Get AI summaries of any video or article — Sign up free
build your own browser (crazy SECURE) thumbnail

build your own browser (crazy SECURE)

NetworkChuck·
5 min read

Based on NetworkChuck's video on YouTube. If you like this content, support the original creators by watching, liking and subscribing to their content.

TL;DR

Chasm-based secure browsing isolates the browser inside a Docker container and supports deleting the container after use to remove the session environment.

Briefing

A secure browsing setup built on disposable browser containers is the centerpiece: run a full web browser inside a Chasm (container) workspace, stream it to your device, and delete the container when finished so the session disappears. NetworkChuck frames this as a practical way to reduce exposure to malware and session persistence—because the browser lives in an isolated Docker environment rather than on the user’s machine.

The walkthrough starts with self-hosting Chasm on cloud infrastructure. After creating a cloud instance on LE Node Cloud Computing by Akamai, the user logs in via SSH, updates packages, and runs a single Chasm installation command. Once Chasm finishes provisioning, the user accesses the service through a reverse DNS address over HTTPS, logs into the Chasm admin interface, and launches a browser workspace (the example uses Brave). At that point, a Docker container spins up, the browser session starts, and browsing happens inside the container. When the session ends, the container can be deleted, removing the environment that handled the risky browsing.

To make the workflow usable, NetworkChuck also covers a Chrome extension for Chasm. The extension is configured with the Chasm server URL and a default workspace image, so clicking or right-clicking links can open them directly inside the self-hosted secure browser. The result is a repeatable “open in isolated browser” pattern rather than a one-off setup.

Cost and convenience become the tradeoff. Chasm software is free, but running it requires paying for compute, RAM, storage, and hosting. The minimum system requirements cited are 2 cores, 4 GB RAM, and 50 GB SSD, and the example cloud plan on LE Node is positioned around a 4 GB tier (about $20/month, billed hourly). NetworkChuck contrasts that with the NetworkChuck Cloud browser option, priced at $7/month, which shifts the operational burden—keeping the service available, accessible, and supported—away from the user.

Security concerns are addressed directly, especially around privacy and tracking. NetworkChuck says the service does not log browsing activity inside the container: no keylogging, no screen recording, and no telemetry tied to what websites are visited. The only tracking described is application-level session/request data used for performance and stability, with the service operating as a SaaS on AWS and OCI. He also argues that tracing a single user to illegal activity is difficult because multiple users may share the same IP address at the time of access, though he stresses the product is not intended for illegal use and cannot guarantee “impunity.”

Overall, the core message is that secure browsing hinges on isolation plus disposability: whether self-hosted or used as a managed service, the browser session runs in a container that gets wiped afterward. The decision comes down to whether the user wants to manage infrastructure themselves or pay for a hosted, always-on solution.

Cornell Notes

NetworkChuck’s secure browsing approach relies on running a real browser inside a disposable Chasm workspace (a Docker container) and streaming it to the user. After the session, the container can be deleted, removing the browsing environment and reducing malware persistence risk. For self-hosting, the setup uses LE Node Cloud Computing by Akamai: create an instance, SSH in, run the Chasm install command, then access the admin UI via HTTPS and launch a browser workspace (e.g., Brave). A Chasm Chrome extension can open links directly into the configured workspace. The privacy claim is that browsing activity inside the container isn’t logged (no keylogging/screen recording/telemetry), while only session-level data is tracked for performance and stability.

What makes the browsing session “secure” in this setup, and what happens when the user is done?

The browser runs inside a Chasm workspace that uses a Docker container. Browsing occurs within that isolated container rather than directly on the user’s machine. When the user finishes, the container can be deleted, so the session environment is removed—reducing the chance that malware or persistent state survives after the browsing ends.

How does a self-hosted deployment get started on LE Node Cloud Computing by Akamai?

After creating a cloud instance on LE Node, the user logs in via SSH using the provided connection command. The setup includes updating repositories (e.g., an apt update) and then running a single Chasm installation command. Once provisioning completes, Chasm is accessed over HTTPS using a reverse DNS address, and the admin UI provides controls for launching browser workspaces.

How does the user actually launch a browser session once Chasm is running?

In the Chasm admin interface, the user goes to Workspaces and selects a browser image. Launching a session (example: Brave Launch session) triggers a Docker container to spin up and start the browser inside the isolated workspace. The user then browses through the streamed session.

What role does the Chasm Chrome extension play?

The extension (installed from the Chrome Web Store) is configured with the Chasm server URL and a default workspace image. After that, the user can open links by clicking or right-clicking and choosing an option like “Open in Chasm,” which routes the browsing into the self-hosted secure workspace.

What privacy and logging behavior is claimed for the NetworkChuck Cloud browser?

NetworkChuck says the service does not log browsing activity inside the container: no keylogging, no screen recording, and no collection of browsing telemetry. The service may track application-level session/request data used for performance and stability, and it operates as a SaaS on AWS and OCI.

How does the service address concerns about tracing illegal activity to a specific user?

The argument is that multiple users can share the same IP address due to load balancing across infrastructure, so identifying which individual performed an action becomes difficult. NetworkChuck also notes that law enforcement requests would be handled according to law, but he explicitly warns the product is not meant for illegal activity and cannot guarantee users avoid being caught.

Review Questions

  1. What specific mechanism (isolation and lifecycle) is used to reduce risk in this secure browsing workflow?
  2. Which configuration steps are required to make the Chasm Chrome extension open links into the correct self-hosted workspace?
  3. What kinds of data does NetworkChuck claim are not logged, and what kinds are logged for performance/stability?

Key Points

  1. 1

    Chasm-based secure browsing isolates the browser inside a Docker container and supports deleting the container after use to remove the session environment.

  2. 2

    Self-hosting on LE Node involves creating a cloud instance, SSHing in, running the Chasm install command, then accessing the admin UI via HTTPS using reverse DNS.

  3. 3

    Launching a workspace from Chasm (e.g., Brave) spins up a fresh container-backed browser session for isolated browsing.

  4. 4

    A Chasm Chrome extension can be configured with the server URL and default workspace image to open links directly inside the secure container.

  5. 5

    NetworkChuck’s privacy claim is that browsing activity inside the container isn’t logged (no keylogging/screen recording/telemetry), while session-level data may be tracked for performance and stability.

  6. 6

    The main tradeoff is cost and convenience: self-hosting requires paying for infrastructure and maintenance, while the NetworkChuck Cloud browser shifts operations to a managed service.

  7. 7

    Security and anonymity depend on trust and infrastructure; the service is not positioned as a tool for illegal activity or guaranteed “impunity.”

Highlights

Disposable container sessions are the security core: the browser runs in a Chasm workspace and can be deleted afterward.
The self-hosting flow is practical: LE Node instance → SSH → Chasm install → HTTPS admin access → launch a Brave workspace.
Privacy is framed as “no inside-container logging,” with only application-level session data tracked for stability.
Cost vs convenience drives the decision between self-hosting Chasm and using the NetworkChuck Cloud browser ($7/month).

Topics

Mentioned

  • LE Node Cloud Computing by Akamai
  • NetworkChuck Cloud browser
  • Chasm
  • Brave
  • James Titus
  • NetworkChuck
  • SSH
  • AWS
  • OCI
  • IPSec

Get summaries like this for any content

Videos, articles, research papers — all summarized by AI and searchable in one place.

Start building your library