SSH

When you open Outer Loop, it asks you whether you want to use a server, localhost, or the internet. Outer Loop can connect to servers over SSH, then connect to local endpoints on those servers by tunneling through that SSH connection.

With conventional browsers, reaching local endpoints over SSH required using port forwarding, typically by opening a terminal and running a ssh -L command to set up a local server that would relay traffic to the remote endpoint. Outer Loop’s approach is smoother, more robust, and arguably more secure. (Conventional port forwarding has the security flaw that ports are accessible to all users and most processes on a machine.)

Rather than the usual port forwarding approach, which relays connections to local ports to remote endpoints, Outer Loop instead uses a local port to run a proxy, not a relay. The proxy is password-protected, and only Outer Loop has the credentials. This single server handles all connections to different endpoints on the remote machine. This proxy also allows Outer Loop to connect to Unix domain sockets on localhost and enforces same-origin policies. Instead of using one port per endpoint, and providing access to all users and processes, it uses one port per server, and provides access only to a single Outer Loop session.

Outer Loop’s custom SSH engine is designed to be used on laptops and mobile devices. Unlike with ssh -L, you can close your laptop lid, open it an hour later, and seamlessly resume your work (assuming you’re using web apps that are resilient to disconnect-then-reconnect). Here’s a blog post about an early version of this engine.