is a restricted GPL. Depending on what conditions they meet and what they ask for they either get a pure GPL or a non-commercial licence or a commercial licence or no licence at all. People who make copies of the program from GPL licencees automatically get a pure GPL licence from keepamovin. There is no restricted GPL licence in existence here.
At any rate, to repeat paragraph one, the woes of the ineligible (such as potentially you, Alice, Bob, Carol) in obtaining a GPL licence and a copy of the program directly from the site above do not make "BrowserBox Pro goes open-source" false. That at least some people are eligible for a GPL directly via the site above makes the headline true.
The GPL is pre-web so has a bug allowing web programmers to use a GPL'ed program in their web service without having to give their users the web service's source code. The AGPL fixes that bug so that such web programmers will need to give their users the web service's source code. Therefore the AGPL constrains licensees more and frees their users more.
I don't want to be overly dramatic. Your current license is decent. But the AGPLv3 is better: it fixes what is essentially a loophole in the GPL (the "ASP loophole", as described by the other user here).
From your perspective, you might find it even easier to sell your paid licences to companies and governments, if you use the AGPLv3. There's little downside to switching, because the AGPLv3 is still open source, and has similar compatibility with other open source licenses.
You've already released this under GPLv3, but you can switch going forward.
True. Alright, I think the reasons for us to stick with GPL are not as compelling as I first thought. I've updated my view. We will switch to AGPL. :)
On govs, unfortunately, but I still think it's a benefit: governments can simply use it without purchasing a commercial license or using GPL, under the Polyform Noncommercial. They can definitely purchase support, deployments, and customizations tho.
For open-source use
If you are creating an open source application under a license compatible with the GNU GPL license v3, you may use BrowserBox Pro under the terms of the GPLv3.
For non-commercial use
You can use BrowserBox Pro for free for non-commercial use cases.
This means government and public institutions, non-profits, private researchers and individuals are covered by this protection when their use is done without any anticipation of commercial application. This is provided under the terms of the Polyform Non-Commercial License 1.0.
Well, this isn't exactly dual license, but the presence of GPLv3 comprehensively nullifies Polyform, so it is FOSS. IANAL.
You may want to reword as "licensed under either GPLv3 or Polyform Non-commercial 1.0 at your option" or some such, like most rust-lang projects do; ex: https://github.com/rust-lang/rustup
Then give guidance on why one might choose one license over the other.
A government, non-profit or security researcher (or institute, for instance) could use it to build their own proprietary code that is not under GPL, but that uses BrowserBox Pro.
The OSI's definition is not like a heavenly authority. It's not a trademark, so I can call something "open source" even if I put it in the license file that you aren't allowed to use it if you are a red panda. (which is usage discrimination)
What OSI says and what I am allowed to call open source are not the same things.
You’re very perceptive! That’s a great sledge (put down, for non-Aussies). I had the same fear. But thankfully our customers rescued me from that delusion! :)
I suggest you leverage the open source nature to gain publicity, and offer a hosted cloud version. Change the licensing to a clear cut apache license and remove all the current "strings attached" usage clauses and put any "enterprise" features in a specific folder to make it obvious. Companies are more willing to pay for a hosted service, especially if you can figure out compliance like HIPAA, SOC2 etc. Another value added service is a "managed hosting" offering, where you connect to their GCP/AWS/Azure account via OAuth and deploy the (managed) instances directly on their infrastructure, billed to their own cloud account.
What I normally try to do is ask any customer what their needs are and try to understand those, rather than just push my product on them. It may not be a fit.
But in general, if customers want to customize it (UI, extensions, streaming methods, add-ons), it's way easier to customize your deployment with BrowserBox Pro, than to get Cloudflare to customize your deployment of their browsers.
And if you purchase our licenses in bulk it works out cheaper than 7/user/month (we are from 3.33/user/month to 1.05/user/month at scale). Maybe Cloudflare also offers volume discounts, but I don't know.
Also, if a customer wants to build a customer-facing product around this virtualized browser technology, can they do that with Cloudflare? Can I, for instance, licenses the SKIA-drawing S2 tech from Cloudflare to use in BrowserBox Pro? Maybe, but I don't know.
BrowserBox Pro license covers all of this in one easy to purchase package.
That's a good point but typically larger customers already have infrastructure they can put this on, as it's fairly low overhead, works across OSes (with a bit of config in some cases), and doesn't require anything specialized. It can be added to their existing cloud or baremetal at minimum marginal cost.
Strictly speaking, even if you were to go with a public cloud provider, and set up new infra specifically for BrowserBox Pro, you can essentially get an infra cost/seat/month of < USD1 anyway--making it still cheaper than Cloudflare, at least at scale above 100 seats.
In your tutorial here https://www.youtube.com/watch?v=cGUJCCPDWNE you're using linode 4gb ram 2cpu with dedicated CPU which costs $36/month. So how you can realistically get less than <$1 cost/seat/month?
I thought I was using a shared machine in that tutorial?
Anyway that was just picked without reason for a demo. Basically Linode and that price sheet are not the only options, and you can do things like collocating on time and machine. We do it. It's solid. We can't give away all our secrets here tho.
Simply not true. Corporations already use products like this because they're terrified of zero days. It's also much easier to monitor what your employees are doing.
We have functionality similar to this in our product. It's a pretty important feature of the product, since it allows customers to monitor and debug workflows that are being executed remotely.
We run browsers in containers - all major kinds. We use remote desktop type software which we've integrated into our app to allow customers to access the containers running on our clusters. I.e. they use our web interface to connect to and interact with a running container.
I don't think that aspect of our stack has any serious problems - we haven't had to do much work on it since the functionality was first released. We have issues with things like proprietary browsers and limitations of mobile emulation.
