Security & Privacy
1. Architecture overview
Virtual Browser uses layered isolation so profile data and network traffic stay separated.
Principles
- Least privilege — only required OS permissions
- Defense in depth — sandbox + per-profile storage
- Privacy by default — local storage; cloud sync only when you enable Pro sync
2. Data protection
Local
- Config encryption (AES-256 where applicable)
- Password hashing with salt
- Session data cleared on exit when configured
- Cache cleanup supported
In transit
- HTTPS / TLS for remote services
- API auth via
api-key(Pro) - SOCKS5 and proxy tunnels supported
- Reduce DNS/WebRTC leaks via fingerprint settings
Per profile
- Separate cookies, storage, and cache
- Export files should be stored securely
- Temp directories cleaned on schedule
Cloud sync (Pro, optional)
- Default: data stays on disk only
- Upload/restore: only when you enable sync and run backup/restore to VirtualBrowser cloud or your WebDAV
Details: Cloud sync, Plans & features.
3. Privacy techniques
- Canvas / WebGL / AudioContext / font randomization
- Proxy + timezone + language alignment
- WebRTC leak mitigation options
- Optional tracker/ad blocking settings in profile
4. Anti-detection (overview)
- UA, screen, plugins, languages
- WebRTC and media device controls
- Keep parameters internally consistent—see Advanced configuration
5. Example settings
json
{
"security": {
"enableSandbox": true,
"autoCleanup": true,
"sessionTimeout": 3600
},
"privacy": {
"enableFingerprintProtection": true,
"enableTrackingProtection": true,
"enableCookieIsolation": true
}
}6. Recommendations
- Update the client regularly
- Unique strong passwords per platform account
- Rotate proxies; never reuse IPs across unrelated accounts
- Export backups before major changes
- Beware phishing and untrusted extensions
7. Compliance & disclosure
Design goals align with common privacy expectations (data minimization, user-controlled sync). You are responsible for complying with GDPR/CCPA and platform rules in your jurisdiction.
8. Incident response
| Severity | Examples |
|---|---|
| Low | Misconfiguration, local perf |
| Medium | Suspected credential exposure |
| High | Malware, data breach |
Report security issues: GitHub Security or security@virtualbrowser.cc