Review privacy Internet browser Comodo Dragon

Comodo Dragon is a privacy focused Internet browser based in open source Google Chromium. Its interface looks like Chrome but has been modified to add privacy features and stop Google from gathering personal data.

During browser installation you will be asked if you would like to use Comodo secure DNS, If you choose yes this will change your Internet Service Provider DNS servers making it more difficult  for your ISP to censor websites and spy on you. Websites you visit will be scanned to detect malware, when you click on a link taking you to a bad site Comodo Secure DNS will block it with a warning and give you the possibility to disregard the block, my experience so far has been that sometimes the wrong sites are blacklisted, there is the possibility to send feedback to Comodo when that happens.

Another security feature of Comodo Dragon is that it will always ask for SSL pages when available, looking up digital certificates and verifying them. The browser will also protect you from advertisements. An included extension called PrivDog will block Google Adsense and other tracking adverts replacing them with banners from AdTrustMedia, a company that does not use cookies to monitor what you do on the Internet. Privdog can be disabled and specific sites whitelisted if you would like to support them allowing adverts from those pages.

Comodo Secure DNS block
Comodo Secure DNS block

In Comodo Dragon privacy you can create different profiles, this way you do not have to erase cookies all the time, you can create a profile to be used in trusted sites and another one that you regularly erase to visit sites that track you across the Internet. And if you visit porn or warez sites the best is to switch to Comodo virtual mode, this will contain the browser inside a virtual box, stopping viruses from spreading to the operating system. In virtual mode any possible malware infection only lasts until you close the browser, the only consideration is that you need a little more RAM to run virtual mode than in normal mode. This is like having Sandboxie for free.

The few annoying things I found in Comodo Dragon were that changing the homepage, which is set to Yahoo by default, is not straight forward, more of a Google Chrome design fault than Comodo. To change Comodo Dragon homepage go to “Settings” where it says “On Startup“, next to “open a specific page or set of pages“, click on “set pages“, this will take you to a box where to enter your favourite homepage, to erase the default Yahoo homepage hoover over the link and you will see a cross appearing next it, click on the cross and the default home page will be erased.

The second annoying thing was changing the default search engine. A smooth way to do that is visiting Google Chrome market place and add a privacy search engine addon like DuckDuckGo. You will be invited to sign up for a Google Account to keep your settings, it will be best if you don’t because this places again your life in the hands of Google and any NSA device they might have installed in their cloud servers.

If you are not a fan of the Chrome browser Comodo also builds a privacy focused Mozilla based browser called Comodo Ice Dragon, with a Firefox interface that lets you use FIrefox addons.

Visit Comodo Dragon homepage

Epic privacy browser review shows data leaks

Epic browser is a Chromium based Internet browser for Windows and Mac advertised as privacy friendly. Everything has been supposedly designed from the ground up to have privacy always on by default. Users can’t tweak the browser to seriously disable privacy, the few settings you can change are allowing third party cookies and enabling ads, this is done per tab on each site and not globally. The browser blocks advertisements and scripts, each tab is a separate process, a clickable umbrella logo on the right hand side lets you modify ad blocking options but when you restart the browser the default no tracking settings should all be in place again, unless you bookmark a page, in which case URL will remain there permanently in the toolbar for anyone to see.

The browser is built using modified open source code released by Google Chrome and it will not be automatically updated with each new Chrome release until the new code has reviews by Epic browser developers to make sure that Google has not introduced any new tracking or privacy invasive techniques. The Epic browser Internet surfing only works in Incognito mode, everything you do in the browser runs in RAM memory, cookies, history, cache and other Internet browsing traces revealing what sites you have visited should vanish beyond recovery once you close the browser window.

Epic privacy browser blocked trackers
Epic privacy browser blocked trackers

Unlike manually removed Internet traces, RAM memory can not be recovered by specialist computer forensics tools like Encase. The only possible way for a skilled attacker to learn what sites you have visited, would be if your computer crashes in the middle of a session, in that case the Windows OS dump file could store RAM memory activities in the hard drive. Another way to breach Incognito browsing is if your computer has very little RAM memory, like tablets normally do. When RAM memory runs out, Windows uses the page file in your hard drive to write data and avoid crashing your browser. Anything written in your hard drive can be recovered, make sure that your computer has enough RAM memory to support Incognito mode browsing.

The downside of an always on Incognito mode is that there are times when you might want to keep cookies to stop having to manually enter usernames and passwords when you visit a forum or log into your email email account. Due to this, the Epic privacy browser is best suited as a second browser only used to visit sensitive sites, or you will spend lots of time having to reenter passwords.

The Epic browser improves Google’s Chrome privacy invasions removing Goole installation ID and getting rid of Google Chrome products shoved down your throat, like the automatic page translation and Google search, which are replaced by Epic browser’s own privacy searcher, called EpicSearch. Searches carried out with EpicSearch are proxied to stop your computer IP from being logged by search engine servers, only the last digits of your IP are passed on to give local search results.

EpicSearch is how the Epic browser intends to make money and fund future development. For security reasons you can’t install any addon in the Epic browser, so the default search engine can not be replaced, this is unfortunate because my experience has been that EpicSearch results were not very good and found myself using DuckDuckGo instead, the overall experience could be improved if they signed up a partnership with a better privacy search engine.

The best Epic browser feature, is perhaps the one click proxy, with a single click on a tiny  plug logo found in URL bar, you can hide your computer IP address and change it with an American one. Epic browser proxy service is provided by Spotflux, I have used it to watch US content restricted to US residents, like Hulu and Slacker Radio. Speed tests carried out from Europe gave me 2Mbps, enough to stream videos.

I found this browser to be theoretically more privacy paranoid than Comodo Dragon Ice, for two reasons, because it only works in Incognito mode and because it blocks all third party addons and another plus is that their website gives information about who is behind the company, naming The Washington Post as one of the Epic browser investors and disclosing that their offices are divided in between the USA and India, this shows transparency and proves that the Epic browser is not a one man show but a serious business with backing that should allow them to be around for a long time.

Epic privacy browser data leak
Epic privacy browser data leak

Now comes the bad part, I noticed that even when I am not running the Epic privacy browser there is a process in my Task manager called EpicUpdate.exe, this takes away memory resources and it really should not be there when the browser is not open. I decided to investigate a little further while the prowser was still closed and looking at the folders located in AppData/Local/EpicPrivacy Browser/User Data/Local Storage I found various files named chrome-extension_(cryptic).localstorage, one of the files was over 100Kb in size so I decided to open it up, it appears that the right way to do this is a SQL viewer but I used Notepad and inside I found a list of the websites that I had visited the day before, so much for privacy!

I have now looked at that folder again with the Epic privacy browser running and I see files being created that contain the name of the URL I visit (in the form of, these files are temporarly written to the hard drive otherwise I would not be able to see them, they are deleted afterwards but it won’t be difficult for a noisy person to uncover them again using any cheap undelete software.

What started as a good review ends up like a total disaster for the Epic privacy browser, stay away from them, if there is something worse than no security that is false security, believing you are safe when you are not. For some reason Incognito mode writes data to the hard drive, it should not happen.

Visit Epic privacy browser homepage