> This makes little sense, it doesn't protect you from exploits, they just run on the cloud instead.

I am in no way endorsing this product (or the category of products), but it is incorrect to say that it doesn't protect you from exploits.

It protects against your machine being compromised, and while the browser VM can be compromised, it can theoretically be ephemeral, possibly even only having the lifetime of a single tab (some products in the space does this IIRC).

It's all just a matter of what your threat model is.

> If this is something you really want for some reason, why not just RDP/VNC/Chrome Remote Desktop back to your office/home network.

You could make a minimal linux VM with only a web browser, keep good discipline and never do anything else on it, and RDP into it.

However, these products commonly provide much smaller attack surface than such a setup, and combined with something like VM-based tab isolation, you wouldn't be anywhere near the security features of such a product.

Perfect prevention of breaches isn't possible, you must assume compromise. Therefore part of your strategy must be the isolation and containment of an attacker's ability to do damage.

For concerns regarding what you say, it's true. The worst case is a browser zero day that escapes the browser, enables privilege escalation, and goes on to compromise the entire client instance and lurks in the server catching everything. That's definitely a possibility on the free demo.

However, for real deployments there are several layers of mitigation. On the most drastic end, we run each browser and server pair inside its own docker container. In that case, the exploit must, first escape the browser -> escape the Docker container -> gain code execution -> gain privilege escalation -> compromise whole instance.

I would never say it's "impossible" but I would say that we have brought effective defenses against that.

Another layer of mitigation is that each browser is totally scrubbed each time it is used. This is a tradeoff as we lose all session cookies and cache data, but we can do this, if required. You can even scrub it yourself while using it (right click/top hold to get the context menu, and select "Wipe everything".

A further layer of mitigation is we completely reprovision / scrub the entire server every hour / day / week.

I think you are getting the idea.

By separating the client's devices and network from DMZ where "web work" occurs, and containing the attacks within this "air gapped" satellite, we greatly limit the attacker's scope to cause harm, plus we greatly increase our ability to deliver mitigation at any scale and schedule we choose.

Another advantage of this is, you don't need to download anything, RDP/VNC requires some extra app or setup, this is just connect to a web site and you're good to go.

You can self host to manage trust. Organizations typically want to partner with a provider even if they do self-host or go hybrid, because they don't want to manage everything themselves.