Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

Pages: 1

#1 Epic Privacy Browser - Other Feature Requests & Ideas » Random Peer Network Based Search » 2021-01-20 19:51:08

crs0zero
Replies: 1

I am a security expert working for Georgia Tech and I have often wondered about how to create a truly private browsing experience.   My basic thought after reading about the Epic browser was why not "join" Google instead of fighting them--track everything and send it all to Google.  But all data is "effectively" randomized so that Google has a hard time fingerprinting a single person or identity.

It would work like this:

Everyone (or some, hopefully large, population of users) use the epic web browser.   Instead of sending data directly via the web browser you send it via someone else's web browser.    In effect, the population of active users forms a peer-to-peer network similar to how bittorrent works.   When sending data (search data for example) you randomly pick an alternate host from the set of active nodes and that node sends the data to the service requested (since you already have VPN capability you could easily extend this to be the tunnel through which this data is communicated between nodes).   What happens over time is that all users appear as "everyone" else to Google, in effect creating "white noise" which their algorithms would have a hard time dissecting relevant information from.

I have not thought through this issue completely which is why I am posting it here, but on the surface it does have merit.

The one downside is similar to what you mentioned about the TOR network.   How can you trust that a client browser is actually a legitimate Epic browser.    This is a hard issue to solve.    Without a complete "web of trust" it is almost impossible.     You can mitigate it however by fingerprinting the legitimate Epic browser and having the "peer network" validate it.    There are a few ways to mitigate this type of hijacking but I believe each one could still be hacked by someone who is determined.  This is the essence of that idea.

The Epic download server manipulates the SHA hash of the downloaded binary and generates a key based on that hash.   The program then calculates the same hash against its binary when running and should be able to compute its key as well.    If the key matches what the server generated then the browser is legit.  It should work for the most part but since the code to compute the key must be delivered (either in source or binary format) a determined hacker could debug and reverse engineer it, and therefor "fake" their signature.

Pages: 1

Board footer