11:25 AM

Custom Chrome Browser Promises More Privacy, No Tracking

Hidden Reflex launches Chromium-based browser tweaked to block advertisers' tracking networks while speeding up page-load times.

Google Nexus 7, Chromecast: Visual Tour
Google Nexus 7, Chromecast: Visual Tour
(click image for larger view)
Startup security firm Hidden Reflex is hoping that consumers who want a more private online browsing experience will choose its customized version of Google's Chrome browser.

Dubbed Epic Privacy Browser, the free, Chromium-based browser, available both for Windows and Mac OS X, promises better privacy by blocking all tracking scripts deployed by online advertising networks and their affiliates. Blocking tracking scripts also speeds page-load times by up to 25%, according to Hidden Reflex.

According to Alok Bhardwaj, founder and CEO of Hidden Reflex, in a typical one-hour browsing session Epic will block over 1,000 different tracking attempts launched by more than 40 tracking firms.

The browser, which is due out any day, has no connection to the Electronic Privacy Information Center, a civil liberties group that's known as EPIC.

[ Is any browser really safe? Read Chrome Security Shocker Creates Password Anxiety. ]

What, if anything, do current Chrome users lose by making the jump to the Epic browser? Google, for example, is renowned for the steady stream of automatic updates it releases for Chrome, especially in the wake of bug reports. The Epic Privacy Browser will not automatically install those updates, although that's by design. "Hidden Reflex has to check the Chromium updates and distribute them," Bhardwaj told InformationWeek via email. "Google changes a lot of things -- with stuff that is privacy-invasive sometimes -- so we have to review each Chromium update and then update ourselves."

That said, the Epic browser does auto-update by default. "For the Mac, updates can be set to manual, and soon that will be the case for Windows as well," said Bhardwaj. "We want to give that option for the extremely privacy-conscious." He also promised regular updates. "We won't necessarily update as often as Chrome but will update very quickly any crucial security-related updates, probably a week or two after Chrome updates," he said.

In addition, he argued that using a browser not built by one of the major players -- Google, Microsoft, Mozilla, Opera -- carried its own information security upsides. "As a niche browser, users are vastly safer in us than other browsers which are active targets." But he also lauded the security offered by Chrome, noting that its "tabs as a process model" had only ever been hacked via malicious extensions, but never directly.

But how can a free browser predicated on privacy -- and that blocks advertising -- earn enough money to keep its company in business? Cue sponsored search results. "We do block ads because they contain trackers, so we are walking a bit of fine line as we will earn revenue through sponsored search results," Bhardwaj said. But he said that the results would never be based on tracking, and only on the search term and rough geographical area. Furthermore, he said Epic was built to prohibit any of the company's search partners from being able to track users or their searches.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
Thomas Claburn,
User Rank: Ninja
9/3/2013 | 8:59:07 PM
re: Custom Chrome Browser Promises More Privacy, No Tracking
I wouldn't count on the FTC doing anything substantive to limit information collection. The advertising industry has a lot of money and lobbies with it. There's no one paying to advance the opposite point of view.
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-12
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.

Published: 2015-10-12
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Published: 2015-10-12
Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.

Published: 2015-10-12
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.

Published: 2015-10-12
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.