Risk
8/30/2013
11:25 AM
50%
50%

Custom Chrome Browser Promises More Privacy, No Tracking

Hidden Reflex launches Chromium-based browser tweaked to block advertisers' tracking networks while speeding up page-load times.

Google Nexus 7, Chromecast: Visual Tour
Google Nexus 7, Chromecast: Visual Tour
(click image for larger view)
Startup security firm Hidden Reflex is hoping that consumers who want a more private online browsing experience will choose its customized version of Google's Chrome browser.

Dubbed Epic Privacy Browser, the free, Chromium-based browser, available both for Windows and Mac OS X, promises better privacy by blocking all tracking scripts deployed by online advertising networks and their affiliates. Blocking tracking scripts also speeds page-load times by up to 25%, according to Hidden Reflex.

According to Alok Bhardwaj, founder and CEO of Hidden Reflex, in a typical one-hour browsing session Epic will block over 1,000 different tracking attempts launched by more than 40 tracking firms.

The browser, which is due out any day, has no connection to the Electronic Privacy Information Center, a civil liberties group that's known as EPIC.

[ Is any browser really safe? Read Chrome Security Shocker Creates Password Anxiety. ]

What, if anything, do current Chrome users lose by making the jump to the Epic browser? Google, for example, is renowned for the steady stream of automatic updates it releases for Chrome, especially in the wake of bug reports. The Epic Privacy Browser will not automatically install those updates, although that's by design. "Hidden Reflex has to check the Chromium updates and distribute them," Bhardwaj told InformationWeek via email. "Google changes a lot of things -- with stuff that is privacy-invasive sometimes -- so we have to review each Chromium update and then update ourselves."

That said, the Epic browser does auto-update by default. "For the Mac, updates can be set to manual, and soon that will be the case for Windows as well," said Bhardwaj. "We want to give that option for the extremely privacy-conscious." He also promised regular updates. "We won't necessarily update as often as Chrome but will update very quickly any crucial security-related updates, probably a week or two after Chrome updates," he said.

In addition, he argued that using a browser not built by one of the major players -- Google, Microsoft, Mozilla, Opera -- carried its own information security upsides. "As a niche browser, users are vastly safer in us than other browsers which are active targets." But he also lauded the security offered by Chrome, noting that its "tabs as a process model" had only ever been hacked via malicious extensions, but never directly.

But how can a free browser predicated on privacy -- and that blocks advertising -- earn enough money to keep its company in business? Cue sponsored search results. "We do block ads because they contain trackers, so we are walking a bit of fine line as we will earn revenue through sponsored search results," Bhardwaj said. But he said that the results would never be based on tracking, and only on the search term and rough geographical area. Furthermore, he said Epic was built to prohibit any of the company's search partners from being able to track users or their searches.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
9/3/2013 | 8:59:07 PM
re: Custom Chrome Browser Promises More Privacy, No Tracking
I wouldn't count on the FTC doing anything substantive to limit information collection. The advertising industry has a lot of money and lobbies with it. There's no one paying to advance the opposite point of view.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9651
Published: 2015-08-28
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

CVE-2015-1171
Published: 2015-08-28
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

CVE-2015-2987
Published: 2015-08-28
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.

CVE-2015-6266
Published: 2015-08-28
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

CVE-2015-6267
Published: 2015-08-28
Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.