Own goal by Google...
Until today, Aviator was a movie to me....
(OK, I'm out of touch)
Now it's a browser that sounds kinda interesting.
Thank you Google!
A spat between Google and Whitehat Security has erupted after engineers at the search giant revealed dangerous vulnerabilities found in the latter's anti-Google privacy-centric Chrome spin-off browser. The holes in the Aviator browser reported by Google security bods Justin Schuh and Tavis Ormandy described include a remote …
You must be a fairly atypical Reg reader if you can't work out how to replicate the kind of blocking this product provides (what with the ready availability of extensions like Ghostery and Disconnect), and don't mind using a browser with likely known and unpatched vulnerabilities as a result of lagging behind the parent product.
>>"You must be a fairly atypical Reg reader if you can't work out how to replicate the kind of blocking this product provides (what with the ready availability of extensions like Ghostery and Disconnect), "
There's a whole world of people out there who aren't El Reg. readers but who still care about browsers. And to be honest, I think there are plenty of El Reg. readers who don't readily know how to replicate what Aviator does. And that's not because they're stupid. Aviator, for example, blocks HTTP referral values across different sites. According to their website you can't do that with Disconnect. And indeed, I had never heard of Disconnect before today.
Besides, one of the good things about Open Source is multiple ways to do things.
"You must be a fairly atypical Reg reader if ..."
and what are YOU if after reading the article you still think Ghostery and Disconnect can do everything Aviator does?
I use Ghostery on Firefox, and unfortunately Disconnect doesn't work as well (Disconnect freezes the entire browser on certain sites).
If you actually cared about privacy and security. Ghostery and Disconnect aren't going to help. They're really only little more than ad-blockers. You need plugins to also automatically clear and manage cookies and perhaps even the use of javscript managers and a way to manage HTTP referrers forwarding and disable WebRTC (on Firefox).
Though I have to add, even if you have cookie managers, Google's sites for some reason... found a way to bypass such plugins. HMMmm.
" ... stating that Google employs a 30-strong Chrome security team... "
This misses the point. Oh they may try and keep the baddies out of your internet session but in the meantime are busily conducting a man in the middle attack of their own.
As Credas says, if you want to block stuff, look to the likes of Adblock plus and so on. It's hard to block Google from snooping on your Chrome sessions.
I haven't heard much about Iron, is it still going?
A fork could be a exploit ridden heap of crap and perhaps this fork is precisely that.
But from the moment you start Chrome up it's nagging the user "sign on". Features like url auto correct (via Google), and predictive search (via Google) are also enabled. All this so they know pretty much everything you do to better serve you with ads and otherwise monetize you. These days it even has a "You" button embedded into the title bar but an All Seeing, Lidless Eye would be more appropriate.
Chrome does have privacy controls but they're buried and quite fiddly. e.g. there is no equivalent to Firefox's clear history on exit. So yeah perhaps this fork is crap, but it wouldn't need to exist if Google could curb its insatiable hunger for data and provide convenient privacy controls for those who'd rather not give it up.
If the privacy controls exist, then maybe the right way of making it more private for everyone would be with an extension that could set better defaults and display every one of those controls inside a very easy to get to interface. Problem solved.
instead of forking and staying some versions behind, and inserting vulnerabilities durinng the process...
>"...from the moment you start Chrome [you can] "sign on". Features like url auto correct (via Google), and predictive search (via Google) are also enabled."
These are useful functions for me, the user. I'm computer-literate (e.g. MSc, work in IT), and I'm completely happy with the trade-off between convenience and privacy. I respect the fact that other people have different views, and good luck to them, but Google quite rightly tailor their product to the majority of people, most of whom apparently have broadly similar views to me:
www.washingtonpost.com/blogs/the-switch/wp/2014/10/07/people-care-more-about-convenience-than-privacy-online
www.darkreading.com/risk-management/online-privacy-we-just-dont-care/d/d-id/1110535?
I'd respectfully suggest that much of the criticism of Google is unfair: they're a business, providing superb products for no up-front cost. I'm happy with that, as are many/most people.
Google is a bit more evil in that they are busy trying to convince people that they are not. ;-)
The truth is that you are Google's product and they are spying on you more than any Government could.
Do you think I care about which toothpaste ad they show me?
If I use Crest, do I want to see Crest ads or would I be more inclined to click on an ad for Colgate?
And yes, Google knows what toothpaste you use, what shampoo, and what newspapers you read. They can predict what you will do next because of all of the data they have captured.
Is this evil?
I know that if the CIA or NSA or CGHQ did this... everyone here would be screaming bloody murder.
Actually Google doesn't know which Toothpaste I use or which shampoo I have use be I have never bought neither online or ever search for either online.
An for both I just buy which ever one cheapest. That goes for countless other things. Sainsbury probably know more about my shopping habits than Google does.
This is the browser that when running on linux REQUIRES a suid root process to be running even when the user is non priviledged , right? Oh, but thats the sandbox blah blah blah security blah blah. Puh-lease. So this process is 100% guaranteed exploit free is it? Yeah. Right. Its a feckin *browser* running as root when it doesn't need to. Hence until Google stop this foolishness Chrome is going nowhere near my systems and moreover they're standing in a greenhouse throwing large boulders when they accuse others of messing up chrome "security".
I remember when Open Source was a community of people helping each other and it was about sharing all your innovations and helping others improve their code as well. Well, I suppose aggressively grilling your rivals in public might help them improve in a Darwinian dog-eat-dog sort of way. But it's not what I had in mind.
Perhaps. But someone creating an Open Source version of Chrome is a unique threat in a way that Firefox aren't. Whitehat aren't just trying to do this as a solo project. They're trying to re-ignite a community effort on this and get it going as a successful Open Source project. It is never preferable to fight a war on two fronts rather than just one, so Firefox are undoubtedly their big rival, but don't downplay motivations against Aviator, either.
The only thing I agree with Schuh is the hyperbole from Avaitor "the Web’s most secure and private browser" is a mistake.
But why is it that he nitpicked on branding changes as the "cause" for the in-ability for Avaitor to stay up to date with Chrome's release? Could it not be the other way around? That Google Chrome's source code is so intrincially tied with their branding that it is causing forks (who legitimately should change the branding) issues?
I'm sorry, but anybody who asks a fork to be up-to-date with the original constantly is being unrealistic and obviously never dedicated time on working with OSS fork projects that are still dependent on the original.
"Giving OSS a bad name?" wow. Let's compare the two project's ultimate goals shall we?
Sorry, but while he tries to wrap his blog post up as sounding like "he's trying to be constructive". Overall, his tone of voice just seems like a typical stuck-up, arrogant engineer who is too full of himself and where he works.
At the very least if Aviator keeps at it. They'll eventually get it right. Google on the other hand...
Actually -- in case you're not being sarcastic -- DuckDuckGo is billed as a privacy-respecting "alternative" search engine. Still, it serves sponsored links at the top of every results page, and is a throwback to the bad old days when you had to learn some kind of weird secret language in order to get more precise search results.
I'm trying to give them a fair shot by using them as my default search in SeaMonkey, but I honestly can't see why all the hardcore geeks I know are drooling over it so much.
Google may be evil for sure, but, still... exact phrase search.
That is all.
Apple's service provides things like direct Wikipedia suggestions, links to film trailers, etc. It's for Safari's "smart" autocompleting address bar. These things are on by default even if you select DuckDuckGo. The direct UI allows them to be switched off but it's hardly straightforward in explaining itself. Which doesn't appear to be all that accidental.
So there's clearly a vested interest on Apple's side in serving those autocompletes. I'll bet they're monetising them in exactly the same way Google monetises its entire search engine. But they are, technically, optional.
Google Nexus tablet
Google Android (all up to date)
Google Chrome browser (both full release and the beta)
Google websites such as YouTube
My only role is to provide the fiber optic link to the 'net.
Chrome is crash prone. Crashes several times per evening. Everything reset six ways from Sunday. Crash, crash, crash, crash. P.o.S. Tried Firefox, it's ugly.
The beta even has the silly bug that clicking on the 2nd or 3rd tab (to attempt to open them) will act as if I clicked on that spot of the first tab (hidden link under the 2nd tab's actual tab). Crazy silly bug.
Google's Coder Drones are 2nd rate in my view. Yep, I'm talking about YOU.
"...Chrome is crash prone. Crashes several times per evening. Everything reset six ways from Sunday. Crash, crash, crash, crash. P.o.S. Tried Firefox, it's ugly."
I've been using SeaMonkey ever since the big Sponsored Frames In New Firefox Installs from about a year or two ago and haven't gone back. Runs really solid, and there are SeaMonkey-compatible versions of pretty much all the add-ons I use with Firefox.
It's getting there by means you cannot see so cannot hope to understand.
Our best defence against the unknown is to attack it.
I hate who you hate. Trust me.
Dance for me to prove your self-determination, and you shall be rewarded with blood.
You know, hate and fear is a growth industry.
You can get Firefox ESR, secure it with known extensions and settings, in fact better run it inside a conservatively setup Debian stable in a virtual machine.
On mobile there is a very interesting couple to check: Orbot&Orweb.
By going this way you get mainstream support, help open source and show finger to Google.