Browser Bubble

Complete Browser Isolation For Total Privacy And Security.

What is it?

Browser Bubble is a Windows application that provides virtual machine-like isolation to a browser process without actually using a virtual machine. This allows Browser Bubble to offer a number of features that would typically require multiple tools all in a single, easy-to-use application that does not require any changes to your browser itself or your browsing behavior.

Why should I care?

The Internet can be dangerous. From ad trackers to compromised sites that serve malware, your privacy and security is constantly being tested. While the best protection is to use an actual virtual machine that has been configured with unique settings for each browsing instance, that is not an easy or light-weight solution for typical users. But the benefits of process isolation are many and shouldn't be limited to only users that have the technical knowledge required to setup isolated environments.

Browser Bubble provides isolation without a virtual machine so that each browser instance is protected at the file system, network and browser application level to provide unique, safe and secure browser environments.

Get Started

The first thing to do is download Browser Bubble. The current release is:


The idea behind Browser Bubble is that each browser instance should be totally isolated from all other instances. For normal browser operations that is not the case. All modern browsers do not allow multiple independent instances of the same browser. For example, when you start Chrome a main instance will be created. While it is still running and you double-click your Chrome icon again, it does not start a separate Chrome process. Instead, the main instance will absorb new instance. This is problematic for a number of reasons. And while browsers do provide profiles and in Firefox's case, containers, there is still not enough lower level isolation

Browser Bubble fully isolates each executed instance of a browser so that each execution creates a completely separate process.

Separation by process allows Browser Bubble to redirect low-level I/O operations (file, network and registry) to further isolate each Bubble as well as give each Bubble a unique fingerprint to prevent tracking.


When running Browser Bubble for the first time, you'll be prompted to provide some initial settings. This includes specifying the default network adapter, which is used for VPN routing, along with the installed browsers and profiles that are used as the base for the Bubbles. Additionally, Browser Bubble needs to determine which sandbox technology to use.

There are two types that Browser Bubble implements but each provides different functionality. The primary sandbox uses a virtual hard disk (VHD) file mounted as a drive when the Bubble runs. This leverages the 'diskpart.exe' Windows application to create, format and mount the VHD file. While this is a standard utility, diskpart may fail in some cases. In particular, popup errors stating that the drive needs formatted before use can occur in which case, the Bubble will fail to load.

The backup sandbox technology is to simply redirect file activity to a specific folder on the primary harddrive. While this is similar to the primary sandbox method, there are two main shortcomings. First, it does not support encryption because BitLocker does not provide per-file or per-folder encryption options. Second, it makes cleanup and transport of the profiles a little trickier.

As the actions are performed, the checkboxes will change to indicate a succcesful setting or test.

They will also change to indicate a failure result.

The image above with the red X's indicates that testing the primary sandbox feature failed which automatically will fail the encryption test.

Even though Browser Bubble attempts to determine compatability, you can still override the sandbox settings on the options page.


Browser Bubble supports Chromium based browsers as well as Firefox. There are many forks of Chromium and while Browser Bubble should work with all of them, depending on the changes made relative to the original Chromium source code, there is a possibility of incompatibility. Organically, Browser Bubble has built-in support for the following Chromium browsers:

  • Blisk
  • Brave
  • Chrome
  • Chrome Canary
  • Chromium
  • Edge
  • Epic
  • Iridium
  • Iron
  • Vivaldi

Automatic browser detection along with pre-made Bubble icons are available for the listed browsers. If your prefered Chromium-based browser is not on the list, you can add up to 8 other browser types.

Browser Bubble only supports 64-bit versions of these browsers. If a browser is not 64-bit then it cannot be Bubbled.

When run for the first time, Browser Bubble will identify every installed browser on your system and ask for the profile path you want to base future Bubbles off of.

You can add other browsers or the same browser with a different profile path later but the initialization is just designed to get things started.

Once you have your browsers configured, you can move on to creating Bubbles. But you might be asking how Browser Bubble actually works. First, when it detects one of the configured and enabled browsers is started, it will intercept the execution to begin the Bubble process. If a browser is not configured or not enabled, then the browser will not be 'Bubble-ized' and continue to run normally. Browser Bubble will then inject code into the new browser instance in order to modify certain browser behaviors. It's important to note that none of the changes weaken or reduce any browser security. Additionally, Browser Bubble uses kernel-level drivers to monitor and, if necessary, change file, network and registry operations. The end result is that the browser process is fully isolated from other instances with unique characteristics.


Browser Bubble spoofing is not like extension based spoofing. While Anti-Fp is powerful and provides a lot of features, all extension based spoofing has shortcomings. Even the most advanced spoofing is still detectable due to the ways that the extensions interact with the page. As research by CreepJS and others have shown, small changes in JavaScript behaviors can be identified to detect the presence of extension based spoofing. While it may not be enough to detect un-spoofed values, just the presence of spoofing may be enough to deny service or report activity.

Browser Bubble exposes 16 setting categories that change the browser's fingerprint at a much lower lever than what can be achieved through an extension. Because the deceptions do work at such a low level, the browser itself believes the new information and will adjust accordingly. For example, setting the Windows version to something other than the actual version may cause the browser interface to display differently. Also, modifying the screen size settings may change how the browser renders objects. Therefore, proper tuning is necessary.

But this is what gives Browser Bubble its realism. When the browser itself believes the values then anti-anti-fingerprinting has no chance to detect the spoofing unless totally unusual values are provided. The 16 categories of spoof settings includes:

  • Battery
    Spoof the system power status. Set if the device is plugged-in or on battery power along with battery levels. This setting only applies to Chromium browsers.
  • CPU
    Spoof the system CPU thread count. Typical values are 2, 4, 8 but you can pick any value greater than 0.
  • Fonts
    Set the browser font profile based on a specific Windows version or define a custom profile.
  • Language
    Set one or more language values that applies to both 'Accept' header and locale. Note that your browser text and the pages being served will become localized in the selected language.
  • Math
    Modify certain math calculations to add a slight jitter.
  • Media
    Change how media devices are identified. Device enumeration can be blocked or the devices can be renamed and parameters spoofed.
  • Memory
    Spoof the system memory size. Only Chromium browsers actually expose this value to JavaScript.
  • Network
    Modify the type of network connection to be either Ethernet or Wifi.
  • Performance Timer
    Modify certain performance related timers to add a slight jitter.
  • Screen
    Modify the reported screen size that the browser thinks it is running on.
  • Speech
    Create custom speech voice profiles.
  • Time
    Set the browser time zone.
  • Touch Points
    Set the number of touch points.
  • WebGL
    Modify WebGL images to add a slight randomness. Additionally, different WebGL feature levels can be set.
  • WebRTC
    Block WebRTC requests at the network level.
  • Windows Version
    Choose between Windows 7, 8, 8.1 and 10.

With this list of options, completely unique browser fingerprints can be generated with 100% realism. However, you might be asking why some types of spoof settings are not available, such as canvas or user-agent.
First, it's important to understand what Browser Bubble is designed for. It is designed to protect your privacy and security. It is not designed to make you anonymous and was not designed for automation purposes. Consequently, not all spoof settings are necessary or even needed.

Second, Browser Bubble makes no attempt to radically change your OS or browser type. If you are using Firefox on Windows, then your Bubble will continue to show Firefox on Windows. While you can change the specific Windows version, you cannot make it appear as Linux for example. And because Browser Bubble is a desktop application, no Bubble will project as a mobile based system.

In the specific case of user-agent, modification of the Windows version will change your user-agent string because part of the string contains the version of Windows the browser is running on. But the browser version remains unchanged. Again, this is by design and we have no plans to change it.

Canvas is very similar. There are a lot of misperceptions about canvas tracking and canvas uniqueness. In reality, canvas is not unique nor a very good tracking signal. Canvas output is determined by the browser's drawing library and is not system unique. You can run an experiment to see for yourself. On two different systems, install the same version of a browser and test your canvas fingerprint. They will be the same. So, in fact, canvas is only really useful to identify the browser type but because Browser Bubble does not change your browser type, there is no need or actual good reason to change a value that can give away the fact that deception is being used.

Related to that, recent changes to Chromium (starting around version 90) has made some types of fingerprinting more difficult. Chromium introduced a standard math library the provides consistent outputs across OS versions and platforms.

"This will be used to mitigate Web Audio fingerprinting by using the same math library across OS versions and platforms."

Chromium Developer - 29 Jan 2021

There are other tracking methods, such as HSTS, ETag and favicon, that are defeated by the isolation and ephemeral nature of the Bubbles so Browser Bubble does not need to expose any options to be set.

Again, Browser Bubble is designed for privacy and security with the goal of making the deceptions as realistic as possible. Modifying some settings are a dead giveaway that protection is being used and that in itself is problematic.

If you have questions about other settings, please send us an email.


Browser Bubble separates Bubbles on the file system through the use of virtual disks. When a new bubble is started, a new virtual disk is created so that all browser file activity can be re-directed. There is an option to encrypt these virtual disks by using BitLocker so that all data will be protected when not in use. If your system does not support BitLocker encryption then this will not work.

BitLocker encryption requires Windows Pro, Enterprise or Education editions. Home edition does not support encryption. Additionally, a Trusted Platform Module (TPM) 2.0 is also necessary. UEFI settings may also need to be configured. If encryption does not work, please do your own research to ensure your system supports BitLocker encryption in the first place before contacting us for support.


Browser Bubble supports actions that allow you to automatically run additional programs at certain points in time so that you can integrate additional capabilities with Browser Bubble. A common use case for these actions would be to setup and then tear down a VPN connection.

There are three points of a Bubble's lifecycle that an action can be configured and executed.

  • Pre-Launch: The action will execute after Browser Bubble was notified that a browser was loading but before the browser is executing.
  • Post-Launch: The action will execute after Browser Bubble has successfully configured the Bubble and released the browser application. If Bubble setup fails for any reason, this action will not execute.
  • Shutdown: The action will execute when the browser is closing.

During the pre-launch action, Browser Bubble provides a number of settings to control the action in order to influence the Bubble creation. When configuring an action, you can set it to not wait in which case the action will be executed asynchronously with the Bubble creation. You can set it to wait in which case, the Bubble creation will pause until the action program has completed. And finally, you can have it wait and evaluate which like the wait option makes the Bubble creation pause but then the action out, both the exit code and any captured standard output, can be tested to provide a simple evaluation if the Bubble should continue. There is also a timeout option that can be set for the two wait options so that the Bubble isn't waiting indefinitely. It's important to ensure that if you set the wait option that whatever program is used for the action will complete in a reasonable amount of time and produces an evaluate-able output. The action configuration form, as seen below, provides a testing mechanism so you can configure the action and ensure that it works as intended.

Quick Bubbles

You're busy. We get it. So Browser Bubble makes it easy to quickly create random Bubbles with minimal settings. These 'Quick Bubbles' can be generated against a browser profile with unique fingerprint options.

First, simply pick the browser you want to use and then tell Browser Bubble how many Bubbles you want generated. Additionally, you can have Browser Bubble automatically create shortcut icons for each of the new created Bubbles.

Once generated, the new Bubbles will appear in the 'Saved Bubble' list and can be modified, deleted or executed.

More advanced settings, such as DNS, proxy, VPN, etc, are not set when generated but can be configured later.


Browser Bubble implements additional checks on browser activity to ensure that nothing potentially malicious is executed. Generally when a browser exploit runs, the exploit code will attempt to either move to another process's address space or simply launch of new program to carry out additional functionality. Browser Bubble monitors browser behavior to look for signs of possible infection and if detected, blocks the activity. Anti-exploit protection can be applied to specific Bubbles or not at all. And while there are some smart heuristics in use, there is always the possibility of false positive so anti-exploit protection can be toggled on or off globally as needed.

Browser Bubble Anti-Exploit is designed for very specific exploit use cases. It should not be considered a substitute for other security tools so please protect yourself as needed.

DNS Filtering

Browser Bubble provides two modes for enhanced DNS protection. The first mode is to simply configure the browser, at runtime, with a secure DNS provider. The second mode is to use Browser Bubble's own DNS resovler. There are pros and cons to each method so it's important to understand the differences.

The first method allows you to easily change the DNS provider while the browser is running by simply updating the browser settings. This method is also more efficient than Browser Bubble's resolver because of the extra steps involved with capturing and re-routing requests. The downside to the native browser method is that network filtering is not possible because the DNS request will already be encrypted by the time Browser Bubble is able to see it. So, if you want enhanced network filtering using the native browser DNS settings, you will need to have a third-party firewall to block the actual network connections.

Browser Bubble's provides a logging mechanism so that you can see all the DNS requests being made from a Bubble.

For the network filtering list, you can provide your own list of IP addresses and domains to block or you can let Browser Bubble sync with a public list of known bad values.


Browser Bubble can be configured with a list of proxies that can be used on a per-Bubble basis. Simply assign one or more proxies to a Bubble and Browser Bubble will force the browser to use said proxies by updating the browser's preferences. Because the proxy setting is applied at the browser level, you can use the browser's setting to modify the settings if necessary without having to relaunch the Bubble.

VPN Routing

In addition to proxies, Browser Bubble can also route network traffic through specific VPN connections on your system. If you run multiple VPNs at the same time, this is useful to ensure that a specific Bubble is using a specific connection.

Whatever VPN provider you use, as long as it creates a network adapter that Browser Bubble can identify, then the Bubble traffic can be routed through it. Browser Bubble does not provide VPN services at this time.

Creating a Bubble

Now that we have described the available settings for a Bubble, we can now discuss how to create one.

To start, click the plus (+) icon in the 'Saved Bubbles' box on the left hand side of the main window.

When clicked, a new Bubble profile window will open.

Here is where you fill in Bubble details such as the name and the browser it should target. Each Bubble must be associated with a specific browser. You can also configure BitLocker protection, spoofing, DNS, proxy and VPN settings. While it's best to configure everything initially, most of these values can be overridden at the point of Bubble launch if you choose to do so.

You have the option of having Browser Bubble generate a spoofing profile for you however, you can also manually set spoof values.

Once you are happy with your Bubble, click the 'Ok' button to save it. It will then appear in the 'Saved Bubbles' list on the main form.

Run a Bubble

One thing that makes Browser Bubble so useful is that it does not require you to do anything different when you want to launch a Bubble. You can simply run your regular browser however you normally do it. When the browser is loaded, Browser Bubble will intercept the execution and then present a window asking which Bubble should be applied.

If you don't want to deal with the Bubble picker then you can create Bubble shortcuts.

These shortcuts can be used just like any other shortcut but when run will automatically run the browser inside the specified Bubble. This makes it incredibly easy to create and launch numerous Bubbles without any behavior change.

Once a Bubble is running, it may not be evident. Additionally, with multiple Bubbles running at the same time, it can be hard to keep track which Bubble is which. To help alleviate those issues, you can set a color to a profile which will cause that browser instance to be drawn with a colored border when it is the active window.

Browser Bubble does provide a listing of all running Bubbles on the main window with a counter that will update as new Bubbles are launched and closed.


Browser Bubble exposes a number of options to make management of your Bubbles easier.

  • Automatically bubble-ize enabled browsers.
    When any enabled browser is executed, Browser Bubble will automatically 'Bubble-ize' the new instance with the default Bubble. If no default Bubble is set, then you will be notified to pick a Bubble. If this option is disabled then only browsers executed through this application or available shortcuts will be run in a Bubble.
  • Block network access on browser load.
    To prevent data leakage, Browser Bubble can block browser network connectivity until you decide it should connect.
  • Confirm when closing Browser Bubble.
    Ask before Browser Bubble closes. If enabled, you'll be prompted when you click the X button. If disabled, Browser Bubble will close without notice.
  • Delete browser sandbox data.
    The browser sandbox will be deleted when the browser instance closes. If disabled, then the sandbox data will persist in the temporary directory until it is manually deleted.
  • Lock settings on minimize.
    Protect your settings with a password. If enabled, the password must be entered when Browser Bubble starts and after it has been minimized.
  • Manually install font files.
    Due to licensing issues, Browser Bubble cannot come pre-installed with fonts from different Windows versions. While Browser Bubble can still spoof fonts without the underlying font files, it is more realistic if they are available. You can manually install these files if you have them available.
  • Terminate browsers on Browser Bubble close.
    Browser Bubble enabled browsers will be automatically closed when Browser Bubble closes. If enabled, any browser monitored by Browser Bubble will be terminated on close.


Due to licensing issues, Browser Bubble cannot come pre-installed with fonts from different Windows versions. While Browser Bubble can still spoof fonts without the underlying font files, it is more realistic if they are available. However, you can manually install these files if you have them available.

Browser Bubble has a list of all installed fonts for Windows 7, 8, 8.1 and 10. In order to "install" the the fonts, simply place the font files all in a single directory. Browser Bubble will then compare what is expected for that Windows version against the files found in the selected directory. If the font file can be found, then Browser Bubble will move the file to its own font sub-directory.

If you want to create a font profile that does not mirror a valid Windows profile, you can do that as well. But it's important to understand how powerful font tracking can be. A few unique, non-standard fonts can be enough of a signal to make you highly trackable so you really need to consider the reasons why you want to create a custom font profile.

Service Compatibility

There are three default Windows services that Browser Bubble will stop when it loads and then restart when it exits. These are:

  • DNS Client
  • Font Cache
  • Shell Hardware Detection

These particular services provide caching and convenience features that can disrupt some of Browser Bubble's features. If these services are running, then Browser Bubble may not work as intended.


Browser Bubble Pro users can take advantage of a WebSocket based API to create, configure, and launch Bubbles. While Browser Bubble Pro is still in development, a draft of the API specification can be found here for early familiarization.


Q: The browser launches but it does not seem to be Bubble-ized.

There can be a number of reasons why a browser does not get Bubbled. The first thing to check is to make sure the browser has been properly configured and that a Bubble was created for that particular browser. Browser Bubble uses the browser's file path to identify when it launches so if you have multiple versions of the same browser installed, for example multiple portable Firefox installs, the browser version that is being run must match what was configured.

Second, other security software to include built-in Windows security settings can interfere with Browser Bubble. In particular, Window's Code Integrity Guard may prevent a browser from being Bubbled by blocking necessary actions. This is commonly seen with Edge for example although it may happen with other browsers.

Another thing is that there may have been an error or misstep by Browser Bubble and the Bubble process was aborted. In this case, sometimes just re-running the browser again will be enough. But if a browser continues to not Bubble, please contact us to help troubleshoot.


A valid license is required to use Browser Bubble. A single license is good for use on one system at a time. The same license cannot be used on another system concurrently. Additionally, a Browser Bubble license does not support Windows Server. If you have a unique setup that requires use on Windows Server with multiple concurrent users, please contact us so we can provide a quote for an enterprise license. This includes Terminal Service or any type of thin-client setup. We reserve the right to audit license usage from time-to-time and if violations are found, the license will be revoked.

A Browser Bubble license is good for 1 year after which it will expire unless renewed. There is currently a 50% renewal discount if the license is renewed before it expires (does not apply to trial or beta licenses). When renewed, a new license key will be issued with an expiration date 1 year later than your previous expiration date. Renewing early will not cause lost time. For example, if your license expires 31 Dec 2021 but you renew in Nov 2021, your new expiration date is 31 Dec 2022. Once your license expires however, a new license will be full price.

You can purchase a Browser Bubble license here.

As with all of our software, we provide a free 7-day trial so you can test Browser Bubble. The trial is only slightly limited in that only two Bubbles profiles can be created.


v1.2021.315.2050 (11 Nov 2021)

  • NOTICE: Browser Bubble Pro will be available shortly. BBPRO will have an exposed WebSocket for API control, headless mode and the ability to run on Windows Server or remote desktops.
  • ADDED: Built-in support for Epic browser.
  • FIXED: Not recognizing all configured browsers.
  • FIXED: DNS adds and mods of non-synced entries not working.
  • FIXED: Incorrect VPN selection when modifying entry.
  • FIXED: Browser list and count not updating after deletion.
  • FIXED: Sandbox password not being requested for some Bubbles.
  • FIXED: WebRTC blocking not set for Firefox.
  • FIXED: Proxy type not set when adding or updating entry.
  • UPDATE: Removed support for 32-bit browsers.
v1.2021.300.300 (27 Oct 2021)
  • FIXED: Chromium based Bubbles not loading existing extensions.
  • FIXED: Anti-exploit protection impacting non-Bubbled browsers.
v1.2021.291.1615 (26 Oct 2021) [Installer Update]
  • FIXED: Uninstaller was not fully removing driver reference which caused popup error when re-installed.
v1.2021.291.1615 (18 Oct 2021)
  • FIXED: Saved Bubbles not restoring properly.
  • FIXED: Launching browser from application not loading properly.
  • FIXED: Black color border still drawn if option is turned off.
  • FIXED: New actions not added to action list.
  • FIXED: Assigned actions not displayed when modifying Bubble.
  • UPDATED: Enhanced anti-exploitation protection.
  • UPDATED: Color borders now work with new browser windows.
v1.2021.250.2358 (07 Sep 2021)
  • Initial public release.