How does Light Point Web protect you?
The short explanation of how Light Point Web protects you is that it will not allow any of a website’s code to execute on your computer. However, actually doing this is a complex process with a lot of complex parts, each of which was designed to give you maximum security. This article is an in-depth description of the operation of Light Point Web and how each piece is designed for maximal protection for our users.
Our Servers
Light Point Web uses cloud computers to run our browsers. Cloud computers offer two important features vital for Light Point Web. First, cloud computers let us add capacity when needed and remove capacity when it’s not. This keeps our costs low, which lets us offer low prices to our users. Second, and most important, is the ability for us to create a pristine image of an operating system to use on each of our cloud computers. This means we can build a template of an operating system that contains everything needed to run our service, and nothing else. This template is stored away in a read-only manner. Each cloud computer we create is created from this image. When we are finished with the cloud computer, we can destroy it, and all data that it contained are destroyed with it. No changes to the operating system survive. This allows us to be sure that each new cloud computer we create is clean and can be trusted.
A problem is that it would be too expensive and unscalable to allocate an entire cloud computer for each user. We need the ability to allocate a single cloud computer to multiple simultaneous users, and we need to do it in a way so that one user can not affect any others. To do this, we are using another layer of virtualization inside each cloud computer. We are using OpenVZ to do this. OpenVZ is an operating system-level virtualization technology. The main use of this technology is application level isolation. Just like our cloud computers, it allows us to make a clean, trusted template of a computer that can run our browsers. The cloud computer will create several OpenVZ computers inside it, each of which are based on the clean, trusted OpenVZ template. This OpenVZ computer is allocated to a single user for a single use. When a user connects to the OpenVZ computer, it will execute our browser inside it. When the user disconnects, the OpenVZ computer and all data contained within it are destroyed, and a new one is created from the clean template in its place. Once this happens, all the browsing history, cookies, cache files, changes to the OpenVZ operating system, etc that were accumulated during the browsing session are lost forever. The next time that user connects, it will be to a brand new, never-before-used OpenVZ computer.
Operating Systems
Because over 99% of all malware targets Windows computers, we use a Linux operating system for both our cloud computers and OpenVZ computers. This simple act immunizes our servers from almost all online threats. On top of that, we take the time to follow security best practices within those computers, such as running the browsers with as few privileges as possible.
Browser
The browser that runs in our OpenVZ computers is based on the WebKit layout engine. WebKit is the browsing engine used by Google Chrome, Safari, and many others. Because of its widespread use, this code is very actively maintained. More maintenance means more bug-fixes, and a more secure browser.
In Firefox, each tab and window belong to a single Windows process. When something bad happens inside a process, it crashes. This means all tabs and windows will close. When using Light Point Web, each tab and window you have are linked to a separate browser process running on our servers. This way, if one of our browsers crashes, you only lose the tab that was attached to it. The rest of your browsing session is unaffected.
Traffic Encryption
When you browse the web, all of the traffic into and out of your computer is easily visible to anyone else on your network. If you are browsing to an HTTPS site, none of that traffic is actually readable. Otherwise, other people on your network can read anything you read, or even hijack your session and begin sending messages as you. However, when using Light Point Web, all traffic is encrypted using OpenSSL. This encryption is also fully authenticated. This means your computer will ONLY communicate with our servers, and our servers will ONLY communicate with your computer. Fully authenticated SSL gives both sides a way to be cryptographically certain that they only communicate with the correct party.