>Web browsers are the culprit behind 70% of endpoint compromises<p>This seemed like a pretty remarkable statistic to open with (where are the Office macros? If I download a shady exe or vbs with the browser and then run it, is the browser the "culprit"?), so I googled it and found that a previous Cloudflare post [1] cites this Gartner report [2] for that statistic. Unfortunately, there is no methodology to arrive at that number: it's merely listed as an assumption.<p>[1] <a href="https://blog.cloudflare.com/cloudflare-and-remote-browser-isolation/" rel="nofollow">https://blog.cloudflare.com/cloudflare-and-remote-browser-is...</a><p>[2] <a href="https://airlock.cdn.prismic.io/airlock/e0eca969-989e-44ad-b3ae-55100a05ec7e_innovation_insight_for_remot_350577.pdf" rel="nofollow">https://airlock.cdn.prismic.io/airlock/e0eca969-989e-44ad-b3...</a>
This is how the web's re-incarnation could begin. Imagine:<p>• <i>2020:</i> Websites are too complex. The security implications are too high. Let's run all of that code remotely, and send only draw commands to the user.<p>• <i>2025:</i> Hey, developers, want your website to be faster and more efficient? Here's an API for performing certain operations directly on the user's machine. Don't worry, we've implemented everything in a limited and security-conscious way. Pinky promise the standard won't grow out of control over time.<p>• <i>2040:</i> Neo-websites are too complex. Let's run all of that code remotely...<p>I'm not sure if I actually believe this will happen. But, consider how we got here: websites originally relied on server-side rendering, and gradually shifted to client-side rendering over time. Now, Cloudflare is offering a way to force all of that code back on to a server...
Looks a lot like Mighty! <a href="https://mightyapp.com/" rel="nofollow">https://mightyapp.com/</a><p>I've been working on a productivity oriented browser (early alpha here: <a href="https://cloudsynth.com" rel="nofollow">https://cloudsynth.com</a> -- sorry landing isn't complete yet). It's very obvious that those inner rendering frames can be handled by remote servers. We've managed to reduce a lot of chromes memory usage by sleeping/unmounting unused tabs transparently (where we can) and have seen a ton of performance improvement. Looking forward to swapping out the chromium rendering layer to a cloud one down the road!<p>The security implications are interesting too. Moving the 'sandbox' to the cloud for security purposes seems like the browsers definitely missed some of their goals.
So the company that makes browsing the web with a VPN a constant annoyance wants me to use a web browser that's completely on their server because it's "more secure"?<p>No thanks.
So now that all* Websites are "behind Cloudflare", the browser can also move into Cloudflare controlled networks.<p>I'm sure that there is some snarky comment about giving up freedom in exchange for security somewhere in there....<p>*many enough for it to be annoying
> Zero Trust week<p>Hm, they'll be able to see every password, every url, every video frame... That's a lot of trust required to me. Cool tech though
> It’s an open door to nearly every connected system on the planet, which is powerful and terrifying.<p>I guess fearmongering is one way to try and convince people to use your product.
> [...] the only thing ever sent to the device is a package of draw commands to render the webpage<p>That sounds like a great solution to this problem, though I’m very curious about the details as to how that works, does anyone have resources to share?
The slogan "the network is the computer", prominently marked as (R), struck me, because that was Sun Microsystem's slogan. So I checked the TESS database, and things got weird. Nobody bothered to record it until Oracle did, in 2009:<p><a href="http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4802:6jrw1o.2.2" rel="nofollow">http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4802:6jr...</a><p>but it's also marked DEAD as of 2011, without any indicator as to why. There is a live trademark, created 2018, and it does indeed belong to Cloudflare:<p><a href="http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4802:6jrw1o.2.1" rel="nofollow">http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4802:6jr...</a><p>I suppose Oracle doesn't really see itself as taking on the Sun mantle there, but I'm surprised they'd abandon a catchy slogan. Surely they'd find some reason to use it? How long would they have to ignore it before it got marked dead; is it really just two years? Why bother to file for it in the first place?
What would it take to get a self-hosted version of this, preferably using FireFox on the server? How hard would it be to get plugins working as well? Would this be essentially a way of using Blink/Servo based engine on i(Pad)OS?
Interesting! Are there any details on what engine the backend is using (Chromium?) How does the “send render commands” thing work? Does it continuously stream page updates as JavaScript updates the page? How’s overhead, or how much data does it save? Can I run extensions (such as a content blocker)?<p>From a security perspective, I’m curious as to whether the attack model includes someone who exploits the browser and does not look to escape into the host OS, instead choosing to create UXSS and the like. Is there any work being done there as well?
All a browser is, is a tabbed UI that renders HTML. That's all the internet will ever be. Rendered HTML. Until someone creates a new engine, protocol and something other then HTTP without Webkit/Gecko/V8 there will be no "re-imagining the browser".<p>PR from Cloudflare wanting you to use their network instead of others, I don't buy it. Respect them a little trying to knock google down a peg but still a power-hungry company.
> It’s an open door to nearly every connected system on the planet, which is powerful and terrifying.<p>That is it's purpose. It's not 'terrifying'.
This can also protect the server from attacks if it runs all sessions in isolation. All you can is click and type, no more sqli or xss that require messing with params or API. So it could be useful either way.
This is awesome but also means that latency becomes the key metric in internet / service providers.<p>How long until we start seeing the edge become small micro servers that live right beside metro network access points?
This is fascinating. I assume it means Cloudflare would proxy images and other assets?<p>I assume it would have implications for tracking users, which would now impact not just Cloudflare customers but all web entities?
Not directly related to the product, but seeing more detailed, even if approximate, isochrone map of internet connectivity (similar to what that last picture is) would be really cool.
I wonder if anyone is working on an open source version of this? I’ve seen a few Firefox and chrome docker containers, but as far as I can tell they stream through vnc.
It's like fullstory[0] but backwards?<p><a href="https://www.fullstory.com/" rel="nofollow">https://www.fullstory.com/</a>