Categorically prevent websites to access your device(s)

Any modern web application can request access to device features — your camera, microphone, or GPS, to name a few. Device integration makes the web more interactive. However, there are scenarios in which device access poses risks. For instance, for children that make first steps on the web. Webfuse is a powerful browser-as-a-platform that lets you shape the web according to your needs. Besides blocking inappropriate sites, Webfuse enables blocking of device features.

Users Are Exposed to Invasive Permissions—Especially on Third-Party Apps

• Shady websites might abuse granted device access
  
• Most users click “Allow” without understanding the risk
  
• Security teams can’t control permission behavior on apps they don’t own
• Websites might find ways to silently access hardware
• Enforcing device access policies is not trivial
• Existing solutions require complex reverse proxies or browser extensions‍

Webfuse puts the control back in your hands—at the session layer.

How Webfuse solves this - Declare Security on Platform Level

In contrast to traditional systems, implementation of security measures with Webfuse is straightforward:

Dynamic Policy Injection—Applied in Real Time
Webfuse Spaces allow you to intercept and rewrite every response from a target web app. With the Custom Headers App, you can:

• Create a Webfuse space — your configuration of the web
• Route all your traffic through a Webfuse session in this space
  
• Install Webfuse's Headers App
• Add the experimental (soon to be baseline) Permissions Policy response header to tell browsers which apps to grant, or deny device feature access.
• You might want your trusted meeting app only to access camera and microphone, for example.
  
• Combine with Lockdown App for advanced protection against XSS, iframe abuse, and resource leakage
  
• Modify headers without altering the original app or server
• The rule applies to all sessions within the space
  

Key benefits

• Deny Device Access with fIne-grained Rules: You configure Webfuse which apps to provision device access, including types of devices‍
  
  • Block Camera, Mic, and Geolocation Access
  • Apply browser-native permission restrictions to all sites/apps visited‍
• ‍No Server-Side Integration Needed: Webfuse is a platform-based browser that can be used right away, in any browser or embedded into another app‍
• Evolved Security: Permissions policy is just one aspect of strong security measures. Webfuse supports many more security features‍‍
  
  • Combine with CSP, Lockdown, and Session Monitoring for layered defence
    

Who could benefit from this added security?

• Educational Institutions, such as schools, that need to protect minors from abuse, e.g. hidden video recording
• Highly-regulated Institutions, such as banks, that need to adhere to strict security compliance policies
• Kiosk Providers, that want to have an extra layer on security for when users break out of the sandbox
  

Get Started Now

Check out our demo space to see a basic example. Launch a secure session with device access restrictions in minutes. A template SPACE with the proper headers and Custom Headers App will be preinstalled—ready to lock down any target web app. Try to access your webcam from anywhere in the web. Sign up for a trial and build your own space with custom policies.