> sacrifice the ability to interact with text, resolution, color accuracy, frame rate, etc.
it’s very much an understatement... Pretty sure your devs/testers won’t appreciate the experience. Frontend devs in particular can’t possibly work with this.
I fail to see why it’s hard for you to spin up (possibly gated) dev/staging instances; certainly much easier and much less resource intensive than something like this.
Anyway, your use case only makes sense when the code can be self-hosted, but apparently this product / product category has customers before the source is opened up, and that’s what I’m curious about.
Customer base is people and organizations who are having problems with malware and cyber attacks.
> Have you tried using this? When I said
> sacrifice the ability to interact with text, resolution, color accuracy, frame rate, etc.
> it’s very much an understatement... Pretty sure your devs/testers won’t appreciate the experience. Frontend devs in particular can’t possibly work with this.
I totally agree the image quality can be much improved. So I'm really sorry you had this experience today trying it out!
Would you be unwilling to mail me cris@dosycorp.com and I can contact you if and when I have image improvements to share?
Initially, I used JPEG for all clients, then for clients with browsers that support WebP (chrome) I switch on WebP since the quality increase is a LOT (but WebP in FF looks pixelated, so I hope I can find a way around that), even tho the bandwidth is the same.
For Safari and iOS the quality is on JPEG. It sounds like it has sacrificed the ability ot interact with text, resolution, color accuracy and frame rate, etc. I'm really sorry about this.
Some people seem okay to roll RBI out in a test deployment, without the code being open-sourced. I can't speak directly for them, but I assume that Symantec (who bought FireGlass Browser), Menlo, WEBGAP, Light Point, Ericom, Authentic8, Citrix all have some customers even tho they are not OSS. I think that, often, as long as the contract provides the ability to examine the code if required (due diligence) even without publishing it openly, sales happen.
It sounds like you're unfamiliar with RBI, is that right? This is still an emerging industry so it makes sense to me that even if you are in security you are unfamiliar with RBI.
Appreciate the detailed response. Over the past few years I've seen a couple of similar remote browser services and was curious who actually need it, glad you shared firsthand knowledge.
Now I can see that while this would probably be an overkill security-conscious individuals, it might make sense for organizations because there are always employees who can be easily tricked into clicking anything. I do wonder whether it's more effective and productive to instead enforce host-based blocking + browser-level content blocking + lightweight virtualization (like Windows Sandbox? Not sure how well it works since I'm a Mac user for the most part), but I'm in no position to evaluate for organizations.
Having checked Symantec's website, they seem to advocate falling back to a remote browser when the site is potentially risky, which sounds reasonable.
> then for clients with browsers that support WebP (chrome) I switch on WebP since the quality increase is a LOT
Yeah, I first tried the service on my iPad Pro, image quality was terrible. I have since tried it again in desktop Chrome and it's definitely passable. That's unfortunate.
Anyway, I'm probably not in the target market, but best of luck to your business.
Interesting hearing you know about RBI. Did you evaluate any of the other services? What did you feel about them?
I definitely think the approach you say (host level blocking, content blocking and some lightweight virtualization, like Edge/Windows Sandbox, or a local VM) is a valid one that reduces risks.
I think it comes down to considering, when attacks inevitably occur, where do you want to be doing the cleanup? Zapping a few containers, or instances in the cloud and starting them frehh, or decontaminating the local machines and network?
Sorry about the typo (in my comment below)! I couldn't edit it past the edit horizon. I meant,
> Genuinely curious: who's your customer base?
Anyway, thank you so much for being interested in this product, especially for helping make the space for me to speak about the type of customer, the risks they face, and their reasons for adopting BrowserGap. I really appreciate your time on this!
At my 30 second glance I saw both problems and solutions with using it. But if didn’t use software based on problems, we wouldn’t get anywhere :) It’s open source so my mind is leaning toward crack it open and fix the shortcomings for the use case
> sacrifice the ability to interact with text, resolution, color accuracy, frame rate, etc.
it’s very much an understatement... Pretty sure your devs/testers won’t appreciate the experience. Frontend devs in particular can’t possibly work with this.
I fail to see why it’s hard for you to spin up (possibly gated) dev/staging instances; certainly much easier and much less resource intensive than something like this.
Anyway, your use case only makes sense when the code can be self-hosted, but apparently this product / product category has customers before the source is opened up, and that’s what I’m curious about.