Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

#1 Re: Epic Privacy Browser - Help & Troubleshooting » new Epic Browser user privacy and security concerns » 2014-09-15 10:35:56

I spent some time trying out more of this browser. Here is what I found:

The FAQ tells:
How does Epic protect my privacy?
Epic does several things to protect your privacy. Epic by default removes all Google services from Chromium so that your browsing does not go through Google’s servers.

Yet, epic connects to client2 from google * even before accessing any web site, and by standard, Epic wants to connect to google IPv6 DNS as soon as it opens. Why not allow people to choose to use their preferred DNS or OS DNS? Why does Epic need to connect to google?

I contacted Epic about DNS, because when I refuse the google DNS sometimes Epic behaves as if it goes for asynchronous DNS trying a plethora of UDP ports. They say by default asynchronous DNS is off, in my experience it is not always off, but I haven’t been able to reproduce reliably when it switches itself on without asking you. I say asynchronous DNS is sometimes on as I sometimes see in my firewall a plethora of UDP ports popping up from Epic, and my guess is it is only asynchronous DNS that would do such variety of UDP port opening in Epic?

Also the epic store/extensions will not function property, in fact won’t open most of the time, when refusing connections to … google.

Looks like chrome and thus google home phoning is still very much in Epic’s DNA.


In the forums there is a post requesting for adding other search engines, post in October 2013. Epic admin tells they’re working on a bug fix “in the next 2 weeks”, yet almost a year later, startpage, ixquick and duckduckgo are not yet allowed. Kind of long to get a bug fixed that unlocks a feature people request ...

Why does Epic only allow for its own search? I think it is fair to say Epic wants to know your searches and therefore disallows other search engines?


I immediately disabled the Epic proxy. I have my own VPN and in terms of privacy, who says Epic does not silently collect data through its proxy? I mean, their FAQ tells no google, but there is plenty of google. So when they say there is no data collection, who says there is none? They need to be making money somehow…

Even with the proxy off, the Epic browser likes to “phone home” to * epicbrowser * for no apparent reason, sometimes even before accessing any web site. I think there is no reason for Epic to do that unless it collects something?


Not accepting chrome extensions is a not so bad thing, kind of protecting people against themselves when it comes to privacy of extensions. But this seems not so exclusive given the epic store has some extensions. You can only get extensions from the epic store and not download them directly from their developer web site.

While adblockplus is great and integrated as standard, I would wish to add ghostery and h*t*t*p*severywhere. Why are they not in the extensions store of Epic, and why would I not be able to install them directly from their respective developer web sites?


My conclusion: Epic Browser is a novel initiative to help people in browsing the net a little more private then just completely open. Its developer took the time to respond to email and reply about some of the above issues (I didn’t raise all of them by email). Epic is however not as transparent and honest (faq and claims vs reality seen on network) as I would wish.

Sadly I won’t be using it as long as these issues are not resolved:
- choice of search engine
- choice of DNS, or at least respect OS DNS and never have asynchronous DNS
- no phoning to epicbrowser or forcing its domain for certain services
- no phoning to google or forcing its domain for certain services
- adding possibility for ghostery/h*t*t*p*severywhere, without needing to go through any store.

Until then, firefox and derivatives allow for these functions which involve privacy, so that’s where my browsing will be.

P.S. since the forum doesn't allow for more then one link in a post and the network connections mentioned are seen as links, I used * in some cases so they wouldn't look as links.

#2 Epic Privacy Browser - Help & Troubleshooting » new Epic Browser user privacy and security concerns » 2014-09-14 08:46:28

zinneken
Replies: 7

I don't like all the UDP ports Epic requires to open for its asynchronous DNS to work. I want to disable that feature so that only the DNS from my OS are used. I consider it a security issue for all those UDP ports to be open, and also a privacy issue for the asynchronous DNS to query DNS servers I have no knowledge or control of.

So, how does one disable asynchronous DNS in Epic Browser?

I also would like to know why Epic requests access to very weird hostnames, like:
*.keiabmukvf
*.ouimcmhhab
*.aiskcxpyjr

And what does Epic need to send to or retrieve from *.clients2.google.com ?

Thanks!

#3 Epic Privacy Browser - Privacy Features & Privacy Concerns » how to disable asynchronous dns? » 2014-09-14 08:41:57

zinneken
Replies: 0

I don't like all the UDP ports Epic requires to open for its asynchronous DNS to work. I want to disable that feature so that only the DNS from my OS are used. I consider it a security issue for all those UDP ports to be open, and also a privacy issue for the asynchronous DNS to query DNS servers I have no knowledge or control of.

So, how does one disable asynchronous DNS in Epic Browser?

I also would like to know why Epic requests access to very weird hostnames, like:
*.keiabmukvf
*.ouimcmhhab
*.aiskcxpyjr

And what does Epic need to send to or retrieve from *.clients2.google.com ?

Thanks!

#4 Epic Privacy Browser - Privacy Features & Privacy Concerns » how to disable asynchronous dns? » 2014-09-14 08:37:09

zinneken
Replies: 0

I don't like all the UDP ports Epic requires to open for its asynchronous DNS to work. I want to disable that feature so that only the DNS from my OS are used. I consider it a security issue for all those UDP ports to be open, and also a privacy issue for the asynchronous DNS to query DNS servers I have no knowledge or control of.

So, how does one disable asynchronous DNS in Epic Browser?

I also would like to know why Epic requests access to very weird hostnames, like:
*.keiabmukvf
*.ouimcmhhab
*.aiskcxpyjr

Board footer