Building the best browser to surf anonymously

Oh... and this couldn't be coming at a better time for me personally, since I won't be using/trusting any version of Firefox after v28. I have no idea where I'll go from here if/when I feel I'd be compromised by continuing to use it. So I hope this is an option for me by then.

Godspeed... thanks, and great idea. I'll certainly be keeping an eye on it.

 

If it is easy to setup and use, maybe some people would like the idea. But you should consider the fact that all building blocks are already out there (TOR, VPN, browsers, privacy extensions, etc) so for a technically inclined person like me it is trivial to link them together. A solution like the one you are proposing should offer this "bundle" in an easy to use way for less tech-inclined people.

 

Include this or something similar, some of this addons can give you ideas of native features.

• https://www.eff.org/deeplinks/2014/04/privacy-badger
• https://addons.mozilla.org/es/firef...ction_id=5819dbb7-80b0-4999-8472-e10e8f631fb6
• https://addons.mozilla.org/es/firef...ction_id=5819dbb7-80b0-4999-8472-e10e8f631fb6
  • http://keefox.org/
• https://addons.mozilla.org/es/firef...ction_id=5819dbb7-80b0-4999-8472-e10e8f631fb6
• https://addons.mozilla.org/es/firef...ction_id=5819dbb7-80b0-4999-8472-e10e8f631fb6
• https://addons.mozilla.org/es/firef...ction_id=5819dbb7-80b0-4999-8472-e10e8f631fb6
  • http://perspectives-project.org/
• https://addons.mozilla.org/es/firef...ction_id=5819dbb7-80b0-4999-8472-e10e8f631fb6
  • http://www.isislab.it/projects/NoTrace/
• https://chrome.google.com/webstore/detail/privacy-manager/giccehglhacakcfemddmfhdkahamfcmd

It will be based on Firefox or Chrome?

Additional info (please review all of them, are quite useful):
http://fingerprint.pet-portal.eu/?menu=1
https://panopticlick.eff.org/
http://www.areweprivateyet.com/
https://github.com/gorhill/httpswit...-Top-15-Most-Popular-News-Websites#may-2-2014
https://news.ycombinator.com/item?id=7685899

 

Lately, I've found myself wondering about the pros/cons of building portable applications that exist inside, and work exclusively with files inside, encrypted containers. Image an application that consists of just one file that contains the program plus all of the data files it uses, or perhaps two files (a vanilla launcher.exe and a separate container file). Using the later as an example...

At rest, there is just a vanilla launcher.exe that won't inherently reveal the program it launches. That program, plus all the data the program uses, is within a separate strongly encrypted data file. That data file would be similar to a Truecrypt container file in nature and thus require some type of mounting. One of the objectives would be to minimize OS level awareness and logs of interactions with things within the container file. So for example, the program would not use system temp directories but rather ones that exist within the container filesystem. I'm not sure how far one could go in terms of keeping the OS in the dark about file interactions. If the program were fully customized it could use its own routines for file I/O and thus also use a fully custom filesystem that the OS doesn't even understand. If the program weren't so extensively customized, it would use OS filesystem routines that have the possibility to create journals/logs, but perhaps those could be reduced through the selection of filesystem for the container (can't remember the details ATM).

Some people roll their own solutions which are similar to this idea. By putting portable apps within a Truecrypt container or whatever. However, that necessitates a separate program. Possibly one that requires administrator privileges as well. I'm also not sure that Truecrypt's support for dynamically sized volumes (auto shrink/grow) is as flexible as it can be. IIRC, their implementation requires NTFS which is probably one of the filesystems you'd prefer to avoid due to journaling.

Anyway, I wanted to throw out some early thoughts on this just in case the idea could result in something uniquely beneficial.

 

Interesting idea. Though I have a few remarks.
-Quite a few websites prefer 256 bit ciphers over 128 and GCM over CBC. But Firefox doesn't support 256 bit GCM yet, so then it will use 256 bit CBC. Plus Firefox doesn't support RSA and DHE_RSA versions of GCM, so if the website only supports those, it can't use GCM either. So my point is, that Firefox doesn't use GCM at those sites, doesn't mean that the sites don't prefer it.
EDIT: Since you are using Calomel, I assumed you're using Firefox. Firefox however doesn't support CBC ciphersuites with SHA-2.
-The certificate may be 2048 or 4096 bits, but RSA is not used for the key exchange, DHE is. Unfortunately, in a lot of software 1024 bits DH keysize is the default, and many don't change this.
iVPN and Mullvad for example don't support ECDHE, but their DHE is only 1024 bit.
-The website is not the VPN server. Though most providers also use DHE-AES-CBC for OpenVPN. But there may also be other reasons for this: OpenVPN is not affected by SSL attacks against CBC ciphers like BEAST and CRIME, so no need to switch to GCM. Afaik OpenVPN latest stable version doesn't support elliptic curves yet, so they can't use it if they wanted to.

 

That Calomel example I used... it was detecting what type of encryption the sites/services themselves were using. Whether or not FF could support it or not is another matter. And I find it interesting that so many of them are trusting older methods of cryptography. Namely not using the elliptic curve and CBC over GCM. So it was really a reflection of what reputable VPN's & TOR are trusting/using on their ends, and not about what a browser is implementing in particular. But I think it serves as a good example anyhow, and good food for thought...

And just to be clear the services I used in the example were: TOR, Mullvad, and iVPN.

 

@The_PrivaZer_Team

Could you give us an update about the project?
Have you considered all the links I suggested a few post above?

 

Afaik Calomel shows the encryption used to connect to the site, so if a Firefox does not support something, it will not use it and thus Calomel will not show it.
If you want to see what encryption is supported by the sites I would suggest SSL test:
https://www.ssllabs.com/ssltest/index.html

 

Well Calomel does in fact show me sites that are using GCM, the curve... anything and everything. So either Firefox must support it, or your observation about Calomel is wrong. Or both.

This is afterall what piqued my curiosity that all the VPN's I consider reputable (+ TOR) were electing to use CBC over GCM, avoid the curve, and so on and so forth. Otherwise I'd have never noticed.

 

I'm not saying Firefox doesn't support GCM or the curve at all, but specific ciphersuites. With iVPN for example, Firefox uses TLS_DHE_RSA_WITH_AES_256_CBC_SHA, however iVPN prefers TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, but Firefox doesn't support GCM with DHE_RSA, only ECHDE_RSA and ECDHE_ECDSA, so it ends up using the 4th one on the preference from iVPN, because that is the 1st Firefox supports: https://www.ssllabs.com/ssltest/analyze.html?d=www.ivpn.net
You can view supported ciphers from the browser here:
https://www.ssllabs.com/ssltest/viewMyClient.html

 

who called me?

 

I misunderstood... my apologies, and thanks for clarifying things. Still I stand by my main point about trusting older, more time tested/proven, traditional methods of crypto over some of the newer stuff that I believe is intentionally broken by shady people. Namely... the curve. I'd rather use something slightly weaker, that's still plenty secure and hasn't been shown to have been cracked. Just fine with CBC, 256 (or even 12 bit AES, and RSA 2048 or 4096 over the curve. Even SHA-1 is just fine if need be, though of course SHA256 or even 512 better provided it's trustworthy. I'd sooner go with things I felt I could trust.

 

Hi Privazer Team !

Il like Privazer tool (although I have a request about it, but I wil write it on the right topic), and developing a very pprivacy/security browser is a nice idea.

But there is already such browser, eg Aviator (what I didn't know until I read Compu KTed'message), and JonDoBrowser
https://anonymous-proxy-servers.net/en/jondobrowser.html

This browser is a very hardened portable version of FireFox. Could you do better than the JonDo Team, who is thinking about their browser and improving it since years ? It's up to you to prove it !


It would be good that your browser pass the following tests:

https://ip-check.info/
http://fingerprint.pet-portal.eu
https://www.browserleaks.com/canvas

In JonDo Browser you typically have some addons pre installed (Cookie Monster, HttpsEveryWhere, AdBlock, Certificate Patrol) and one addon preinstalled and preconfigured (Nosript). There is also a very useful addon, safe cache, that doesn't exist no more because it has been abandonned by its first developpers of Stanford University. But the JonDo Team has maintened it, upgraded for the last version of FF and incorporated in JonDoBrowser. There is a spoofing referer functionnality too. So it will be a challenge to do much and better than the JonDo Team is able to do.

But I have some ideas for some features:

(**) = Not avaible in genuine JonDoBrowser
(!!) = essential
(!) = important

* Disable Geolocation (!!)

* Wipe all browsing datas in closing the browser (including cookies, flash cookies, history, evercookies..) (!!)

* Use the following search engines: Ixquick, DDG, StartPage, Qrobe, Metageer (!!)

* Don't write anything on the disk-cache. Only in the memory-cache. (!)

* Protect browser authentication (!!)

* spoof the referer (wityh eg the addon smartreferer) (!!)

* integrate SafeCache (!!)

* integrate Httpsfinder (**) (!!)

* Integrate Ghostery (**) (!)

* integrate Calomel ('**) (!)

* Integrate TrackMeNot (https://cs.nyu.edu/trackmenot) (**) (!!), in order to scramble your "search profile" on search engines.

* Give the possibility to your browser's users to have the same profile than tor-with-Tor-Bundle users
(I name that "crowded anonymity) (!!)

* protect E-tags (SafeCache, if I well understand, do that) (!!)

* Solve the screen problem showed on on ip-check.info: Even with JonDoBrowser, the 3 "screen-items" are orange. But in adding the addon FireGloves, all these 3 items becomes green. (**)(!!)

* Cookies management :
-Third party coookies disallowed by default (!!)
- When a user arrive on a page, no cookie could be set without his persission ( but in giving the possibility to the browser's user to automatically accept first party session cookies on some trusted site) (!!)
- And when the user left a page, all cookies set by this page must be wiped (**)(!!)

* Integrate tricky cryptographic addons such that Cryptfire Or Hide In Plain Sight. (**)(!!)
These addons are providing symetric engryption and are solving the following problem:
Typically, when you encrypt eg in your mail "some text to be encrypted"; you get something like:
9$ buyfy'&}^§tmd6^(*|
Every body scanning your mail can guess this is an encrypted version of a secret message, meaning you have something to hide, meaning you are (or are about to be) guilty of something, which set a red flag on you, and you will be heavily monitored the rest of your life.

But in using eg CrypFire, the "some text to be encrypted" becomes something like:
Tereas umke or setillavion unengo elte.

This time, the encrypted message looks no more like an hard-encrypted one. It looks much like a message written in some exotic language, and there is less "chance" a red flad would be set on you.

I think such fonctionnallity could be very usefull, because Cryptfire is abandonned and the avaible version doesn't work on recent version of FF.


* For "random anonymity" (which is very different of crowded anonymity: Use and improve the funtionnality of Randon Agent Spoofer. This addons
- change the User Agent at different levels (it changes no only the http-user agent, as many other UA changer do, but also the JS-User Agent)
- this change could be done at random date
- The UA is randomly choosen in a given list of UA.

This is my prefered addon in changing UA, but in my opinion it is not perfect because
a) The random UA you wil become is too often a very rare one. This means you can be tracked by this rarity ("hey, this is the guy with user agents that are used by only 0,001% of internet users !").
The random UA has to be randomly chosen in a list of largely used browsers (IE, Safari, FF, Chrome)
b) When you are on a site, your UA must not be changed (although the "change UA at random time" has been set), because it is not normal that an IE browser becomes a Chrome browser in staying on a page, or even going from a page to an other of the same site).


Moreover: Randon Agent Spoofer can spoof Etags (JonDoBrowser hides them) - > this can be used for "random anonymity"

* Allow to spoof (but it's maybe not possible) Time and date even with javascript allowed: If I'm in the US, when I use a NL VPN, one can see that my time is a US one, not a NL one, which is a big anonymity hole.

In summary you could improve the "crowded anonymity" of JonDoBrowser, and/or develop a browser with many "random anonymity" feature, via randomly spoofing many characteristics of the browser..

 

No problem, and I do think you make a good point.
I just came across an interesting post:

https://1sand0s.nl/2014/05/going-down-an-elliptically-curved-rabbit-hole/

 

Keep the code small and simple so there is less room for flaws. Do this by questioning what is needed, is support for stuff like tracking mouse movement, getting screen size something that sites use and totally need? Also remove junk like support for custom fonts, webgl, geolocation, webcam and other stuff that isn't needed or used and just adds to make sure you get pwned (just have support for it removed completely, not block it, because blocking it means the code AND the code for blocking it will be there and possible present unique possibilities of attacks). If its less code its more likely for people to bother checking (and understanding). When its become too much people has to be really into the project to bother doing more than skim through it.

Also a project like this is a lot of work, and I don't think you can count on it becoming the next chrome if you only have like 5 guys coding, maybe teaming up with a team doing a safe browser already make this so much more likely to succeed?

 

I think browzer is a good secure browser and better then the others, but it lacks extensions and bookmark options. Only if it had ad and pop up blocking and bookmark tab then it would be a great privacy browser as it completely removes all traces when you close it.

 

Hello folks,

@The_PrivaZer_Team: Is this initiative dead or are you still working on it?

Best regards,

Aeolis

 

Hello Aoelis,

not dead if we can get support...
What we have in mind is to release a Mozilla fork + native addons + a free vpn server

 

any word on this?