hngopher.com

       [HN Gopher] Show HN: Beacon - a new open-source privacy and secu...
       ___________________________________________________________________
        
       Show HN: Beacon - a new open-source privacy and security-focused
       browser
        
       Author : ca98am79
       Score  : 33 points
       Date   : 2021-12-14 16:51 UTC (6 hours ago)
        
 (HTM) web link (impervious.com)
 (TXT) w3m dump (impervious.com)
        
       | tmikaeld wrote:
       | Hm, how does this work with that iOS always run browsers using
       | Safari webview?
       | 
       | Doesn't this need a native browser implementation for the
       | handshake and p2p to be secure?
        
         | buffrr wrote:
         | It uses WKNavigationDelegate[0] it allows responding to
         | authentication challenges by accepting/rejecting certificates
         | or continuing with default handling. This is used to do
         | certificate pinning. DS records are stored on chain and
         | requested via the P2P client. The DS record is used to verify
         | DNSSEC and to obtain a certificate hash/TLSA record.
         | 
         | [0]
         | https://developer.apple.com/documentation/webkit/wknavigatio...
        
       | DyslexicAtheist wrote:
       | paging @tptacek (really hope there is more on DNSSEC in your
       | upcoming SCW episodes because clearly the world needs it)
       | 
       | I was out the moment I read the project bets on DNSSEC/DANE (a
       | bad idea because why would you put CA logic into DNS) on top of a
       | terrible idea (Ethereum).
        
       | mrtweetyhack wrote:
       | All I need is ad block, dark mode, video download and I am sold.
        
       | neurotrace wrote:
       | Seems like the link ought to point here:
       | https://impervious.com/beacon
        
         | ca98am79 wrote:
         | whoops, you are right - thanks! I will resubmit
        
       | skyfaller wrote:
       | "Handshake leverages a blockchain based on unspent transaction
       | output (UTXO) and proof-of-work (PoW) similar to Bitcoin for
       | naming capabilities." This means it intentionally wastes energy
       | by design, which means its environmental impact is not
       | acceptable, no matter what their FAQ says.
       | 
       | Saying that you can mine proof-of-work tokens with green energy
       | is a red herring, since:
       | 
       | - Some miners are clearly re-establishing previously closed
       | fossil fuel power plants to meet their energy needs:
       | https://www.bostonherald.com/2021/10/17/bitcoin-miners-resur...
       | We can argue about the frequency of this, but it is undeniably
       | happening.
       | 
       | - It will be hard to establish the true amount of fossil fuels
       | used, since miners steal power when they can:
       | https://www.theguardian.com/technology/2021/may/28/police-fi...
       | See also the attacks on CI platforms to steal CPU cycles:
       | https://drewdevault.com/2021/04/26/Cryptocurrency-is-a-disas...
       | 
       | - Installing green energy itself causes emissions:
       | https://solar.lowtechmagazine.com/2015/04/how-sustainable-is...
       | That means there's a hard limit to how much green energy you can
       | install without causing catastrophic warming. Well before that
       | hard limit, you reach a point where the additional emissions
       | created by installing green energy sources are more than they can
       | pay off before deadlines like 2030 or 2050, which means they are
       | serving as carbon sources rather than carbon sinks in the
       | relevant timeframe. In other words, they are accelerating the
       | climate crisis rather than slowing it down.
       | 
       | - Total energy use may matter more than the percentage of
       | renewable energy, since if the absolute amount of fossil fuels
       | increases the emissions from burning fossil fuels will increase:
       | https://www.lowtechmagazine.com/2009/11/renewable-energy-is-...
       | 
       | - The internet as currently designed may use too much energy, so
       | switching to a system that uses even more energy by design is
       | probably a bad idea:
       | https://solar.lowtechmagazine.com/2015/10/can-the-internet-r...
       | 
       | Yes I am obsessed with Low-Tech Magazine, but they have lots of
       | citations and I could easily find less nerdy sources.
        
       | ComputerGuru wrote:
       | I think the title needs to say "iOS" in there.
        
         | ca98am79 wrote:
         | thanks, android and desktop versions coming soon!
        
       | readonthegoapp wrote:
       | so, it's a beacon, making _you_ a beacon, so advertisers can see
       | you wherever you are?
       | 
       | https://en.wikipedia.org/wiki/Web_beacon
        
         | jlund-molfese wrote:
         | No. The nomenclature criticism on Show HN submissions is
         | usually a stretch. A beacon helps you navigate or locate
         | things, and that's intuitive enough.
        
       | ca98am79 wrote:
       | Hi! My company Impervious released this browser today. It is the
       | first browser with native DANE support, meaning zero-trust
       | HTTPS/TLS for Handshake domains.
        
         | prdonahue wrote:
         | Can you share data on how much latency this adds to TTFB?
        
           | buffrr wrote:
           | Something to consider in the future is implementing
           | RFC9102[0] which is an experimental TLS extension for
           | embedding the DNSSEC chain this should significantly improve
           | TTFB. It'll still need to request the DS record/trust anchor
           | from the p2p client.
           | 
           | [0] https://www.rfc-editor.org/rfc/rfc9102.html
        
       ___________________________________________________________________
       (page generated 2021-12-14 23:01 UTC)