HideIPVPN
RSS Feed Click to Subscribe!

Epic privacy browser review shows data leaks

Epic browser is a Chromium based Internet browser for Windows and Mac advertised as privacy friendly. Everything has been supposedly designed from the ground up to have privacy always on by default. Users can’t tweak the browser to seriously disable privacy, the few settings you can change are allowing third party cookies and enabling ads, this is done per tab on each site and not globally. The browser blocks advertisements and scripts, each tab is a separate process, a clickable umbrella logo on the right hand side lets you modify ad blocking options but when you restart the browser the default no tracking settings should all be in place again, unless you bookmark a page, in which case URL will remain there permanently in the toolbar for anyone to see.

The browser is built using modified open source code released by Google Chrome and it will not be automatically updated with each new Chrome release until the new code has reviews by Epic browser developers to make sure that Google has not introduced any new tracking or privacy invasive techniques. The Epic browser Internet surfing only works in Incognito mode, everything you do in the browser runs in RAM memory, cookies, history, cache and other Internet browsing traces revealing what sites you have visited should vanish beyond recovery once you close the browser window.

Epic privacy browser blocked trackers
Epic privacy browser blocked trackers

Unlike manually removed Internet traces, RAM memory can not be recovered by specialist computer forensics tools like Encase. The only possible way for a skilled attacker to learn what sites you have visited, would be if your computer crashes in the middle of a session, in that case the Windows OS dump file could store RAM memory activities in the hard drive. Another way to breach Incognito browsing is if your computer has very little RAM memory, like tablets normally do. When RAM memory runs out, Windows uses the page file in your hard drive to write data and avoid crashing your browser. Anything written in your hard drive can be recovered, make sure that your computer has enough RAM memory to support Incognito mode browsing.

The downside of an always on Incognito mode is that there are times when you might want to keep cookies to stop having to manually enter usernames and passwords when you visit a forum or log into your email email account. Due to this, the Epic privacy browser is best suited as a second browser only used to visit sensitive sites, or you will spend lots of time having to reenter passwords.

The Epic browser improves Google’s Chrome privacy invasions removing Goole installation ID and getting rid of Google Chrome products shoved down your throat, like the automatic page translation and Google search, which are replaced by Epic browser’s own privacy searcher, called EpicSearch. Searches carried out with EpicSearch are proxied to stop your computer IP from being logged by search engine servers, only the last digits of your IP are passed on to give local search results.

EpicSearch is how the Epic browser intends to make money and fund future development. For security reasons you can’t install any addon in the Epic browser, so the default search engine can not be replaced, this is unfortunate because my experience has been that EpicSearch results were not very good and found myself using DuckDuckGo instead, the overall experience could be improved if they signed up a partnership with a better privacy search engine.

The best Epic browser feature, is perhaps the one click proxy, with a single click on a tiny  plug logo found in URL bar, you can hide your computer IP address and change it with an American one. Epic browser proxy service is provided by Spotflux, I have used it to watch US content restricted to US residents, like Hulu and Slacker Radio. Speed tests carried out from Europe gave me 2Mbps, enough to stream videos.

I found this browser to be theoretically more privacy paranoid than Comodo Dragon Ice, for two reasons, because it only works in Incognito mode and because it blocks all third party addons and another plus is that their website gives information about who is behind the company, naming The Washington Post as one of the Epic browser investors and disclosing that their offices are divided in between the USA and India, this shows transparency and proves that the Epic browser is not a one man show but a serious business with backing that should allow them to be around for a long time.

Epic privacy browser data leak
Epic privacy browser data leak

Now comes the bad part, I noticed that even when I am not running the Epic privacy browser there is a process in my Task manager called EpicUpdate.exe, this takes away memory resources and it really should not be there when the browser is not open. I decided to investigate a little further while the prowser was still closed and looking at the folders located in AppData/Local/EpicPrivacy Browser/User Data/Local Storage I found various files named chrome-extension_(cryptic).localstorage, one of the files was over 100Kb in size so I decided to open it up, it appears that the right way to do this is a SQL viewer but I used Notepad and inside I found a list of the websites that I had visited the day before, so much for privacy!

I have now looked at that folder again with the Epic privacy browser running and I see files being created that contain the name of the URL I visit (in the form of http_www.site.com.localstorage), these files are temporarly written to the hard drive otherwise I would not be able to see them, they are deleted afterwards but it won’t be difficult for a noisy person to uncover them again using any cheap undelete software.

What started as a good review ends up like a total disaster for the Epic privacy browser, stay away from them, if there is something worse than no security that is false security, believing you are safe when you are not. For some reason Incognito mode writes data to the hard drive, it should not happen.

Visit Epic privacy browser homepage

11 Comments

Add a Comment

Your email address will not be published. Required fields are marked *