How we run Firecracker VMs inside EC2 and start browsers in less than 1s

8 comments

• losteric 33 minutes ago
  > Plain headless Chromium is easy to detect by websites with anti-bot measures. Plain headless Chromium avoided getting blocked by websites only 2% of the time, according to our stealth benchmark.

  > Our browsers avoid blocks 81% of the time on our stealth benchmark, and 84.8% on Halluminate BrowserBench, the highest of any provider.

  Seems very unethical, no? Who uses service providers like this? The whole point of anti-bot measures is to get rid of bots - you are not wanted there.

  These kinds of services inevitably make the web more human-hostile and expensive. Websites will continue pushing back on automated usage, meaning more hurdles to access content.

  No doubt part of why we see this push for verified ID on the web - not just age gating and "protect the children", but also protect sites from bots, and protect ad revenue (not a statement of support; just seems like an obvious higher order effect)

  [-]
  • wnevets 29 minutes ago
    > Who uses service providers like this?

    People who don't want their headless browser to get blocked?
• gozzoo 8 minutes ago
  The article doesn't mention docker at all. I don't understand why containers are not viable solution for headless browsers.
  [-]
  • kevmo314 2 minutes ago
    Their competitive advantage is not so much running the browser but rather making the browser undetectable.

    They boast a large residential proxy network too, which tells you all you need to know.
  • roboben 2 minutes ago
    docker is not a security boundary but a resource boundary.
• rbbydotdev 33 minutes ago
  > The catch is that regular EC2 is already a VM. AWS runs our host inside its own isolation layer, and then we run browser VMs inside that host. In other words, every browser is a VM inside a VM.

  yes but i think there is specifically some ec2s which give you hypervisor access and thereby firecracker too - someone correct me if im wrong?

  [-]
  • roboben 15 minutes ago
    yes only c8i, m8i and r8i instance types support it. It is called nested virtualization[1]

    [1] https://aws.amazon.com/about-aws/whats-new/2026/02/amazon-ec...

    [-]
    • thundergolfer 10 minutes ago
      Unfortunately supply is quite limited. If you want to horizontally scale on these instances you need to have a good relationship with AWS so they'll give you a big allocation before c9i is a thing.
      [-]
      • roboben 3 minutes ago
        also i found them much less stable than metal instances running into weird kvm failures
• CompuIves 33 minutes ago
  Very cool to see more use of userfaultfd, really powerful API because you can fully control how and from where memory is loaded during a pagefault.
• rbbydotdev 35 minutes ago
  crazy that the maker of chrome(google) and also the owner of a massive amount of cloud services has not made a cloud product identical to this yet
• stogot 34 minutes ago
  How do you handle browser sessions?
• fsuts 1 day ago
  “ click this button, type this text, read this page, take this screenshot.”

  You left in the Ai’s instructions. lol

  Interesting read though, thanks

  [-]
  • gregpr07 1 day ago
    well that's how browser agents work in a nutshell lol
• eptcyka 44 minutes ago
  [flagged]