They basically add 'verification headers' to the original website through a proxy solution, allowing visitors to browse sites with some level of age verification regardless of their location. They are more focused on the 'privacy aspect'.
I'm working on a MCP Server to get Starlight API documentation quickly connected to any model. I have the initial stuff setup, doing some experiments now to figure out how to optimize performance (reduce number of roundtrips, don't overload the context).
For example, if during the conversation someone asks, "tell me how this API call works". It should be able to. 1. find the right API document (requires search) and then 2. 'retrieve' that API document. But if that API document also requires other content (eg Authentication is separate) that will require ANOTHER roundtrip. So I'm currently trying to figure out what the best flow would be for this.
That blinking cursor gives me nostalgic feelings.Nice.
For anyone checking this out, this is not a video, you can actually 'play' with it, just use the keyboard and hit 'p'.
Ha yeah it didn't occur to me that it looked like a video but I can see it now, yes it's really running dos and if you quit it takes to C:\ (using js-dos)
Alas it appears this wasn't of interest to HN as it never made it past the "new" queue.
Nice - would you be interested in making this into a saas service? We are starting to open up our "automation API" and could maybe work together on bringing your extension to something that does not use playwright and a remote browser.
The raison d'être for BrowserBee is to control the user's browser in a private fashion so they can automate tasks that require them to be logged in. I'm unsure how it would work in a remote browser setup - tools like Browser Use and BrowserBase seem to cover that use case already.
The key differentiator is privacy and local control. When users need to automate tasks on sites where they're already authenticated (banking, personal accounts, work systems), they need their actual browser with their existing sessions and cookies, not a remote instance.
Holy shit, so you are uh building a search engine from scratch.
Do you crawl yourself? What is your infrastructure? What is your goal for search.marginalia ?
> Holy shit, so you are uh building a search engine from scratch.
Yup
> Do you crawl yourself?
Yup
> What is your infrastructure?
All custom built in Java, sitting on a rack server in a basement in Sweden.
> What is your goal for search.marginalia ?
I'm basically building what I feel is lacking in internet search and discovery, which is tools for finding stuff based on something other than a popularity metric, as those tend to feed into themselves to make the web seem so small.
> Can you give some rough indications of how many pages you index in total?
I index like 300 million documents right now, though I crawl something like 1.4 billion (and could index them all). The search engine is pretty judicious about filtering out low quality results, mostly because this improves the search results.
> How many page you crawl each day?
I don't know if I have a good answer for that. In general the crawling isn't really much of a bottleneck. I try to refresh the index completely every ~8 weeks, and also have some capabilities for discovering recent changes via RSS feeds.
> Size of the machine(s) in RAM and HDD?
It's an EPYC 7543 x2 SMP machine with 512 GB RAM and something like 90 TB disk space, all NVMe storage.
Wow - indeed. I see you made something like this already back in 2012. Impressive: https://github.com/Lerc/notanos That is more than 13 years ago when websockets where about to become generally available. Impressive!
Don't be discouraged by people that argue what you should or should not do. The world is full with people with their own agenda or that simply have a too narrow view of how their world should operate.
This is amazing - well done, and indeed runs oh-so smooth - even on mobile!
I see that the browser is somewhat limited as most sites try to prevent 'embedding'. However, we have a solution where we can proxy any web content in such a way to still allow you to embed it: https://www.webfuse.com/use-case/embed-unembeddable-content
Lmk if you would like to try this out and I can help you set this up.
Thanks! I actually did add a "Proxy settings" button to the right of the address bar which allows you to pick between a few free to access proxies. For my proof of concept Browser I have been ok with this, but if I did want to have a legit proxy then I would consider something like what you mentioned.
It would be €529 /month for 20 users but wouldn't they need to possibly support way more users than that? I wish we had a client-side solution that could infinitely scale beyond having users run their own node.js proxy.
The 'per user' pricing is only for the number of admins/devs they'd need to give access to the platform, beyond that you can scale to unlimited users.
And also for this specific need case (just proxying and embedding) the 'spark' plan at €19 will be enough though. Also for these non-for-profit usecases I'm happy to sponsor access.
TL;DR: We built Webfuse, a Web Augmentation Platform that lets you modify, automate, and collaborate on any web app — without changing the source code. Think “programmable browser session” where you can inject custom extensions, share sessions, record, automate, and more. It’s built on 10+ years of co-browsing tech from Surfly.
Hi HN,
I’m Nicholas Piël, founder of Surfly — we’ve been building co-browsing solutions since 2012. Over the years, we've developed a technology that allows us to take any web session and convert it into a virtual web session that can be shared and interacted with by multiple participants — all in real-time, and without touching the original app.
This led us to build Webfuse, which we’re now opening up publicly. Webfuse is a Web Augmentation Platform — it lets you modify, automate, and collaborate on any web application, without installing extensions, modifying code, or owning the underlying app.
Why we built it
We realized our core tech — real-time rewriting and virtualization of web sessions — was more powerful than just co-browsing. A few of our customers figured this out too, and used our APIs to build completely new tools on top of third-party apps. But until recently, the infrastructure wasn’t mature enough to make this accessible to a broader audience.
Now, it is. Webfuse is the product of over a decade of work in this domain.
What’s different
Existing solutions like browser extensions, edge code injection, or remote browsers all fall short when it comes to modifying third-party apps securely and scalably. We took a different route: on-the-fly, domain-level rewriting of existing apps inside a secure virtualization layer. This lets us expose a consistent API to developers, while maintaining full compatibility with modern web apps.
You can:
Launch virtual sessions that wrap any web app
Add custom extensions (browser-extension-like API)
Share sessions with multiple users (like multiplayer mode)
Inject automation (bots, testing, RPA, etc.)
Record sessions, enforce auth, block tracking, etc.
How it works
You create a Space — essentially a URL that opens one or more web apps in virtualized form. From there, you can add security, extensions, or UI changes. All of this is configurable through the Webfuse API or UI.
We expose:
- REST API
- JavaScript session API
- Webhooks
- Magic Link (JWT-based) API
- Extension API (based loosely on browser extension standards)
Why this is interesting
If you’ve ever wanted to: Turn a legacy internal tool into a modern frontend, Saasify a browser extension, Inject AI into third-party apps, Or just hack on top of software you don’t own.
...this might give you that ability. Webfuse acts as a programmable overlay on the web.
The exec just follows the instructions provided by their CISO, who adheres to the information security standards used in audits.
These standards are influenced not only by actual threats but also by lobbying from Endpoint Detection and Response (EDR) systems like SentinelOne and Crowdstrike. For instance, in 2021, the White House issued Executive Order 14028, which mandates the Federal Government to implement a robust EDR solution. Consequently, standards such as those from NIST and ISO27001 have increasingly emphasized malware detection and response.
When onboarding any large enterprise, you will encounter these requirements before the enterprise can proceed with procuring your service. This compels B2B organizations to implement this software to be successful.
They basically add 'verification headers' to the original website through a proxy solution, allowing visitors to browse sites with some level of age verification regardless of their location. They are more focused on the 'privacy aspect'.