With regards to security, we’re taking special measures — you can read more below.
Surf is in its alpha stage. Nonetheless, security is a top priority for us.
Since Surf contains a web browser, we have to assume that you will encounter untrusted content and therefore Surf should protect what’s important to you — other web pages you visit, your data in Surf, and your computer — from potentially malicious actors.
Surf’s core browsing engine is Chromium, which is an open-source browsing engine that powers Google Chrome, Microsoft Edge and other notable browsers (Brave, Vivaldi, etc). We ship Surf alongside Chromium’s extended stable release channel. If there is an important fix in Chromium, the fix will be shipped as soon as possible.
Isolation is a core tenet of Surf’s architecture to ensure security. Any website loaded is sandboxed — so even if the website is malicious, other websites you access, other parts of Surf and your system are protected. Similarly, we design other systems within Surf to be isolated.
The data you save in Surf is stored on your machine. You can see the raw data by clicking “Surf” → “Show Surf Data” (in Windows & Linux, you first have to click the hamburger menu).
Using certain features (all the AI stuff) will cause some data to be sent to Deta and / or Open AI’s servers:
Because Surf is at an early stage, we have not yet implemented certain measures that are present in many browsers.
We have determined these non-critical at this stage, but they are on the backlog.