Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

#1 2013-12-10 00:52:48

panter
Guest

privacy?

Hi,

I like it that peope wanna make the world a better place, and like the idea that people
wanna give others better privacy and anonimity in the online world because we need it.

The first time I was reading about the EpicBrowser I was happy, finnaly some people that
gonna do something about trackers (after Ghostery and some other good Add-on makers),
Goverments and Google snooping ect. After reading on your webpage I was thinking, YES
these people are good.

I realize that it could be a challenge to develop a more privacy friendly webbrowser. On
the other hand I think it's 2013, and many people know alot of stuff about browser privacy
and tracking habits. Many reseach people have make some good artikels about browsers,
browsertracking and fingerprinting However, when I view the page, I really think that your browser too early has been released, and not well tested, and not really as privacy-friendly comes out on top.


When testing and investigating the EpicBrowser, I was very unhappy and also very disappointed about many things that could be easily prevented.

Let me explain why.

1)
To protect myself I use a VPN service called Mullvad from Sweden, and when I wanna register I get the below message.

Sorry, but your ip-address identified as spammers. You cant register on this forum.

If Epic gets so many spam from my VPN? Really, come on I don't believe it. Spammers can also be blockt by E-mail adres. For privacy a very big FAIL. You schould know what privacy means, and schould better check what IP's and e-mail services to block. Or did you just take a spammers IP list? A fast way to block things, but sometimes it pisses people off like me. And for sure these people that take privacy very important.

3)
To see what the Founder & CEO has to say about the above things I sented a e-mail
to him on the 24 of november. No answer back!!!! What a good start when you just wanna
register on a forum.

4)
Hmmm, then I see that Epic always runs his "EpicUpdate" as a service in the background,
even when i complete close the browser. This process schould NOT be running by default.
A update check needs only to run when people ask for that, and if not it schould be running only at startup for a few secounds. It takes away memory resources and it really should not be there when the browser is not open.

5)
I decided to investigate a little further while the prowser was still closed and looking at the folders located in AppData/Local/EpicPrivacy Browser/User Data/Local Storage I found various files named chrome-extension_(cryptic).localstorage, one of the files was over 100Kb in size so I decided to open it up, it appears that the right way to do this is a SQL viewer but I used Notepad and inside I found a list of the websites that I had visited the day before, so much for privacy!

I have now looked at that folder again with the Epic privacy browser running and I see files being created that contain the name of the URL I visit (in the form of site.com.localstorage]site.com.localstorage] site.com.localstorage, these files are
temporarly written to the hard drive otherwise I would not be able to see them, they are deleted afterwards but it won’t be difficult for a noisy person to uncover them again using any cheap undelete software.


6)
I see the browser making connections to Google. I cannot places those IP's here.
Why O Why did the developmentteam didn't see this? Again a big FAIL for privacy, when you develop something on top of a Google product. Brrrrrrrrrrrrrr

7)
For browser tracking and fingerprinting, it shows lot's of stuff that schould be more stealth. Do the test on: ip-check.info/?lang=en
Trackers and fingerprinters USE these methodes to track people. Even behind the proxy, people can be traced!!!!!!  And for sure with JavaScript on. I know most things don't work without JavaScript these day's but Epic wanna make something to prevent trackers and this is not the way to do that. Oooo man, your team schould read ALOT more about browsertracking and fingerprinting before we gonna talk about that. It's all about
the money, and companies make software for these things. It's alot more then you say on your webpage. Only the EpicBrowser fingerprint tell them alot.

At least make a button on top of the menu or bar, to disable or enable JavaScript, or put NoScript in EpicBrowser. I see that JavaScipt can be enable/disable but not very friendly if you wanna use it alot.
Then something about Add-ons.
Not ALL Add-ons are sending data to the person that have made a Add-on.  The Add-on "Ghostery" have a option if people wanna sent their data anonymous to Ghostery. And in default mode this is even not on. Then NoScript, and BetterPrivacy also are good Add-ons that are checked by the EFF and CCC, and are not Add-ons that sent data
to third party's. For users privacy protection these three Add-ons are normaly just fine, and many Firefox users use these. In the Epic browser people don't have any control like Firefox for exsample.

8) The EpicBrowser "infects" my Firefoxbroser by adding itself into the Firefox plugin list. Brrrrrrrrrrr I really don't like that.

9)
On Windows, Epic seems to has it's own life, and each time I see the Epic icon on my desktop, and my taskbar. Also when I delete these icons. I don't care what is going wrong here, but for privacy also a BIG fail. How easy would it be to place a backdoor into Epic, if you even can control these things?

9)
Mabey you have made EpicBrowser for the bigger audience, but always keep in mind there are many reseachers that also take a closer look at it, and also these people can be a big help if you wanna devolop something. Just ask of e-mail them.

10)
If you really wanna make a more privacy friendly browser then open-source is A must these days. Also the terms "Trust No One, and "Perfect Forward Security" schould be looked at. With Open-source users can investigate and have more control then closed source. You schould know it, as nobody else. If not, sorry but then your team is not so good.

Firefox is Open-source, so you could develop your Browser on top of that, but like many people choose a Google product, and that is asking for trouble. Most of the time people talk about browser speed, but that is bullshit. Most people don't even nothise a 0.2 secounds faster websearch, and what about the connection speed of a server? We are not in control of that anyway. But if we are talking about privacy, then speed schould not come in the first or whatever place. It's like using Tor, privacy and anonimity first.

Sorry to say, but their is also a browser JonDoFox, (more a Add-on) but made on top of Firefox, and this one is much better then EpicBrowser now is. Take a look at it. (only for exsample.)

The best tip I wanna give you is to drop this project, and make something brand and open-source new, and watch, learn, and ask for help if needed. I already know you don't gonna drop this project, but this is also the biggest fail. So many people that wanna help sinds the Ewards Snowden leaks, but only a handfull do it the right way.
I really think you could do better but like all those others it's into your hands.

Still I keep looking what changes it makes, and i'm looking forward to your answers.

Offline

Board footer