Hacker News new | comments | show | ask | jobs | submit login

This is why I want to fork Chrome and create a secure and privacy-aware browser.

* Take out everything Google-related, including safebrowsing

* Rip out Flash and Java

* Integrate NoScript

* Integrate an alternate html5/canvas based video player

* Integrate third-party request blocking

* No cookies by default

* Strip out all the tracking id's in URLs (eg. Google search results pages, back to just plain old ?s=search+query)

* Automatically clear cookies such as the __ut* cookies from analytics

* Incognito by default

* Introduce a concept of 'installing' trusted sites that would be allowed to run scripts, etc. not too dissimilar to how desktop computing works

I have had this idea for over a year now, but haven't gone far in implementing it other than doing a test build of chromium with incognito by default and some default extensions.

It came about because my dad and other family members have each had spyware or rootkits installed on their machines. 99.99% of drive-by exploits can be stopped by simply not running IE and switching off Flash and Java.

It would be a browser where you don't have to explain everything, just marketed/renown as being a browser focused on privacy and security features for everyday users.

When I get a chance, I am contemplating putting a team together and forking this as an open source project. If such a project is of interest to anybody else, get in touch (via email in profile).

Cookies and JS off by default?

Maybe we don't live in the same world.

third-party cookies

the idea is that you have a button next to the URL to install it, from where it just runs as normal (albeit still without third-party cookies, as with fb buttons)

it could also do something smart with the type of javascript being executed. for eg. the concern with javascript is dyn generating forms or iframes and auto-submitting. etc. something that you can't do with extensions but you can do with a separate browser.

Firefox extensions can certainly do that. For example NoScript has IFrame blocking built-in, it's just disabled by default. More importantly, its ClearClick feature prevents clickjacking even with IFrames enabled.

You're right that Chrome extensions can't do that, though.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact