You are not logged in.
Pages: 1
Thanks for your reply sai.
> these are our SSL proxy servers, we are trying to come with one unique domain name to connect
I'm surprised to read this because I believe it is easier for you to do that today than use these oddball domain names which must each have their own DNS config.
In an hour or less (seriously) you can make, for example, proxy1.EpicBrowser.com, proxy2.EpicBrowser.com, and so on. These subdomains are functionally identical to these oddball domains if you config the DNS for EpicBrowser.com with the same records that are now scattered around.
Also, this unification under one domain is easier to set up with a robust, diversified server DNS host than multiple domain names held by different DNS hosts. Robust DNS hosting is critical to your intentions with the Epic browser with proxy and search functions. Why wait until you optimize the proxy service?
This not only improves your branding and reputation but it makes life simpler for admins as well as those enquiring minds who explore the purpose and source of mysterious connections.
Finally, if you are going to use odd domains and ports, why not simply document that somewhere for us, like that paragraph above that you wrote? I searched and couldn't find anything before I took the time to look into what was happening with a view to helping improve and protect this browser.
> http://arstechnica.com/tech-policy/2013 … ensorship/
Thanks for the Berners-Lee link! That and Alok's TEDx talk are valuable contributions.
I really miss Addthis.
can you enable this, or something similar?
Careful what you wish for:-) AddThis is useful but unfortunately a hazard to privacy. They use advanced forms of tracking that work-around tracking avoidance techniques, like those used by Epic. An excellent article explains:
http://boingboing.net/2014/07/23/web-tr … h-pic.html
Relevant portion is down about 3/4:
"...Most of the usage was from a single service, AddThis, which adds social-media and other sharing buttons to a site through an external JavaScript library reference and tiny bits of code....
AddThis did not respond to a request for comment, but told ProPublica that its script was part of ongoing research,.... AddThis also said that it doesn't ask permission from web sites to deploy such tests and that it doesn't use the data collected at government sites for "ad targeted or personalization," but didn't disclaim such use on other sites."
I do like and use Epic on my Mac for the last year throughout each day, for browsing well-known sites to block the tracking (I use Firefox for general browsing, especially to sites new to me). I still approve each connection any browser makes to any server with my Little Snitch firewall which has recently started requesting mysterious connections.
In the last week or two, I have refused multiple mysterious attempts by Epic to connect to several servers. I can't associate particular websites with these connections but they are all related to Epic persons or partners.
Epic has tried several times to connect to Sakth.com on TCP port 44300. What is the function of this server for this connection? This port isn't on the WikiPedia list of "well-known" ports nor on IANA's list of "registered" ports, so what sort of network service is this connection used for? en.WikipediA.org/wiki/List_of_TCP_and_UDP_port_numbers and IANA.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
This domain is registered to Alok Bhardwaj, Epic's founder. One important element of security is transparency. The webpage for Sakth.com simply says "It works! This is the default web page for this server. The web server software is running but no content has been added, yet."
I recommend explaining the connection to the homepage so that enquiring minds will know.
Another recent daily mysterious attempted connection from Epic, also on port 44300, is to Faisal.in which is registered to "ubio Biotechnology Systems Pvt Ltd" in Cochin India and sharing the same IP number as ubio.in. This website appears to be the personal blog site of Faisal Siyavudeen, co-founder of ubio, altho it hasn't been updated since July 2011. I ahve the same questions about these connections as I do about Sakth.com connections.
Finally, I have had several connection attempts recently to "ebrajupybrubonisig.info" (no there is not a misspelling here altho it appears I fell onto my keyboard:-) on TCP port 80.
This domain is related to Epic's proxy provider, Spotflux, but it isn't so easy to tell because it is registered to DACCA Enterprises (no info could be found other than WhoIs, and there it has a bogus phone number +1.5555555555) and Chris Naegelin, the co-founder of Spotflux.
ebrajupybrubonisig.info connects to a Squid proxy server on port 80, epicproxy001.8.spotflux.net, but it claims it is an "Invalid URL". Why use this domain for a connection to an Epic proxy server? I do not have Epic Proxy disabled.
Btw, I have also had daily Epic crashes over the last 2 weeks but I hope that isn't related to these mysterious server connections.
If this topic is not approved, please inform me why so I can edit it...and you can remove this line:-)
Malware sites sometimes use JavaScript to do the dirty work. I use Firefox with the the NoScript extension for general browsing so I can approve or deny scripts to run individually and on a case basis. http://NoScript.net
Can Epic implement a similar functionality?
Btw, I do like and use Epic as well throughout each day, for browsing well-known sites to block the tracking, but I still approve each connection any browser makes to any server.
This may be of interest to this thread:
http://boingboing.net/2014/07/23/web-tr … h-pic.html
"Canvas fingerprinting can be defeated by not allowing JavaScript to read image data that it has created, an option that's part of the Tor Browser. Allowing case-by-case access on trusted sites in which one is using some form of graphics-based interaction might make sense, and browser makers and plug-in designers could add these options for those concerned."
I'm curious why Epic offers the LastPass extension and not 1Password.
In my opinion, 1Password is more secure (based on how one can control the location of the master file) but it also has many more features and flexibility. If anyone thinks 1Password is less secure than LastPass then please let us know why...at least a link that explains rather than a simple assertion.
Btw, I don't mind inconvenience for security. I always have at least 3, often 5 browsers open on my Mac and constantly switch between them. I support Epic limiting extensions to those qualified for the store.
Firefox is the most secure browser when configured properly, controlling specific script execution, blocking trackers etc but Epic is a good balance between convenience and security for well-known risks like Facebook, NYTimes etc, but better balance if it had the 1Password extension.
Even tho I don't think Chrome/Chromium reports or runs all traffic thru Google servers, I use it only for Google services like translation, Gmail, maps, YouTube, etc. I use Safari to access Apple services and Opera for Fastmail.
And all these browsers allow 1Password, except Epic, so please add the 1Password extension to your store.
Pages: 1