What's New
Endless now requires iOS 10.0 at a minimum for optimal security.
Lots of new features in 1.0:
- Adds a donation page at the bottom of the settings menu where you can support development of this app with an in-app purchase - your continued support is greatly appreciated!
- Optional dark mode interface, other minor UI improvements
- Keyboard shortcuts on iPad (hold down Command key to see them)
- Add custom home page setting to override search engine homepage
- Host-specific settings menu (persistent cookies, TLS version, etc.)
- Add per-host mixed-mode content policy to allow overrides for things like RSS readers
- Add per-host content policy settings to disable Javascript, media, etc. on certain hosts
- Remove SSLv3 support (iOS 9 did this for us), disable weak TLS ciphers by default
- Add IPv6 support to "block external LAN requests" functionality
- Make UA string more like Safari
- More analytics hosts added to block list
- Update to https-everywhere 5.2.9
- Replace 'Open in Safari' menu option with a generic 'Share URL' option, which also includes Safari
- Add optional crash reporting through Crashlytics (disabled by default)
- Enable iTunes file sharing so you can download (and later re-upload) your per-host setting files
Bug fixes:
- Improved stability and greatly reduced memory usage
- Fix occasional UI layout bugs when closing tabs
- Fix blocking of redirected URLs
- Fix injected Javascript for hosts doing non-standard window.open() calls
- Update location bar with proper URL early, when upgraded by HTTPS Everywhere or HSTS rules
- Handle HTTP 303 redirects
- Find more localstorage files to delete when doing auto-sweep
App Description
Endless is a free, open source web browser built with privacy and security in mind.
- Multiple tabs with automatic blocking of non-touch-initiated popups
- Keyboard shortcuts for iPad (hold Command key to see a list)
- Integrated full HTTPS Everywhere ruleset to do on-the-fly URL rewriting to force requests over SSL where supported, including setting the secure bit on received cookies and auto-detection of redirection loops
- Auto-destroys non-whitelisted cookies and local storage (even within the same tab) that has not been accessed by any other tab within a configurable amount of time (defaults to 30 minutes) to improve privacy after browsing within a long-running tab
- Per-host configuration for blocking Javascript, external connections (websockets, media, etc.), fonts
- Disables SSLv2 and SSLv3 by default, supports a configurable minimum TLS or SSL version to require (defaults to TLS 1.2)
- HTTP Strict Transport Security (RFC6797) implementation with Chromium's large preload list
- Integrated URL blocker with a small included ruleset of behavior-tracking advertising, analytics, and social networking widgets (this list is intended for enhancing privacy and not to be an AdBlock-style comprehensive ad-blocking list)
- Blocks non-whitelisted mixed-content requests (HTTP elements on an HTTPS page), shows broken padlock
- Blocks pages loaded from non-local networks (i.e., the internet) from trying to load sub-requests (e.g., images, iframes, ajax) from hosts that are on local networks such as routers and other insecure devices
- Integrated SSL certificate viewer by tapping on padlock icon, highlighting weak SSL certificate signature algorithms
- Optional sending of Do-Not-Track header on all requests
- Integrated 1Password support to quickly fill login and password information from your 1Password store (requires 1Password iOS app to be installed)
Download source code and contribute at https://github.com/jcs/endless
App Changes
- July 02, 2015 Initial release
- July 15, 2015 New version 0.95
- August 26, 2015 New version 0.96
- January 05, 2017 New version 1.0