Helmet Web Browser Firewall (1.0.5-beta)

[The1stHelmetUser]

Hi there!

As the Helmet Browser developer and founder I would like to invite experienced, enthusiasts and new mac users to test the Helmet Web Browser Firewall - yes, a browser + personal firewall. (Not just another Chromium-based 'private' or 'ad-blocker' web browser).

The Helmet Browser technical specifications and the form to Become a Tester are available to anyone who wants to try, test and evaluate the world's first web browser (I didn't find one, so I decide to develop), that implements a built-in firewall and integrates external VirusTotal API natively (optional) for personal use, among other firewall / protection capabilities.

Helmet is a personal project that I've started a year ago and initialy it was developed to meet my personal needs. It is completely de-coupled from the Google Services APIs, except for the embedded Translation feature. Helmet is a Chromium-based, multi-processed hardened with Apple App Sandbox by default with a strong security posture. To understand why Helmet is safer than general public web browser visit Helmet Web Browser Firewall website at: https://www.helmetbrowser.com

Helmet is only available for macOS (arm64 and x86_64) throught the Apple TestFlight invitation.

Helmet is inviting mac fans to Become testers by submitting a basic Volunteer Tester Program form: https://www.helmetbrowser.com/tester

To submit the Become Tester form only name and e-mail are requested. All other information are related to understand the tester profile, level of knowledge and technical interests.

* As all Apple TestFlight testing application, testers can perform In-App purchases to have access to all Helmet features in order to test all features and app functionalities during the test period.

** In‑app purchases in TestFlight use the sandbox environment, so they’re free to testers and don’t carry over into production once your app is released on the App Store. https://developer.apple.com/in-app-purchase/

I would like to thank all internal and external testers to the joint effort to make Helmet even safer.

I'd like to also thanks to the great teams from:


URLHaus - https://urlhaus.abuse.ch
Gerd Hagezi - https://github.com/hagezi
FiltersHeroes / KADhosts - https://github.com/FiltersHeroes/KADhosts
Anudeep - https://github.com/anudeepND/blacklist
Google Safe Browsing - https://safebrowsing.google.com
VirusTotal - https://www.virustotal.com
The Chromium Authors
Quinn “The Eskimo!”


Thank you all !

 

[bogdanw]

* As all Apple TestFlight testing application, testers can perform In-App purchases to have access to all Helmet features in order to test all features and app functionalities during the test period.

This is the first time I've heard of users having to pay to be beta testers.

 

[The1stHelmetUser]

Hi, bogdanw,
I will include this info in the post, but as described in Apple Testflight documentation, ". In‑app purchases in TestFlight use the sandbox environment, so they’re free to testers and don’t carry over into production once your app is released on the App Store.": https://developer.apple.com/in-app-purchase/

Maybe I should be more explicit in the post to make sure everyone understands.

Thank you for your feedback.

 

[luiskbays]

Hi, I'm a bit of an amateur here (I think you've already noticed), I thought it was cool that it's the first built-in firewall in the browser, because it's really annoying sometimes to browse and see how much we're bombarded with all sorts of things – ads, redirects, cookies, everything. Being able to choose and know what's on each page request is very valuable. I'll be posting any negative or positive points here, and answering the message from the friend above, yes, I managed to go through TestInFlight. Keep it up, congratulations!

 

[bogdanw]

I've filled out the 11 questions survey, now what happens?

 

[The1stHelmetUser]

I've filled out the 11 questions survey, now what happens?

You'll receive a Apple's TestFlight e-mail inviation on the e-mail address you've provided in the form. Thank you for your interest!

Hope you enjoy! \o/ 🪖

 

[gilby101]

What is the advantage using Your browser compared with Safari plus a decent ad, tracker and malware blocker (e.g. AdGuard)? The connection of Virus Total would seem to be the only addition and I doubt that it is really needed if you use a malware blocker.

 

[The1stHelmetUser]

What is the advantage using Your browser compared with Safari plus a decent ad, tracker and malware blocker (e.g. AdGuard)? The connection of Virus Total would seem to be the only addition and I doubt that it is really needed if you use a malware blocker.

I think the first advantage is the hardening of App Sandbox and the V8 internal sanboxing. If we are talking about real cyber security. The second advantage is to have a set of well-known curated and btw emerging threats. The selected and encrypted URLs DB, execute in-memory under the Browser-process the first defense line. This can block a lot of malicious links that are not yet on the VirusTotal.

Third, signals correlation. Dozen of signals, such as SNI and other mac specific threats are also, depending on the context, be considered an IoC, these features are been tested as experimental, such features can protect against the recent malicious SVG and AppleScripts.

There are many other security mechanism implemented to protect the users against the initial access, which include the protection of some sensitive configurations, others features are simply disabled because I believe these features are not browser's mission, such as store payment info, credit card data, passwords.

Another great win is the de-coupling of GAIA password protection. Password management is not a web browser mission, at least for Helmet. There are many applications designed to achieve this task.

The UMA histogram is another 'de-coupled feature' that is worth to mention. This is about privacy.

There are much more in term of real security under the hood that maybe one day I can write about.

Hope it can explain a little bit about what Helmet is and what Helmet is not.


Cheers! \o/ 🪖

 

[Anonymous Freak]

This is the first time I've heard of users having to pay to be beta testers.

"Mac OS X Public Beta"

 

[The1stHelmetUser]

"Mac OS X Public Beta"

Its not the first time so. Well well... 🤓 🤣🤣🤣

 

[bogdanw]

"Mac OS X Public Beta"

That was a CD, with a paper manual, ordered from Apple's Online Store and shipped to the user. And it's more expensive now 🙂 https://www.ebay.com/itm/287265594687

@The1stHelmetUser
1. Helmet seems to be using the same “Chromium Safe Storage” created by other Chromium-based browsers. If possible, it might be a good idea to generate a dedicated “Safe Storage” for Helmet.


2. The firewall can’t be turned on. The “Subscribe Now” button returns “Error: Log on the macOS with your Apple Account in order to Subscribe”. As I downloaded Helmet form TestFlight, I’m obviously logged in.

3. If the subscription is tied to the Hardware UUID, how do users transfer it to a new Mac?

 

[The1stHelmetUser]

That was a CD, with a paper manual, ordered from Apple's Online Store and shipped to the user. And it's more expensive now 🙂 https://www.ebay.com/itm/287265594687

This is why things like that became legendary.

@The1stHelmetUser
1. Helmet seems to be using the same “Chromium Safe Storage” created by other Chromium-based browsers. If possible, it might be a good idea to generate a dedicated “Safe Storage” for Helmet.

It had also a dedicated "Safe Storage" for other purposes, as "Safe Browsing" and others Helmet sensitive data that uses other Apple "Safe Storage" key. This is not the same "Chromium Safe Storage", it's Apple Safe Storage mechanism called Apple Keychain. This a observation or a concern?

View attachment 2634898

2. The firewall can’t be turned on. The “Subscribe Now” button returns “Error: Log on the macOS with your Apple Account in order to Subscribe”. As I downloaded Helmet form TestFlight, I’m obviously logged in.

It can be turned on if your are logged into a Apple Account. That's the normal behaior when you are downloading something from the Mac Apple Store, right. This is how Apps sell subscription on the Apps Store, Apps are tied to your Apple Account. lol

Serioulsy? It can not be turned on ??? :-D 🤣

3. If the subscription is tied to the Hardware UUID, how do users transfer it to a new Mac?

View attachment 2634899

You can figure it out by exploring / testing deeply. There are not only one UUID to protect apps against fraud.
Apple provides native mechanisms to protect user's licensing from fraudsters/piracy.

View attachment 2634900

Any other question please let me know! Hope I can help you to actually Test the App features.

Cheers! \o/ 🪖

 

[bogdanw]

It had also a dedicated "Safe Storage" for other purposes, as "Safe Browsing" and others Helmet sensitive data that uses other Apple "Safe Storage" key. This is not the same "Chromium Safe Storage", it's Apple Safe Storage mechanism called Apple Keychain. This a observation or a concern?

I don’t think it’s a good idea for a browser to access the private data of another browser.

It can be turned on if your are logged into a Apple Account. That's the normal behaior when you are downloading something from the Mac Apple Store, right. This is how Apps sell subscription on the Apps Store, Apps are tied to your Apple Account. lol
Serioulsy? It can not be turned on ??? :-D 🤣

As I said, I am logged in.

If the subscription is managed through the App Store, why does Helment connect to api.revenuecat.com and api-production.8-lives-cat.io?

I posted above images of the error message. Do you need a video to understand?

You can figure it out by exploring / testing deeply. There are not only one UUID to protect apps against fraud.
Apple provides native mechanisms to protect user's licensing from fraudsters/piracy.

That is a really unprofessional answer. The terms and conditions of the subscription should be clear for users.