Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
PSA - I just noticed Epic browser is a "proxy" just like Opera (I think)
364 views
Skip to first unread message
Dan Jenkins
Jan 7, 2018, 1:02:16 PM1/7/18
to
There may be two freeware web browsers with full-time encrypted proxy.
* Epic
* Opera
This is only a PSA as I was rooting around the Epic web site to figure out
how to find the full offline installer link, when I just now noticed the
Epic browser says it is a "proxy" just like Opera (I think).
https://www.epicbrowser.com/encrypted_proxy/
I can't tell if, like Opera, it keeps a special unique ID for each user.
https://www.epicbrowser.com/privacy/intro.html
All I can say is the Epic Chrome-based browser does give you proxy options:
https://s17.postimg.org/j1s83fnun/Clipboard01.jpg
I also noticed something new in the latest Opera, which is that Opera has a
new'ish switch that allows you to bypass the proxy-vpn for
default-search-engine searches (for speed).
https://s17.postimg.org/4vch862ov/Clipboard02.jpg
I don't know anything more than this, so this is just a public service
announcement - but what that seems to tell us is that there are at least
two free Windows-based free "proxy" browsers.
* Epic
* Opera
This is only a PSA as I was rooting around the Epic web site to figure out
how to find the full offline installer link, when I just now noticed the
Epic browser says it is a "proxy" just like Opera (I think).
https://www.epicbrowser.com/encrypted_proxy/
I can't tell if, like Opera, it keeps a special unique ID for each user.
https://www.epicbrowser.com/privacy/intro.html
All I can say is the Epic Chrome-based browser does give you proxy options:
https://s17.postimg.org/j1s83fnun/Clipboard01.jpg
I also noticed something new in the latest Opera, which is that Opera has a
new'ish switch that allows you to bypass the proxy-vpn for
default-search-engine searches (for speed).
https://s17.postimg.org/4vch862ov/Clipboard02.jpg
I don't know anything more than this, so this is just a public service
announcement - but what that seems to tell us is that there are at least
two free Windows-based free "proxy" browsers.
Mayayana
Jan 7, 2018, 2:12:10 PM1/7/18
to
"Dan Jenkins" <djenki...@plusnet.uk> wrote
| There may be two freeware web browsers with full-time encrypted proxy.
| * Epic
| * Opera
|
Are you concerned with privacy? Epic won't
let you install without letting it call home. The
resource data in the stub includes something
called GOOGLEUPDATE and the string table
includes a number of google URLs. Why is all that
there in a program that claims to remove all Google
spyware from their version of Chromium?
| There may be two freeware web browsers with full-time encrypted proxy.
| * Epic
| * Opera
|
let you install without letting it call home. The
resource data in the stub includes something
called GOOGLEUPDATE and the string table
includes a number of google URLs. Why is all that
there in a program that claims to remove all Google
spyware from their version of Chromium?
VanguardLH
Jan 7, 2018, 2:49:12 PM1/7/18
to
Dan Jenkins wrote:
> There may be two freeware web browsers with full-time encrypted proxy.
> * Epic
> * Opera
>
> This is only a PSA as I was rooting around the Epic web site to figure out
> how to find the full offline installer link, when I just now noticed the
> Epic browser says it is a "proxy" just like Opera (I think).
> https://www.epicbrowser.com/encrypted_proxy/
>
> I can't tell if, like Opera, it keeps a special unique ID for each user.
> https://www.epicbrowser.com/privacy/intro.html
In Opera, the unique ID remains until whenever you decide to flush its
> There may be two freeware web browsers with full-time encrypted proxy.
> * Epic
> * Opera
>
> This is only a PSA as I was rooting around the Epic web site to figure out
> how to find the full offline installer link, when I just now noticed the
> Epic browser says it is a "proxy" just like Opera (I think).
> https://www.epicbrowser.com/encrypted_proxy/
>
> I can't tell if, like Opera, it keeps a special unique ID for each user.
> https://www.epicbrowser.com/privacy/intro.html
local data. From a prior submission of mine regarding Opera's ID ...
Are you using the app-specified pseudo-VPN incorporated into Opera?
That is when the device ID gets used (when connecting to SurfEasy VPN
server, owned by Opera).
You can clear the device ID: Opera menu -> More tools -> Clear
browsing data -> Third party services data. A new ID gets created when
you next connect to their VPN server. There may be extensions that
include purging the third party data when they purge Opera's other local
data. The unique/device ID is sent in the encrypted traffic only when
connecting to Opera's SurfEasy VPN server.
https://www.surfeasy.com/privacy_policy/
"For the VPN in Opera Browser for Desktop, we create a subscriber ID
(generated in sequential order across all subscribers) that allows us to
manage that user on our system. If that user clears their browser
cache/history, they’re assigned a new generated subscriber ID."
Since the traffic is encrypted, you won't be able to read it when
intercepting the web traffic from that web browser using a local proxy
(e.g., Wireshark). The ID sticks in Opera until you clear it. When you
next use their VPN, a new ID gets creates and sticks thereafter. You
can clear it as often as you want. Check if there is an extension that
clears it upon exit from the web browser so it will be new in every web
session of the web browser (*if* you use their VPN service).
As for Epic, you would have to see what options it has for clearing its
local data. I thought Epic's intent was to be a [more] secure Chromium
based web browser, so it doesn't support extensions since those can
share or steal data.
https://www.epicbrowser.com/FAQ.html
Why does Epic block almost all Addons or Extensions?
"... Epic only allows a few trusted Addons."
Didn't see any listed at https://epicbrowser.com/webstore/. Maybe the
only addons that Epic supports have already been pre-installed into the
product.
The Epic author's site has a dearth of information about his product.
Although some pages have a top banner advertising the availability of
the VPN fetaure, there is no further information: nothing about when it
gets used, how to enable/disable it, if it is a true VPN or just an
anonymizing proxy to hide your IP address, if it is implemented solely
at the client (which means it isn't a VPN) or connects to their server
and what is that server, etc. Guess the author equates hiding
information as a security measure.
There is the Epic forums where you could ask other Epic users how that
product works, if they know.
http://forum.epicbrowser.com/
By searching there on "vpn", I saw a user saying they were queried as to
which country to use a proxy. So it looks like Epic uses scattered
servers to achieve its claimed VPN feature. However, there is still no
informtion if Epic is running those proxy servers or if they're from
some public list of public proxies. If they are public proxies (because
the Epic author cannot afford the cost of all those resources for a free
product that has no advertising or tracking) then all Epic's "VPN" does
is anonymizing. You don't need Epic, Opera, or any particular web
browser to configure them to use a public proxy to hide your IP address.
http://forum.epicbrowser.com/viewtopic.php?id=1963
So a banner at their site claims Epic has a VPN feature (which works
only if provided as a service at some server) and yet the admin in their
forum says it is just a proxy, not a VPN server.
> I also noticed something new in the latest Opera, which is that Opera has a
> new'ish switch that allows you to bypass the proxy-vpn for
> default-search-engine searches (for speed).
> https://s17.postimg.org/4vch862ov/Clipboard02.jpg
the online search engines. This would hide your IP address from the
search provider. Well, either the search engine provider gets to track
your searches or Opera can. The privacy risk is not mitigated: you
either trust the search provider to not abuse the tracking information
or you trust Opera with the same information. I disabled that feature
in Opera when I trialed the product but still saw search queries going
to their proxy server. I found a config file that dictated the
resulting destination for various search engines. Don't remember which
ones were left behind but any queries to those search engines sites
still had Opera sending the queries through Opera's proxy server.
> I don't know anything more than this, so this is just a public service
> announcement - but what that seems to tell us is that there are at least
> two free Windows-based free "proxy" browsers.
private) or paid proxy server. Do a search on "free public proxy" and
you find lots of them; however, the free ones are not reliable nor are
they fast (and even the fastest proxy will still add delay as it is
another hop in the route but also has to deconstruct and rebuild the
traffic so it looks like it originated from only that server).
https://www.google.com/search?q=free%20public%20proxy
Note that there are blacklists of public proxy servers. There are
blacklists of the private/paid proxies, too. That's how sites can block
you from connecting to them. They may not want someone visiting that is
deliberately attempting to thwart their regional restrictions on content
access or other reasons they want to restrict access based on IP pools.
Dan Jenkins
Jan 7, 2018, 11:31:34 PM1/7/18
to
On Sun, 7 Jan 2018 14:12:02 -0500, Mayayana <maya...@invalid.nospam>
wrote:
> Are you concerned with privacy? Epic won't
> let you install without letting it call home. The
> resource data in the stub includes something
> called GOOGLEUPDATE and the string table
> includes a number of google URLs. Why is all that
> there in a program that claims to remove all Google
> spyware from their version of Chromium?
This is good to know as I was unaware of this.
Since Goodguy showed us how to create an offline full installer (see
below), maybe we can block the Googleupdate stuff?
Here's how to create full offline installer.
You can create an offline installer zip from the stub installer setup.
http://epicbrowser.blogspot.co.uk/2015/06/offline-setup-of-epic-browser.html
1) Download the online stub setup from the official website.
https://www.epicbrowser.com/
https://winepic-cbe.kxcdn.com/Release/58.0.3029.110/EpicSetup.exe
2) Install the stub installer which will require an Internet connection.
3) Once the installation is completed, look for the following 7z file:
C:\Users\<user name>\AppData\Local\Epic Privacy Browser\
Application\<version>\Installer\chrome.7z
4) That "chrome.7z" file is the full offline installation zip file.
A) To install elsewhere, just extract that chrome.7z file.
B) When you extract, you get a directory called "Chrome-bin".
.\Chrome-bin\<version>\
.\epic.exe
C) Create a shortcut to the epic.exe (which is the browser).
Do you think running that offline full install 7z file also phones home?
wrote:
> Are you concerned with privacy? Epic won't
> let you install without letting it call home. The
> resource data in the stub includes something
> called GOOGLEUPDATE and the string table
> includes a number of google URLs. Why is all that
> there in a program that claims to remove all Google
> spyware from their version of Chromium?
Since Goodguy showed us how to create an offline full installer (see
below), maybe we can block the Googleupdate stuff?
Here's how to create full offline installer.
You can create an offline installer zip from the stub installer setup.
http://epicbrowser.blogspot.co.uk/2015/06/offline-setup-of-epic-browser.html
1) Download the online stub setup from the official website.
https://www.epicbrowser.com/
https://winepic-cbe.kxcdn.com/Release/58.0.3029.110/EpicSetup.exe
2) Install the stub installer which will require an Internet connection.
3) Once the installation is completed, look for the following 7z file:
C:\Users\<user name>\AppData\Local\Epic Privacy Browser\
Application\<version>\Installer\chrome.7z
4) That "chrome.7z" file is the full offline installation zip file.
A) To install elsewhere, just extract that chrome.7z file.
B) When you extract, you get a directory called "Chrome-bin".
.\Chrome-bin\<version>\
.\epic.exe
C) Create a shortcut to the epic.exe (which is the browser).
Do you think running that offline full install 7z file also phones home?
Dan Jenkins
Jan 7, 2018, 11:42:57 PM1/7/18
to
On Sun, 7 Jan 2018 13:49:06 -0600, VanguardLH <V...@nguard.LH> wrote:
> As for Epic, you would have to see what options it has for clearing its
> local data.
I don't see anything special except the same clearing of history and
> As for Epic, you would have to see what options it has for clearing its
> local data.
cookies and other stuff that is also in any chromebased browser.
chrome://settings/clearBrowserData
> Didn't see any listed at https://epicbrowser.com/webstore/. Maybe the
> only addons that Epic supports have already been pre-installed into the
> product.
There is a link on the extensions page to go here, which has a half dozen
extensions that they seem to be pushing (like LastPass).
https://epicbrowser.com/webstore/?hl=en-US
> The Epic author's site has a dearth of information about his product.
> Although some pages have a top banner advertising the availability of
> the VPN fetaure, there is no further information: nothing about when it
> gets used, how to enable/disable it, if it is a true VPN or just an
> anonymizing proxy to hide your IP address, if it is implemented solely
> at the client (which means it isn't a VPN) or connects to their server
> and what is that server, etc. Guess the author equates hiding
> information as a security measure.
track you, since all vpn & proxies have to track you at least a little bit
to prevent abuse and illegal stuff.
> There is the Epic forums where you could ask other Epic users how that
> product works, if they know.
> http://forum.epicbrowser.com/
> By searching there on "vpn", I saw a user saying they were queried as to
> which country to use a proxy. So it looks like Epic uses scattered
> servers to achieve its claimed VPN feature.
choices. https://s17.postimg.org/j1s83fnun/Clipboard01.jpg
The web site says the default is New Jersey.
> However, there is still no
> informtion if Epic is running those proxy servers or if they're from
> some public list of public proxies.
Jersey, West Coast, Canada, UK, Germany, France, Netherlands, India, &
Singapore.
> If they are public proxies (because
> the Epic author cannot afford the cost of all those resources for a free
> product that has no advertising or tracking) then all Epic's "VPN" does
> is anonymizing. You don't need Epic, Opera, or any particular web
> browser to configure them to use a public proxy to hide your IP address.
find the offline full installer. So all this is new to me for Epic.
> So a banner at their site claims Epic has a VPN feature (which works
> only if provided as a service at some server) and yet the admin in their
> forum says it is just a proxy, not a VPN server.
I don't think they call it a "VPN" on their web site.
But it's new to me so that's why I mentioned it.
VanguardLH
Jan 8, 2018, 12:19:19 AM1/8/18
to
Dan Jenkins wrote:
> VanguardLH wrote:
>
>> As for Epic, you would have to see what options it has for clearing
>> its local data.
>
> I don't see anything special except the same clearing of history and
> cookies and other stuff that is also in any chromebased browser.
> chrome://settings/clearBrowserData
https://www.popsci.com/erase-browsing-history
In the 3rd photo showing Clear Browsing Data, there's an entry titled
"Third party services" at the bottom of the list. That article was
published 26-Aug-2017. The forum posts that I found mentioning to erase
the device ID in Opera also noted that was the menu nav path. Here is a
related forum post where Opera support says how to erase the device ID
(which is not sent anywhere other than to their VPN server and only gets
regenerated after erasure when you next visit their VPN server):
https://forums.opera.com/topic/19788/solved-still-being-tracked-when-using-opera-vpn/7
That article is 10 months old. It mentions the same menu nav to select
clearing 3rd party service data. Tis possible Opera has since changed
their menu content.
>> Didn't see any listed at https://epicbrowser.com/webstore/. Maybe
>> the only addons that Epic supports have already been pre-installed
>> into the product.
>
> It doesn't seem that there are any addons in Epic, by default.
>
> There is a link on the extensions page to go here, which has a half
> dozen extensions that they seem to be pushing (like LastPass).
> https://epicbrowser.com/webstore/?hl=en-US
That's the same URL that I mentioned (with the site likely detecting the
language charset of your web client and serving an English web page).
When I visit there using Google Chrome or Firefox, all I see is a
colorful title line but the rest of the page is blank. Maybe you must
use Epic (or lie using an extension to fake the User Agent header) to
connect to that web page.
>> So a banner at their site claims Epic has a VPN feature (which works
>> only if provided as a service at some server) and yet the admin in
>> their forum says it is just a proxy, not a VPN server.
>
> It seems to be called by Epic an "encrypted proxy" from what I read.
> I don't think they call it a "VPN" on their web site.
Below is a screenshot (with my annotation) when using Google Chrome
(same with Firefox) of their home page emblazoned with a banner
announcing that they have a VPN (likely similar to Opera's which is just
an encrypting and anonmyizing proxy):
https://imgur.com/a/5dMmU
Like Opera, they claim to provide a VPN but then duplicate the
description with "encrypting proxy" and "VPN". They cannot figure out
what to call it.
Guess they chose marketspeak: throw a bunch of high falutin' sounding
terms to make something sound more important. I've seen that a lot,
like Microsoft expending an entire article describing their anti-spam
feature in their e-mail clients rather than simply note that it is a
Bayesian filter with monthly pre-loads (to populate the spam/ham keyword
database) in addition to users voting on spam or ham for an e-mail
(marking as spam for an Inbox e-mail or marking as not spam aka ham for
a Junk e-mail). They didn't want to reveal that they caught up with
other e-mail clients and anti-spam tools that had been using a Bayes
filter for well over a decade earlier.
> VanguardLH wrote:
>
>> As for Epic, you would have to see what options it has for clearing
>> its local data.
>
> I don't see anything special except the same clearing of history and
> cookies and other stuff that is also in any chromebased browser.
> chrome://settings/clearBrowserData
In the 3rd photo showing Clear Browsing Data, there's an entry titled
"Third party services" at the bottom of the list. That article was
published 26-Aug-2017. The forum posts that I found mentioning to erase
the device ID in Opera also noted that was the menu nav path. Here is a
related forum post where Opera support says how to erase the device ID
(which is not sent anywhere other than to their VPN server and only gets
regenerated after erasure when you next visit their VPN server):
https://forums.opera.com/topic/19788/solved-still-being-tracked-when-using-opera-vpn/7
That article is 10 months old. It mentions the same menu nav to select
clearing 3rd party service data. Tis possible Opera has since changed
their menu content.
>> Didn't see any listed at https://epicbrowser.com/webstore/. Maybe
>> the only addons that Epic supports have already been pre-installed
>> into the product.
>
> It doesn't seem that there are any addons in Epic, by default.
>
> There is a link on the extensions page to go here, which has a half
> dozen extensions that they seem to be pushing (like LastPass).
> https://epicbrowser.com/webstore/?hl=en-US
language charset of your web client and serving an English web page).
When I visit there using Google Chrome or Firefox, all I see is a
colorful title line but the rest of the page is blank. Maybe you must
use Epic (or lie using an extension to fake the User Agent header) to
connect to that web page.
>> So a banner at their site claims Epic has a VPN feature (which works
>> only if provided as a service at some server) and yet the admin in
>> their forum says it is just a proxy, not a VPN server.
>
> It seems to be called by Epic an "encrypted proxy" from what I read.
> I don't think they call it a "VPN" on their web site.
(same with Firefox) of their home page emblazoned with a banner
announcing that they have a VPN (likely similar to Opera's which is just
an encrypting and anonmyizing proxy):
https://imgur.com/a/5dMmU
Like Opera, they claim to provide a VPN but then duplicate the
description with "encrypting proxy" and "VPN". They cannot figure out
what to call it.
Guess they chose marketspeak: throw a bunch of high falutin' sounding
terms to make something sound more important. I've seen that a lot,
like Microsoft expending an entire article describing their anti-spam
feature in their e-mail clients rather than simply note that it is a
Bayesian filter with monthly pre-loads (to populate the spam/ham keyword
database) in addition to users voting on spam or ham for an e-mail
(marking as spam for an Inbox e-mail or marking as not spam aka ham for
a Junk e-mail). They didn't want to reveal that they caught up with
other e-mail clients and anti-spam tools that had been using a Bayes
filter for well over a decade earlier.
Dan Jenkins
Jan 8, 2018, 12:42:05 AM1/8/18
to
On Sun, 7 Jan 2018 23:19:15 -0600, VanguardLH <V...@nguard.LH> wrote:
>> There is a link on the extensions page to go here, which has a half
>> dozen extensions that they seem to be pushing (like LastPass).
>> https://epicbrowser.com/webstore/?hl=en-US
>
> That's the same URL that I mentioned (with the site likely detecting the
> language charset of your web client and serving an English web page).
> When I visit there using Google Chrome or Firefox, all I see is a
> colorful title line but the rest of the page is blank. Maybe you must
> use Epic (or lie using an extension to fake the User Agent header) to
> connect to that web page.
I just noticed that you are right by testing in another browser.
>> There is a link on the extensions page to go here, which has a half
>> dozen extensions that they seem to be pushing (like LastPass).
>> https://epicbrowser.com/webstore/?hl=en-US
>
> That's the same URL that I mentioned (with the site likely detecting the
> language charset of your web client and serving an English web page).
> When I visit there using Google Chrome or Firefox, all I see is a
> colorful title line but the rest of the page is blank. Maybe you must
> use Epic (or lie using an extension to fake the User Agent header) to
> connect to that web page.
https://epicbrowser.com/webstore/?hl=en-US
Here's what it looks like from inside of Epic.
https://s10.postimg.org/pp0e9otqx/Clipboard03.jpg
> Below is a screenshot (with my annotation) when using Google Chrome
> (same with Firefox) of their home page emblazoned with a banner
> announcing that they have a VPN (likely similar to Opera's which is just
> an encrypting and anonmyizing proxy):
>
> https://imgur.com/a/5dMmU
I agree with you. They can't figure out what to call it.
But it's just a proxy to me.
> Like Opera, they claim to provide a VPN but then duplicate the
> description with "encrypting proxy" and "VPN". They cannot figure out
> what to call it.
> Guess they chose marketspeak: throw a bunch of high falutin' sounding
> terms to make something sound more important.
It's certainly not a VPN.
I think the only advantage it has over a proxy is that it's encrypted,
presumably from you to their proxy server in New Jersey (NJ by default).
Mayayana
Jan 8, 2018, 8:22:01 AM1/8/18
to
"Dan Jenkins" <djenki...@plusnet.uk> wrote
| Do you think running that offline full install 7z file also phones home?
I don't know. You'd have to try it behind a
firewall and see whether the firewall tells you
that something is trying to call home. Though
most things do that these days. Firefox does.
Even extensions try to call home and log the
install + IP address, probably along with some
basic system info.
On the other hand, if you use it in proxy mode
then you're "living" at Epic. Websites will not
get your IP address, but Epic will have your whole
history.
I avoid anything Chrome-esque
because of Google, so I haven't tried it. And
I'm not willing to install something that requires
calling home for the install. That seems to defeat
the purpose. I'd have to let that program through
the firewall before I've even tried the software.
There's no excuse for them wanting that kind
of control.
The PE version info in the unpacked download
(What you'd see in right-click -> Properties if the
EXE were not obfuscated) says it's called
epicupdate.exe and copyrighted by Google.
The code is supposedly OSS, so I wonder why
they need to credit Google with the copyright
for their version if Google is not involved.
I also don't use "social" sites and I don't
want all history deleted when I close, so Epic
seems to be everything I don't want.
Then there's proxy browsing. That's an interesting
idea, but it also means that the people at Epic
would be getting my total browsing history. Why
should I trust them with that?
I do like the idea of blocking tracking scripts and
ads. I do that now with a HOSTS file, but most
people wouldn't know how to do it. So I guess if
you trust Epic then their browser seems like a good
plan.
| Do you think running that offline full install 7z file also phones home?
firewall and see whether the firewall tells you
that something is trying to call home. Though
most things do that these days. Firefox does.
Even extensions try to call home and log the
install + IP address, probably along with some
basic system info.
On the other hand, if you use it in proxy mode
then you're "living" at Epic. Websites will not
get your IP address, but Epic will have your whole
history.
I avoid anything Chrome-esque
because of Google, so I haven't tried it. And
I'm not willing to install something that requires
calling home for the install. That seems to defeat
the purpose. I'd have to let that program through
the firewall before I've even tried the software.
There's no excuse for them wanting that kind
of control.
The PE version info in the unpacked download
(What you'd see in right-click -> Properties if the
EXE were not obfuscated) says it's called
epicupdate.exe and copyrighted by Google.
The code is supposedly OSS, so I wonder why
they need to credit Google with the copyright
for their version if Google is not involved.
I also don't use "social" sites and I don't
want all history deleted when I close, so Epic
seems to be everything I don't want.
Then there's proxy browsing. That's an interesting
idea, but it also means that the people at Epic
would be getting my total browsing history. Why
should I trust them with that?
I do like the idea of blocking tracking scripts and
ads. I do that now with a HOSTS file, but most
people wouldn't know how to do it. So I guess if
you trust Epic then their browser seems like a good
plan.
Dan Jenkins
Jan 8, 2018, 11:32:35 AM1/8/18
to
On Mon, 8 Jan 2018 08:21:52 -0500, Mayayana <maya...@invalid.nospam>
wrote:
> On the other hand, if you use it in proxy mode
> then you're "living" at Epic. Websites will not
> get your IP address, but Epic will have your whole
> history.
Yes. But. If you do 1/5th your activity at Epic, 1/5 at Opera, 1/5th with
any of a billion proxies - most of which are probably the same company,
1/5th on VPN, and 1/5 on the Tor Browser Bundle, you've "spread out" your
activity a bit by that "ip spoofing".
It's *easy* to do ip spoofing when it's all built into the browser (Tor,
Epic, and Opera) and even easier when you're on VPN. It's only the proxy
that takes any effort, however miniscule, once it's all set up.
Is there any other general ip-spoofing solution other than
1. Tor
2. VPN
3. Proxy
4. Opera
5. Epic
6. ?
> I avoid anything Chrome-esque
> because of Google, so I haven't tried it.
There are a lot of chrome-based browsers - I like SRWAre Iron, but there
are so many I can't count them.
Obviously the official Mozilla Firefox & Google Chrome are off limits since
they're so riddled with holes that you can't hope to patch them.
> And
> I'm not willing to install something that requires
> calling home for the install.
Does this test plan sound reasonable?
1. Go on VPN.
2. Download & install Epic stub.
https://www.epicbrowser.com/encrypted_proxy/
3. Optionally, put epic web sites in the hosts file as 127.0.0.1
4. Save the full offline downloader
6. Disconnect from the net
7. Unzip that "chrome.7z" file in your app directory
8. Start Wireshark
9. Go online
10. See what happens when you use that offline Epic
> I also don't use "social" sites and I don't
> want all history deleted when I close, so Epic
> seems to be everything I don't want.
I don't use anything I have to log into, except web forums and email, whose
utility outweighs the privacy loss. Google hates VPN with a passion, so it
took me years to come to terms with Google as to how to prevent them from
locking me up when I check my mail. Their algorithms are ridiculously tight
in that they block you out just for your IP address even though you've
never once spammed anyone. I understand - but they're really anal about it
as I was locked out once a week for a while before I figured out all the
tricks (it takes about a dozen separate things you have to do, especially
since I never give Google any real information ever - although email is
filled with real information itself).
> I do like the idea of blocking tracking scripts and
> ads. I do that now with a HOSTS file, but most
> people wouldn't know how to do it. So I guess if
> you trust Epic then their browser seems like a good
> plan.
My HOSTS file is well used!
As is my firewall.
> Then there's proxy browsing. That's an interesting
> idea, but it also means that the people at Epic
> would be getting my total browsing history. Why
> should I trust them with that?
There is the strategy: You can't trust anyone.
There are the tactics: Yet, you must browse.
Hence, one approach is to spread out your browsing history.
Epic is just one of those that you can spread it out to.
VPN is another.
Proxy is another.
Opera is another.
Tor is another.
(Are there any other ways to spread out your browsing history?)
wrote:
> On the other hand, if you use it in proxy mode
> then you're "living" at Epic. Websites will not
> get your IP address, but Epic will have your whole
> history.
any of a billion proxies - most of which are probably the same company,
1/5th on VPN, and 1/5 on the Tor Browser Bundle, you've "spread out" your
activity a bit by that "ip spoofing".
It's *easy* to do ip spoofing when it's all built into the browser (Tor,
Epic, and Opera) and even easier when you're on VPN. It's only the proxy
that takes any effort, however miniscule, once it's all set up.
Is there any other general ip-spoofing solution other than
1. Tor
2. VPN
3. Proxy
4. Opera
5. Epic
6. ?
> I avoid anything Chrome-esque
> because of Google, so I haven't tried it.
are so many I can't count them.
Obviously the official Mozilla Firefox & Google Chrome are off limits since
they're so riddled with holes that you can't hope to patch them.
> And
> I'm not willing to install something that requires
> calling home for the install.
1. Go on VPN.
2. Download & install Epic stub.
https://www.epicbrowser.com/encrypted_proxy/
3. Optionally, put epic web sites in the hosts file as 127.0.0.1
4. Save the full offline downloader
C:\Users\<user name>\AppData\Local\Epic Privacy Browser\
Application\<version>\Installer\chrome.7z
5. Uninstall Epic
Application\<version>\Installer\chrome.7z
6. Disconnect from the net
7. Unzip that "chrome.7z" file in your app directory
8. Start Wireshark
9. Go online
10. See what happens when you use that offline Epic
> I also don't use "social" sites and I don't
> want all history deleted when I close, so Epic
> seems to be everything I don't want.
utility outweighs the privacy loss. Google hates VPN with a passion, so it
took me years to come to terms with Google as to how to prevent them from
locking me up when I check my mail. Their algorithms are ridiculously tight
in that they block you out just for your IP address even though you've
never once spammed anyone. I understand - but they're really anal about it
as I was locked out once a week for a while before I figured out all the
tricks (it takes about a dozen separate things you have to do, especially
since I never give Google any real information ever - although email is
filled with real information itself).
> I do like the idea of blocking tracking scripts and
> ads. I do that now with a HOSTS file, but most
> people wouldn't know how to do it. So I guess if
> you trust Epic then their browser seems like a good
> plan.
As is my firewall.
> Then there's proxy browsing. That's an interesting
> idea, but it also means that the people at Epic
> would be getting my total browsing history. Why
> should I trust them with that?
There are the tactics: Yet, you must browse.
Hence, one approach is to spread out your browsing history.
Epic is just one of those that you can spread it out to.
VPN is another.
Proxy is another.
Opera is another.
Tor is another.
(Are there any other ways to spread out your browsing history?)
Mayayana
Jan 8, 2018, 12:20:03 PM1/8/18
to
"Dan Jenkins" <djenki...@plusnet.uk> wrote
| Does this test plan sound reasonable?
| 1. Go on VPN.
| 2. Download & install Epic stub.
| https://www.epicbrowser.com/encrypted_proxy/
| 3. Optionally, put epic web sites in the hosts file as 127.0.0.1
| 4. Save the full offline downloader
| C:\Users\<user name>\AppData\Local\Epic Privacy Browser\
| Application\<version>\Installer\chrome.7z
| 5. Uninstall Epic
| 6. Disconnect from the net
| 7. Unzip that "chrome.7z" file in your app directory
| 8. Start Wireshark
| 9. Go online
| 10. See what happens when you use that offline Epic
|
Sounds complicated, but I can see the logic.
| There is the strategy: You can't trust anyone.
| There are the tactics: Yet, you must browse.
|
| Hence, one approach is to spread out your browsing history.
| Epic is just one of those that you can spread it out to.
| VPN is another.
| Proxy is another.
| Opera is another.
| Tor is another.
|
| (Are there any other ways to spread out your browsing history?)
|
You bring up some interesting ideas.
It's an interesting strategy. There may be
someone at the NSA scratching his head....
He's spends all his time reading news...
No, he spends all his time shopping...
No, he never leaves ESPN... :)
I guess it's a good approach given that you
also use a HOSTS file. And script blocking? I
think the biggest factor is the spying is the ubiquity.
The average person is allowing a number of
companies to track their moves online just
by acting normally.
I guess there are a lot of ways to do it and people
have different priorities. For people who use the
likes of Twitter, Facebook, LinkedIn, etc -- they
probably feel they have no choice and thus they
can't afford realistic concerns about privacy.
I don't use any of those things. I don't download
illegal files or plot bank robberies. For me the
issue is mostly one of maintaining reasonable
privacy and enforcing some semblance of dignity.
I don't want to actively accept a norm that says
any company online has a right to your data.
(I was just reading the other day that in Estonia
it's a very serious crime for someone else to
look at your data without cause because it
belongs to you. And gov't authorities' access is
recorded.)
So I wouldn't consider using anything like gmail.
The basic deal is "we give you a freebie and you
agree to let us spy on you and co-own your files".
That's simply dishonest at the core. It can't
be made decent/dignified except by changing
it to: You pay by seeing ads but we won't spy.
Google have no basic ethics. They act sleazy
and rationalize it to themselves as the inevitability
of tech. There's no clean deal there. I also don't
consider it ethical the other way around: If you
try to steal the service and avoid the price then
you become part of the sleaze. Stealing from a
pickpocket is still stealing. Unfortunately, for now,
there are not many options. The whole Web is turning
into a number of spyware walled gardens.
I'm also wary of VPNs. It's allowing an unknown
company to track you. I've seen rumors about
VPN faults and also about VPNs cooperating with
the NSA. But that does mean that my IP address
is distinct. For now I accept that. I just try to block
3rd-party files, script and tracking as much as
possible. I figure that if more people would just
block the basics and set up a HOSTS file, spyware
advertising would become untenable and companies
like Google would have to settle for the billions
they used to make with context advertising.
I don't actually block ads and don't see a need to.
If a website needs ads to support their operation
that's fine. I'll decide whether I want to go to that
site. If I do then I'll see any *honest* ad they have.
In other words, if the ad is actually on their
website I'll see it. If they're going to try to trick
me into being tagged and involuntarily going to
Google/Doubleclick then I'm going to block that
and they won't get to show me any ads at all.
But just blocking Google is a big project. Google
fonts. Google jquery. Google tag manager. Doubleclick.
It goes on and on. I block everything I find of
theirs except the search and the maps API. I
occasionally use their search. And they show ads
at the top. Normally I use duckduckgo.
This is my HOSTS file list for Google alone.
(Using wildcards through Acrylic DNS proxy HOSTS file.)
127.0.0.1 *.googlesyndication.com
127.0.0.1 *.googleadservices.com
127.0.0.1 *.googlecommerce.com
127.0.0.1 *.scorecardresearch.com
127.0.0.1 *.1e100.com
127.0.0.1 *.1e100.net
127.0.0.1 *.doubleclick.net
127.0.0.1 *.doubleclick.com
127.0.0.1 *.googletagservices.com
127.0.0.1 *.googletagmanager.com
127.0.0.1 *.google-analytics.com
127.0.0.1 google-analytics.com
127.0.0.1 fonts.googleapis.com
127.0.0.1 googleadapis.l.google.com
127.0.0.1 ssl.gstatic.com
127.0.0.1 plusone.google.com
127.0.0.1 cse.google.com
127.0.0.1 www.google.com/cse
127.0.0.1 www.youtube-nocookie.com
127.0.0.1 *.appspot.com
| Does this test plan sound reasonable?
| 1. Go on VPN.
| 2. Download & install Epic stub.
| https://www.epicbrowser.com/encrypted_proxy/
| 3. Optionally, put epic web sites in the hosts file as 127.0.0.1
| 4. Save the full offline downloader
| C:\Users\<user name>\AppData\Local\Epic Privacy Browser\
| Application\<version>\Installer\chrome.7z
| 5. Uninstall Epic
| 6. Disconnect from the net
| 7. Unzip that "chrome.7z" file in your app directory
| 8. Start Wireshark
| 9. Go online
| 10. See what happens when you use that offline Epic
|
| There is the strategy: You can't trust anyone.
| There are the tactics: Yet, you must browse.
|
| Hence, one approach is to spread out your browsing history.
| Epic is just one of those that you can spread it out to.
| VPN is another.
| Proxy is another.
| Opera is another.
| Tor is another.
|
| (Are there any other ways to spread out your browsing history?)
|
It's an interesting strategy. There may be
someone at the NSA scratching his head....
He's spends all his time reading news...
No, he spends all his time shopping...
No, he never leaves ESPN... :)
I guess it's a good approach given that you
also use a HOSTS file. And script blocking? I
think the biggest factor is the spying is the ubiquity.
The average person is allowing a number of
companies to track their moves online just
by acting normally.
I guess there are a lot of ways to do it and people
have different priorities. For people who use the
likes of Twitter, Facebook, LinkedIn, etc -- they
probably feel they have no choice and thus they
can't afford realistic concerns about privacy.
I don't use any of those things. I don't download
illegal files or plot bank robberies. For me the
issue is mostly one of maintaining reasonable
privacy and enforcing some semblance of dignity.
I don't want to actively accept a norm that says
any company online has a right to your data.
(I was just reading the other day that in Estonia
it's a very serious crime for someone else to
look at your data without cause because it
belongs to you. And gov't authorities' access is
recorded.)
So I wouldn't consider using anything like gmail.
The basic deal is "we give you a freebie and you
agree to let us spy on you and co-own your files".
That's simply dishonest at the core. It can't
be made decent/dignified except by changing
it to: You pay by seeing ads but we won't spy.
Google have no basic ethics. They act sleazy
and rationalize it to themselves as the inevitability
of tech. There's no clean deal there. I also don't
consider it ethical the other way around: If you
try to steal the service and avoid the price then
you become part of the sleaze. Stealing from a
pickpocket is still stealing. Unfortunately, for now,
there are not many options. The whole Web is turning
into a number of spyware walled gardens.
I'm also wary of VPNs. It's allowing an unknown
company to track you. I've seen rumors about
VPN faults and also about VPNs cooperating with
the NSA. But that does mean that my IP address
is distinct. For now I accept that. I just try to block
3rd-party files, script and tracking as much as
possible. I figure that if more people would just
block the basics and set up a HOSTS file, spyware
advertising would become untenable and companies
like Google would have to settle for the billions
they used to make with context advertising.
I don't actually block ads and don't see a need to.
If a website needs ads to support their operation
that's fine. I'll decide whether I want to go to that
site. If I do then I'll see any *honest* ad they have.
In other words, if the ad is actually on their
website I'll see it. If they're going to try to trick
me into being tagged and involuntarily going to
Google/Doubleclick then I'm going to block that
and they won't get to show me any ads at all.
But just blocking Google is a big project. Google
fonts. Google jquery. Google tag manager. Doubleclick.
It goes on and on. I block everything I find of
theirs except the search and the maps API. I
occasionally use their search. And they show ads
at the top. Normally I use duckduckgo.
This is my HOSTS file list for Google alone.
(Using wildcards through Acrylic DNS proxy HOSTS file.)
127.0.0.1 *.googlesyndication.com
127.0.0.1 *.googleadservices.com
127.0.0.1 *.googlecommerce.com
127.0.0.1 *.scorecardresearch.com
127.0.0.1 *.1e100.com
127.0.0.1 *.1e100.net
127.0.0.1 *.doubleclick.net
127.0.0.1 *.doubleclick.com
127.0.0.1 *.googletagservices.com
127.0.0.1 *.googletagmanager.com
127.0.0.1 *.google-analytics.com
127.0.0.1 google-analytics.com
127.0.0.1 fonts.googleapis.com
127.0.0.1 googleadapis.l.google.com
127.0.0.1 ssl.gstatic.com
127.0.0.1 plusone.google.com
127.0.0.1 cse.google.com
127.0.0.1 www.google.com/cse
127.0.0.1 www.youtube-nocookie.com
127.0.0.1 *.appspot.com
orange...@gmail.com
Oct 18, 2018, 2:54:10 PM10/18/18
to
The Opera browser brags that they don't track you.
They even offer you a free VPN to mask your browsing.
I have discovered some things that make me believe
that the exact opposite is the truth:
When I first started Opera mini on my new phone,
I got this message:
---------------------------------------
You are almost there
While we provide ad-free web browsing, our
partners can display ads within the browser's
home screen. Our partners will collect data
for ad personalization. If you don't agree,
you may see ads that are less relevant to you.
You can always manage your ad preferences
in the settings menu.
By pressing Accept & Continue, you agree to
the End User License Agreement and the
Privacy Statement.
---------------------------------------
Suddenly, I understood something about what I
had seen a few days earlier on my laptop computer.
I was trying to find some other information, and
had stumbled into the Opera configuration
subdirectory:
~/.config/opera
That's where it is on Linux. Someone who runs
Windows will have to find the hidden configuration
and preferences files on Windows, please.
When I looked at the Preferences file,
~/.config/opera/Preferences
here is what I saw: (These are fragments of a huge one-liner.
That is, the file is in ASCII but has no carriage-return,
or line-feed characters so it's all one huge long line.)
"https://sm.myhealth.va.gov/",13.219999999999995,"https://www.google-analytics.com/"
"https://gateway.answerscloud.com/",4.719999999999999,"https://www.google-analytics.com/"
"https://referrer.disqus.com/",1.60964464,"https://ssl.google-analytics.com/"
"https://twitter.com/",["https://abs.twimg.com/",0.5356967808436992,"https://analytics.twitter.com/"
"https://video.twimg.com/",0.14619830678830084,"https://www.google-analytics.com/"
"http://rum-static.pingdom.net/",1.5444,"http://www.google-analytics.com/"
"https://twitter.com":{"supports_spdy":true}},{"https://ssl.google-analytics.com"
"https://www.paypalobjects.com":{"supports_spdy":true}},{"https://www.paypal.com":{"supports_spdy":true}},{"https://www.google-analytics.com"
"https://cm.g.doubleclick.net":{"supports_spdy":true}},{"https://cms.analytics.yahoo.com"
We see places that I have visited, or seem to have
visited, and then a floating-point number, and then
9 of them are followed by trackers, mostly Google analytics:
The first one is outrageous. myhealth.va.gov is my health care.
I am an old Veteran, and I get health care from the Veterans'
Administration, and I go to their web site to send messages
to my doctor, and refill prescriptions. And it appears that
when I do, Opera sends the information to Google analytics.
The next-to-last item is disturbing too. Paypal. Google analytics hears
about my Paypal activities, how I spend my money. This is beyond disturbing,
this sounds like felony fraud and illegal invasion of privacy (as is
divulging my confidential medical information).
There are two other data collectors: analytics.twitter.com hears about my
twitter posts. (Why bother? Twitter knows what I post on twitter.)
And then Google also hears about my Twitter posts.
And it looks like when I click on a Doubleclick ad, Yahoo hears about it.
That's how Opera "partners" collect information on us.
And let me tell you, those most assuredly are not MY "preferences".
I uninstalled Opera from my phone and laptop, but couldn't uninstall
Opera-mini because Google hardwires it into Android, and I can't get
rid of it until I root my phone, which I have not succeeded in
doing yet. (BLU Studio G with Android 6. Anybody know of a way
that works for that?)
Any comments? Has anyone else noticed this? Is there an innocent explanation
for so many links to trackers and data collectors in the Opera "Preferences"
file?
They even offer you a free VPN to mask your browsing.
I have discovered some things that make me believe
that the exact opposite is the truth:
When I first started Opera mini on my new phone,
I got this message:
---------------------------------------
You are almost there
While we provide ad-free web browsing, our
partners can display ads within the browser's
home screen. Our partners will collect data
for ad personalization. If you don't agree,
you may see ads that are less relevant to you.
You can always manage your ad preferences
in the settings menu.
By pressing Accept & Continue, you agree to
the End User License Agreement and the
Privacy Statement.
---------------------------------------
Suddenly, I understood something about what I
had seen a few days earlier on my laptop computer.
I was trying to find some other information, and
had stumbled into the Opera configuration
subdirectory:
~/.config/opera
That's where it is on Linux. Someone who runs
Windows will have to find the hidden configuration
and preferences files on Windows, please.
When I looked at the Preferences file,
~/.config/opera/Preferences
here is what I saw: (These are fragments of a huge one-liner.
That is, the file is in ASCII but has no carriage-return,
or line-feed characters so it's all one huge long line.)
"https://sm.myhealth.va.gov/",13.219999999999995,"https://www.google-analytics.com/"
"https://gateway.answerscloud.com/",4.719999999999999,"https://www.google-analytics.com/"
"https://referrer.disqus.com/",1.60964464,"https://ssl.google-analytics.com/"
"https://twitter.com/",["https://abs.twimg.com/",0.5356967808436992,"https://analytics.twitter.com/"
"https://video.twimg.com/",0.14619830678830084,"https://www.google-analytics.com/"
"http://rum-static.pingdom.net/",1.5444,"http://www.google-analytics.com/"
"https://twitter.com":{"supports_spdy":true}},{"https://ssl.google-analytics.com"
"https://www.paypalobjects.com":{"supports_spdy":true}},{"https://www.paypal.com":{"supports_spdy":true}},{"https://www.google-analytics.com"
"https://cm.g.doubleclick.net":{"supports_spdy":true}},{"https://cms.analytics.yahoo.com"
We see places that I have visited, or seem to have
visited, and then a floating-point number, and then
9 of them are followed by trackers, mostly Google analytics:
The first one is outrageous. myhealth.va.gov is my health care.
I am an old Veteran, and I get health care from the Veterans'
Administration, and I go to their web site to send messages
to my doctor, and refill prescriptions. And it appears that
when I do, Opera sends the information to Google analytics.
The next-to-last item is disturbing too. Paypal. Google analytics hears
about my Paypal activities, how I spend my money. This is beyond disturbing,
this sounds like felony fraud and illegal invasion of privacy (as is
divulging my confidential medical information).
There are two other data collectors: analytics.twitter.com hears about my
twitter posts. (Why bother? Twitter knows what I post on twitter.)
And then Google also hears about my Twitter posts.
And it looks like when I click on a Doubleclick ad, Yahoo hears about it.
That's how Opera "partners" collect information on us.
And let me tell you, those most assuredly are not MY "preferences".
I uninstalled Opera from my phone and laptop, but couldn't uninstall
Opera-mini because Google hardwires it into Android, and I can't get
rid of it until I root my phone, which I have not succeeded in
doing yet. (BLU Studio G with Android 6. Anybody know of a way
that works for that?)
Any comments? Has anyone else noticed this? Is there an innocent explanation
for so many links to trackers and data collectors in the Opera "Preferences"
file?
art.lyse...@gmail.com
Dec 12, 2019, 7:02:01 AM12/12/19
to
воскресенье, 7 января 2018 г., 23:02:16 UTC+5 пользователь Dan Jenkins написал:
I tried to use Epic but then change it for gologinapp.com, i think its much better!
0 new messages