Complete Browser Isolation For Total Privacy And Security.
Browser Bubbleis not released yet so these docs will likely change often.
What is it?
Browser Bubble is a Windows application that provides virtual machine-like isolation to a browser process without actually using a
virtual machine. This allows
Browser Bubble to offer a number of features that would typically require multiple tools all in a
single, easy-to-use application that does not require any changes to your browser itself or your browsing behavior.
Why should I care?
The Internet can be dangerous. From ad trackers to compromised sites that serve malware, your privacy and security is constantly being tested. While the best protection is to use an actual virtual machine that has been configured with unique settings for each browsing instance, that is not an easy or light-weight solution for typical users. But the benefits of process isolation are many and shouldn't be limited to only users that have the technical knowledge required to setup isolated environments.
Browser Bubble provides isolation without a virtual machine so that each browser instance is protected at the file system, network
and browser application level to provide unique, safe and secure browser environments.
The first thing to do is download
Browser Bubble. The current release is:
- Coming Soon!
The idea behind
Browser Bubble is that each browser instance should be totally isolated from all other instances. For normal browser
operations that is not the case. All modern browsers do not allow multiple independent instances of the same browser. For example,
when you start Chrome a main instance will be created. While it is still running and you double-click your Chrome icon again, it does
not start a separate Chrome process. Instead, the main instance will absorb new instance. This is problematic for a number of reasons.
And while browsers do provide profiles and in Firefox's case, containers, there is still not enough lower level isolation
Browser Bubble fully isolates each executed instance of a browser so that each execution creates a completely separate process.
Separation by process allows
Browser Bubble to redirect low-level I/O operations (file, network and registry) to further
isolate each Bubble as well as give each Bubble a unique fingerprint to prevent tracking.
Browser Bubble supports all Chromium based browsers as well as Firefox. When run for the first time,
Browser Bubble will
identify every installed browser on your system and ask for the profile path you want to base future Bubbles off of. You can add other browsers
or the same browser with a different profile path later but the initialization is just designed to get things started.
Once you have your browsers configured, you can move on to creating Bubbles. But you might be asking how
Browser Bubble actually works.
First, when it detects one of the configured and enabled browsers is started, it will intercept the execution to begin the Bubble process.
If a browser is not configured or not enabled, then the browser will not be 'Bubble-ized' and continue to run normally.
Browser Bubble will then inject code into the new browser instance in order to modify certain browser behaviors. It's important to
note that none of the changes weaken or reduce any browser security. Additionally,
Browser Bubble uses kernel-level drivers
to monitor and, if necessary, change file, network and registry operations. The end result is that the browser process is fully isolated
from other instances with unique characteristics.
Browser Bubble spoofing is not like extension based spoofing. While
Anti-Fp is powerful and provides a lot of features,
all extension based spoofing has shortcomings. Even the most advanced spoofing is still detectable due to the ways that the extensions
to detect the presence of extension based spoofing. While it may not be enough to detect un-spoofed values, just the presence of spoofing
may be enough to deny service or report activity.
Browser Bubble exposes 16 setting categories that change the browser's fingerprint at a much lower lever than what can be achieved
through an extension. Because the deceptions do work at such a low level, the browser itself believes the new information and will adjust
accordingly. For example, setting the Windows version to something other than the actual version may cause the browser interface to display differently.
Also, modifying the screen size settings may change how the browser renders objects. Therefore, proper tuning is necessary.
But this is what gives
Browser Bubble its realism. When the browser itself believes the values then anti-anti-fingerprinting
has no chance to detect the spoofing unless totally unusual values are provided. The 16 categories of spoof settings includes:
Spoof the system power status. Set if the device is plugged-in or on battery power along with battery levels. This setting only applies to Chromium browsers.
Spoof the system CPU thread count. Typical values are 2, 4, 8 but you can pick any value greater than 0.
Set the browser font profile based on a specific Windows version or define a custom profile.
Set one or more language values that applies to both 'Accept' header and locale. Note that your browser text and the pages being served will become localized in the selected language.
Modify certain math calculations to add a slight jitter.
Change how media devices are identified. Device enumeration can be blocked or the devices can be renamed and parameters spoofed.
Modify the type of network connection to be either Ethernet or Wifi.
Modify certain performance related timers to add a slight jitter.
Modify the reported screen size that the browser thinks it is running on.
Create custom speech voice profiles.
Set the browser time zone.
Set the number of touch points.
Modify WebGL images to add a slight randomness. Additionally, different WebGL feature levels can be set.
Block WebRTC requests at the network level.
Choose between Windows 7, 8, 8.1 and 10.
With this list of options, completely unique browser fingerprints can be generated with 100% realism. However, you might be asking why
some types of spoof settings are not available, such as canvas or user-agent.
First, it's important to understand what
Browser Bubble is designed for. It is designed to protect your privacy and security.
It is not designed to make you anonymous and it is not designed for automation purposes. Consequently, not all spoof settings are necessary or
Browser Bubble makes no attempt to radically change your OS or browser type. If you are using Firefox on Windows, then
your Bubble will continue to show Firefox on Windows. While you can change the specific Windows version, you cannot make it appear as Linux
for example. And because
Browser Bubble is a desktop application, no Bubble will project as a mobile based system.
In the specific case of user-agent, modification of the Windows version will change your user-agent string because part of the string contains the version of Windows the browser is running on. But the browser version remains unchanged. Again, this is by design and we have no plans to change it.
Canvas is very similar. There are a lot of misperceptions about canvas tracking and canvas uniqueness. In reality, canvas is not unique nor a very good tracking signal. Canvas output is determined by the browser's drawing library and is not system unique. You can run an experiment to see for yourself. On two different systems, install the same version of a browser and test your canvas fingerprint. They will be the same. So, in fact, canvas is only really useful to identify the browser type but because
does not change your browser type, there is no need or actual good reason to change a value that can give away the fact that deception
is being used.
There are other tracking methods, such as HSTS, ETag and favicon, that are defeated by the isolation and ephemeral nature of the Bubbles so
Browser Bubble does not need to expose any options to be set.
Browser Bubble is designed for privacy and security with the goal of making the deceptions as realistic as possible.
Modifying some settings are a dead giveaway that protection is being used and that in itself is problematic.
If you have questions about other settings, please send us an email.
Browser Bubble separates Bubbles on the file system through the use of virtual disks. When a new bubble is started,
a new virtual disk is created so that all browser file activity can be re-directed. There is an option to encrypt these virtual disks
by using BitLocker so that all data will be protected when not in use. If your system does not support BitLocker encryption then
this will not work.
BitLocker encryption requires Windows Pro, Enterprise or Education editions. Home edition does not support encryption. Additionally, a Trusted Platform Module (TPM) 2.0 is also necessary. UEFI settings may also need to be configured. If encryption does not work, please do your own research to ensure your system supports BitLocker encryption in the first place before contacting us for support.
Browser Bubble supports actions that allow you to automatically run additional programs at certain points in time so that
you can integrate additional capabilities with
Browser Bubble. A common use case for these actions would be to setup and
then tear down a VPN connection.
There are three points of a Bubble's lifecycle that an action can be configured and executed.
- Pre-Launch: The action will execute after
Browser Bubblewas notified that a browser was loading but before the browser is executing.
- Post-Launch: The action will execute after
Browser Bubblehas successfully configured the Bubble and released the browser application. If Bubble setup fails for any reason, this action will not execute.
- Shutdown: The action will execute when the browser is closing.
During the pre-launch action,
Browser Bubble provides a number of settings to control the action in order to influence
the Bubble creation. When configuring an action, you can set it to not wait in which case the action will be executed asynchronously
with the Bubble creation. You can set it to wait in which case, the Bubble creation will pause until the action program has completed.
And finally, you can have it wait and evaluate which like the wait option makes the Bubble creation pause but then the action out,
both the exit code and any captured standard output, can be tested to provide a simple evaluation if the Bubble should continue.
There is also a timeout option that can be set for the two wait options so that the Bubble isn't waiting indefinitely. It's important
to ensure that if you set the wait option that whatever program is used for the action will complete in a reasonable amount of time
and produces an evaluate-able output. The action configuration form, as seen below, provides a testing mechanism so you can configure
the action and ensure that it works as intended.
Browser Bubble implements additional checks on browser activity to ensure that nothing potentially malicious is executed.
Generally when a browser exploit runs, the exploit code will attempt to either move to another process's address space or simply
launch of new program to carry out additional functionality.
Browser Bubble monitors browser behavior to look for signs
of possible infection and if detected, blocks the activity. Anti-exploit protection can be applied to specific Bubbles or not at all.
And while there are some smart heuristics in use, there is always the possibility of false positive so anti-exploit protection can be toggled
on or off globally as needed.
Browser Bubble Anti-Exploit is designed for very specific exploit use cases. It should not be considered a substitute
for other security tools so please protect yourself as needed.
Browser Bubble provides two modes for enhanced DNS protection. The first mode is to simply configure the browser, at runtime,
with a secure DNS provider. The second mode is to use
Browser Bubble's own DNS resovler. There are pros and cons to each
method so it's important to understand the differences.
The first method allows you to easily change the DNS provider while the browser is running by simply updating the browser settings. This method is also more efficient than
Browser Bubble's resolver because of the extra steps involved with capturing and re-routing
requests. The downside to the native browser method is that network filtering is not possible because the DNS request will already be
encrypted by the time
Browser Bubble is able to see it. So, if you want enhanced network filtering using the native browser
DNS settings, you will need to have a third-party firewall to block the actual network connections.
Browser Bubble's provides a logging mechanism so that you can see all the DNS requests being made from a Bubble.
For the network filtering list, you can provide your own list of IP addresses and domains to block or you can let
sync with a public list of known bad values.
Browser Bubble can be configured with a list of proxies that can be used on a per-Bubble basis. Simply assign one or more
proxies to a Bubble and
Browser Bubble will force the browser to use said proxies by updating the browser's preferences.
Because the proxy setting is applied at the browser level, you can use the browser's setting to modify the settings if necessary without
having to relaunch the Bubble.
In addition to proxies,
Browser Bubble can also route network traffic through specific VPN connections on your system. If you
run multiple VPNs at the same time, this is useful to ensure that a specific Bubble is using a specific connection.
Whatever VPN provider you use, as long as it creates a network adapter that
Browser Bubble can identify, then the Bubble traffic can
be routed through it.
Browser Bubble does not provide VPN services at this time.
Creating a Bubble
Now that we have described the available settings for a Bubble, we can now discuss how to create one.
To start, click the plus (+) icon in the 'Saved Bubbles' box on the left hand side of the main window.
When clicked, a new Bubble profile window will open.
Here is where you fill in Bubble details such as the name and the browser it should target. Each Bubble must be associated with a specific browser. You can also configure BitLocker protection, spoofing, DNS, proxy and VPN settings. While it's best to configure everything initially, most of these values can be overridden at the point of Bubble launch if you choose to do so.
You have the option of having
Browser Bubble generate a spoofing profile for you however, you can also manually set spoof values.
Once you are happy with your Bubble, click the 'Ok' button to save it. It will then appear in the 'Saved Bubbles' list on the main form.
Run a Bubble
One thing that makes
Browser Bubble so useful is that it does not require you to do anything different when you want to launch a
Bubble. You can simply run your regular browser however you normally do it. When the browser is loaded,
Browser Bubble will
intercept the execution and then present a window asking which Bubble should be applied.
If you don't want to deal with the Bubble picker then you can create Bubble shortcuts.
These shortcuts can be used just like any other shortcut but when run will automatically run the browser inside the specified Bubble. This makes it incredibly easy to create and launch numerous Bubbles without any behavior change.
Once a Bubble is running, it may not be evident. Additionally, with multiple Bubbles running at the same time, it can be hard to keep track which Bubble is which. To help alleviate those issues, you can set a color to a profile which will cause that browser instance to be drawn with a colored border when it is the active window.
Browser Bubble does provide a listing of all running Bubbles on the main window with a counter that will update as new Bubbles are
launched and closed.
Browser Bubble exposes a number of options to make management of your Bubbles easier.
Automatically bubble-ize enabled browsers.
When any enabled browser is executed,
Browser Bubblewill automatically 'Bubble-ize' the new instance with the default Bubble. If no default Bubble is set, then you will be notified to pick a Bubble. If this option is disabled then only browsers executed through this application or available shortcuts will be run in a Bubble.
Block network access on browser load.
To prevent data leakage,
Browser Bubblecan block browser network connectivity until you decide it should connect.
Confirm when closing
Browser Bubblecloses. If enabled, you'll be prompted when you click the X button. If disabled,
Browser Bubblewill close without notice.
Delete browser sandbox data.
The browser sandbox will be deleted when the browser instance closes. If disabled, then the sandbox data will persist in the temporary directory until it is manually deleted.
Lock settings on minimize.
Protect your settings with a password. If enabled, the password must be entered when
Browser Bubblestarts and after it has been minimized.
Manually install font files.
Due to licensing issues,
Browser Bubblecannot come pre-installed with fonts from different Windows versions. While
Browser Bubblecan still spoof fonts without the underlying font files, it is more realistic if they are available. You can manually install these files if you have them available.
Terminate browsers on
Browser Bubbleenabled browsers will be automatically closed when
Browser Bubblecloses. If enabled, any browser monitored by Browser Bubble will be terminated on close.
Due to licensing issues,
Browser Bubble cannot come pre-installed with fonts from different Windows versions. While
can still spoof fonts without the underlying font files, it is more realistic if they are available. However, you can manually install these
files if you have them available.
Browser Bubble has a list of all installed fonts for Windows 7, 8, 8.1 and 10. In order to "install" the the fonts, simply place
the font files all in a single directory.
Browser Bubble will then compare what is expected for that Windows version against the
files found in the selected directory. If the font file can be found, then
Browser Bubble will move the file to its own font
If you want to create a font profile that does not mirror a valid Windows profile, you can do that as well. But it's important to understand how powerful font tracking can be. A few unique, non-standard fonts can be enough of a signal to make you highly trackable so you really need to consider the reasons why you want to create a custom font profile.
A valid license will be required to use
Browser Bubble. More licensing details will be available once
is ready for release.
However, a free 7-day trial will be available once ready.
No public release yet.