FixBrowser
FAQ - Frequently Asked Questions
- What language is it written in?
- What license is it released under?
- What is FixProxy?
- What is the plan for handling Google ReCaptcha, CloudFlare and other gatekeepers requiring a full browser?
- Is FixBrowser privacy focused?
- What is the plan for mobile support?
- What the extensions will be like?
- How does FixBrowser differ from other browsers?
- Does FixBrowser contain an AdBlock filtering?
- What are the fix scripts?
- How can I contribute?
- How are the website requests handled?
- What kinds of websites are accepted in requests?
- How automatic updates will be handled?
- What language is it written in?
-
FixBrowser is written in FixScript.
Originally the language was meant to be used for the fix scripts
(hence the name) for various websites. But it quickly became more than that and even the application
itself was written in it.
FixScript is a memory safe, thread safe and integer overflow safe language with minimal native surface area, greatly reducing any security problems. Ideal for processing potentially malicious websites.
It is also very portable (only a C compiler is needed), it even has an ability to emulate threads for environments that lack it (eg. WebAssembly - important for mobile support). - What license is it released under?
-
It is released under ZLIB license
(including all dependencies, except for FFMPEG in the future).
It is a simple license like BSD/MIT with the difference that attribution is not required for binary builds. This makes it possible to also embed the browser into applications in the future without having to do a proper attribution that can be a hindrance to do properly (especially for all transitive dependencies). - What is FixProxy?
-
The project started by creating the "backend" part of the browser first. This means connecting
to the servers using plain HTTP or secured over HTTPS. Parsing of HTML/CSS. Running of the
fix scripts. This is then used from a regular browser.
It can be used as-is to browse the web with privacy as it uses a whitelist approach for loading resources from other domains. You must confirm loading of such resources manually or it can be done automatically by the fix scripts. This makes sure that any 3rd party tracker can't be loaded even if it's not known beforehand.
It is useful for normal usage, I've been using it for multiple years as my primary means of web browsing with good results. Or it can be also used for troubleshooting issues with the "frontend" part of the FixBrowser (the layout & rendering).
After starting openhttp://localhost:8080/
URL in your web browser (you can also choose a different port with the-p
parameter). You can put the URL for new tabs to make it more convenient to use (an extension may be needed for that). This allow you to easily mix the FixProxy usage with normal usage. - What is the plan for handling Google ReCaptcha, CloudFlare and other gatekeepers requiring a full browser?
-
The plan is to provide a service that would use CEF
(Chromium Embedded Framework) to handle the captchas and other gatekeepers. It will work by proxying the requests
through your internet connection while doing the processing on the server. The service will be funded from donations
and available for free (with rate limits).
Using CEF running locally is also an option, however it is a very big dependency that has very limited portability. It supports only the newest operating systems and the most popular CPU architectures. Porting it to other systems is practically not possible for a mere mortal (or even a smaller team). FixBrowser will work across many operating systems and it's lightweight, therefore the service option is the only real solution. - Is FixBrowser privacy focused?
-
Yes, it is actually designed for privacy (not just focused). Every part of the browser
is made from scratch with this goal in mind. For example the HTTP code has no implementation of features
that can be used for tracking (such as ETags). CSS
selectors such as
visited
are intentionally not implemented. And of course no JavaScript execution.
The browser (and the proxy) uses a whitelist approach when loading resources. This prevents any trackers from being loaded even if they're unknown ahead of time. The fix scripts allow to load resources from CDNs for content that is integral to the website (such as images).
In the future it will also warn you before opening a website that is known for massive privacy violations (tracking you across many websites) to prevent misclicks and non-careful opening of URLs from delivering your data to these platforms. - What is the plan for mobile support?
-
The plan is to create a PWA version
of the browser to allow it running on any device that supports web applications (iOS/Android). This
is to avoid the rules from Apple that prevent other browsers from being available on iOS. While there
are other browsers they must use Safari engine under the hood along with other restrictions.
Since the browser would be served as a web application it cannot directly connect to other websites itself. This will be provided by a server acting as a proxy for your web requests through a VPN (to minimize the trouble for running the service). Otherwise all the processing will be done on the device (including TLS encryption).
It is expected that all features will be available in the mobile version including extensions and offline usage. Due to the costs it will be available only to those who donated to the project.
It is likely that a native Android app will be available as well at some point in the future. - What the extensions will be like?
-
Extensions will be written in FixScript.
They will have a simple and stable APIs that will stay supported in all versions. There will be
support for both backward and forward compatibility. The extensions will be able to do powerful
things including having a native access to provide extra functionality (such as embedding of CEF
or to even enable such things as Java/Flash/WASM applets or whatever will community see as fit).
This will be gated by a permission system that will focus on minimizing the required confirmations by the user. For example there would be generally two categories of extensions:- browser focused (with no ability to do network requests to exfiltrate data but allowing to see and process the private data of the user)
- network focused (with ability to do arbitrary network requests but not being able to access any private data)
For native access it would require approval of specific versions of the extensions. There would be also ability to test such extensions so they can be developed and tested by other users. - How does FixBrowser differ from other browsers?
-
It follows a strict one-way processing of web pages instead of being able to arbitrarily modify
the pages dynamically through scripting which requires much more complex processing. The page
is obtained, parsed, processed through the fix scripts to fix problems
or even improve it for the users (eg. to load and autoexpand all threads in forums, etc.). Once it
is loaded it is shown. There is no "rug pull" that would suddenly load advertisements or otherwise
disrupt the usage of the web page.
This is achieved by intentionally not supporting JavaScript, instead the web pages are processed by the fix scripts that are centrally updated. It also means the difficulty of developing FixBrowser is at least order of magnitude easier than trying to implement a full browser. For the user it means the pages load quickly and are unobtrusive. The CPU and memory requirements are also much lower. - Does FixBrowser contain an AdBlock filtering?
-
FixBrowser has similar effect to advertisements as an AdBlock extensions due to how it works.
However this is because most ads are privacy invading. It is just a side-effect that these get
filtered, FixBrowser is orthogonal to ads and will show ads that are privacy conforming.
It is expected that once extensions will be implemented that such AdBlock functionality will be available for those who don't want to see any kinds of ads at all. But it wouldn't be needed for most users.
If you have a website and have ads that are privacy conforming but not showing in FixBrowser because it requires scripting, feel free to provide an official way how to implement them. As long as the request is sincere, it is aligned with the spirit of the project and the method is not too complicated the support will be added.
The default is to not implement ads (unless they work already with no JS) because most ads are privacy invading, any unofficial way to show them would most likely trip some fraud detection hurting the website and it's often complicated to implement. - What are the fix scripts?
-
It is a self-contained pack of scripts that are developed and updated to fix various websites
as well as groups of websites (eg. all sites using certain technology such as WordPress,
Disqus forums etc.). Many websites don't need any special treatment or a very little one.
In addition these scripts improve the websites to be more usable, for example by loading all the comments at once instead of having to manually click on multiple topics.
Since creating and maintaining such scripts is a huge task it depends on the support from the community by donating. In exchange anyone who donated can request which websites they would like to be supported. - How can I contribute?
-
As an user the best way to contribute is to donate to the project. It will allow you to
specify which websites or features should be focused on. You will also be able to send bug
reports, due to the size of the project bug reports from others will not be accepted.
As a developer you can contribute by sending patches (or modified files) on the forum, by e-mail or by submitting pull requests on GitHub.
It is assumed that any contribution is under the same license as the part that is being contributed to (ZLIB license for the main program, CC0 for the fix scripts in "scripts"). - How are the website requests handled?
-
Anyone who donated to the project can request which websites they would like to be supported.
This doesn't mean that they will definitelly get supported. There are more factors to it:
- the more users request a particular website the more it will be prioritized
- the priority is affected by the effort needed (easier will be prioritized)
- the requested scope, websites can be supported at a basic level (for reading) or they can also support more interaction like posting on forums etc. (basic scope is prioritized over more functionality at first)
- for more involved websites that need partial or full reimplementation of functionality it is assumed that a basic level will be provided and optional or fancy features won't be supported unless there is a good reason (for example sites like YouTube would allow to browse and watch the videos, but posting comments or videos would require a full browser)
- applications not resembling classic web pages at all are unlikely to be supported (such as interactive maps, 3D viewers, instant message or video conference platforms, etc.) - basically anything that can't be converted to a classic web site format and requires interactive elements beyond simple forms
- the cummulative amount of donated money by the requester has some effect on the priority but it's not a major factor
- some requests may require a missing feature, the work on it will have to wait until the feature is implemented (for example if posting to a forum requires passing Google ReCaptcha then that feature will have to wait until the service for it is implemented)
- What kinds of websites are accepted in requests?
- Any website is accepted, it doesn't matter what kind is it. The project is strictly neutral to the content of the websites and will be treated the same. Websites prone to blocking by the authorities will be allowed to work with the official domains only, there will be no support for evading of the block.
- How automatic updates will be handled?
-
The browser will not auto update by itself (unless requested). You'll be able to install
multiple versions at once. A reasonable effort will be made to support older versions using
the latest fix scripts.
There will be a question dialog where you will be able to opt-in into automatic updates of the fix scripts (and possibly checking of new versions of FixBrowser as well), this dialog will open after some time since the first run. If you decline no contact will be made with the server.
Similarly any usage of services, such as handling of ReCaptcha and other gatekeepers will ask first before first use. Any such service will have minimal logs in order to battle any abuse, with only a short retention of the data.
In other words, there will be no automatic "phoning home" functionality of any form. There will be no telemetry either. No form of spying on the users.
The website was designed for modern browsers and IE4+.