Introducing WhiteHat Aviator – A Safer Web Browser
blog.whitehatsec.comThis is a browser built on Chromium. Where is its source code? Is this a closed-source wrapper around Chromium?
Later: Answer: Yes. https://twitter.com/jeremiahg/status/392335814048247808
I am doing a double-take as well.
It seems like closed-source is antithesis to "designed for the every day person who really values their online security and privacy."
I think the key word there is 'every day person', which for most non-technical people means that they trust someone has looked after the problem, and may actually feel safer by paying someone to do so.
Oh there's no problem paying somebody to do a job. But somehow you'll need to be able to check that the job is done. Or at least read the opinion of somebody who has no stake in the matter to attest to the job being done.
So "the job" here involving making a browser not do things, which you can't see. How often pray tell do you pay somebody to perform a job you can't verify the outcome of, but take him by his word that he did it?
The placebo effect does not really apply to software, though.
How can you be so sure?
At least for one, it is so much easier to break the placebo.
Unfortunately the aforementioned persons are unlikely to realize they could pay someone to look after security in an open, communicative fashion.
How? Seems to me like an "every day person" wouldn't dive into the source code of their browser.
they would not, but the "many eyes" effect would benefit them nevertheless
My thoughts exactly. Why haven't they made the source public.
If I got an email from george@avoid416scam.com claiming to protect my bank account from 416 scams for free if I give him access to my bank account, I'd be suspicious.
Instead I got a website from whitehatsec.com claiming to provide me a more secure web browser for free, claiming it's perfectly safe to put in my bank account info into it.
Won't touch it with a barge pole. My spidey sense is tingling for one reason or another.
But with Chuck Norris [1] on the board, how bad can it be?
Well it is Whitehat Security, so the website is not really a negative I would say.
But I agree ;)
I find it incredible that someone would publish a web browser claiming to be safer:
a) without publishing the source code, and
b) acting surprised when people don't trust it.
Seriously, what was @jeremiahg thinking?
"And yet not a single browser vendor offers ad blocking, instead relying on optional third-party plugins, because this breaks their business model and how they make money.".
I'm actually happy when browsers keep their core features as lean as possible and instead do the work that enable plugin creators to create functionality. More true for ad-blocking, where you want the plugin to be updated more often than the browser itself (e.g., for newer lists, new techniques for detecting ads).
Adblock plugins slurp down new lists without updating the plugin code itself. Newer techniques, sure, but I don't think ABP's release cycle is substantially faster than Firefox's.
It could still make sense to ship an ad blocking plugin with the browser distribution.
How does this make any sense?
" As the adage goes, “If you’re not paying for something, you’re not the customer; you’re the product being sold.” Browsers are no different,
...
WhiteHat Security has no interest or stake in the online advertising industry, so we can offer a browser free of ulterior motives. What you see is what you get. We aren’t interested in tracking you or your browsing history, or in letting anyone else have that information either."
And with Chromium or Firefox we can see the source code and know for sure....
Totally downloading because a wordpress page with binary download link is the safest/private thing i can think of.
Registered through GoDaddy, no less:
“If you’re not paying for something, you’re not the customer; you’re the product being sold.”
I was hoping that this was something I could pay for. It's still a free web browser.
Noticed the same thing.
I hope they're more careful with their software design and monetization plan than they were with that announcement. And at some point they should probably address that it's still an advertisement–for their services.
Something actually interesting in the space of a safer web browser: http://goto.ucsd.edu/quark/
Do you use this?
No. It is interesting as a concept though.
Proprietary "safer" web browser. Yeah right.
Never heard of this company before, not sure what to think of their blog post announcing the availability of this browser. If I'm not mistaken, one can pretty much configure any browser to do what they have identified done in their browser, unless there's more.
Best comment:
"Closed Source: Check Potential GPL license violation: Check Random “whitehate” company using wordpress to host website: Check. Maybe it’s just me, but unless I see the source, I wouldn’t touch this with even a virtual machine."
I would imagine the target market consists solely of those who have already contracted with this company.
Am I only the only one who worries what the repercussions of an ad-blocking-by-default browser getting market share might be?
"Facebook, sign up now for only $4 a month..."
"You have 12 tweets left. Why not top up now?"
I personally would love to see both of those changes, as they'd force people to place some value on such distractions.
- a confessed twitter addict
Give me your twitter password and I'll lock you out, then write you an app that only lets you tweet after solving a soduku.
"We strip out referring URLs across domains to protect your privacy"
Which makes it even more interesting that they're using Google Analytics to track visitors and sources on their site.
Oh yeah, really long text and then an inviting "click here" at the end. That is neither the best usability nor SEO-friendly in any way.
I wonder how diligently updates will be handled. Do the authors have access to all the restricted/confidential security chromium bug reports, and will they be able to push out updated binaries the same second chrome does? Otherwise this could quickly end up leaving users visibly exposed to otherwise-well-known future vulns.
What’s the Difference between Aviator and Chromium / Google Chrome? https://blog.whitehatsec.com/whats-the-difference-between-av...
I have been using this for a short while and wrote them thoughts down:
http://tosbourn.com/2013/10/development/review-whitehat-avia...
Just Install Firefox (or Chromium, not Chrome) and install some extension and you have the same from a much more trustworthy source.