Risk
10/21/2013
02:54 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Aviator Browser Blocks Ads, Cookies By Default

Google Chrome, Microsoft Internet Explorer and Mozilla Firefox betray privacy for ad revenue, claims WhiteHat Security, maker of new privacy-first Aviator browser.

 Microsoft Surface: 10 Best And Worst Changes
Microsoft Surface: 10 Best And Worst Changes
(click image for larger view)
Characterizing mainstream Web browsers as insecure and damaging to privacy, WhiteHat Security has released a browser for OS X called Aviator that blocks ads and preserves privacy by default.

Based on Chromium, the open-source foundation of Google Chrome, Aviator treats advertising as a security vulnerability, privacy violation and general nuisance. Not only does it block ads and advertising tracking cookies via the Disconnect extension, it is preconfigured to use Duck Duck Go, a search engine that does not collect personal information, as its default search engine. Aviator operates in what Google Chrome calls "Incognito mode" all the time.

In a blog post, Robert Hansen, director of product management at WhiteHat Security, explains that browser vendors like Google, Mozilla and Microsoft have elected not go as far as Aviator has gone because doing so would reduce revenue from advertising.

Arguing that those who don't click on ads are not the sort of customers the online ad industry wants, Hansen contends that blocking ads by default can increase online satisfaction for millions, serve advertisers better by showing ads only to those who elect to see them, and protect people from privacy violations and the malware that travels on ad networks.

[ Will Google's enterprise efforts win you over? Read Google In The Enterprise Survey: Mind The Gaps. ]

"[N]ot a single browser vendor offers ad blocking, instead relying on optional third-party plugins, because this breaks their business model and how they make money," said Hansen in his post. "Current incentives between the user and browser vendor are misaligned. People simply aren't safe online when their browser vendor profits from ads."

In March 2011, Dasient, a security firm that sold protection against malicious ads and was acquired by Twitter the following year, estimated that the chance of encountering a malicious ad over three months of browsing was 95%.

In the Aviator FAQs, WhiteHat Security states that Google Chrome, Microsoft Internet Explorer and Mozilla Firefox are not as secure as Aviator because "implementing truly effective security and privacy would negatively impact their businesses."

Google and Microsoft did not respond to requests for comment. Mozilla declined to comment, but CTO Brendan Eich in June suggested his company's decision to delay implementation of third-party cookie blocking — criticized as succumbing to ad industry pressure — was the result of trying to find a way to deal with third-party cookies on a granular level that avoids the errors that arise when blocking is indiscriminate.

Ad blocking is on the rise, according to PageFair, a consultancy that caters to publishers concerned about ad blocking. A report published by the firm in August, based on a survey of 220 websites with the sort of technically sophisticated audience likely to employ ad-blocking software, found an average ad-blocking rate of 22.7%. PageFair says it expects that figure to grow by 50% over the next five years.

Ad blocking has become significant enough that Google this year began paying to have its search ads whitelisted through Adblock Plus' Acceptable Ads initiative. This initiative, which allows ad companies to prevent their ads from being filtered as long as they meet quality requirements (and pay a fee in the case of large companies), remains controversial and has been likened to a protection racket.

Hansen says that if enough people like Aviator, WhiteHat Security will build a Windows version.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
10/22/2013 | 11:12:13 PM
re: Aviator Browser Blocks Ads, Cookies By Default
I hope they bring it to Windows soon!
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.