Re: Bring back extensions for the privacy risk-takers

Sorry Optimus and other users for the delays in supporting a limited number of extensions.  It's a lot trickier than it sounds to allow extensions in a secure way!  We've tried a few techniques already each of which had some failings so we're working on yet another new method.  Chromium isn't easy to handle in general.

Philosophically, we do feel extensions can improve convenience as well as security.  Technically, though it's very hard to allow extensions while still providing strong privacy. 

So what we're planning initially is to allow only a small subset of extensions -- generally those that are well-known and well-trusted and somewhat essential to browsing like password managers. 

Ironically, we don't have plans to allow other privacy extensions because one most of their functionality we would already have and secondly and more to the point many so-called privacy extensions actually send all your browsing through their servers and are thus philosophically not aligned with what we believe privacy should be at the browser-level. 

@bluesrains -- not sure about all of them, but google translate is probably sending ALL your web browsing through google servers!! 

@Keith -- Adblock is basically built into Epic!!  Any other extensions you'd like? 

@rockman -- even with limited extension support, we will make extension support disabled by default.  you're right to be wary of plugins -- we would like to do something about flash like put it into a virtual machine or something, flash is definitely an issue in terms of privacy and performance. 

@dilgreen -- we are planning to support LastPass & great point! 

@weathertop -- Couldn't have said it better, Epic should be your browsing browser!!!  Exactly!!  Another browser can have log-in accounts like FB/Email, etc.   That's why we're focusing on just the minimal addons, highly limited support.

Re: Bring back extensions for the privacy risk-takers

I agree with weathertop in principle. I think, however, there is a case to be made for not allowing "trusted sites" to add on non-trusted entities to the their tracking. Just because I want to buy something at amazon, does not mean that I want them to know that I also price shopped at New Egg, etc. This is exactly what companies like Acxiom do.

I actually would like to be able to use Epic for everyday use. Last Pass is essentially the only thing I need to make that happen, though I am willing to switch back to keepass if that is the supported option.

The other thing I would really like to see is a more robust proxy &/or improved tor support.

Oh, and I would like to encourage everyone to send $10 or whatever you can to this team for this effort. This is a great project. Please release your source code soon, no offence, but without the source code you might as well be the NSA.

28

Re: Bring back extensions for the privacy risk-takers

Epic extended that support for few extensions. Please check chrome://extensions page.

Thank You
Sai

Re: Bring back extensions for the privacy risk-takers

I understand and support your primary privacy concern; it's the reason I'm trying out Epic. However I, like other users here, need to  balance security with functionality. Yes, you're doing a GREAT job ensuring security/privacy, but without certain very helpful tools, such as Ginger for spellcheck and AdBlock for getting rid of all the pesky ads, your browser's useability is substantially decreased.

That said, I'm very pleased that you've included LastPass and Xmarks -- they're the reason that I've switched to Epic full-time for a trial. Please add a spellchecker and ad blocker too.

As with any software product, users need functionality AND security.

Keep up the good work, and thank you for creating Epic!


alok wrote:

Hi Browserdude -- do you use Lastpass as well? 

The major problem with extensions is that they represent huge privacy risks -- even so-called privacy extensions often represent huge privacy risks like sending all your browsing through their servers.  So once we allow extensions carte blanche, we really throw the hope of privacy out the window!! 

We are considering allowing certain very secure and private extensions & lastpass may be one such extension -- I believe with LastPass and maybe their Xmarks as well, if you lose your key, then you lose your data?  I.e. they don't even sync data onto their servers -- it's very much local?   

Please keep sharing thoughts on this -- we know there will be a lot of opinions and requests here!

Re: Bring back extensions for the privacy risk-takers

An important part of my security set up is 1Password. If this could be added to allowed extensions it would be greatly appreciated by Mac users. There are sites which I have to log on to but have too many trackers.

Re: Bring back extensions for the privacy risk-takers

I second 1Password. I think it's functionality complements Epic as it stores (and generates) different secure passwords for different sites.
As a matter of fact,  it is the only extension that I can't live without.

Re: Bring back extensions for the privacy risk-takers

I second 1Password. 1Password creates and stores complex secure passwords for different sites. The keychain is also encrypted.
For me is absolutely indispensable and it is the only thing holding me back from switching to Epic.

33

Re: Bring back extensions for the privacy risk-takers

1Password is the only extension which i'm missing to integrate Epic in my workflow. If this extension could be on the roadmap that would be awesome. If not then it would be good to get an explanation why 1password is a non-secure extension.

Keep up the good work!

Re: Bring back extensions for the privacy risk-takers

Hi keith,

Thanks for writing us and sharing your thoughts,

Did you check the epic browser's web store (https://epicbrowser.com/webstore) . We support couple of extensions through our web store. 

Epic has a built it adblock, is this not working for you???

Re: Bring back extensions for the privacy risk-takers

I'm curious why Epic offers the LastPass extension and not 1Password.

In my opinion, 1Password is more secure (based on how one can control the location of the master file) but it also has many more features and flexibility. If anyone thinks 1Password is less secure than LastPass then please let us know why...at least a link that explains rather than a simple assertion.

Btw, I don't mind inconvenience for security. I always have at least 3, often 5 browsers open on my Mac and constantly switch between them. I support Epic limiting extensions to those qualified for the store.

Firefox is the most secure browser when configured properly, controlling specific script execution, blocking trackers etc but Epic is a good balance between convenience and security for well-known risks like Facebook, NYTimes etc, but better balance if it had the 1Password extension.

Even tho I don't think Chrome/Chromium reports or runs all traffic thru Google servers, I use it only for Google services like translation, Gmail, maps, YouTube, etc. I use Safari to access Apple services and Opera for Fastmail.

And all these browsers allow 1Password, except Epic, so please add the 1Password extension to your store.

Re: Bring back extensions for the privacy risk-takers

thanks for adding lastpass and love the browser, but I really miss Addthis.
can you enable this, or something similar?

Re: Bring back extensions for the privacy risk-takers

cd1515 wrote:

I really miss Addthis.
can you enable this, or something similar?

Careful what you wish for:-) AddThis is useful but unfortunately a hazard to privacy. They use advanced forms of tracking that work-around tracking avoidance techniques, like those used by Epic. An excellent article explains:
http://boingboing.net/2014/07/23/web-tr … h-pic.html

Relevant portion is down about 3/4:
"...Most of the usage was from a single service, AddThis, which adds social-media and other sharing buttons to a site through an external JavaScript library reference and tiny bits of code....
AddThis did not respond to a request for comment, but told ProPublica that its script was part of ongoing research,.... AddThis also said that it doesn't ask permission from web sites to deploy such tests and that it doesn't use the data collected at government sites for "ad targeted or personalization," but didn't disclaim such use on other sites."

Re: Bring back extensions for the privacy risk-takers

Can you add "Tampermonkey" to Epic extension?

39

Re: Bring back extensions for the privacy risk-takers

Hi Team, great work on Epic! Regarding the extensions-discussion, I guess I'd also be on the side of "allow for people who think they know what they're doing" smile...extensions are so critical for a good browsing experience nowadays, so there should be some kind of option to enable the installation of extensions (off by default of course), maybe blocking them from making connections (if possible ask the user if it's ok if the extension connects somewhere?).

One I really miss is: https://github.com/babyman/quick-tabs-chrome-extension with a lot of booksmarks and tabs open this extension is crucial
Also important is the FireShot extension which allows you to make a screenshot of a whole website (not just the visible part): had to remove link, just search for "FireShot" in Google Webstore...

keep up the great work though!

40

Re: Bring back extensions for the privacy risk-takers

Hi Team, great work on Epic! Regarding the extensions-discussion, I guess I'd also be on the side of "allow for people who think they know what they're doing" smile...extensions are so critical for a good browsing experience nowadays, so there should be some kind of option to enable the installation of extensions (off by default of course), maybe blocking them from making connections (if possible ask the user if it's ok if the extension connects somewhere?).

One I really miss is: https://github.com/babyman/quick-tabs-chrome-extension with a lot of booksmarks and tabs open this extension is crucial
Also important is the FireShot extension which allows you to make a screenshot of a whole website (not just the visible part): had to remove link, just search for "FireShot" in Google Webstore...

keep up the great work though!

Re: Bring back extensions for the privacy risk-takers

Please add Signal Desktop from Open Whisper Systems!!!!

Re: Bring back extensions for the privacy risk-takers

Any news on allowing lastpass and other "secure" extensions to be used in epic? I've been evaluating the browser for almost two weeks and like much of what I see, however, the small annoyances detailed in my other posts in the various forum sections grate on me day after day and I fear will eventually overwhelm the initial appeal of epic.

The built in password manager would be sufficient for me if it worked reliably, but it doesn't - often not presenting the opportunity to save passwords for sites that have been deleted from the password manager or sites that do not explicitly prevent saved passwords.

I understand one can't have great privacy and allow the vast majority of users free reign to thwart the browsers efforts and premise, but when one cannot even tell if they are running the current version of the software without downloading whatever is available and reinstalling...

Some focus and direction is needed in epic in the short term to get the shortcomings addressed/fixed. Suggestions and bugs reported many months ago seem to still be present or not implemented despite being told that they were coming.

just my initial thoughts.

Re: Bring back extensions for the privacy risk-takers

Thanks for the feedback & thoughts!

Epic DOES support Lastpass and does have a secure web extension store :-D!

In the Epic menu, choose Extensions then choose "add new extensions" and it should open the Epic Webstore where you can add Lastpass for password management and there's also Xmarks for bookmark syncing as well as a few other extensions we've found widely useful and trustworthy.

Re: Bring back extensions for the privacy risk-takers

Just wanted to chime in and say that I know dozen people who'd love to use epic, but won't consider it without certain extensions. Maybe just add something like an "unsafe mode" for people to be able to use their extensions, it's still better than using chrome.

There got to be  A LOT of people who'd try it. I myself I miss certain developer extensions and signal messenger, but I might switch from signal to quabel messenger, so just adding single safe extensions is not the way to go.

Enable extensions, make the user aware that he's undermining the browsers security by using them, but it's 2016, you can't tell people how they have to use the internet any longer.