An Underestimated Use Case

Published by Ryan Miller on

When WEBGAP Go was launched in March, we anticipated that privacy would be a peripheral use, but what we did not realize is that customers saw the benefit of WEBGAP as a privacy solution more than an anti-malware solution. The companies that have an interest in our WEBGAP Pro product have been an even mix of privacy and anti-malware with specific privacy features that are not available with our Go product. The privacy aspect of WEBGAP Go is the focus of this article.

We are frequently asked if WEBGAP Go is a VPN because that is how it appears to customers. In a sense, WEBGAP can function as a VPN in that your web browsing is seen at an IP address that is not your homes and allows access to blocked websites, but browsing from another IP address is one component of privacy that is native to WEBGAP based on how it is engineered.

We use non-persistent browsing sessions that keep cookies from being stored until manually deleted. If you are logged into a website through WEBGAP, such as HubSpot, for example, and have selected “keep me logged in” then log out of WEBGAP you will have to log in to HubSpot again when you revisit whether it is through WEBGAP or your host browser.

When it comes to the visibility of the URL of the websites you are visiting through WEBGAP, everything after the query character (“?”) in the URL is not captured in web proxies nor any other device or software that has URL visibility except for the host browser. If you were to visit HubSpot through WEBGAP, you would see “https://webgap.me/?url=https%3A%2F%2Fwww.hubspot.com%2F” as the URL, but URL filters such as antivirus and web proxies see only “https://webgap.me/.” One of the aspects of privacy is having your data under your control. Any websites that you visited through WEBGAP can be quickly deleted from the host browser.

Browser fingerprinting is defined by the Electronic Frontier Foundation as “a method of tracking web browsers by the configuration and settings information they make visible to websites, rather than traditional tracking methods such as IP addresses and unique cookies.” WEBGAP does not block browser fingerprinting techniques, but it does give the same fingerprint every time which effectively prevents any discernable pattern of device and website use. The components of browser fingerprinting that remain the same with each attempt is the user agent string, HTTP ACCEPT headers, screen resolution and color depth, the timezone, browser extensions and plugins, installed fonts, JavaScript execution, the hash of pixels generated by canvas fingerprinting, the hash of pixels generated by WebGL fingerprinting, systems platform, system language, and touchscreen support.

The more people that browse the web with WEBGAP the more obfuscated fingerprint data is collected and sold to data brokers and Ad companies making it increasingly difficult to build a profile for not only you but everyone else that uses WEBGAP.


Ryan Miller

A husband, a father of 3, my daughter's sounding board, writes on all topics of cybersecurity, an expert at dad humor, a security engineer, an analyst, a network administrator, and Desktop Support Tier I-III.