The CyberDragon browser

Discussion in 'privacy technology' started by genieautravail, Jul 8, 2014.

  1. genieautravail

    genieautravail Registered Member

    Joined:
    May 6, 2012
    Posts:
    92
    Hello everyone,

    Two days ago, I have discovered a new browser/project on sourceforge that focus on privacy :

    http://sourceforge.net/projects/cyberdragonbrowser/

    Here some screenshots :

    05.jpg

    04.jpg

    03.jpg

    02.jpg

    01.jpg

    Somebody is already using this browser ?

    Your comments about this project are welcome! :)
     
  2. guest

    guest Guest

    Finally not a crappy Chromium fork and actually offers something! :D

    It does look interesting, although some of its features can also be achieved by extensions in other web browsers. But at least I can see the developers put some effort in this web browser. Download size is >50 MB according to Softpedia.
     
  3. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
  4. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    617
    Location:
    Wembley, London
    So who's testing this then ;)
     
  5. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    Hello everyone.

    Im the author (you get my contact info if you press Ctrl + I from the CyberDragon) and it would be great if people test this
    so that I can fix bugs.

    As for petroprogram, that's my father's company now and Im just helping him with it (cnet registration needed company name so I gave it)

    Im currently on vacation but will keep fixing issues as they come up and optimistic release for 1.6.5 will be at the end of August.

    Most current issues right now are proxy checker stability (I might release that problematic part of code to github so that everyone can help
    and at the same time get a separate proxy checker software, independent of CyberDragon)
    and the strange crashes with YouTube that happens with latest Qt 5.3 version (have reported it to Qt forum https://bugreports.qt-project.org/browse/QTBUG-37974)

    Bug fixes, testing results, feature suggestions etc. always wellcome. Either here or directly to my contact info
    However, I won't use gmail much anymore so please use the other address for direct contacting.

    Note: This is still beta project but hopefully by the time of 2.0 it has all the bells and whistles of normal browser + best privacy options on Earth ;)

    Best regards:
    Stefan Fröberg
     
  6. genieautravail

    genieautravail Registered Member

    Joined:
    May 6, 2012
    Posts:
    92
    You are welcome Stefan ! :thumb:
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    I just had a quick look, it has no ASLR support.
    SSL labs test looks nice, but please support OCSP stapling.
     
  8. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    Thank you! :)
     
  9. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    Unfortunately, OCSP is not in my hands.
    It depends of the nice folks at Qt.

    AFAIK, here is the current status of OCSP.
    https://bugreports.qt-project.org/browse/QTBUG-12812

    As for ASLR, I was actually shocked that the compiler I use (MinGW) does not
    do it by default and according to this
    https://bugreports.qt-project.org/browse/QTBUG-12251
    it seems that Qt is not interested of supporting it.

    That above link however does suggest a tool for marking ASLR which Im going
    to try.

    Also, do you have some (free) tool suggestions that I could try for ASLR?
     
    Last edited: Jul 31, 2014
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Is this from the same guy is created Cyberfox?
     
  11. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    Last edited: Aug 2, 2014
  12. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    Thank you!
    Im reading it right now and some of those features are already in CD (CyberDragon).
    Like: Random User-Agent spoofing and not allowing 3rd party cookies.

    I must still stress that this project is still at beta status with lot's of testing needed and bugs to be fixed.
    It's not currently open source but part of it will soon be
    (proxy checker part that has always been the most problematic part of CD).
     
  13. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    I am now testing next version of CD with http://ip-check.info and (at first) without JonDonym and
    here are the results for headers:

    https://www.dropbox.com/s/l08rd1rke3mua45/CyberDragonTestWithoutJonDonymFirst.png

    I spoofed User-Agent and Language fields but that test page is still not happy. Any suggestions ?

    Also, what would be good value for Pragma field ? Setting it empty didn't improve things.

    What do you think about DNT (Do-Not-Track) header ? Is it safe to set at all?
    I remember reading that yahoo originally pushed it and now they are backing away.
    And as I understand it's just a suggestion to sites to not track, not enforcable mandatory setting.
    So I think most web sites just lift digital middle finger to that header and ignore it?
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
  15. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    love the idea behind this browser, this may be the browser of the future when the internet become all corporate-owned tracking everything you do (like now).
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Lol, I didn't know Qt doesn't support OCSP at all.
    Unfortunately, I can't help you with the ASLR, I'm not a developer.
     
  17. Charismagic

    Charismagic Registered Member

    Joined:
    Sep 25, 2009
    Posts:
    1
    @Stefan Froberg

    Fantastic browser! Thank you. There is some good work that you are doing with this.

    A couple of observations, and one request

    Browser fingerprinting can also track a browser, hence a user, depending on what it is blocking/not allowing and whether the same set is consistent across in terms of content accessed.

    Amused about the digital middle finger. You are spot on! Its not enforceable and hence not mandatory. Added to that is the fact that, user data is big big business and no evil empire would want to give up any advantage that it has, right now.

    From this link
    http://www.zdnet.com/why-do-not-track-is-worse-than-a-miserable-failure-7000004634/

    (According to Sarah Downey, an attorney and privacy advocate who works for the online-privacy firm Abine,
    Two big associations, the Interactive Advertising Bureau and the Digital Advertising Alliance, represent 90% of advertisers. Downey says those big groups have devised their own interpretation of Do Not Track. When the servers controlled by those big companies encounter a DNT=1 header, says Downey, "They have said they will stop serving targeted ads but will still collect and store and monetize data.”)

    And, extremely attention drawing, don't you think? From a security standpoint, it would be fairly easy to track a user by adding server-side fingerprinting surface to the HTTP header, wouldn't it? Server side fingerprinting can be mitigated but client side may be a lost cause....

    However, all said above, some, however minuscule, might play fair and leave the user alone. So to that extent, its good.


    Still going through the browser....and hence the request.

    I have a windows 7 x64, up to date with all patches and clean. When I run cyber dragon 1.64 and ask it to fetch proxies, it does. When I ask it to check proxies, however, it crashes. Cyber dragon 1.63 seems happy to check the proxies without getting annoyed, however, under the same circumstances.

    Would it be possible for you to take a look at it?

    And if I haven't said it already, many thanks once again!

    Cheers!
     
  18. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108


    That's is a really dark future ahead indeed.
    It seems that nowadays there are appearing more and more technologies and ways to track users.
    Just in the name of big money and power.

    That browser fingerprinting especially worries me. I can mitigate it in CyberDagon (I have almost complete control what HTTP headers it send, only thing I can't control yet is the order of those headers) and sometimes even completely block it (like Canvas fingerprinting with tracker blocker rule that blocks addthis.com domain) but some things are currently beyond it still like JavaScript sniffing of user screen resolution and that way of fingerprinting user.

    But I will surely do everything I can to fight these with my limited resources.


    Yes, that proxy checker part has always been a problematic part of CyberDragon and also the most complex part of code in it.

    You say that it still works in 1.6.3 ?

    That is strange because I got complains that it crashed in 1.6.3 and that's why I went to rewrite it (and whole CyberDragon) in the process. To prevent crashes and giving more accurately results.

    And now last week I just got a message that 1.6.4 proxy checker crashes too.
    And just now I have 1.6.4 running and happily checking proxies (84% complete right now) and still no crash.
    Does it immediately crash for you in 1.6.4 ? It does never get past 0% ?

    Im totally at lost of what could cause the problem and I have released the proxy checker code for 1.6.4 and asking people to help:
    http://sourceforge.net/projects/cyberdragonbrowser/files/SimpleProxyChecker_src.zip/download

    That contains also proxy fetcher.

    Maybe I have to upload the old 1.6.3 proxy checker too so that people could check that one also.
    1.6.3 and 1.6.4 are very different. In 1.6.3 it uses heavily threads while in 1.6.4 I wanted to simplify things and it's using only one extra thread.

    So if you or somebody here with Qt and C++ knowledge and especially multithreading experience
    could look of it then I would be gratefull.

    To offer bug fixes and patches for that problematic checker code I can be contacted from:
    http://www.binarytouch.com/contact.php


    Thank You! :)

    P.S:

    Just now released new patch for 1.6.4. that fixes crash when closing tab that has Flash running plus
    some other new stuff:

    http://sourceforge.net/projects/cyb...erDragon_1.6.4_Plugins_and_other.zip/download
     
  19. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Please keep us updated. This project has promise.
     
  20. joebones

    joebones Registered Member

    Joined:
    Aug 20, 2014
    Posts:
    1
    For years, in matters that range from antivirus info to security concerns, I consider Wilders to be one of the best sources for reliable information. I looked into CyberDragon after hearing about it from RollingThunder.

    I have to say, it is impressive! The CyberDragon beta version seems more solid and well-considered than some "finnished" products (sorry, couldn't resist:). It is even more heartening to see that privacy is at the core of CyberDragon's development. This may become THE browser in my web arsenal.

    Kudos to Stefan for his outstanding efforst.
     
  21. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    CyberDragon 1.6.5 is now finally out.
    This release contains mostly minor fixes and tweaks.

    Biggest changes were:
    - Addition of Logger tab
    - Addition of Plugins tab
    - Addition of Server Info tab
    - Browser history now selectable
    - Disabled all the ciphers using old unsafe SSLv3 protocol.
    - Made the optional 30,000+ tracker blocker list now default.

    Here's the direct download link:
    http://sourceforge.net/projects/cyberdragonbrowser/files/CyberDragon_1.6.5.zip/download

    Please remember to read included README.txt.

    Merry Christmas!
     
  22. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    Thanks! :)

    I try my best to keep it getting better with each release.

    Merry Christmas!
     
  23. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    Is the CyberDragon browser now open source ?
    If not, is the author abusing the sourceForge TOS by hosting it there?

    "QT" is a too generic term. That just describes the (mmm, the GUI, the available set of libraries used).
    QT is transitioning away from QTwebkit library (now considered deprecated) to qtWebEngine.
    Either way, enforcing ordering of request headers is beyond a QT app developer's control unless s/he customizes and rebuilds the underlying library, and packages that custom lib with the app distribution.
     
  24. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    It would be great of a great adblock and flash and video downloader is included. That would make the browser awesome.
     
  25. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    No, not as whole. The proxy fetcher and checker I have released as dual licensed BSD/GPLv2 ages ago.
    So far I haven't got any help to solve that strange proxy checker crash that people have reported.
    I just checked it today with CD 1.6.5 and for me it worked and did not crash.

    I would love to release the whole thing as GPLv2 but Im hoping to reach that donation target before doing that.
    My laptop is falling apart :(

    I have been searching up to date TOS of sourceforge what they have to say if freeware can be hosted there.
    I guess I have to e-mail them. If no, then it's not big deal for me to put this stuff to cloud and host links to it from
    my homepage.

    You are right. Qt is too generic. I should have said Digia, the company who bought Qt from Nokia, who in turn bought it from Trolltech.
    Frankly, to tell the truth, I think Qt folks are now more interested currently at doing mobile stuff (Android etc...) for Qt than concentrating on basic network stuff.

    And because I can't afford their enterprice license, there is very little to do but hope that they continue fixing bugs in QtWebKit and maybe also add some other stuff to other, non-WebKit network parts that I could use.

    Like these for example:
    https://bugreports.qt-project.org/browse/QTBUG-40762
    https://bugreports.qt-project.org/browse/QTBUG-39715
    https://bugreports.qt-project.org/browse/QTBUG-40834

    Also, if I could make wish to Santa, I would have loved that Digia would have made QtWebKit multithreaded instead of keeping it single threaded before Qt 5.4.

    Because the engine that CyberDragon uses is single threaded there might be short freezes to GUI sometimes.
    Especially, if there are several things going on at the same time.

    Digia has released WebKit2 that is multithreaded but there is no C++ bindings, it uses wacky QML + Quick stuff (thanks to Nokia) and is clearly geared toward mobile platforms.

    As for QtWebEngine, that is not possible for me right now for two reasons:
    - It needs Microsoft Visual C++ compiler. I use free MinGW64.
    - It does not, at the moment, provide any way to manipulate network traffic to block trackers and ads before they are even tried to download.

    So the future is not very promising. I belive that maybe after release or two, I have two switch to completely another framework which has multithreaded WebKit2
    and which they intend to keep supporting and not jumping to Googles blink bandwagon.

    So maybe it's gtkmm + WebKit2GTK+ in the future instead of Qt.
     
Loading...