Sign in with
Sign up | Sign in

Aviator: Hands-On With the Most Secure Web Browser

Aviator: Hands-On With the Most Secure Web Browser
By

Like its namesake, a new Web browser called Aviator aims to fly above the competition by making it easy to have a secure, private online browsing experience.

Developed by Santa Clara, Calif.-based Web security firm WhiteHat Security, Aviator blocks ads and Internet tracking software by default, letting even the tech-illiterate browse the Internet with confidence.

The browser is currently in beta for Mac OS X and can be downloaded from WhiteHat's website. A Windows version will be out around Feb. 17.

MORE: 7 Ways to Lock Down Your Online Privacy

We went hands-on with Aviator to test out its claims, and asked outside experts to weigh in on how the browser works.   

What is Aviator?

Aviator is a Web browser like Google Chrome, Microsoft Internet Explorer or Mozilla Firefox. However, WhiteHat believes that because those browsers make money through relationships with search engines such as Google and Bing, they're not designed to benefit the end user.

"From our perspective, that's kind of anti-consumer," said Robert Hansen, WhiteHat's director of product management. "It doesn't fit with what the consumer actually wants, which is a private browser."

WhiteHat originally developed Aviator as an in-house browser based on Chromium, the open-source underpinnings of Google's Chrome browser. Some websites may identify Aviator as "Chrome" in the permissions settings.

Hansen said Aviator puts the consumer's needs first. Features such as "Do Not Track," private browsing and ad blockers are enabled by default. Similar features can be activated on other browsers, but most users won't know how.

Aviator's developers believe maximizing privacy settings by default gives users a distinct advantage.

"This democratizes security and privacy for the masses," Hansen said.

What does Aviator do?

By stripping away ads and disabling autoplaying of media files, Aviator cuts off two main avenues for malware infection.

Most browsers let media files, such as Adobe Flash Player files, automatically play by default. Click on a YouTube URL, and the video immediately starts playing. Malicious code can also automatically run if you end up on the wrong page.

In Aviator, you have to click to activate every piece of Flash on a Web page. Only the files you permit to run will do so.  

If Web pages viewed with Aviator look sparser than usual, it's because the ads that usually crowd every blank space of a browser window are gone.

Aviator opens by default in Incognito, or private browsing, mode. Your search history will be deleted when you close your browser, and URLs will not autocomplete in the search bar.

MORE: Top 10 Apps for Remembering Your Passwords

Aviator's default search engine is DuckDuckGo, a privacy-focused search engine that does not profile users or collect their IP addresses.

Google and most other search engines create user profiles and use them to tailor search results. This can create a "filter bubble" in which a user sees the same types of links recur, instead of a more diverse selection.

Private browsing, click-to-run and private searching can be implemented in any Web browser, but Aviator has other complex security and privacy features that set it apart.

Tracking software blocked

For example, Aviator blocks tracking software used by online marketing tools such as Google Analytics, Omniture and DoubleClick.

Hansen explained that although most browsers give users the option to send a "Do Not Track" request, many websites do not honor this request.

"We would much prefer to do something called 'Cannot track,'" Hansen said. "Our version is: Just do not allow them to track in the first place. Blow away their tracking pixels. Don't even connect to them in the first place.

"Yes, I'm sure it hurts their business models," he said, referring to ad networks and websites. "But because they haven't given consumers a way to protect themselves, we're giving it to [consumers]."

Furthermore, Aviator blocks HTTP referers, which are hidden messages that tell a website how you reached it. If you are on Site A and you click a link that takes you to Site B, a referer would automatically tell Site B that you came to it from Site A.

MORE: Future Browsers Will Protect You from Spying

Referers contain potentially very serious and private information. Most browsers allow them; Aviator does not.

Additionally, Aviator keeps outsiders from your home network by blocking access to local non-routable IP addresses, such as those belonging to home computers, tablets or printers.  

"Consumers are actually more at risk [from this type of attack] than enterprises, because consumers have low-grade equipment, and the equipment only has default usernames and passwords," Hansen said.

Hansen said some professionals dislike this Aviator feature because it impedes development work — not something the average Internet user has to worry about, but a concern nonetheless.

Should I use Aviator?

Aviator is designed for people who are serious about online security and privacy. But they should be prepared to sacrifice some convenience.

Because Aviator starts in private mode, it won't keep users signed into websites between browser sessions. To make Aviator remember passwords, you'll have to go into the settings and check "Offer to save passwords I enter when in protected/unprotected mode."

For some security researchers, Aviator might not be secure enough.

Nadim Kobeissi, creator of the encrypted instant-messaging service Cryptocat, praised Aviator for using Chromium as its base, but added that the browser is only a first step toward online privacy.

"I'm not sure that’s enough to protect your privacy entirely," Kobeissi said, "but it's an interesting and legitimate step."

Other researchers have criticized Aviator for not being open-source, unlike Chromium.

Open-sourcing the browser software "would make [Aviator] auditable to security researchers, and would allow people to build their own," said a malware researcher based in Bangkok known only as The Grugq.

Bottom line

We liked the way Aviator comes with security and privacy features pre-installed. However, that doesn't mean users can skip the Settings menu; most will probably want to set passwords to autocomplete or to occasionally disable private browsing.

Heavy Google users who want seamless access to the Googleverse may find Aviator obstructive, and might choose to sacrifice some privacy. Overall, though, Aviator is an excellent option for those who value privacy over convenience.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.


Display 15 Comments.
  • 0 Hide
    gugus44 , February 13, 2014 5:07 AM
    Who asked for a new browser?
  • 0 Hide
    Lightbulbie , February 13, 2014 12:18 PM
    Quote:
    Who asked for a new browser?
    Does it matter if someone asked or not? This is for safety against viruses, malware, and infections. A safer web browser for people who know better.
  • 1 Hide
    mitch074 , February 13, 2014 2:37 PM
    @Lightbulbie: the main aim of Aviator is not to protect you against virii and whatever, but to improve in a drastic way your personal protection against sniffers, trackers etc. Which is a good idea. However, Firefox+AdBlock (properly set up)+NoScript+Do Not Track enabled do, AFAIK, provide pretty much the same level of safety, if not better. And, personally, I don't trust a closed source browser - period.
  • -1 Hide
    pazuso , February 14, 2014 8:50 AM
    You and I know this browser is meant for Porn.
  • 0 Hide
    Reuben Edet , March 22, 2014 4:39 PM
    Quote:
    You and I know this browser is meant for Porn.
  • 0 Hide
    Reuben Edet , March 22, 2014 4:57 PM
    Quote:
    You and I know this browser is meant for Porn.
  • 0 Hide
    JimSheba , March 25, 2014 7:32 AM
    @ Mitch074viri is the Latin word for 'men"
  • 0 Hide
    JimSheba , March 25, 2014 7:38 AM
    Quote:
    @Lightbulbie: the main aim of Aviator is not to protect you against virii and whatever, but to improve in a drastic way your personal protection against sniffers, trackers etc. Which is a good idea. However, Firefox+AdBlock (properly set up)+NoScript+Do Not Track enabled do, AFAIK, provide pretty much the same level of safety, if not better. And, personally, I don't trust a closed source browser - period.
  • 0 Hide
    JimSheba , March 25, 2014 7:39 AM
    "viri" or worse "virii" is the latin word for "Men"
  • 0 Hide
    JimSheba , March 25, 2014 7:39 AM
    "viri" or worse "virii" is the latin word for "Men"
  • 0 Hide
    rls4605 , March 27, 2014 3:26 PM
    This browser is very fast, much faster than chrome, firefox, and IE. That is my experience on my win 8.1 laptop and desktop. I like it.
  • 0 Hide
    LAKEEMERALD , April 1, 2014 9:40 PM
    ABSURD THAT FIREFOX IS SOLD OUT TO THE CHINESE HIJACKER LIKE POKKI , AND OPERA SOLD OUT TO MALWARE, AND CHROME IS A GREAT SPYWARE!
  • 0 Hide
    Diffie , April 9, 2014 12:16 PM
    When I attempted to install Aviator, I received a threat warning from Webroot which then immediately removed the software. If Webroot does not trust it, neither do I.
  • 0 Hide
    Diffie , April 9, 2014 12:17 PM
    When I attempted to install Aviator, I received a threat warning from Webroot which then immediately removed the software. If Webroot does not trust it, neither do I.
  • 0 Hide
    solmaker , July 2, 2014 11:57 AM
    Aviator was repeatedly showing up com.whitehatsec.aviator.dmg in Disk Utility. Finally I was able to remove Library/LaunchAgents/com.aviator.agent.plist etc. as described in solmaker posts at https://discussions.apple.com/thread/6337331. As a huge side benefit, my system no longer hangs for a minute on shutdown!
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter