Every layer built with sovereignty in mind. Nothing phoning home. Nothing hidden.
Six interlocking security shields, all active by default. No opt-in required.
Powered by adblock-rust with EasyList and EasyPrivacy. Custom rules merge cleanly with base lists. Filter caches refresh every 24 hours.
Automatic HTTP-to-HTTPS upgrades for every request. Per-domain exceptions for local dev. RFC 1918 private ranges correctly exempted.
Encrypted DNS via Quad9, Cloudflare, Mullvad, or AdGuard. Strict mode with automatic fallback. Your ISP never sees your queries.
Per-domain allow, block, or first-party-only policies. MutationObserver injection blocks dynamic script loading. Full control over what executes.
Overrides Canvas, WebGL, Navigator, Screen, AudioContext, and Font enumeration APIs with per-session dummy data. Every session looks different.
Automatically dismisses cookie consent banners based on your LREM privacy mode — reject-all or necessary-only. No manual clicking.
Argon2id key derivation + ChaCha20-Poly1305 encryption. Per-entry encryption in SQLite. SHA3-256 key derivation. 21 passing tests. Your credentials never leave the vault unencrypted.
Consent is not a popup you dismiss. It's the structural foundation of every permission.
High/Critical permissions go through 9 layers: Awareness, Understanding, Consequences, Alternatives, Revocability, Duration, Scope, Witness, Affirmation.
Revoke a single permission, everything for a domain, or hit the panic button to revoke all permissions globally. One click.
Append-only JSONL log of every permission decision. Filter by domain, action, or date. Full historical viewing in the browser.
If you can't verify it, you can't trust it.
SHA3-512 hash of the running binary. Compare against published hashes on this site to verify your build is untampered.
On-demand real-time network logging. See every domain your browser contacts. JSONL export. Active connection count in the Guardian status bar.
Git commit, branch, timestamp, Rust compiler version, target triple — all baked into the binary at compile time. Viewable in Help > About.
AI assistance that respects data locality. Local by default, remote only with corridor consent.
Ollama and LM Studio — both localhost-only (the code panics on remote URLs). Your prompts and context never leave your machine unless you explicitly open a corridor.
Remote AI (Claude API) is behind a corridor gate. Checked on every single request. No-training header sent automatically. API key never logged.
URLs stripped of tokens, keys, and session IDs. Text scanned for passwords, SSNs, and card numbers before any data exits. 32K character limit on context.
Rust-native document reading. Six neural voices, zero cloud dependency.
Lightweight neural TTS with ONNX models. CPU-only, low latency. Voices downloaded once and cached locally at ~/.limen/voices/.
Native iced document reader. Loads .txt and .md files. Sentence splitting, click-to-jump, auto-advance playback. Full keyboard control.
Amy, Lessac, Ryan, Joe, Alan, Alba — all medium quality, Apache 2.0 licensed. Pick your voice and reading speed per session.
Your browser is also your portal to Momentum Engine — a ZkSync Era L2 running over WireGuard.
Native iced view showing L2 block number, batch status, protocol version, operator address, RPC latency, and diamond proxy — all fetched via JSON-RPC.
Three-layer consent: consent_gate.ok, ZkME corridor toggle, wg0 interface must be up. Zero traffic without explicit user intent.
Navigate directly to the Momentum Engine block explorer, contract verifier, and bridge portal — all consent-gated and routed through wg0.
Built in phases, each one a complete layer of sovereignty.
Consent gate, LREM privacy prompt, initial boot.
Tabs, history, bookmarks, sovereignty report, export.
Ad blocking, HTTPS, DoH, script controls, fingerprint guard, cookie shield, vault.
Nine-Fold dialog, revocation, audit log. 34 tests.
Self-hash, network log, build provenance, Nix reproducible builds.
Local AI (Ollama/LM Studio), corridor-gated Claude API, context sanitization.
Piper TTS, native iced Reader, six neural voices.
Trinity Keys, corridor sessions, scroll verification, 9-layer consent spiral, VPN/Tor corridor.
WASM/JS add-ons, manifest signing, browser import.
TLS/JA3 fingerprinting, HTTP header order, TCP/IP fingerprinting, ECH.