Getting Started
Linux
- 1Download
saj-browse-linux-x86_64.tar.gzfrom sajdak.one/browse - 2Open a terminal and extract the archive:
tar xzf saj-browse-linux-x86_64.tar.gz - 3Enter the extracted folder and launch:
cd saj-browse
./saj-browse.sh
macOS
- 1Download
Saj Browse.dmgfrom sajdak.one/browse - 2Open the DMG and drag Saj Browse into your Applications folder
- 3Launch from Applications or Spotlight
On first launch, macOS may ask you to confirm you want to open a downloaded application. Click Open. This is a standard macOS security prompt — Saj Browse is signed and notarised.
Windows
Coming soon. Check sajdak.one/browse for availability.
First Launch
When Saj Browse opens, the shield in the toolbar shows 0 — this will increase as you browse and trackers are blocked. Everything is already protecting you from the first page you visit.
The sidebar on the left gives you access to your Vault, AI Assistant, Saj Link Messaging, and Settings.
Saj Browse supports full right-to-left (RTL) layout. The interface will mirror correctly if your system language is set to Arabic (العربية). All sidebar panels and settings are RTL-aware.
Home Page
When you open a new tab, you see the Saj Browse home page.
Search
The search bar in the centre routes your searches through DuckDuckGo by default — a privacy-respecting search engine that does not profile you. You can also type a URL directly to navigate.
Privacy Status
Below the search bar, four indicators show your active protections:
Trackers blocked
Your ad and tracker blocker is active
HTTPS enforced
All connections are encrypted in transit
DNS encrypted
Your DNS queries are hidden from your ISP
On-device AI ready
The AI assistant is available
Saj Ecosystem
The home page includes links to other products in the Saj family — Saj Link, Saj Speak, Bella, Marty, and INEVARA. These are informational only and do not transmit data.
Setup Strip
On first launch, a dismissible setup strip appears with three quick actions: Import from Chrome, Choose security level, and Set default search. You can dismiss it at any time — it will not return once dismissed.
Privacy Shield — The Shield Button
The shield button sits in the address bar and shows a number — the count of tracking attempts blocked on the current page.
Every time you load a page, companies try to run trackers inside it. These are small pieces of code that report your behaviour back to advertising networks, data brokers, and analytics platforms. Saj Browse blocks each attempt and counts them.
Clicking the shield opens the Threat Narrator panel — a plain-English breakdown of who tried to track you and why.
Reading the Threat Narrator Panel
Each tracker entry shows:
- Company name — who owns the tracker (e.g. Facebook, Google Analytics, Oracle BlueKai)
- Attempt count — how many times it tried (shown as x3, x12, etc.)
- Colour dot — the risk category
- Explanation — one sentence describing what this tracker was trying to do
| Dot colour | Category | Description |
|---|---|---|
| ● Red | Hostile tracker | Cross-site profiling, device fingerprinting, data broker |
| ● Orange | Commercial tracker | Retargeting, ad networks |
| ● Green | Analytics tracker | Session recording, page engagement |
| ● Grey | Unknown domain | Blocked by default |
Writing Style Warnings
If Saj Browse detects that a page's writing style does not match the brand it claims to be, a warning will appear in the shield panel. See Writing Style & Phishing Detection for details.
Arabic Phishing Warnings
If the current page contains Arabic text with suspicious characteristics, warnings also appear in the shield panel. See Arabic Language Intelligence for details.
Footer Actions
At the bottom of the Threat Narrator panel:
- See detailed report — full list of every blocked request for this page load
- Always block all on this site — applies a permanent site-level rule
Security Levels
Saj Browse gives you three levels of protection. You can change the active level at any time in Settings.
Standard
Blocks ads and trackers, enforces HTTPS, encrypts DNS, prevents WebRTC IP leaks, normalises canvas and WebGL fingerprints, strips GPS from saves. Full compatibility with all websites. The right level for everyday browsing.
Strong
Everything in Standard plus significantly increased fingerprint resistance approaching Tor-grade isolation. Most websites work normally. A small number may prompt you to lower your security level.
Maximum
Full fingerprint lockdown — your browser looks identical to every other Saj Browse user. Disables exploitable JavaScript capabilities. Intended for journalists, researchers, and high-risk conditions.
Open Settings (gear icon in the sidebar, or Cmd+,) and select Security Level. Changes take effect on the next page load.
VPN Integration
Saj Browse connects directly to your existing VPN. It does not include its own VPN — instead it works with the VPN services you already use or prefer.
Supported VPN services
- Proton VPN
- NordVPN
- Mullvad VPN
- Surfshark
- ExpressVPN
- Custom VPN (WireGuard, OpenVPN, or IKEv2 configuration file)
To connect a VPN
- 1Open Settings and scroll to the VPN section
- 2Find your VPN service and click Configure
- 3Enter your credentials or import your configuration file
- 4Toggle the switch to connect
The connection status displays in the VPN card (e.g. "Connected — Bahrain #3"). When connected, the proxy indicator in the address bar updates to reflect your routing.
Custom VPN: If you use a VPN not listed above, click the Custom VPN card and import your WireGuard, OpenVPN, or IKEv2 configuration file.
Anonymous Proxy
The Anonymous Proxy setting controls how your internet traffic is routed. This is separate from your VPN.
| Mode | Routing | Speed | Plan |
|---|---|---|---|
| Direct | No proxy. Traffic goes directly to websites (or through your VPN). | Full speed | Free |
| Private | Single-hop proxy. Websites see the proxy's IP, not yours. | ~90% | Pro |
| Anonymous | Two-hop routing. No single point sees both who you are and where you're going. | ~70% | Pro |
| Maximum / Tor | Three-hop onion routing. Maximum anonymity. | 20–50% | Pro |
To change your proxy mode, open Settings and scroll to Anonymous Proxy, or click the proxy indicator button in the address bar.
Encrypted Vault الخزنة
The Vault is private storage built into Saj Browse. Anything you save goes into the Vault — encrypted on your device, never uploaded anywhere.
What the Vault stores
- Images (JPG, PNG, SVG, WebP)
- Videos
- PDF documents
- Saved web pages
- Screenshots
Saving content to the Vault
- Right-click menu: Right-click any image or video on a page and select Save to Vault. A toast notification confirms the save and tells you if location data was removed.
- Keyboard shortcut: Hover over any image and press Cmd+S (macOS) or Ctrl+S (Linux).
All location data (GPS coordinates) is removed. Camera model and date/time metadata is stripped. The content is encrypted before being written to your device. This stripping happens before encryption — the saved copy contains no metadata.
Accessing the Vault
Click the folder icon in the sidebar to open the Vault panel. Use type tabs to filter by Images, Videos, Pages, PDFs, or Screenshots. Organise with named collections. Search by title. Toggle between grid and list view. Click the arrow icon to create an encrypted backup.
Vault storage: The free tier holds up to 100 items. Upgrade to Pro for unlimited storage.
Vault Encryption — Saj Protocol
New content is encrypted with Ascon-AEAD128, the NIST Lightweight Cryptography Standard (2023) — 3–5× faster than traditional encryption on ARM devices. Older content is handled by ChaCha20-Poly1305 transparently.
Per-Category Key Isolation
The Vault separates your data into six categories, each protected by its own independent encryption key:
| Category | What it covers |
|---|---|
| History | Your browsing history |
| Bookmarks | Saved bookmarks |
| Saved Pages | Web pages saved to the Vault |
| Form Data | Saved form entries |
| Downloads | Downloaded files |
| AI Context | Data from AI assistant interactions |
Crypto-shred: You can permanently and instantly destroy all data in a single category by deleting its key. This is irreversible and immediate — the data becomes mathematically unrecoverable. No need to overwrite files or wait.
To crypto-shred a category, go to Settings > Vault Encryption and click the Shred button next to the category. You will be asked to confirm — this action cannot be undone.
Saj Link Messaging ساج لينك
Saj Browse includes a built-in messaging panel powered by Saj Link — the end-to-end encrypted messaging platform from the Saj family.
What it is
Saj Link provides military-grade end-to-end encrypted conversations. By connecting your Saj Link account to Saj Browse, you can send and receive encrypted messages directly from the browser sidebar — without switching to a separate app.
How to set it up
- 1Open Settings and scroll to the Saj Link section
- 2Toggle Enable Saj Link messaging to on
- 3Enter your Saj Link email and password
- 4Click Sign in
- 5The status badge will change from "Not connected" (grey) to "Connected" (green)
Using Saj Link in the sidebar
Once connected, click the link icon in the sidebar to open the messaging panel. You will see your contact list, the chat view, and the encrypted message input. Messages are identical in security to those sent through the Saj Link app — encryption happens on your device before transmission.
What Saj Link does NOT do in the browser
- It does not read your browsing history
- It does not share page content with contacts
- It does not send notifications about your browsing activity
- The messaging panel is completely separate from your browsing session
Saj AI Assistant
The AI Assistant is built into Saj Browse and runs entirely on your device. It never sends your browsing activity, page content, or questions to any external server.
Opening the Assistant
- Click the robot icon in the sidebar
- Press Cmd+J (macOS) or Ctrl+J (Linux)
- Right-click on any page and select Ask Saj
Quick Suggestions
Summarise this page
Extract and condense the current page's content
Who tracks me here?
Explain blocked trackers in conversational format
Is this page safe?
Run phishing and deception analysis
Translate to Arabic
Translate page content to Arabic
Find similar pages
Discover related content from your history
What you can ask
- Tracker analysis: "Who tracks me here?" — explains blocked trackers conversationally
- Phishing detection: "Is this page safe?" — analyses URL and page content for phishing signals
- Page summarisation: "Summarise this page" — works immediately without any model download
- Privacy score: "How private am I?" — calculates a score with specific recommendations
- Writing style analysis: "Does this email match my bank?" — compares against known brand profiles
- Browsing context search: "Find pages I read about renewable energy" — searches your encrypted browsing context index
Language Toggle
The AI Assistant includes a language toggle (AR/EN) in the top-right corner. Switch to Arabic for full RTL support and Arabic-language responses. The Assistant responds in whichever language you use to ask your question.
Enhanced AI — Optional Model Download
For richer, more conversational answers and longer document analysis, you can download an enhanced AI model. This is optional.
- Size: approximately 2.2 GB
- Download: one time only, from a verified public model repository
- Hardware recommended: 8 GB of RAM or more
- Works offline: once downloaded, it never needs the internet again
To download, open the AI Assistant panel and click Download enhanced model. You can remove it at any time from Settings > AI > Manage model. Basic AI features continue working without it.
Voice Input البحث الصوتي
Saj Browse supports voice input in the AI Assistant sidebar.
Push-to-Talk
Click the microphone button next to the text input in the AI sidebar to start listening. The button pulses while the microphone is active. Speak your question, and the recognised text appears in the input field.
How it works
Voice input uses your browser's built-in speech recognition (Web Speech API). No audio is sent to Saj Browse servers — Saj Browse does not operate any speech processing servers.
Arabic Dialect Support
When speaking in Arabic, Saj Browse detects which dialect you are using and displays a dialect badge:
- Modern Standard Arabic — الفصحى
- Gulf Arabic — خليجي
- Egyptian Arabic — مصري
- Levantine Arabic — شامي
- Maghrebi Arabic — مغربي
- Iraqi Arabic — عراقي
Enabling Voice Input
- 1Open Settings
- 2Scroll to the AI (On-Device) section
- 3Toggle Voice search to on
A future Pro update will include fully on-device speech-to-text processing, removing any dependency on the browser's built-in speech recognition. Your voice will never leave your device under any circumstances.
Writing Style & Phishing Detection
Saj Browse includes an advanced phishing detection system that goes beyond checking URLs — it analyses the writing style of pages you visit.
How it works
When you visit a login page or a page that appears to be from a well-known brand, Saj Browse automatically analyses the writing style of the page content. The analysis examines:
- How formal or informal the language is
- Sentence structure and length patterns
- Word choice patterns
- Punctuation habits
- Overall tone and directness
These are compared against built-in profiles for commonly impersonated brands (major banks, PayPal, Amazon, Apple, Microsoft, and others).
What you see
If the writing style matches the claimed brand, nothing happens. If it does not match, a warning appears in the Shield popup and in the AI Assistant.
"Writing style mismatch detected. This page claims to be from ANZ Bank, but the writing style is significantly different from ANZ's verified communications. Exercise caution before entering credentials."
Automatic and Manual
- Automatic: Saj Browse analyses writing style on login pages (pages with password fields or sign-in forms)
- Manual: Ask the AI Assistant "Does this match [brand name]?" to analyse any page on demand
Arabic Language Intelligence
Saj Browse has specialised intelligence for Arabic-language browsing — protecting against threats that specifically target Arabic speakers.
Arabic Phishing Detection
Arabic text on the web is vulnerable to unique phishing techniques that standard browsers do not detect:
RTL Override Attacks
Malicious pages embed invisible Unicode characters that make text appear to read in one direction while the actual content runs the other way. Saj Browse detects these hidden characters.
Mixed-Script Domains
Attackers register domain names that mix Arabic and Latin characters to create convincing fakes of legitimate websites. Saj Browse flags suspicious script mixing.
Character Substitution
Some Arabic characters look visually similar to Latin characters. Attackers exploit this to create domain names that look like trusted brands. Saj Browse identifies these substitutions.
Six-Dialect Awareness
Saj Browse recognises six Arabic dialects to improve voice transcription accuracy and Arabic-language AI response quality. This detection is not used for tracking or profiling. No dialect information leaves your device.
Behavioral Lock
Behavioral Lock is an optional security feature that uses your natural browsing patterns as a continuous form of authentication.
How it works
When enabled, Saj Browse observes the rhythm of how you interact with the browser — not what you type or where you browse, but the timing patterns of your keystrokes, clicks, and scrolling. These patterns are unique to each person, like a fingerprint.
Saj Browse only collects timing distributions (statistical summaries), never individual keystrokes or the content of what you type. It knows that your average keystroke interval is, say, 120 milliseconds — it does not know what keys you pressed.
Enrollment
After enabling Behavioral Lock, Saj Browse begins building your behavioral profile. This takes approximately 7 days of normal browsing. A progress bar in Settings shows your enrollment percentage.
What it protects
If someone else uses your browser — even if they have your password — their browsing rhythm will be different from yours. When a mismatch is detected:
- Vault access is temporarily suspended
- A notification appears asking you to verify your identity
- Normal access resumes when your behavioral pattern is recognised again
Duress Detection
Behavioral Lock includes an optional duress detection feature. If your browsing behaviour changes dramatically (same person under stress or coercion), Saj Browse can suspend access to sensitive features. This is designed for high-risk users who may face physical coercion.
Enabling Behavioral Lock
- 1Open Settings
- 2Scroll to the Behavioral Lock section
- 3Toggle Behavioral authentication to on
- 4Optionally toggle Duress detection to on
- 5Browse normally for approximately 7 days to complete enrollment
INVA Identity
INVA Identity is a decentralised identity feature that will be available in a future Pro update.
What it will do
- Provide a decentralised identity wallet built into your browser
- Allow you to prove your identity to websites without revealing unnecessary personal information
- Use threshold cryptographic signatures — your identity is split across multiple keys so no single point of compromise can steal it
- Remember which identity to use for each site, so you do not need to reconnect your wallet every visit
INVA Identity settings are visible in Settings as a preview. The feature is not yet active. When it becomes available, it will be announced through the browser's update notification. Pro subscription required.
Bella Intelligence
If you use Bella — the Executive Operating System — you can connect it to Saj Browse for contextual intelligence while you browse.
What it does
When connected, Bella can receive limited, opt-in context from your browsing. For example: surface related notes from your executive workspace when reading a tender document, show your relationship history when visiting a contact's company website, or connect research to your ongoing projects.
Privacy controls
| Toggle | What it shares | Default |
|---|---|---|
| Share tracker data | Blocked tracker domain names and company names (no browsing history) | Off |
| Share page metadata | Page title, URL, and heading structure | Off |
| Share text excerpts | First 500 characters of page text (no form fields, no credentials) | Off |
| Auto-submit on page load | Automatically send context when you navigate | Off |
How to connect
- 1Open Settings and scroll to the Bella Intelligence section
- 2Toggle Enable Bella to on
- 3Enter your Bella account credentials
- 4Click Sign in
- 5Configure your sharing preferences using the toggles above
What Bella can never access
- Your passwords or credentials
- Form field content
- Vault contents
- Browsing history beyond the current page (unless you enable auto-submit)
- Any data from toggles you have not explicitly enabled
AI Agent Access — MCP
Saj Browse supports the Model Context Protocol (MCP), which allows external AI tools on your computer to use Saj Browse as a browser they can interact with.
This is an advanced feature. Most users will never use it directly. It is documented here for transparency.
What agents can do (with your approval)
- Navigate to a URL and read the page content
- Search the web
- Take screenshots of pages
- Extract structured data from pages
- Save content to your Vault
Your consent is always required
No AI agent can access Saj Browse without your explicit approval. When an agent requests access, Saj Browse presents a full-screen consent page showing which AI tool is requesting access, what specific capabilities it is requesting, how long the access would last, the maximum number of actions, and the risk level.
What agents can never do
- Access your saved passwords or credentials without a vault unlock and your explicit approval
- Act without your consent for sensitive operations
- Bypass the privacy protection that Saj Browse applies to all web requests
- Access your browsing history or Vault contents silently
- Fill in forms or interact with authenticated sessions without a second, specific approval
Agent History and Revocation
All agent actions are written to an audit log. Go to Settings > AI > Agent history to see all active and past sessions, review what actions each agent performed, and revoke any active session immediately. Access tokens expire automatically.
Keyboard Shortcuts
| Action | macOS | Linux |
|---|---|---|
| Open / close AI Assistant | Cmd+J | Ctrl+J |
| Open / close Vault | Cmd+Shift+V | Ctrl+Shift+V |
| Save to Vault (over media) | Cmd+S | Ctrl+S |
| Quick command palette | Cmd+K | Ctrl+K |
| New tab | Cmd+T | Ctrl+T |
| Settings | Cmd+, | Ctrl+, |
| Find on page | Cmd+F | Ctrl+F |
Settings Reference
Open Settings from the gear icon in the sidebar, or with Cmd+, (macOS) / Ctrl+, (Linux).
Privacy
| Setting | Default | What it does |
|---|---|---|
| Block trackers and ads | On | Four-layer blocking engine |
| HTTPS-only mode | On | Refuses unencrypted connections |
| Encrypted DNS (DoH) | On | Hides DNS queries from your ISP |
| Auto-reject cookie banners | On | Detects and rejects non-essential cookies |
| Strip metadata on save | On | Removes GPS and camera info from saved files |
| Encrypted clipboard | On | Encrypts clipboard contents, clears after paste |
| Threat Narrator | On | Shows tracker explanations in plain English |
AI (On-Device)
| Setting | Default | What it does |
|---|---|---|
| Smart Shield | On | Automatically repairs site breakage from privacy settings |
| Phishing detection | On | Analyses URLs and pages for phishing signals — all on-device |
| Writing assistance | Off | Grammar and style suggestions — no keystrokes leave your device |
| Voice search | Off | Push-to-talk mic in AI sidebar |
Behavioral Lock
| Setting | Default | What it does |
|---|---|---|
| Behavioral authentication | Off | Your browsing rhythm becomes a continuous encryption key |
| Duress detection | Off | Suspends vault access if behaviour changes dramatically |
INVA Identity
| Setting | Default | What it does |
|---|---|---|
| INVA wallet | Off | Decentralised identity with threshold signatures (Pro) |
| Per-site identity memory | Off | Remember which identity to use for each site |
Proxy
| Setting | Default | What it does |
|---|---|---|
| Anonymous proxy | Off | Two-hop routing — no single node sees both you and your destination (Pro) |
| Tor integration | Off | Three-hop onion routing for maximum anonymity (Pro) |
Updates
| Setting | What it does |
|---|---|
| Check for updates automatically | Toggle automatic 12-hour background checks on/off |
| Check Now | Manually trigger an immediate check |
| Last checked | When the last check ran |
| Update card | Shown when an update is available — includes version, changelog, and download buttons |
| Skip This Version | Suppress this specific version notification |
| Download manually | Always available at sajdak.one/browse |
Updates
Saj Browse checks for updates automatically, every 12 hours. You can also check at any time from Settings.
How updates work
- 1Saj Browse contacts a static update manifest — not a server that tracks you
- 2Only three values are sent: your current version number, operating system (linux/mac/win), and CPU architecture (x86_64/aarch64). Nothing else.
- 3If an update is available, a notification bar appears showing what has changed before you decide anything
- 4You choose: Update Now, Remind Later, or Skip This Version
The update check routes through your configured proxy if you have one active — your update check goes through your privacy protection, not around it.
Verifying an update
Every release is signed with Ed25519. The signature is checked before anything is downloaded. You can verify any release yourself using the minisign tool — the public key is printed in Settings under the Updates section.
Rolling back
If an update causes a problem, the previous version download link is included in the update manifest. Open Settings > Updates to access it.
FAQ
Is any of my data sent to a server?
No. Everything in Saj Browse runs on your device. The only exceptions are: (1) the optional 2.2 GB AI model download, which is a one-time transfer from a public model repository, and (2) the update check, which sends only your version, OS, and architecture. There is no telemetry, no analytics, no account, and no cloud sync.
Why does a website look broken or behave strangely?
At the Strong or Maximum security level, some sites may not render correctly. To fix this for a specific site: open Settings, change your Security Level to Standard for that session, and reload the page. You can switch back to Strong or Maximum afterwards.
What is the difference between the Vault encryption and regular browser storage?
Regular browsers store your bookmarks, history, and saved data in plain text on your device. Anyone with access to your computer can read them. Saj Browse encrypts all stored data with the Saj Protocol — each data category has its own encryption key, and you can instantly and permanently destroy any category by deleting its key (crypto-shred).
What is crypto-shred?
Crypto-shred is the ability to permanently destroy data by deleting its encryption key rather than overwriting the data itself. This is instant and mathematically irreversible — without the key, the encrypted data is indistinguishable from random noise. In Saj Browse, you can crypto-shred individual categories (History, Bookmarks, Saved Pages, Form Data, Downloads, AI Context) independently.
How does Behavioral Lock know it is me without tracking what I type?
Behavioral Lock only measures the timing between your actions — how fast you typically type, how you scroll, your click rhythm. It stores these as statistical summaries (distributions), never as individual events or content. It knows your average keystroke interval is 120ms — it does not know you typed anything specific.
Can I install browser extensions in Saj Browse?
Yes. Saj Browse supports standard browser extensions. You can install extensions from addons.mozilla.org or by loading extension files directly from your device. Note that third-party extensions may have their own data collection practices — Saj Browse cannot control what extensions do.
How do I export or back up my Vault?
Open the Vault panel (folder icon in the sidebar) and click the export button (the arrow icon at the top right of the panel). This creates an encrypted export file you can store or transfer.
Is Saj Browse open source?
Saj Browse is proprietary software developed by Sajdak Group Holdings. The browser engine incorporates components under the Mozilla Public License 2.0. Independent security audits are conducted periodically and published at sajbrowse.com/security. You can verify our privacy claims yourself by monitoring network traffic — see the Network Verification section in the AI User Guide.
What Arabic dialects are supported?
Six: Modern Standard Arabic, Gulf, Egyptian, Levantine, Maghrebi, and Iraqi. Dialect detection improves voice transcription accuracy and AI response quality.
Does Saj Browse work on Windows or mobile?
Windows and mobile versions are planned. At present, Saj Browse is available for Linux and macOS. Check sajdak.one/browse for updates on availability.
How do I update Saj Browse?
Saj Browse checks for updates automatically and shows a notification when one is available. You will see what changed before you accept. You can also check at any time: Settings > Updates > Check Now. Updates are cryptographically signed and verified before download.
I have a question not answered here.
Contact support at [email protected]. All support inquiries are handled privately — your email is not stored beyond what is needed to respond to you.
Pricing
- Tracker and ad blocking (four-layer engine)
- HTTPS-only mode and encrypted DNS
- Fingerprint resistance (three security levels)
- Encrypted Vault (100 items)
- On-device AI (tracker analysis, phishing, summarisation)
- Writing style phishing detection
- Arabic language intelligence and phishing protection
- Metadata stripping on all saved files
- Encrypted clipboard
- Saj Link messaging (requires Saj Link account)
- MCP agent access with consent controls
- Automatic updates with cryptographic verification
- All keyboard shortcuts and settings
- Everything in Free
- Unlimited Vault storage (no 100-item limit)
- Voice search — "Hey Saj" activation with Arabic dialect support
- Anonymous proxy — single-hop and two-hop routing modes
- Tor integration — three-hop onion routing
- INVA Identity — decentralised identity wallet (when available)
- On-device voice processing — fully offline speech-to-text (when available)