193 comments

[ 2.1 ms ] story [ 241 ms ] thread
Why not a web extension?

Why use a ENS/Namecoin versus a petname solution like GNS?

I like the idea of such a browser integration, but I don't see this actually being used. Perhaps you could have upstreamed those as experimental features in firefox/Torbrowser.

Edit: I suppose you could upstream it to brave, they are very crypto-friendly. Also, no Linux support?

Edit 2: Most of my points have been made moot by this: https://impervious.com/fingertip

(comment deleted)
Is this just technically interesting? If it's more than that, what are the benefits for me?
built on Chromium

If only Firefox(Gecko) would get some more attention...

Why exactly? I honestly do not understand HN fascination with Firefox. Firefox isn't even in the top 3 browsers anymore and has about the same Marketshare as Samsung internet. It is irrelevant at this point. Blink is the standard for rendering now just as Linux is the standard for web servers.
> Firefox isn't even in the top 3 browsers anymore and has about the same Marketshare as Samsung internet

This is precisely the issue. The fact that Google has such a mass control over Internet rendering means that they are free to write their own standards with absolutely no pushback. It is essentially an Internet explorer situation, whereas if Google wants something to work a certain way, you have no choice but to adapt it least certain websites won’t work.

I don’t think a single commercial entity — let alone one with such a disastrous privacy record whose primary source of income is advertising — should be able to strongarm the Internet like it currently can.

If Firefox wasn't so sluggish maybe more people would use it.
That’s a big if, Mozilla has been declining for a long time. They don’t have the funding to progress their aging codebase. Firing everyone in the name of Wokeness hasn’t helped.
Globally, Safari is #2 on mobile, and in the US specifically, #1. Even on desktop, Safari has a fairly strong showing.

Apple and Mozilla have basically just swapped places when it comes to keeping developers in check wrt adopting chrome-only features.

I don't know that more people using FF would change much at this point, to be honest.

> This is precisely the issue. The fact that Google has such a mass control over Internet rendering means that they are free to write their own standards with absolutely no pushback.

It is an open source community driven project with contributions from, "Google, Facebook, Microsoft, Opera Software, Adobe, Intel, IBM, Samsung, and others"

There are so many stakeholders, it isn't just google dictating what occurs in blink

> Why exactly? I honestly do not understand HN fascination with Firefox.

Well, for starters, uBlock Origin works as intended on Firefox as opposed to Chromium and this will become more apparent with manifest v3.

I don't know about others but I also like how Firefox lets me choose the fonts that I want to see on the web while Chromium browsers don't.

> Blink is the standard for rendering now just as Linux is the standard for web servers.

It is THE problem. Software should not be "standard".

Without community supported and adopted standards software wouldn't have progressed all that much in the past 20 years
Standards must be standards. Software must implements standards.
They’ve gotten plenty of attention. No one wants to build off a sluggish browser.
And that goes double for trying to bootstrap a new protocol; I can only presume the Tor Browser is built on top of Firefox for a reason
(comment deleted)
There's a reason: legitimate performance differences that exist between them.
Maybe it would if it had a more permissive license.
Congrats on the launch.

I think this indirectly slowed down the foreverdomains server with the HN traffic.

Since you advertise "decentralized internet" vs blockchain, I'd love to see this also support some more non-blockchain protocols such as Dat (https://dat.foundation/) and IPFS directly. Maybe even Bittorrent and Tor (Onion router).

It may already do some of that, I just couldn't tell from your wording.

Don't forget the boys at the Oxen network and their Session program. Phenomenal work, better than Tor
This looks really interesting. It looks like their lokinet uses an onion router though or am I misinterpreting the "better than Tor" here?
Isn't Loki the same cryptonote fork that forked signal to remove the phone requirement and then called it better than signal?
> better than Tor

In what ways does it compare?

> the boys

I hope it's a much bigger world than that!

> Phenomenal work, better than Tor

Citation needed

<https://dat.foundation/> is apparently deprecated in favour of <https://dat-ecosystem.org/> which is impressive since it only became the dat foundation in december 2019 ...
dat ecosystem though
Don't tell us, you're here all week... ;)
I just picked the first thing that came up when I google Dat protocol that seemed to match. Thank you for pointing out the mistake.
Why are you swallowing "error" from invoking the "reall" tool? That seems like a great way to make contributors really frustrated: https://github.com/imperviousinc/beacon/blob/main/tools/src/...

and again https://github.com/imperviousinc/beacon/blob/main/tools/src/...

This trend of "I'm going to invent some build tool because there are not enough build tools in the world" is evidently leaking out of the node ecosystem

For clarity, I did see that this was inspired by the brave-browser model, but of the ones to draw inspiration from, that's for sure not it given that their CI is closed source and they're trying to use npm in lieu of a more structured, comprehensible system

I like trying out alternate browsers, so congratulations on the launch, and I'll for sure try to build it, but I wanted to draw these to your attention because my experience with software is that error handling is about 80% of the job

> Why are you swallowing "error" from invoking the "reall" tool? That seems like a great way to make contributors really frustrated

Glad you're looking at the code! There's still some refactoring needed for butil. It will get more polished soon ;)

> This trend of "I'm going to invent some build tool because there are not enough build tools in the world" is evidently leaking out of the node ecosystem

butil applies string replacements, patches and overrides all under one tool using a statically typed language but still usable like a scripting lang since it can rebuild the actual tool as needed. You can technically do something similar with various python scripts I suppose and use chromium's GN build system . GN would just end up calling various scripts so I think i prefer this more unless you have some other ideas.

It may be "statically typed" but from a consumer's PoV, 100% opaque. My first question when trying to build any project is "what is this going to do to my machine" and with some golang based build system, you're asking for a lot of trust on two different levels: 1. go install something (so now I need to read its source) 2. oh, turns out it actually delegates to an entirely separate binary that I now need to separately read

And I hear you about "but scripting!!1", however, using one of the existing tools means there is a non-zero chance of someone having experience with them and maybe even having reasonable editor support for it

It's your project, so I know I'm just some rando on the Internet, but I wanted to make sure you were choosing the contribution path you wanted to build upon, and not just hacking something together for expedience that then has to be unwound later. In this specific case, that goes double because it already has tight coupling to GN due to Chromium

> but I wanted to make sure you were choosing the contribution path you wanted to build upon

> that goes double because it already has tight coupling to GN due to Chromium

Interesting i'll experiment with moving this to GN. I have more high priority things to deal with atm but i'll get to that.

Curious to know your team size and engineering challenges with building this on Chromium. Also, did you consider WebKit or Gecko?
Not to be confused with the other impervious browser:

https://news.ycombinator.com/item?id=30968715

Yikes, what a naming collision given the "blockchain-y" tone underlying both uses of that name
To be fair, this one is called Beacon, Impervious is just the name of the developer. Not that much of a collision imo...
(comment deleted)
DANE is really interesting. Wider adoption would be good for everyone I think.

I’m going to have to give this a try.

The problem with DANE is that it doesn't move us away from CAs, it just conflates the role of running a DNS zone with also being a CA. And even CAs may be problematic, the entities running DNS zones are often more so.
If you own a DNS zone, you should be the only one with the authority to issue certificates for it. That is what Handshake+DANE does.
Fair enough - I missed the part about Handshake. I don't know much about Handshake, but, if it does what I assume it does, I do see how DANE would make sense in that context. Whether or not Handshake is a good idea I guess is the real discussion point - but, maybe one I'm not too interested in debating, especially given my limited knowledge.
(comment deleted)
What problems did you face that made you decide to create a browser fork of Chromium instead of a web browsing extension or a separate application that could utilize any other web browser as a client for using these protocols?
We already built a separate application and wanted to avoid making a browser for a while. The idea for Beacon started when we wanted decent support for iOS and android, which nowadays is like the majority of users.

It's easy to install an app and start browsing. No hacks or workarounds and the UX can be much more tailored (even for desktop).

Neat and some interesting todo/roadmap items too! Will be keeping an eye on this.

Random thought, perhaps for later: some form of keyboard-centric navigation functionality - boosts your UX differentiation and it likely speaks to your target audience. Something along the lines of Nyxt browser[1] or the popular Vimium extension[2].

[1] https://nyxt.atlas.engineer/

[2] https://github.com/philc/vimium

I can already imagine the DNSSEC/DANE naysayers' complaints. I don't care, I love this.
(comment deleted)
(comment deleted)
All the .eth crap makes me gag and recoil, but DANE seems worth investigating.
Why do blockchain-based name systems (or ENS specifically) make you "gag and recoil?"
Proof of stake for one, and the cult it’s built on. Shouldn’t need to be said.
I think it does need to be said.

Nobody can engage with your opinions if you don't express them.

What is your vision of the web and how does the current browsers' default search engine fit into that vision?
> It is also the first browser to support secure web browsing with DANE.

Props for that. I wish we moved away from CAs.

You get CAs with DNSSEC/DANE, just not PKIX CAs (though you can have those too).
Agreed. I don't like the trend of devices, especially IoT devices, that bake in support for CAs without supporting other certificates or allowing you to adjust their trust stores. Real attempts at decentralization away from CAs might force companies to change how their devices deal with certificates and trust, hopefully putting power back in the hands of device owners.
This is the kind of thing Linux users like.
...but cannot use, as of now.
Linux version for Mint? Mail list for updates?

Thanks

i would like an open source browser that shares data collected from all its users. so the public can have access to the types of data google et al have.
> i would like an open source browser that shares data collected from all its users. so the public can have access to the types of data google et al have.

That sounds like a disaster waiting to happen. The public once got a hold of a sample of the anonymized searches of AOL customers and it didn't take long for individuals to get identified. The amount of data google has on people goes far beyond the things they search for or the sites they visit. A web browser that publishes everyone's browsing habits for the public would also get collected by data brokers and 'google et al' to be exploited for their own gain. Who would sign up to use that?

I'm pretty sure that if the data google has were ever made available to the public, as soon as the first congress person reviewed their own dossier we'd see laws passed very quickly banning the use of that data and perhaps even preventing it from being collected in the first place. I imagine any popular browser or project exposing their users similarly would have the same problem.

either the data collection should be banned or everyone should have access. why should monopolies like google and those who can afford access to data brokers get to extend their power indefinitely? why do people support snowden's leaks but no one is leaking similar shit from google? it can be a payment for releasing your data publicly if people don't want to give it up for free.
You're right, it should be banned. It should not be legal to covertly(through trackers running on every website, effectively spyware) catalogue people's browsing habits like that.

Although I'll give you this. A massive leak might stir up the public outrage necessary to convince the US Congress to actually do something about it.

> why do people support snowden's leaks but no one is leaking similar shit from google?

Whistleblowers are very rare creatures to begin with. Not too many people are willing to risk the legal, financial and career ending repercussions assuming that they even have both access to the data and a means to copy it in bulk to back up their revelations. Even now, a large number of people would sadly still consider Snowden to be a traitor.

I imagine Google keeps the data they collect (and more importantly what they've inferred about us using the data they collect) under tight controls to avoid that problem. With only a limited number of people able to access the trove of data at all, and those people being kept happy (or perhaps more pessimistically, kept in line by fear. I mean let's face it, Google likely has enough dirt to bury any one of us alive) it's not hard to imagine that no one has been willing or able to come forward.

> either the data collection should be banned

GDPR

Real whistleblowers acting against the interests of the powerful within a society need to be willing to sacrifice their own lives (and even possibly putting their family and loved ones at risk as well) for ideology. And by definition of being at a point to have access to such information, they also are probably at a position in life where not doing so would allow them to continue to lead an extremely comfortable life.

And ultimately, it may not even matter. Snowden's leaks revealed that basically every single privacy related conspiracy theory of times past was true. They showed that the NSA had are not only trading your nudes [1], but even have spies all the way down into things like World of Warcraft and XBox Live [2]. They also demonstrated countless illegal acts that violated every single possible interpretation of the 4th amendment.

And now? Snowden is holed up in some place in Russia knowing full well he'll likely getting Assanged, or worse, if he ever steps foot in a place friendly to the US. And the powers that be? They've only become more flagrant in all of their violations, endlessly protected from the law by a mixture of national security and lack of standing legal claims.

Don't underestimate what genuinely leaking against the interests of the powerful entails. People like Snowden are truly unique and selfless individuals.

[1] - https://time.com/3010649/nsa-sexually-explicit-photographs-s...

[2] - https://www.smithsonianmag.com/smart-news/the-nsa-was-spying...

> "I'm pretty sure that if the data google has were ever made available to the public, as soon as the first congress person reviewed their own dossier we'd see laws passed very quickly banning the use of that data and perhaps even preventing it from being collected in the first place."

And now consider the alternative world, the one we happen to live in, where it's all private unless it somehow ends up getting "hacked" or "leaked" to the public, indirectly of course. And it'd be a shame if that happened wouldn't it Mr. Senator.

You aren't wrong. The amount of power Google has is outright dangerous. Amazon and Microsoft aren't far behind. To make matters worse, we should assume the state has every scrap of data these companies have collected as well. It's a lot of power to have and I imagine it could be used to quickly identify upcoming threats to those in power while also providing a lot of ammo to use against them.
I have a question about blockchain DNS's. This might be the time to ask!

There is a centralization aspect in any DNS, blockchain or otherwise in that, literally to be useful, there needs to be consensus about which chain operators own which .{name} extensions for a given name. Which makes financial incentive for say an investor to 'bribe' browsers into using their DNS, which then charges money to end users, which er... feels a lot like the DNS we have.

I think that "true" decentralization might come from nameless "domain". If a domain is a SHA256 hash with no name, then with QR Codes and search engines and hyperlinks it doesn't matter as much that they are not memorable (we managed with nameless phone numbers, right!). Hash providers can be any chain, and then your job as a browser is to add as many mainstream chains as possible (there is no need to decide who is the 'official' one, or rank them, so Ethereum is no better than Dogecoin) as hash collisions are practically impossible.

we already have "nameless" IP addresses, in which DNS is built on top of it as abstraction. using SHA256 is no better that using IPv6 IMO
There is probably a decent case to be made for having an indirection layer above IP addresses, even if they are as meaningless and unmemorizable as a hash: for portability (IP addresses are tied to the host infra provider), load balancing, etc.
We already have that.
Do we? Where can I buy an IP address? Do all hosting providers support assigning an arbitrary IP address to a website?

Let's say I have a hosted wordpress blog with a custom domain. How do I get a static IP for it?

Except you have your ownership in the blockchain allowing you to mutate the IP address. I don’t know if you can get a guaranteed for life IPv6. And who dishes them out. It is centralised.
A nameless phone number can be relayed verbally, and is easily memorized. Neither of those things is really true for a SHA256 hash.
If you are going to use an immemorable hash instead of a memorable name, why not use IP directly?
There could be several immemorable hashes pointed at the same IP, the server needs to know which immemorable hash it should serve.

(don't think this makes much sense, just answering your question...)

IPv6 may work for that. But the idea is to have a decentralised allocation so the hashes from your own generate PKs is better.
Because you don't necessarily own your IP, usually it's owned by your hosting provider.
Let me guess: your company ultimately profits somehow, whether directly or indirectly, from the use ("sale", presumably) of these "decentralized domains" and/or ".eth DNS"?
(comment deleted)
Could you please update your page with more information?
Wow congrats on the launch! This looks really exciting.
I apologize if this a naive question but a lot of this is new to me - are Forever domains and ENS and Handshake all complimentary or are they alternatives to each other?

Might anyone have any good resources for blockchain DNS they could share?

Forever domains are built on Handshake. Handshake is an attempt at a decentralized DNS root zone. ENS is a different, independent project.

I guess the Handshake people will make sure .eth (the ENS suffix) resolves to ENS on Handshake. Handshake would like to eclipse everything :)