Since it wraps existing browsers (chromium/safari/electron/webkit) is it really fair to not say that in the readme? Sure it mentions that you should install them under "quickstart", but all the other parts compare itself directly against other browsers when this really seems to fill more of a "plugin-like" role than a full browser.
Also, when doing readme's for ambitious projects it's probably best to mark what features are complete and which ones are just planned.
Right now it looks like the whole V-lang debacle IMO with lots of features promised and no way to know what is implemented and not, while wrapping other projects without acknowledging it.
> Also, when doing readme's for ambitious projects it's probably best to mark what features are complete and which ones are just planned.
I think that's what issues and milestones are for. I tried to document as much as possible. Currently, a lot of UI features are not ready, and the HTML and CSS parser both need major rework.
> Right now it looks like the whole V-lang debacle IMO with lots of features promised and no way to know what is implemented and not, while wrapping other projects without acknowledging it.
Not a single external library included. Pretty much everything implemented by myself over the last 1 1/2 years.
Please don't confuse a Browser with a Browser Engine. I never claimed to replace WebKit, Blink and neither Gecko.
For now, I, as a single person working on the project, just didn't have the time to fork Servo into a reduced library that can be bundled anyhow - because that's a shitload of work to be done. For now I'm focussing on parsing and filtering, because the underlying network concept was proven to work. I had to build a test runner, too, to be able to even test these behaviours.
Currently the prototype of the UI is implemented in HTML5, reusing as much as possible from the nodejs-side ES2018 modules.
If the network isn’t free and data is centralized, one day you think you have it all and the next you could have nothing. Tor pretends to be secure, but is dark and compromised. This project seems to understand that and wants to try again to fix via P2P in a way that has promise.
The simple implementation of web forms is broken in today’s web. It’s an input field or other element styled as an input field that may or may not be grouped or in a form object, possibly generated dynamically. Websockets, timers, validations, ... it’s a huge PITA.
The DOM is a freaking mess. It’s not there until it’s there, it’s detached, it’s shared. It’s been gangbanged so much, there’s no clear parent anymore.
ECMAScript- which version and which interpretation should Babel translate for you, and would you like obscufation via webpack, and how about some source maps with that, so you can unobscufate to debug it? Yarn, requireJS, npm, and you need an end script tag, should it go in the body or the head? You know the page isn’t full loaded yet, and it won’t ever be. There, it’s done, until that timer goes off. Each element generated was just regenerated and the old ones are hidden, but the new ones have the same script with different references. Sorry, that was the old framework, use this one, it’s newer and this blog or survey says more people use it.
For a P2P open data sharing network over https, the proxy could allow a request to get someone else down the path. Not everything is direct.
> fallsback to http:// only when necessary and only when the website was not MITM-ed
How would you know when an HTTP site is being MITM'd? There are some easy cases, but for everything else, well, ensuring this is half the point and most of the operational complexity of HTTPS!
https is used primarily. If there's only http available, trusted peers are asked for two things: their host caches for that domain and whether or not the data was transferred securely via https (port and protocol).
If either of those isn't statistically confirmed, it is assumed that the targeted website is compromised.
Currently I think this is an as good as possible approach, but otherwise I have no idea on how to verify that the website is legit without introducing too much traffic overhead for the network.
Personally, I wouldn't trust any http or https with tls < 1.2 website anyways. But whether or not that assumption can be extrapolated...dunno.
Do you have another way to verify its authenticity in mind?
I hear this a lot and hence have the same feeling about node/electron but is there actually anything of substance when it comes to the lack security of Node/Electron apps? Honestly curious.
Between this and the Sciter (edit: added missing r, thanks everyone :-) project the other day and a number of other projects I'm starting to get optimistic that the web might soon be ready for a real overhaul.
Looked through a bunch of the authors project, cool/funny stuff, keep it up.
A couple things;
- The project (and others) need more clear calls to action or goals. Reading the different pages made me think a bunch but I had no idea on what to do.
- Maybe, the Stealth browser is not meant for everyone. Maybe just a community of people use the browser and contribute to your goal of decentralized semantic data.
And really, your vision is so big, it might be worth doing a video.
Author of the project here. I didn't expect this to be posted on HN because the project is kind of still in its infancy.
The motivation behind the Browser was that I usually "use the Web" as a knowledge resource and am reading articles online, on blogs, on news websites, on social media and so on. But there are a couple of problems when seeing "what a Browser is" currently. A Browser currently is made for manual human interaction, and not for self-automation of repetitive tasks. These are currently only available at the mercy of programming or extensions, which I do not think is the reasonable way to go.
Why block everything except 2 things on a website when you could just grab the information you expect a website to contain?
I'm calling it a Semantic Web Browser because I want to build a p2p network that understands the knowledge the websites contain with its site adapters (beacons) and workflows (echoes), whereas the underlying concept tries to decentralize as much automation aspects as possible.
In the past a lot of websites were taken down (some for BS reasons, some not), but what's more important to me is the knowledge that is lost forever. Even if the knowledge is web-archived, the discovery (and sharing) aspects are gone, too.
My goal with the project is to be a network that tries to find truth and knowledge in the semantic content of the web, whereas I'm trying to build something that understands bias in articles, the authors of said articles, and history of articles that were (re-)posted on social media with biased perspectives.
I know that NLP currently isn't that far, but I think with swarm intelligence ideas (taken from Honeybee Democracy and similar research on bees) and the compositional game theory, it might be possible to have a self-defending system against financial actors.
Currently the Browser doesn't have a fully functioning UI/UX yet, and the parsers are being refactored. So it's still a prototype.
It is a decentralized Browser in the sense that if you've trusted peers in your local (or global) network, you can reuse their caches and share automation aspects with them (your friend's or your family's browser(s)), which allows fully decentralized (static) ways to archive websites and their links to other websites.
I'm not sure where the journey is heading to be honest, but I think the Tholian race and the naming makes it clear: "Be correct; we do not tolerate deceit." pretty much sums up why I built this thing.
Currently I don't have funding, and I'm trying to build up a startup around the idea of this "Web Intelligence Network" whereas I see a potential business model for large scale actors that want to do web scraping and/or gathering via the "extraction adapters" of websites that are maintained by the network.
I think this project turned out to be very important to me, especially when taking a glimpse at the post-COVID social media that contains so much bullshit that you could easily lose hope for humanity.
This project looks amazingly promising, thank you for creating it and I wish you the best of luck in its success.
One humble suggestion/idea I offer to think about, related to:
> It uses trust-based Peers to share the local cache. Peers can receive, interchange, and synchronize their downloaded media. This is especially helpful in rural areas, where internet bandwidth is sparse; and redundant downloads can be saved. Just bookmark Stealh as a Web App on your Android phone and you have direct access to your downloaded wikis, yay!
Trusted peers with a shared web cache is a good start, but how about _trustless_ peers? Is this possible?
Possibly using something like https://tlsnotary.org - which uses TLS to provide cryptographic proof of the authenticity of saved HTTPS pages (but unfortunately only works with TLS 1.0)
All requests are shareable. Conditions for this are:
1. You have a trusted peer with a local IP configured (peer A knows Peer B and vice versa)
2. Peer A is downloading the url currently (stash) or is done downloading (cache)
3. Peer B can then reuse the same stream or download the file via Peer A
Note that stealth has for this reason also an HTML5 UI. Download a video on desktop, let stealth running and go to your Android or iOS tablet...connect to desktop-ip:65432. Open up the video and get the same stream, too :)
Any proxy could act as a MIM, so someone using a malicious fork of Stealth may cause problems.
But, the net is like this already. One site may send you to another site that tricks you into stealing your data. And, a relatively recent vulnerability subverted any WebKit-based browser from stating whether the site’s URL was using the correct server, so you’d have no visible way of knowing a site using HTTPS was legitimate.
Using a VPN could be better, but it’s sometimes worse, because you change who is trusted more (the VPN provider), as they know one of the addresses you’re coming from and everything you’re doing, and can record and sell that data.
I would highly recommend trying Antidetection Browser GoLogin for Multi-accounting
GoLogin's advantages:
All profiles are separated and protected
Each profile is in a separate container so that their data do not conflict with each other.
Identity protection
Before using the browser, GoLogin will open a page with your connection data, so you can make sure it is safe and anonymous. Antidetect without installing software
You only need to have a regular browser and Internet access, you are not tied to a specific place.
Automation
Automate any emulation process in a real browser. This will make your digital fingerprints look natural and your accounts will definitely not be blocked.
Teamwork
One-click access to any profile for each team member without any risk of blocking or leaking account data.
https://gologin.com/?utm_source=forum&utm_medium=comment&utm...
[+] [-] SahAssar|5 years ago|reply
Also, when doing readme's for ambitious projects it's probably best to mark what features are complete and which ones are just planned.
Right now it looks like the whole V-lang debacle IMO with lots of features promised and no way to know what is implemented and not, while wrapping other projects without acknowledging it.
[+] [-] cookiengineer|5 years ago|reply
I think that's what issues and milestones are for. I tried to document as much as possible. Currently, a lot of UI features are not ready, and the HTML and CSS parser both need major rework.
> Right now it looks like the whole V-lang debacle IMO with lots of features promised and no way to know what is implemented and not, while wrapping other projects without acknowledging it.
Not a single external library included. Pretty much everything implemented by myself over the last 1 1/2 years.
Please don't confuse a Browser with a Browser Engine. I never claimed to replace WebKit, Blink and neither Gecko.
For now, I, as a single person working on the project, just didn't have the time to fork Servo into a reduced library that can be bundled anyhow - because that's a shitload of work to be done. For now I'm focussing on parsing and filtering, because the underlying network concept was proven to work. I had to build a test runner, too, to be able to even test these behaviours.
Currently the prototype of the UI is implemented in HTML5, reusing as much as possible from the nodejs-side ES2018 modules.
[+] [-] mmerlin|5 years ago|reply
I especially like the shared cache with trusted peers idea, and remotely scriptable sounds useful too.
But no web forms?
How do we interact with websites (like me posting this comment now for example?)
And no DOM? What is the DOM translated into?
And no ECMAscript? Won't that break half the web from being usable?
And yet it can also become a web proxy for regular browsers?
Curious to watch this project mature, as it seems there are several excellent lateral ideas all being developed at once!
[+] [-] _where|5 years ago|reply
The simple implementation of web forms is broken in today’s web. It’s an input field or other element styled as an input field that may or may not be grouped or in a form object, possibly generated dynamically. Websockets, timers, validations, ... it’s a huge PITA.
The DOM is a freaking mess. It’s not there until it’s there, it’s detached, it’s shared. It’s been gangbanged so much, there’s no clear parent anymore.
ECMAScript- which version and which interpretation should Babel translate for you, and would you like obscufation via webpack, and how about some source maps with that, so you can unobscufate to debug it? Yarn, requireJS, npm, and you need an end script tag, should it go in the body or the head? You know the page isn’t full loaded yet, and it won’t ever be. There, it’s done, until that timer goes off. Each element generated was just regenerated and the old ones are hidden, but the new ones have the same script with different references. Sorry, that was the old framework, use this one, it’s newer and this blog or survey says more people use it.
For a P2P open data sharing network over https, the proxy could allow a request to get someone else down the path. Not everything is direct.
[+] [-] rictic|5 years ago|reply
How would you know when an HTTP site is being MITM'd? There are some easy cases, but for everything else, well, ensuring this is half the point and most of the operational complexity of HTTPS!
[+] [-] cookiengineer|5 years ago|reply
If either of those isn't statistically confirmed, it is assumed that the targeted website is compromised.
Currently I think this is an as good as possible approach, but otherwise I have no idea on how to verify that the website is legit without introducing too much traffic overhead for the network.
Personally, I wouldn't trust any http or https with tls < 1.2 website anyways. But whether or not that assumption can be extrapolated...dunno.
Do you have another way to verify its authenticity in mind?
[+] [-] dogma1138|5 years ago|reply
[+] [-] mimsee|5 years ago|reply
[+] [-] eitland|5 years ago|reply
[+] [-] godelmachine|5 years ago|reply
[+] [-] thomasfromcdnjs|5 years ago|reply
A couple things;
- The project (and others) need more clear calls to action or goals. Reading the different pages made me think a bunch but I had no idea on what to do.
- Maybe, the Stealth browser is not meant for everyone. Maybe just a community of people use the browser and contribute to your goal of decentralized semantic data.
And really, your vision is so big, it might be worth doing a video.
[+] [-] cookiengineer|5 years ago|reply
The motivation behind the Browser was that I usually "use the Web" as a knowledge resource and am reading articles online, on blogs, on news websites, on social media and so on. But there are a couple of problems when seeing "what a Browser is" currently. A Browser currently is made for manual human interaction, and not for self-automation of repetitive tasks. These are currently only available at the mercy of programming or extensions, which I do not think is the reasonable way to go.
Why block everything except 2 things on a website when you could just grab the information you expect a website to contain?
I'm calling it a Semantic Web Browser because I want to build a p2p network that understands the knowledge the websites contain with its site adapters (beacons) and workflows (echoes), whereas the underlying concept tries to decentralize as much automation aspects as possible.
In the past a lot of websites were taken down (some for BS reasons, some not), but what's more important to me is the knowledge that is lost forever. Even if the knowledge is web-archived, the discovery (and sharing) aspects are gone, too.
My goal with the project is to be a network that tries to find truth and knowledge in the semantic content of the web, whereas I'm trying to build something that understands bias in articles, the authors of said articles, and history of articles that were (re-)posted on social media with biased perspectives.
I know that NLP currently isn't that far, but I think with swarm intelligence ideas (taken from Honeybee Democracy and similar research on bees) and the compositional game theory, it might be possible to have a self-defending system against financial actors.
Currently the Browser doesn't have a fully functioning UI/UX yet, and the parsers are being refactored. So it's still a prototype.
It is a decentralized Browser in the sense that if you've trusted peers in your local (or global) network, you can reuse their caches and share automation aspects with them (your friend's or your family's browser(s)), which allows fully decentralized (static) ways to archive websites and their links to other websites.
I'm not sure where the journey is heading to be honest, but I think the Tholian race and the naming makes it clear: "Be correct; we do not tolerate deceit." pretty much sums up why I built this thing.
Currently I don't have funding, and I'm trying to build up a startup around the idea of this "Web Intelligence Network" whereas I see a potential business model for large scale actors that want to do web scraping and/or gathering via the "extraction adapters" of websites that are maintained by the network.
I think this project turned out to be very important to me, especially when taking a glimpse at the post-COVID social media that contains so much bullshit that you could easily lose hope for humanity.
[+] [-] epitactic|5 years ago|reply
One humble suggestion/idea I offer to think about, related to:
> It uses trust-based Peers to share the local cache. Peers can receive, interchange, and synchronize their downloaded media. This is especially helpful in rural areas, where internet bandwidth is sparse; and redundant downloads can be saved. Just bookmark Stealh as a Web App on your Android phone and you have direct access to your downloaded wikis, yay!
Trusted peers with a shared web cache is a good start, but how about _trustless_ peers? Is this possible?
Possibly using something like https://tlsnotary.org - which uses TLS to provide cryptographic proof of the authenticity of saved HTTPS pages (but unfortunately only works with TLS 1.0)
[+] [-] URfejk|5 years ago|reply
Hi, one of my minions found it and I decided to post it here.
Sorry about that.
[+] [-] Sephr|5 years ago|reply
How is trust inferred? I'd rather have a trustless architecture built out of dumb pipes and Signed HTTP Exchanges.
[+] [-] darepublic|5 years ago|reply
[+] [-] cookiengineer|5 years ago|reply
1. You have a trusted peer with a local IP configured (peer A knows Peer B and vice versa)
2. Peer A is downloading the url currently (stash) or is done downloading (cache)
3. Peer B can then reuse the same stream or download the file via Peer A
Note that stealth has for this reason also an HTML5 UI. Download a video on desktop, let stealth running and go to your Android or iOS tablet...connect to desktop-ip:65432. Open up the video and get the same stream, too :)
[+] [-] _where|5 years ago|reply
[+] [-] gunal2|5 years ago|reply
[+] [-] _where|5 years ago|reply
Any proxy could act as a MIM, so someone using a malicious fork of Stealth may cause problems.
But, the net is like this already. One site may send you to another site that tricks you into stealing your data. And, a relatively recent vulnerability subverted any WebKit-based browser from stating whether the site’s URL was using the correct server, so you’d have no visible way of knowing a site using HTTPS was legitimate.
Using a VPN could be better, but it’s sometimes worse, because you change who is trusted more (the VPN provider), as they know one of the addresses you’re coming from and everything you’re doing, and can record and sell that data.
[+] [-] GoLogin|5 years ago|reply