When I open a link in a Switchboard room, who can see the browser on canvas?
Initially, everyone else present in the room can see the browser. You can choose to hide the browser from everyone other than yourself by clicking on the "eye" icon in the top right of the browser.
Do you store my passwords?
No, Switchboard never stores any data you enter into browsers.
Can other users see my passwords when I enter them?
No. Switchboard automatically hides your entire browser whenever a password input field is focused.
It's still possible to accidentally reveal sensitive information to other people present in a room --- just like in a Slack channel or any other communication tool --- so use judgment in whom you invite to rooms, and common sense in what you share.
Do you store cookies and other browser states?
No, cookies and other browser state are never persisted in Switchboard's infrastructure. Browser instances are ephemeral and are destroyed when you leave a room or remove the browser from canvas.
Cookies and other session data from browsers are synced to your local machine, in IndexedDB storage for the switchboard.app domain. These data are accessible only by you, and only synced back to browsers running in the cloud on your behalf when they are created by you.
What happens when I log into a browser in Switchboard? Do you record my keystrokes?
Your client connects to the browser instance running in Switchboard's infrastructure. Your client captures input events targeted at the browser on canvas and forwards them to the cloud browser instance. All traffic is encrypted in flight. When the forwarded input events enter Switchboard's infrastructure, they are protected by all the security and privacy controls described here. In particular, they are never recorded by Switchboard. This is very similar to how a secure remote-desktop system works.
Do I have to log into websites every time I join a room?
No. When you log into a website within a browser, it will usually generate a token that's synced back to your local machine. The token disappears when the browser instance is destroyed. But the next time you create a browser in a Switchboard room, the token will be synced from your local machine to that new browser instance, and you won't be required to log in.
Can I delete the cookies and other browser state from my local machine?
Of course. In your local web browser, delete IndexedDB databases for the switchboard.app domain.
Who can control my browsers?
This answer is complex to describe in text, but much more natural to use in the flow of working within a room.
For sites like Wikipedia, news outlets, simple single-player games etc., everyone present in a room can view and control the content. (Unless the content was hidden by the browser owner.) This means that for everyone in the room, there is only one scroll position, focus of input events, state of the DOM, etc. If anyone in the room scrolls the browser, for example, then everyone else in the room sees the scroll position update in real time. These sites comprise the vast, vast majority of content on the web.
However, many of the modern web apps you frequently use are "multiplayer". That is to say, multiple users can view and control the same underlying resource at the same time; for example, a Notion page or Google doc. When multiple users are viewing or editing the same resource concurrently, the app UI shows presence indicators for the other users like avatars, pointers, carets, and so forth.
Switchboard handles multiplayer apps specially. When you want to control a multiplayer browser that you didn't add to the canvas yourself, you will get your own view and control of the shared resource (again, think of a Notion page or Google doc). Then anyone else viewing the shared resource will see your presence indicators in the UI, and you are free to edit, scroll around, etc in the shared resource without affecting the views of others.
Can someone control my browsers when I leave a room?
No. When you leave a room, your running browser instances are destroyed. If you later rejoin the room, the browser instances are launched again by default. Only the URL and a small amount of associated metadata are stored on Switchboard infrastructure while you're not in the room.
How are my browsers isolated from other users'?
Switchboard applies the principle of Defense in Depth to isolate your browsers. Browsers' web content run in hardened web runtimes and virtual machines within operating-system sandboxes. Browsers are further isolated in "containers", using additional kernel protections. And on average, two browser instances will run on separate cloud VMs that are further isolated from each other by additional hardware protections.
In no case do browser instances for different users ever share data, other than through user actions taken through the web apps themselves (such as collaborating on a Notion page, for example).