Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

#1 Re: Epic Privacy Browser - Other Feature Requests & Ideas » Block Javascript please! » 2014-03-01 21:13:20

1: Epic is not secure enough out of the box for newbies. Therefore I recommend the following :

A: Do not hide the advanced setting behind a link, it's slightly deceptive like your trying to hide things.

B: The most vital privacy settings are hidden yet again behind another link. Better to put all the options on one page.

C: Default settings for Privacy> Content Settings should be:

a: Keep local data only until I quit my browser (not 'Allow local data to be set')

A Privacy browser is exactly that, nothing should remain when it's closed and only by a user choosing to change it to save the data, thus with the warning they are undermining the privacy feature. In fact the Epic files should be encrypted to defeat SSD wear leveling.

Perhaps have a window appear before closing to ask to clear all user data (default Yes) with the option to turn it off. (re-enable in settings) The whole object is to generate trust that Epic is indeed interested in maintaining a users privacy. The word of mouth advertising will certainly follow like it does for CCleaner.

The object is not to defeat the NSA here, just to make sure Grandma doesn't see Juniors wild bondage fetishes or a PC tech later blackmailing the guy who's computer he just fixed.

b: Block third-party cookies and site data (check on)

c: JavaScript off by default (with a always on option) a "Trust this site to run scripts' button on the toolbar.

Why? Because JavaScript is seriously malicious shit. It's too much capability. It can track the mouse pointer, create fake popup windows, sniff the history, lock the dam browser up tighter than shit. Epic IS susceptible to the FBI MoneyPak browser lock. Seriously guys, why can JavaScript be allowed to lock up your browser like that?


With JavaScript turned off by default as a user surfs, their machine is more private and secure. Then if the user wishes they can whitelist certain sites and ones in their bookmarks.


d: Plugins should be Click to Play by default.

Flash's security is out of your control as perhaps is a lot of other plug-ins as well. Plugins should NOT be on all the time, only when necessary, being on all the time is how machines get pwned. If one comes to a Flash site and they trust it, that's what the "Trust this site to run scripts' button on the toolbar is for. Give the control to the user, not automatically assume Plugins are secure, which we have been proven repeatedly that they are not.


e: Pop ups off by default (you got that one right!) But why you don't have pop-unders licked yet? The "Trust this site to run scripts' button would work to reduce them because of JavaScript being off most of the time.

Epic users are focused on privacy, therefore they should not be used as lab rats for unproven technology like JavaScript and other plugins.


f: Track physical location (ask) seems right enough.

But somewhere you should warn/instruct users if they give a site permission for one's location, how frigging accurate it is and how it's acquired via Google's Streetview vehicles mapping people's Wifi locations etc. to within a few feet. If they don't want their WiFi being used advise to add "_nomap" to the end of their SSID.

Again, develop trust your in the users camp.


2: Squid proxy server

Your using Squid as a proxy server.

Squid can use SquidGuard which it would be certainly much appreciated to enable the cp blacklist from Squidblacklist.org. It's only a $5 USD a month.

Word can get around that your browser is safer for legal adult content without getting ambushed.

In the Settings a option to block all adult sites based upon the full blacklist should also be a option with a password lock. Perhaps other blacklists as required (ie military, hack sites, warz etc.)


3: Also to be able to lock the browser from downloads with the password would also be nice.

In fact being able to lock the Settings with a password combined with the above would make for a ideal Children's/Kiosk type browser.


4: Bad eyesight:

You got web page zoom which is great, but the browser UI type size and button sizes are not scale-able. It's likely a tall order, but being able to scale those up would make it ideal for older users and those with eyesight issues.


Epic is certainly a nice privacy browser, there are a few more adjustments that can make it worthwhile for daily use.

Thanks for providing it and hope to see some more paranoid level improvements soon! smile

Board footer