Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Custom Chrome Browser Promises More Privacy, No Tracking

Hidden Reflex launches Chromium-based browser tweaked to block advertisers' tracking networks while speeding up page-load times.

Google Nexus 7, Chromecast: Visual Tour
Google Nexus 7, Chromecast: Visual Tour
(click image for larger view)
Startup security firm Hidden Reflex is hoping that consumers who want a more private online browsing experience will choose its customized version of Google's Chrome browser.

Dubbed Epic Privacy Browser, the free, Chromium-based browser, available both for Windows and Mac OS X, promises better privacy by blocking all tracking scripts deployed by online advertising networks and their affiliates. Blocking tracking scripts also speeds page-load times by up to 25%, according to Hidden Reflex.

According to Alok Bhardwaj, founder and CEO of Hidden Reflex, in a typical one-hour browsing session Epic will block over 1,000 different tracking attempts launched by more than 40 tracking firms.

The browser, which is due out any day, has no connection to the Electronic Privacy Information Center, a civil liberties group that's known as EPIC.

[ Is any browser really safe? Read Chrome Security Shocker Creates Password Anxiety. ]

What, if anything, do current Chrome users lose by making the jump to the Epic browser? Google, for example, is renowned for the steady stream of automatic updates it releases for Chrome, especially in the wake of bug reports. The Epic Privacy Browser will not automatically install those updates, although that's by design. "Hidden Reflex has to check the Chromium updates and distribute them," Bhardwaj told InformationWeek via email. "Google changes a lot of things -- with stuff that is privacy-invasive sometimes -- so we have to review each Chromium update and then update ourselves."

That said, the Epic browser does auto-update by default. "For the Mac, updates can be set to manual, and soon that will be the case for Windows as well," said Bhardwaj. "We want to give that option for the extremely privacy-conscious." He also promised regular updates. "We won't necessarily update as often as Chrome but will update very quickly any crucial security-related updates, probably a week or two after Chrome updates," he said.

In addition, he argued that using a browser not built by one of the major players -- Google, Microsoft, Mozilla, Opera -- carried its own information security upsides. "As a niche browser, users are vastly safer in us than other browsers which are active targets." But he also lauded the security offered by Chrome, noting that its "tabs as a process model" had only ever been hacked via malicious extensions, but never directly.

But how can a free browser predicated on privacy -- and that blocks advertising -- earn enough money to keep its company in business? Cue sponsored search results. "We do block ads because they contain trackers, so we are walking a bit of fine line as we will earn revenue through sponsored search results," Bhardwaj said. But he said that the results would never be based on tracking, and only on the search term and rough geographical area. Furthermore, he said Epic was built to prohibit any of the company's search partners from being able to track users or their searches.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
9/3/2013 | 8:59:07 PM
re: Custom Chrome Browser Promises More Privacy, No Tracking
I wouldn't count on the FTC doing anything substantive to limit information collection. The advertising industry has a lot of money and lobbies with it. There's no one paying to advance the opposite point of view.
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...
CVE-2019-4409
PUBLISHED: 2019-10-18
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entere...