Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Custom Chrome Browser Promises More Privacy, No Tracking

Hidden Reflex launches Chromium-based browser tweaked to block advertisers' tracking networks while speeding up page-load times.

"We don't want you to have to 'trust us with your data,'" said Bhardwaj. "So, for example, searches through our search engine will go via a third-party proxy to us and via HTTPS -- HTTPS means the proxy doesn't know what you're searching and the proxy means we can't know what you're searching for."

One contractual precondition of using Chromium, he said, is that "sponsored results" must be allowed to run alongside searches. On the other hand, "search is really lucrative," he said. "So if we get users and they do search with us a bit, we should be fine in terms of monetizing and be able to offer more amazing privacy services -- next for us would be a mobile browser -- at no cost, we hope."

The browser's introduction parallels a more widespread push by browser makers to increase the out-of-the-box privacy controls available to users. Mozilla, for example, said in June that, despite sharp criticism from the online advertising industry, it is advancing plans to have Firefox block by default many types of cookies and tracking technology.

Still, don't some browsers already offer privacy or incognito browsing modes of one kind or another? In fact, Bhardwaj cited a June 2013 study from security research firm NSS Labs, which noted that "private browsing does not prevent tracking, but rather it is designed to erase the history of a user's actions when the browser is closed."

To date, consumers have been left to their own devices when it comes to resisting online advertisers' tracking attempts. For starters, efforts to forge an agreement on some type of voluntary Do Not Track (DNT) flag in browsers have stalled. The capability was meant to give consumers an easy way to indicate that they didn't want their browsing activity to be tracked. But after Microsoft said that it would enable DNT by default in Internet Explorer 10, the advertising industry quit the DNT discussions in a huff.

On the legal front, despite DNT legislation having been introduced in 2011, Congress has failed to pass any laws that would force online advertisers in the United States to respect consumers' tracking preferences. Likewise, data brokers have a relatively free hand when it comes to buying and selling people's personal information.

That freedom could change, however. The Federal Trade Commission has been taking a closer interest in data brokers' information-collection practices, which could presage data brokers being required to reveal to consumers every piece of their personal information that's been tracked, recorded or sold.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
9/3/2013 | 8:59:07 PM
re: Custom Chrome Browser Promises More Privacy, No Tracking
I wouldn't count on the FTC doing anything substantive to limit information collection. The advertising industry has a lot of money and lobbies with it. There's no one paying to advance the opposite point of view.
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26543
PUBLISHED: 2021-05-06
The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
CVE-2021-27216
PUBLISHED: 2021-05-06
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
CVE-2021-29490
PUBLISHED: 2021-05-06
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and ex...
CVE-2021-29491
PUBLISHED: 2021-05-06
Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the ava...
CVE-2021-29921
PUBLISHED: 2021-05-06
Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid I...