Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/21/2013
02:54 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Aviator Browser Blocks Ads, Cookies By Default

Google Chrome, Microsoft Internet Explorer and Mozilla Firefox betray privacy for ad revenue, claims WhiteHat Security, maker of new privacy-first Aviator browser.

 Microsoft Surface: 10 Best And Worst Changes
Microsoft Surface: 10 Best And Worst Changes
(click image for larger view)
Characterizing mainstream Web browsers as insecure and damaging to privacy, WhiteHat Security has released a browser for OS X called Aviator that blocks ads and preserves privacy by default.

Based on Chromium, the open-source foundation of Google Chrome, Aviator treats advertising as a security vulnerability, privacy violation and general nuisance. Not only does it block ads and advertising tracking cookies via the Disconnect extension, it is preconfigured to use Duck Duck Go, a search engine that does not collect personal information, as its default search engine. Aviator operates in what Google Chrome calls "Incognito mode" all the time.

In a blog post, Robert Hansen, director of product management at WhiteHat Security, explains that browser vendors like Google, Mozilla and Microsoft have elected not go as far as Aviator has gone because doing so would reduce revenue from advertising.

Arguing that those who don't click on ads are not the sort of customers the online ad industry wants, Hansen contends that blocking ads by default can increase online satisfaction for millions, serve advertisers better by showing ads only to those who elect to see them, and protect people from privacy violations and the malware that travels on ad networks.

[ Will Google's enterprise efforts win you over? Read Google In The Enterprise Survey: Mind The Gaps. ]

"[N]ot a single browser vendor offers ad blocking, instead relying on optional third-party plugins, because this breaks their business model and how they make money," said Hansen in his post. "Current incentives between the user and browser vendor are misaligned. People simply aren't safe online when their browser vendor profits from ads."

In March 2011, Dasient, a security firm that sold protection against malicious ads and was acquired by Twitter the following year, estimated that the chance of encountering a malicious ad over three months of browsing was 95%.

In the Aviator FAQs, WhiteHat Security states that Google Chrome, Microsoft Internet Explorer and Mozilla Firefox are not as secure as Aviator because "implementing truly effective security and privacy would negatively impact their businesses."

Google and Microsoft did not respond to requests for comment. Mozilla declined to comment, but CTO Brendan Eich in June suggested his company's decision to delay implementation of third-party cookie blocking — criticized as succumbing to ad industry pressure — was the result of trying to find a way to deal with third-party cookies on a granular level that avoids the errors that arise when blocking is indiscriminate.

Ad blocking is on the rise, according to PageFair, a consultancy that caters to publishers concerned about ad blocking. A report published by the firm in August, based on a survey of 220 websites with the sort of technically sophisticated audience likely to employ ad-blocking software, found an average ad-blocking rate of 22.7%. PageFair says it expects that figure to grow by 50% over the next five years.

Ad blocking has become significant enough that Google this year began paying to have its search ads whitelisted through Adblock Plus' Acceptable Ads initiative. This initiative, which allows ad companies to prevent their ads from being filtered as long as they meet quality requirements (and pay a fee in the case of large companies), remains controversial and has been likened to a protection racket.

Hansen says that if enough people like Aviator, WhiteHat Security will build a Windows version.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
10/22/2013 | 11:12:13 PM
re: Aviator Browser Blocks Ads, Cookies By Default
I hope they bring it to Windows soon!
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35475
PUBLISHED: 2021-06-25
SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.
CVE-2021-32716
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-U...
CVE-2021-32717
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibilit...
CVE-2021-32712
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
CVE-2021-32713
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.