Epic Browser: a privacy-focused web browser based on Chromium
Epic Browser is not the first nor will it be the last Chromium-based web browser that aims to improve user privacy. When Google Chrome was released years ago, third party Chromium-based browsers appeared shortly thereafter that offered most of what Chrome had to offer, but without several of the tracking or privacy-invading features that Google's browser shipped with.
The majority of those browsers are still around, and Epic Browser will have to compete against them and Chrome, and probably other web browsers as well.
The homepage of Epic Browser focuses on privacy, first explaining how you are being tracked on the Internet, and then how Epic Browser helps you protect yourself when you are browsing the Internet.
Epic Browser review
According to that page, it fixes 11 potential leaks that may reveal information about you and your browsing habits to Internet companies such as Google.
- No address bar suggest
- No URL checks
- Auto-translate has been removed.
- No URL Tracker
- Installation ID removed
- RLZ-Tracking number removed
- Default Updater removed.
- Installation time stamp removed.
- No alternate error pages.
- No navigation error suggestions
- No error reporting
In addition to that, it more or less defaults to private browsing mode by preventing the recording of history, caches, passwords, pre-fetching and other features that may reveal information about the user.
That is however still not enough. It clears all browsing data on exit by default, making sure that any information that were needed during the session are removed from the system in the process.
As you may have noticed, this may impact how you work with the browser as you cannot make use of features that you may have come to rely on.
The developers of Epic Browser have added features to the browser that neither Chrome nor Chromium ship with. This includes a one-click US proxy server (powered by Spotflux) that users can make use of to hide their original IP address when they are browsing on the Internet (yes, this includes access to US-only services such as Hulu), integrated ad blocking and tracker blocking, automatic blocking of third party cookies, and automatic use of https versions of websites if provided.
It is interesting to note that Epic will enable the proxy by default on Google to prevent the tracking of your IP address on the site. What more? It blocks the sending of the referral header when you use the search engine so that third party websites do not know what your search term was that led you to their website.
Another interesting feature is the umbrella icon that you can use for quick access to several core features such as ad and third party cookie blocking.
Downsides
You are probably wondering about downsides of using the browser. The first thing that comes to mind are the features that you cannot use, like spell checking, auto-translation or session restore. Some features are left for the user to decide, like the saving of passwords in the browser, while others cannot be altered in any form or way.
The address bar search provider is set to epicsearch.in. According to the developers, revenue generated here is used to support the browser and services it provides. They furthermore state that the ads displayed here are only based on a user's search query and a rough location check.
Closing Words
It is too early to tell if Epic Browser will make a big splash or remain a niche browser that appeals to a privacy-focused audience.
I wish it would provide users with choice in regards to some of the features as it would improve the browser's usability. It would then be the user's decision to sacrifice some privacy for convenience.
The developers have promised to release the source code of the browser soon. For now though, it is not available.
Advertisement
I find it curious that a privacy oriented browser doesn’t integrate with tor or even regular proxies.
I think german SRWare Iron is fair enough and additional functions can be added via extensions.
+1 for SRWare Iron.
http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php
I’ve been using the portable version for nearly 3 years now.
It’s been around since late 2008, which means it has reliability and experience few other Chromium based browsers can touch.
Only a fool would use native Chrome. Unkillable/resurrecting Google processes running in the background 24/7 and zero concern for user privacy? No thank you.
Iron is nothing but Chromium with a few variables changed and is nothing but an attempt at grabbing ad revenue from the Chrome paranoid.
There’s a reason Iron hasn’t released a source code in almost two years and hosts the old version on three separate rapidshare links. You’re putting your trust in a browser that claims to be anti-Google and yet uses Google Adsense and Analytics on their home page.
If you wanted open source, Chromium itself is the better choice
http://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html
The truth about Iron
http://neugierig.org/software/chromium/notes/2009/12/iron.html
http://www.insanitybit.com/2012/06/23/srware-iron-browser-a-real-private-alternative-to-chrome-21/
I don’t think it’s “just a few variables” changed.
I just downloaded the latest portable build of Iron and the latest Win32 build of Chromium off the commondatastorage site you linked to (which by the way, is the slooooowest site I’ve visited since the dial-up days. Seriously, refreshing the win32 repository takes foreeeever. I thought it hung on me…).
Anyways, I unpacked both files and this is what I got:
Iron: 106 MB
Chromium: 203 MB
Just a “few” variables huh?
The worst thing I read about Iron had nothing to do with Iron, so much as the developer wanting to make some ad revenue off the site which hosts Iron (he can’t do it through Iron itself since it comes with a built-in adblocker, which is counter-intuitive to someone who wants to make money from ads), but it’s not like this is news. Let’s face it, pretty much EVERY site op wants some ad revenue, unless they can actually get by via the donation model or paying out of their own pockets month after month, because sites run mostly on fairy magic and pixie dust right? Get real.
Iron haters accuse the developer of scare tactics and hyperbole, but they call Iron “scamware” or “scareware”, which to anyone who has actually had to deal with REAL scamware knows this is total nonsense. No one’s being scammed out of their money using Iron, and if you’re using the portable version of Iron, removing it is as easy as deleting the folder. That’s it.
If you want a case study of how real malware behaves, look up “googleupdate.exe” which comes with Google Chrome, or better yet try to REALLY remove it once you have it on your system.
The simple fact that Iron does not come with googleupdate.exe alone is good enough reason to use it instead of Google Chrome. This process adds a service, a scheduler entry, and a startup entry, all without telling you or giving you an option to opt out. Just delete it in taskmgr and remove the startup entry right? Wrong! All the hoops and hurdles you have to jump through to get rid of googleupdate.exe is IDENTICAL to all the hoops and hurdles you have to jump through to get rid of actual malware. Which raises the question: What is the difference?
TL;DR: Iron and Chromium >>>> Google Chrome due to lack of googleupdate.exe.
Iron >> Chromium due to being half the size (twice as efficient).
Just a highlight on downside? Spell check, translation services do hit Google services, a potential threat for privacy so they have been removed, and auto fill of search and are all made local instead of coming from Google services (the last point on the webpage to be noted) which is also a threat to the User.
Sure that is clear that these services need to be powered by something. It is just that many users have come to rely on them, or at least have grown accustomed to the features so that at least some see it as a downside if they are not available.
In the end, it comes down to what you value more: privacy or comfort.
I’ve been using it for a couple of weeks, and I have pretty acclimated to the absence of features. I’m not the average user though.
But I do wish they could figure out a way to make spell check a local function and put it back. Oh well, I suppose it’s good brain exercise.
Kaspersky prevents software from installing, says its a trojan..
I checked the installer and the executable over at Virustotal and it comes out as clean.
Yeah, i installed it via sandboxie, and the broswer is a fail: doesnt block any ads, doesnt use https where it should, no advertised proxy searching, gives out IP and all other information other browsers do.
True adblocking doesn’t seem to be there; however, if you click the litle green connection icon to the right-side of the address bar, you go through a proxy so the ip info is changed.
BUT: I hate online installers. I too run the install through sandboxie and am running as a “portable”.
I don’t see any reason to use Epic. Seems like an epic failure.
The biggest of all downsides is that Epic is Chromium-based.
Security on the Internet ? There is (almost) no such thing.
It was leaked yesterday that the NSA has cracked Internet encryption !
The NSA has weakened SSL to obtain encryption keys.
NAS has cracked VPN encryption
NSA works with security product vendors to ensure that commercial encryption products are broken.
NSA has “pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service,â€
Even using TOR seems to be unsecure as a huge botnet has been found in the last weeks using TOR (I think it is run by the NSA ).
http://money.cnn.com/news/newsfeeds/gigaom/articles/2013_09_05_the_nsa_has_cracked_the_secure_internet_3_things_to_know_about_the_latest_snowden_leaks.html
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
http://threatpost.com/huge-botnet-found-using-tor-network-for-communications/102179?utm_source=Newsletter_090613&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=
The NSA’s data gathering capabilities are or will soon be replicated by countries such as Russia and China and by international banking conglomerates whose “magic” algorithms are most assuredly not restricted to stock market manipulations.
There is no longer any protection anywhere from the abuse and misuse of technologies which provide access to all aspects of everyone’s most intimate profile.
Nothing can protect an individual from a government’s or a corporation’s self-serving information gathering predations.
If you doubt these statements, you still believe in Santa Klaus.
What do all three of those sites have in common? Hyperbole.
We need specifics. Generic “.. cracked VPN encryption” is meaningless without context. If the statement is PPTP or LT2P VPN is broken, then I would agree.
HTTPS compromised? Which algorithms and ciphers? All? Some? MD5, absolutely. RC4, most likely. RSA SHA1 1024? What about 2048? SHA256 the answer?
Then what about SSH? Again, specifics.
Instead of dropping link bait, let us start discussions on what is likely broken and likely safe from prying eyes.
Hyperbole ? They have the original documents stating this as a fact.
TLS and IPSEC are safe (for now). ALL others are broken.
http://in.reuters.com/article/2013/09/08/us-internet-security-idINBRE98701J20130908
Ironic that all of these “privacy focused” browsers use Chromium as their base and not Firefox.
The reason why they use Chromium is that it is a better engine than Gecko. I’ve used Gecko browsers since Netscape and have really been unimpressed by them. K-Meleon, Firefox, Seamonkey, Galeon, etc. Blink/webkit is a great engine, optimized for the modern web. Chromium is open source, and browsers like SRWare Iron and Epic Browser has removed the evil Google implants.
The Gecko developers have dropped the ball big time. The last time I enjoyed a quick and snappy implementation of Gecko was Phoenix 0.5. Most FF fanbois didn’t start using it till version 1.0, when it was already bloated.
You know how I know you’re absolutely full of shit? Because Firefox, which is a smaller installer and uses less RAM than Chrome is “bloated.” People like you throw that term around so much you don’t even know what it means anymore and just parrot what some other idiot on the internet has said at some point many years ago.
And I know you’re even more full of shit because being bloated is not about install size, it’s about “feature creep” and being sluggish to use. FF has failed to beat IE and has lost to Chromium/Chrome, and I am happy to see it go. Go kiss Asa Dotzler’s butthole one last time. You lose again.
Do we still need to use some extensions with SRWare? Or does he already have the necessary to have a safe browsing without major worries? I tried it and it seems good, fast, etc.
ATM i use chrome alongside with DoNotTrackMe and Facebook Disconnect…
I’ve had enough of custom Chrome browsers.
Used to use Coolnovo but switched to Chrome since they are slow to update to a more recent Chrome base.
Not sure about the devs of Epic Browser.
Is a one man show that irregularly updates when time permits?
Or is it backed by a dedicated team ready to push timely updates following the latest Chromium builds?
This broser used to Gecko-engine, but recently change to Chromium, it is a browser made for Indian.
http://www.softpedia.com/progScreenshots/Epic-Browser-Screenshot-205991.html
Some people do not seem to have received much education and show this by telling someone on line that he is “full of shit”. I am by no means a saint when it comes to swearing and using expressions, but I keep them private. If you have an urge to shout abuse at someone, have the decency to do so elsewhere but not in public.
As for Epic: it is ironic that they use Spotflux, because Spotflux saves logs of the IP address that logs into their service.
Thanks for the write-up Martin & great coverage for several years now! Thanks for all the comments.
We feel we have to be as transparent as possible about what we’re doing and how we’re doing it to be successful in terms of protecting everyone’s online privacy so below are very frank answers to some concerns.
Kaspersky identifies Epic as a modified version of Chrome and hence finds it suspicious and tries to block it — sorry about that — many others including Martin & dozens of other a-v vendors have tested it as clean and previous versions of Epic got 5 out of 5 stars from CNET and 4.5 stars from PC World.
Not sure why some users were having trouble with Epic’s Ad Blocker – try restarting Epic and or browsing in a new tab? Our Ad Blocker was sometimes a bit finicky but we thought we had ironed out most of those kinks?!
We’re a small but dedicated team — there will be regular updates but it takes us time to review the changes Google makes and then update our code. We try to turn around key security issues really fast. In general you’re much safer using a niche browser as we’re never a target for attack unlike the major browsers. Chromium excluding plugins has also never been hacked…its each tab a process model is very secure.
Chromium as has been pointed is a great browser framework which has never been hacked except via plugins and note Firefox was recently exploited in the TOR hack.
We understand you have choices in the marketplace — if you believe in privacy, we hope you consider Epic. Also consider joining us in our forums and mission to keep your browsing and searches private — privacy is too big for a single group, it needs a community. Thank you for your support!
They have released an update yesterday…!
http://forum.epicbrowser.com/viewtopic.php?id=394
almost a year later… and they STILL haven’t published the source code. Move along, nothing to see here.
The spell checker is working. But you can only install 9 extensions they provide on their site. At least one of them is LastPass. I find Epic kind of useless since that’s all the extensions you can install.
There are trade-offs if you want privacy…like not being able to install any random extensions that’s likely saving or sending through its servers all your browsing history!!
We’ve engineered Epic to be very, very private…if you care about privacy and security Epic’s for you! If you don’t, there are many other options.
We have made our source code auditable to anyone. We’ve also given files/code to anyone who asks — we’ve had several folks and other browser makers ask us for files and we’ve provided them without any problems. We hope to be able to release all code completely openly soon…unfortunately open source DOES NOT mean private or even secure as the recent Heartbleed issues revealed.
I tried Epic for the first time today. I wonder if its current version compared to current stable Google Chrome is as secure as it should be? I sure miss the extensions I use in Chrome, but disabling them and restarting in incognito mode I suspect buys me something….
Epic still works great in 2019. Also, it has free proxy service with access though 8 countries, 9 total with 2 in the USA. Most of these proxies are much faster than most VPNs I know of; not as secure but great for when you just need to change your IP address. Comes in handy to bypass download limits from free file hosts.
My only concern is if Epic is being updated, as the last blog post on their site was from 2018. Hmm.
What about antidetect browsers like gologinapp and others? Good alternative?