Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Custom Chrome Browser Promises More Privacy, No Tracking

Hidden Reflex launches Chromium-based browser tweaked to block advertisers' tracking networks while speeding up page-load times.

Google Nexus 7, Chromecast: Visual Tour
Google Nexus 7, Chromecast: Visual Tour
(click image for larger view)
Startup security firm Hidden Reflex is hoping that consumers who want a more private online browsing experience will choose its customized version of Google's Chrome browser.

Dubbed Epic Privacy Browser, the free, Chromium-based browser, available both for Windows and Mac OS X, promises better privacy by blocking all tracking scripts deployed by online advertising networks and their affiliates. Blocking tracking scripts also speeds page-load times by up to 25%, according to Hidden Reflex.

According to Alok Bhardwaj, founder and CEO of Hidden Reflex, in a typical one-hour browsing session Epic will block over 1,000 different tracking attempts launched by more than 40 tracking firms.

The browser, which is due out any day, has no connection to the Electronic Privacy Information Center, a civil liberties group that's known as EPIC.

[ Is any browser really safe? Read Chrome Security Shocker Creates Password Anxiety. ]

What, if anything, do current Chrome users lose by making the jump to the Epic browser? Google, for example, is renowned for the steady stream of automatic updates it releases for Chrome, especially in the wake of bug reports. The Epic Privacy Browser will not automatically install those updates, although that's by design. "Hidden Reflex has to check the Chromium updates and distribute them," Bhardwaj told InformationWeek via email. "Google changes a lot of things -- with stuff that is privacy-invasive sometimes -- so we have to review each Chromium update and then update ourselves."

That said, the Epic browser does auto-update by default. "For the Mac, updates can be set to manual, and soon that will be the case for Windows as well," said Bhardwaj. "We want to give that option for the extremely privacy-conscious." He also promised regular updates. "We won't necessarily update as often as Chrome but will update very quickly any crucial security-related updates, probably a week or two after Chrome updates," he said.

In addition, he argued that using a browser not built by one of the major players -- Google, Microsoft, Mozilla, Opera -- carried its own information security upsides. "As a niche browser, users are vastly safer in us than other browsers which are active targets." But he also lauded the security offered by Chrome, noting that its "tabs as a process model" had only ever been hacked via malicious extensions, but never directly.

But how can a free browser predicated on privacy -- and that blocks advertising -- earn enough money to keep its company in business? Cue sponsored search results. "We do block ads because they contain trackers, so we are walking a bit of fine line as we will earn revenue through sponsored search results," Bhardwaj said. But he said that the results would never be based on tracking, and only on the search term and rough geographical area. Furthermore, he said Epic was built to prohibit any of the company's search partners from being able to track users or their searches.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
9/3/2013 | 8:59:07 PM
re: Custom Chrome Browser Promises More Privacy, No Tracking
I wouldn't count on the FTC doing anything substantive to limit information collection. The advertising industry has a lot of money and lobbies with it. There's no one paying to advance the opposite point of view.
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...