Husk v0.1.0 - first public release

Privacy-first browser for Windows. Rust core wrapped around a battle-tested rendering engine. Encrypted profiles, anti-fingerprint, DoH, paranoia tabs, request interceptor, F9 boss key.

Downloads

File	Size	SHA-256
Husk-Portable-0.1.0.zip	1.8 MB	723c65ee3bf4780932611d172177bf531625ad43bbc82e5e91a30f2b35a1ebdb
husk.exe (raw, for inspection)	4.0 MB	8be30704e201c5d1e440b81ae10521ec5f3c367501921512bb24b8526d21214d

Verify before running

Get-FileHash .\Husk-Portable-0.1.0.zip -Algorithm SHA256

Match the output against the hash above. If it differs — do not run.

How to install

1. Download Husk-Portable-0.1.0.zip
2. Extract the zip anywhere (Desktop, a USB stick, wherever)
3. Double-click husk.exe

Done. The husk.portable marker that ships in the zip tells Husk to keep every byte (profiles, history, bookmarks, vault, WebView cache) in a HuskData/ folder next to the .exe. No installer, no registry write, no trace on the host machine.

Why portable-only at v0.1

We're shipping the portable build and nothing else, on purpose. A regular Windows installer writes to Program Files, the registry, the Start menu, and %APPDATA% — the exact set of breadcrumbs Husk exists to avoid. Portable IS the install model: extract, run, and when you're done, delete the folder. Nothing lingers.

If you want quick relaunch, right-click husk.exe → Pin to taskbar. That's the closest thing to a "Start menu entry" we offer, and it's something you control.

A traditional installer may ship in v0.2 as an optional extra for users who specifically want one. The portable build will remain the default and the recommended path.

Requires WebView2 Runtime, which ships with Windows 11 and Windows 10 21H1+. If your machine is older, install the Evergreen Runtime.

What's in this release

Privacy core

• Encrypted profiles — Argon2id + ChaCha20-Poly1305 with a phrase you pick. No recovery email, no backdoor. Bookmarks, history, cookies, vault, notes — sealed at rest. Crypto source open: husk-crypto
• Multi-profile — run as many as you want side by side, encrypted or not, each with its own everything
• Vault — credentials manager with optional duress slot: a second phrase opens a decoy vault for the moment someone insists you unlock
• Encrypted notebooks — markdown notes with per-notebook phrases, image embedding, image paste / drop / file picker
• Portable mode — extract the zip and Husk leaves no trace on the host

On the wire

• DNS-over-HTTPS — built-in DoH proxy, choose AdGuard, Cloudflare, Quad9, NextDNS, Mullvad or custom; strict mode refuses to load pages when the chosen endpoint is unreachable instead of silently leaking to the ISP
• Native adblock — EasyList + EasyPrivacy + cosmetic rules; cosmetic CSS injected via constructed stylesheets so the page can't detect Husk
• Anti-fingerprint — canvas / audio / fonts / user-agent spoofed; long-press the reload button to rotate the seed; persistent "compat mode" badge when an origin is whitelisted out of the spoof
• Cookie editor — per-site view / edit / wipe

Power tools

• Request interceptor — Burp Suite, but built in. Pause, edit and forward / drop any request or fetch/XHR response. Replay with one click. Pop-out into its own window. Sensitive headers (Cookie, Authorization, X-API-Key, etc.) redacted before they touch the chrome JS heap
• Screenshot tool — full page or rectangle selection, built-in editor with crops + arrows + redactions
• Boss key F9 — turns every Husk window across every running profile into a working calculator (title, audio and Alt-Tab included), via cross-process named events

Plausible deniability

• Fake vault — duress phrase opens a decoy vault, real one stays invisible
• Encrypted profile, no preview — locked profiles show no avatar / bookmark / history hint
• Delete requires the phrase — even wiping an encrypted profile asks for the phrase first
• Boss key persistence — F9 state survives across all running Husk processes

Security audit

Pre-launch audit covered every trust-critical surface. Findings + fixes shipped in this release:

• 2 Critical: panic-wipe IPC was reachable from any visited site (removed); encrypted profile lock left cleartext on disk via plain remove_dir_all (now overwrites with zeros then unlinks)
• 10 High fixes including: vault blobs padded to fixed 256 KiB so real / duress size delta isn't readable off disk; content tabs can no longer close / reload / boss-key each other; DoH strict mode + persistent UI indicator; history + bookmarks strip sensitive query parameters before persisting; husk-dns.log redacts hostnames and rotates
• 25+ defense-in-depth fixes: URL allow-list (vs block-list), search template validation, Notes image MIME whitelist (drops SVG), EncryptedBody kind discriminator, Zeroizing strings on lock / wipe, paranoia activity restricted to user events, ...

Full report (private to the project) — public summary available in the husk-crypto README. Found a hole the audit missed? Mail security@husk.run.

Honest limitations

• Engine is Chromium (WebView2 distribution). What we don't ship: Edge telemetry, sync, account integration. What's still Chromium: the rendering engine itself. The day a non-Chromium engine is embedding-ready, we switch.
• DoH hides DNS, not SNI — site hostnames are still visible to the network via TLS ClientHello SNI extension. ECH support depends on WebView2.
• SSD wear-leveling can move physical bytes outside our reach. Secure wipe + full-disk encryption (BitLocker / VeraCrypt) is the recommended combo against forensic recovery on SSDs.
• macOS + Linux: coming. The Rust core builds for both already; the ports need work on platform plumbing (boss-key, single-instance, taskbar integration).

Other platforms

• macOS: targeted for v0.2
• Linux: targeted for v0.2

---

First public binary. Privacy-as-a-default. No telemetry, no account, no ad-funded mode. Browse without breadcrumbs.