Hello everyone, Two days ago, I have discovered a new browser/project on sourceforge that focus on privacy : http://sourceforge.net/projects/cyberdragonbrowser/ Here some screenshots : Somebody is already using this browser ? Your comments about this project are welcome!
Finally not a crappy Chromium fork and actually offers something! It does look interesting, although some of its features can also be achieved by extensions in other web browsers. But at least I can see the developers put some effort in this web browser. Download size is >50 MB according to Softpedia.
http://download.cnet.com/CyberDragon/3010-2356_4-76168368.html According to cnet it is made by a petrochemical company. 52.5 MB WOW
Hello everyone. Im the author (you get my contact info if you press Ctrl + I from the CyberDragon) and it would be great if people test this so that I can fix bugs. As for petroprogram, that's my father's company now and Im just helping him with it (cnet registration needed company name so I gave it) Im currently on vacation but will keep fixing issues as they come up and optimistic release for 1.6.5 will be at the end of August. Most current issues right now are proxy checker stability (I might release that problematic part of code to github so that everyone can help and at the same time get a separate proxy checker software, independent of CyberDragon) and the strange crashes with YouTube that happens with latest Qt 5.3 version (have reported it to Qt forum https://bugreports.qt-project.org/browse/QTBUG-37974) Bug fixes, testing results, feature suggestions etc. always wellcome. Either here or directly to my contact info However, I won't use gmail much anymore so please use the other address for direct contacting. Note: This is still beta project but hopefully by the time of 2.0 it has all the bells and whistles of normal browser + best privacy options on Earth Best regards: Stefan Fröberg
I just had a quick look, it has no ASLR support. SSL labs test looks nice, but please support OCSP stapling.
Unfortunately, OCSP is not in my hands. It depends of the nice folks at Qt. AFAIK, here is the current status of OCSP. https://bugreports.qt-project.org/browse/QTBUG-12812 As for ASLR, I was actually shocked that the compiler I use (MinGW) does not do it by default and according to this https://bugreports.qt-project.org/browse/QTBUG-12251 it seems that Qt is not interested of supporting it. That above link however does suggest a tool for marking ASLR which Im going to try. Also, do you have some (free) tool suggestions that I could try for ASLR?
cyberfox is created by a different author. (tsk, tsk. Had you searched, you could have determined that in about five seconds.) http://sourceforge.net/projects/cyberfox/ https://8pecxstudios.com/Forums/index.php @Stefan Froberg you might want to check out what desired browser features have been discussed recently: https://www.wilderssecurity.com/threads/building-the-best-browser-to-surf-anonymously.362874/page-2
Thank you! Im reading it right now and some of those features are already in CD (CyberDragon). Like: Random User-Agent spoofing and not allowing 3rd party cookies. I must still stress that this project is still at beta status with lot's of testing needed and bugs to be fixed. It's not currently open source but part of it will soon be (proxy checker part that has always been the most problematic part of CD).
I am now testing next version of CD with http://ip-check.info and (at first) without JonDonym and here are the results for headers: https://www.dropbox.com/s/l08rd1rke3mua45/CyberDragonTestWithoutJonDonymFirst.png I spoofed User-Agent and Language fields but that test page is still not happy. Any suggestions ? Also, what would be good value for Pragma field ? Setting it empty didn't improve things. What do you think about DNT (Do-Not-Track) header ? Is it safe to set at all? I remember reading that yahoo originally pushed it and now they are backing away. And as I understand it's just a suggestion to sites to not track, not enforcable mandatory setting. So I think most web sites just lift digital middle finger to that header and ignore it?
love the idea behind this browser, this may be the browser of the future when the internet become all corporate-owned tracking everything you do (like now).
Lol, I didn't know Qt doesn't support OCSP at all. Unfortunately, I can't help you with the ASLR, I'm not a developer.
@Stefan Froberg Fantastic browser! Thank you. There is some good work that you are doing with this. A couple of observations, and one request Browser fingerprinting can also track a browser, hence a user, depending on what it is blocking/not allowing and whether the same set is consistent across in terms of content accessed. Amused about the digital middle finger. You are spot on! Its not enforceable and hence not mandatory. Added to that is the fact that, user data is big big business and no evil empire would want to give up any advantage that it has, right now. From this link http://www.zdnet.com/why-do-not-track-is-worse-than-a-miserable-failure-7000004634/ (According to Sarah Downey, an attorney and privacy advocate who works for the online-privacy firm Abine, Two big associations, the Interactive Advertising Bureau and the Digital Advertising Alliance, represent 90% of advertisers. Downey says those big groups have devised their own interpretation of Do Not Track. When the servers controlled by those big companies encounter a DNT=1 header, says Downey, "They have said they will stop serving targeted ads but will still collect and store and monetize data.”) And, extremely attention drawing, don't you think? From a security standpoint, it would be fairly easy to track a user by adding server-side fingerprinting surface to the HTTP header, wouldn't it? Server side fingerprinting can be mitigated but client side may be a lost cause.... However, all said above, some, however minuscule, might play fair and leave the user alone. So to that extent, its good. Still going through the browser....and hence the request. I have a windows 7 x64, up to date with all patches and clean. When I run cyber dragon 1.64 and ask it to fetch proxies, it does. When I ask it to check proxies, however, it crashes. Cyber dragon 1.63 seems happy to check the proxies without getting annoyed, however, under the same circumstances. Would it be possible for you to take a look at it? And if I haven't said it already, many thanks once again! Cheers!
That's is a really dark future ahead indeed. It seems that nowadays there are appearing more and more technologies and ways to track users. Just in the name of big money and power. That browser fingerprinting especially worries me. I can mitigate it in CyberDagon (I have almost complete control what HTTP headers it send, only thing I can't control yet is the order of those headers) and sometimes even completely block it (like Canvas fingerprinting with tracker blocker rule that blocks addthis.com domain) but some things are currently beyond it still like JavaScript sniffing of user screen resolution and that way of fingerprinting user. But I will surely do everything I can to fight these with my limited resources. Yes, that proxy checker part has always been a problematic part of CyberDragon and also the most complex part of code in it. You say that it still works in 1.6.3 ? That is strange because I got complains that it crashed in 1.6.3 and that's why I went to rewrite it (and whole CyberDragon) in the process. To prevent crashes and giving more accurately results. And now last week I just got a message that 1.6.4 proxy checker crashes too. And just now I have 1.6.4 running and happily checking proxies (84% complete right now) and still no crash. Does it immediately crash for you in 1.6.4 ? It does never get past 0% ? Im totally at lost of what could cause the problem and I have released the proxy checker code for 1.6.4 and asking people to help: http://sourceforge.net/projects/cyberdragonbrowser/files/SimpleProxyChecker_src.zip/download That contains also proxy fetcher. Maybe I have to upload the old 1.6.3 proxy checker too so that people could check that one also. 1.6.3 and 1.6.4 are very different. In 1.6.3 it uses heavily threads while in 1.6.4 I wanted to simplify things and it's using only one extra thread. So if you or somebody here with Qt and C++ knowledge and especially multithreading experience could look of it then I would be gratefull. To offer bug fixes and patches for that problematic checker code I can be contacted from: http://www.binarytouch.com/contact.php Thank You! P.S: Just now released new patch for 1.6.4. that fixes crash when closing tab that has Flash running plus some other new stuff: http://sourceforge.net/projects/cyb...erDragon_1.6.4_Plugins_and_other.zip/download
For years, in matters that range from antivirus info to security concerns, I consider Wilders to be one of the best sources for reliable information. I looked into CyberDragon after hearing about it from RollingThunder. I have to say, it is impressive! The CyberDragon beta version seems more solid and well-considered than some "finnished" products (sorry, couldn't resist. It is even more heartening to see that privacy is at the core of CyberDragon's development. This may become THE browser in my web arsenal. Kudos to Stefan for his outstanding efforst.
CyberDragon 1.6.5 is now finally out. This release contains mostly minor fixes and tweaks. Biggest changes were: - Addition of Logger tab - Addition of Plugins tab - Addition of Server Info tab - Browser history now selectable - Disabled all the ciphers using old unsafe SSLv3 protocol. - Made the optional 30,000+ tracker blocker list now default. Here's the direct download link: http://sourceforge.net/projects/cyberdragonbrowser/files/CyberDragon_1.6.5.zip/download Please remember to read included README.txt. Merry Christmas!
Is the CyberDragon browser now open source ? If not, is the author abusing the sourceForge TOS by hosting it there? "QT" is a too generic term. That just describes the (mmm, the GUI, the available set of libraries used). QT is transitioning away from QTwebkit library (now considered deprecated) to qtWebEngine. Either way, enforcing ordering of request headers is beyond a QT app developer's control unless s/he customizes and rebuilds the underlying library, and packages that custom lib with the app distribution.
It would be great of a great adblock and flash and video downloader is included. That would make the browser awesome.
No, not as whole. The proxy fetcher and checker I have released as dual licensed BSD/GPLv2 ages ago. So far I haven't got any help to solve that strange proxy checker crash that people have reported. I just checked it today with CD 1.6.5 and for me it worked and did not crash. I would love to release the whole thing as GPLv2 but Im hoping to reach that donation target before doing that. My laptop is falling apart I have been searching up to date TOS of sourceforge what they have to say if freeware can be hosted there. I guess I have to e-mail them. If no, then it's not big deal for me to put this stuff to cloud and host links to it from my homepage. You are right. Qt is too generic. I should have said Digia, the company who bought Qt from Nokia, who in turn bought it from Trolltech. Frankly, to tell the truth, I think Qt folks are now more interested currently at doing mobile stuff (Android etc...) for Qt than concentrating on basic network stuff. And because I can't afford their enterprice license, there is very little to do but hope that they continue fixing bugs in QtWebKit and maybe also add some other stuff to other, non-WebKit network parts that I could use. Like these for example: https://bugreports.qt-project.org/browse/QTBUG-40762 https://bugreports.qt-project.org/browse/QTBUG-39715 https://bugreports.qt-project.org/browse/QTBUG-40834 Also, if I could make wish to Santa, I would have loved that Digia would have made QtWebKit multithreaded instead of keeping it single threaded before Qt 5.4. Because the engine that CyberDragon uses is single threaded there might be short freezes to GUI sometimes. Especially, if there are several things going on at the same time. Digia has released WebKit2 that is multithreaded but there is no C++ bindings, it uses wacky QML + Quick stuff (thanks to Nokia) and is clearly geared toward mobile platforms. As for QtWebEngine, that is not possible for me right now for two reasons: - It needs Microsoft Visual C++ compiler. I use free MinGW64. - It does not, at the moment, provide any way to manipulate network traffic to block trackers and ads before they are even tried to download. So the future is not very promising. I belive that maybe after release or two, I have two switch to completely another framework which has multithreaded WebKit2 and which they intend to keep supporting and not jumping to Googles blink bandwagon. So maybe it's gtkmm + WebKit2GTK+ in the future instead of Qt.
