April 2026 · 7 min read

Marshall Browser: Privacy-First, Lateralus-Aware

Marshall is a web browser built for developers who care about privacy. Zero telemetry, built-in Lateralus support, and pipeline visualization in DevTools.

Why build a browser?

Every major browser phones home. Brave is better but still Chromium. We wanted a browser that ships as part of the NullSec Linux distro — hardened by default, with first-class support for Lateralus development.

Lateralus integration

• Syntax highlighting — .ltl files render with full syntax colors in the browser
• Inline REPL — Ctrl+Shift+L opens a Lateralus console in DevTools
• Pipeline visualizer — see data flow through each |> stage

Privacy features

• Zero telemetry, zero analytics, zero phoning home
• Built-in ad blocking and tracker blocking
• HTTPS-only mode by default
• Tor integration for anonymous browsing
• No Google Safe Browsing (replaced with local blocklist)

Architecture

Marshall is built on Servo's rendering engine (written in Rust) with a Lateralus-powered extension system. Extensions are sandboxed pipelines that transform page content, network requests, or UI elements.

Try it

Marshall ships with NullSec Linux v2.0 Abyssal, or install standalone from the download page.

The extension system

Marshall's extension system is radically different from Chrome or Firefox. Extensions are Lateralus pipelines that operate on typed data streams, not raw DOM manipulation:

// ad-blocker.ltl — a Marshall extension
extension AdBlocker {
    name: "NullSec Ad Blocker",
    version: "1.0.0",
    permissions: [NetworkFilter],
}

fn on_request(req: HttpRequest) -> FilterAction {
    let dominated = blocklists()
        |> any(|list| list.matches(req.url))

    match dominated {
        true  => FilterAction::Block,
        false => FilterAction::Allow,
    }
}

fn on_page_load(page: Page) -> Page {
    page.dom
        |> query_all("[class*='ad'], [id*='banner'], [data-ad]")
        |> each(|el| el.remove())
    page
}

Extensions can't access arbitrary system APIs. They declare permissions upfront, and the user approves them at install time. A network-filtering extension can't read your filesystem. A DOM-modifying extension can't make network requests.

Pipeline DevTools

Marshall's DevTools include a pipeline visualizer that's unique to Lateralus development. When you run a Lateralus script in the browser console, each pipeline stage is visualized as a node in a flow graph:

• Each |> stage shows its input type, output type, and timing
• Click any stage to inspect the intermediate data at that point
• Error stages are highlighted in red with the full stack trace
• The visualizer works with both client-side Lateralus and server API responses

For security researchers, there's also a network pipeline view that shows HTTP requests as a filterable, sortable data pipeline — much more powerful than Chrome's Network tab for analyzing API sequences.

Performance and rendering

Marshall uses Servo's rendering engine, which brings several advantages over Blink/Gecko:

• Parallel layout — Servo lays out the DOM across multiple CPU cores, reducing time-to-first-paint by 20-40% on complex pages
• WebRender — GPU-accelerated rendering pipeline using the same technology as Firefox's compositor
• Memory isolation — each tab runs in a separate Rust process with strict memory boundaries
• No JIT — JavaScript JIT compilation is a major attack surface. Marshall uses a fast interpreter instead, trading peak JS performance for security. Most web pages are I/O-bound, not compute-bound, so the difference is imperceptible.

Hardened defaults comparison

How Marshall compares to mainstream browsers out of the box:

• Telemetry — Marshall: none. Chrome: extensive. Firefox: moderate. Brave: minimal.
• Ad blocking — Marshall: built-in. Chrome: requires extension. Firefox: requires extension. Brave: built-in.
• Tor — Marshall: one-click toggle. Others: requires Tor Browser or extension.
• HTTPS-only — Marshall: default on. Chrome: opt-in. Firefox: opt-in. Brave: opt-in.
• WebRTC leak prevention — Marshall: default on. Others: requires manual about:config or extension.
• Canvas fingerprinting — Marshall: randomized by default. Others: not protected without extensions.