Risk

8/30/2013
11:25 AM
50%
50%

Custom Chrome Browser Promises More Privacy, No Tracking

Hidden Reflex launches Chromium-based browser tweaked to block advertisers' tracking networks while speeding up page-load times.

Google Nexus 7, Chromecast: Visual Tour
Google Nexus 7, Chromecast: Visual Tour
(click image for larger view)
Startup security firm Hidden Reflex is hoping that consumers who want a more private online browsing experience will choose its customized version of Google's Chrome browser.

Dubbed Epic Privacy Browser, the free, Chromium-based browser, available both for Windows and Mac OS X, promises better privacy by blocking all tracking scripts deployed by online advertising networks and their affiliates. Blocking tracking scripts also speeds page-load times by up to 25%, according to Hidden Reflex.

According to Alok Bhardwaj, founder and CEO of Hidden Reflex, in a typical one-hour browsing session Epic will block over 1,000 different tracking attempts launched by more than 40 tracking firms.

The browser, which is due out any day, has no connection to the Electronic Privacy Information Center, a civil liberties group that's known as EPIC.

[ Is any browser really safe? Read Chrome Security Shocker Creates Password Anxiety. ]

What, if anything, do current Chrome users lose by making the jump to the Epic browser? Google, for example, is renowned for the steady stream of automatic updates it releases for Chrome, especially in the wake of bug reports. The Epic Privacy Browser will not automatically install those updates, although that's by design. "Hidden Reflex has to check the Chromium updates and distribute them," Bhardwaj told InformationWeek via email. "Google changes a lot of things -- with stuff that is privacy-invasive sometimes -- so we have to review each Chromium update and then update ourselves."

That said, the Epic browser does auto-update by default. "For the Mac, updates can be set to manual, and soon that will be the case for Windows as well," said Bhardwaj. "We want to give that option for the extremely privacy-conscious." He also promised regular updates. "We won't necessarily update as often as Chrome but will update very quickly any crucial security-related updates, probably a week or two after Chrome updates," he said.

In addition, he argued that using a browser not built by one of the major players -- Google, Microsoft, Mozilla, Opera -- carried its own information security upsides. "As a niche browser, users are vastly safer in us than other browsers which are active targets." But he also lauded the security offered by Chrome, noting that its "tabs as a process model" had only ever been hacked via malicious extensions, but never directly.

But how can a free browser predicated on privacy -- and that blocks advertising -- earn enough money to keep its company in business? Cue sponsored search results. "We do block ads because they contain trackers, so we are walking a bit of fine line as we will earn revenue through sponsored search results," Bhardwaj said. But he said that the results would never be based on tracking, and only on the search term and rough geographical area. Furthermore, he said Epic was built to prohibit any of the company's search partners from being able to track users or their searches.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
9/3/2013 | 8:59:07 PM
re: Custom Chrome Browser Promises More Privacy, No Tracking
I wouldn't count on the FTC doing anything substantive to limit information collection. The advertising industry has a lot of money and lobbies with it. There's no one paying to advance the opposite point of view.
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19296
PUBLISHED: 2018-11-16
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVE-2018-19301
PUBLISHED: 2018-11-15
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
CVE-2018-5407
PUBLISHED: 2018-11-15
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-14934
PUBLISHED: 2018-11-15
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVE-2018-14935
PUBLISHED: 2018-11-15
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.