Risk
10/21/2013
02:54 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Aviator Browser Blocks Ads, Cookies By Default

Google Chrome, Microsoft Internet Explorer and Mozilla Firefox betray privacy for ad revenue, claims WhiteHat Security, maker of new privacy-first Aviator browser.

 Microsoft Surface: 10 Best And Worst Changes
Microsoft Surface: 10 Best And Worst Changes
(click image for larger view)
Characterizing mainstream Web browsers as insecure and damaging to privacy, WhiteHat Security has released a browser for OS X called Aviator that blocks ads and preserves privacy by default.

Based on Chromium, the open-source foundation of Google Chrome, Aviator treats advertising as a security vulnerability, privacy violation and general nuisance. Not only does it block ads and advertising tracking cookies via the Disconnect extension, it is preconfigured to use Duck Duck Go, a search engine that does not collect personal information, as its default search engine. Aviator operates in what Google Chrome calls "Incognito mode" all the time.

In a blog post, Robert Hansen, director of product management at WhiteHat Security, explains that browser vendors like Google, Mozilla and Microsoft have elected not go as far as Aviator has gone because doing so would reduce revenue from advertising.

Arguing that those who don't click on ads are not the sort of customers the online ad industry wants, Hansen contends that blocking ads by default can increase online satisfaction for millions, serve advertisers better by showing ads only to those who elect to see them, and protect people from privacy violations and the malware that travels on ad networks.

[ Will Google's enterprise efforts win you over? Read Google In The Enterprise Survey: Mind The Gaps. ]

"[N]ot a single browser vendor offers ad blocking, instead relying on optional third-party plugins, because this breaks their business model and how they make money," said Hansen in his post. "Current incentives between the user and browser vendor are misaligned. People simply aren't safe online when their browser vendor profits from ads."

In March 2011, Dasient, a security firm that sold protection against malicious ads and was acquired by Twitter the following year, estimated that the chance of encountering a malicious ad over three months of browsing was 95%.

In the Aviator FAQs, WhiteHat Security states that Google Chrome, Microsoft Internet Explorer and Mozilla Firefox are not as secure as Aviator because "implementing truly effective security and privacy would negatively impact their businesses."

Google and Microsoft did not respond to requests for comment. Mozilla declined to comment, but CTO Brendan Eich in June suggested his company's decision to delay implementation of third-party cookie blocking — criticized as succumbing to ad industry pressure — was the result of trying to find a way to deal with third-party cookies on a granular level that avoids the errors that arise when blocking is indiscriminate.

Ad blocking is on the rise, according to PageFair, a consultancy that caters to publishers concerned about ad blocking. A report published by the firm in August, based on a survey of 220 websites with the sort of technically sophisticated audience likely to employ ad-blocking software, found an average ad-blocking rate of 22.7%. PageFair says it expects that figure to grow by 50% over the next five years.

Ad blocking has become significant enough that Google this year began paying to have its search ads whitelisted through Adblock Plus' Acceptable Ads initiative. This initiative, which allows ad companies to prevent their ads from being filtered as long as they meet quality requirements (and pay a fee in the case of large companies), remains controversial and has been likened to a protection racket.

Hansen says that if enough people like Aviator, WhiteHat Security will build a Windows version.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
10/22/2013 | 11:12:13 PM
re: Aviator Browser Blocks Ads, Cookies By Default
I hope they bring it to Windows soon!
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2413
Published: 2014-10-20
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

CVE-2012-5244
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to...

CVE-2012-5694
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.p...

CVE-2012-5695
Published: 2014-10-20
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS m...

CVE-2012-5696
Published: 2014-10-20
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.