Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

#1 2014-05-03 17:00:43

perrier
Guest

More security options for proxy extension

Currently the proxy setting is like a black box to users. You should make that extension little more configurable with the following options. It will greatly enhance the anonmity of your browser. You might already have some of these options but they are just not visible to me as a configurable option.

1. Option to enable all proxy traffic through SSL

2. Option to remove Page Titles : Add this option to remove the titles from all pages through the proxy so that titles do not show up in your web browser and in your browsing history on your local desktop or on other proxy/web servers. This option should also remove favicons for the same reason.

3. Option to remove scripts: Scripts are often used to create fancy effects on websites and add increased functionality and features. The way they work means they can be difficult for the proxy to handle. This means some scripts may request resources directly from your internet connection, not using the proxy and compromising your anonymity. Those concerned about their privacy should enable this option, but be warned that it may break the functionality of a lot of websites.

4. Option to Remove objects: This option removes objects (such as Flash and Java) from the webpages. These objects may make requests to external resources outside of the proxy environment, compromising your anonymity. Enable this option to Remove objects.

5. No referer option: The referer header tells the remote website the previous page you were on that linked you to where you are now, or the page that you're currently on for requested resources on the current page. Enabling this option will send a blank referer for all requests.

6. No user agent option: The user agent header contains information about your computer. This is sent for all requests to resources and webpages. Enabling this option means that we will remove your user agent from the request and will replace it with a false (but valid) one instead.

Offline

#2 2014-05-06 11:45:37

cricket
Guest

Re: More security options for proxy extension

I agree with the options mentioned above, if these options are really 'optionally' for the user indeed.
For instance, enabling the recommended option of 'Remove Page Titles' means that the functionality of 'KeePass Password Safe' (and perhaps other password managers) will be diminished severely.

Offline

#3 2014-05-09 15:55:59

alok
Administrator

Re: More security options for proxy extension

@perrier  Great post -- thanks so much for the details & recommendations.  You can actually do a lot of that already at the browser level (not at the proxy level i.e. the settings will apply whether the proxy is on or off for all of Epic).  I'll respond to them by number and also with my own personal thoughts ;-)

1.  Encrypted Proxy -- this will not be optional, this will be default very very soon!  Already, a good chunk of the Epic proxy traffic is encrypted...in the coming weeks all proxy traffic will be encrypted.

2.  Page Titles -- we don't story any history so nothing to worry about here...interesting idea to remove page titles from other tabs as well, thanks!

3.  Scripts -- Via the "Settings" you can turn javascript on or off and or allow it for different websites.  We may support the NoScript addon soon... 

4.  Plugin Objects -- Via the "Settings" you can turn plugins on or off or click to play.  For more privacy, we would definitely recommend setting to "click to play" though it can get irritating to users if you're watching a lot of videos.  We're working on other ways to ensure better privacy in plugins -- right now plugins are without a doubt one of the biggest privacy/security risk in web browsers. 

5.  Referer -- We've experimented with removing referer data all the time & such but it breaks a lot of websites, especially e-commerce sites.  Right now we strip referer data from search engines as we know that data is being captured & violates your privacy.  We'd like over time to have a biggest list of websites to strip referer data from for even more privacy -- that should happen over time.  Right now, there's no manual way to do this, but we should add addons to our webstore to give users more control on this, good point for sure. 

6.  User Agent -- We try to have a fairly common user agent, the standard chrome one, and we make sure this keeps changing with each update, so it's not stable.  You're right, we should offer an addon in the webstore to give users more control on this as well.  We're also thinking about having even more frequent user agent changes in the future to ensure it can't be used to fingerprint you. 

Hope that helps -- thanks again for your support & super feedback...keep sharing it with us!

Offline

Board footer