Aviator: Hands-On With the Most Secure Web Browser

Like its namesake, a new Web browser called Aviator aims to fly above the competition by making it easy to have a secure, private online browsing experience.

Developed by Santa Clara, Calif.-based Web security firm WhiteHat Security, Aviator blocks ads and Internet tracking software by default, letting even the tech-illiterate browse the Internet with confidence.

The browser is currently in beta for Mac OS X and can be downloaded from WhiteHat's website. A Windows version will be out around Feb. 17.

MORE: 7 Ways to Lock Down Your Online Privacy

We went hands-on with Aviator to test out its claims, and asked outside experts to weigh in on how the browser works.   

What is Aviator?

Aviator is a Web browser like Google Chrome, Microsoft Internet Explorer or Mozilla Firefox. However, WhiteHat believes that because those browsers make money through relationships with search engines such as Google and Bing, they're not designed to benefit the end user.

"From our perspective, that's kind of anti-consumer," said Robert Hansen, WhiteHat's director of product management. "It doesn't fit with what the consumer actually wants, which is a private browser."

WhiteHat originally developed Aviator as an in-house browser based on Chromium, the open-source underpinnings of Google's Chrome browser. Some websites may identify Aviator as "Chrome" in the permissions settings.

Hansen said Aviator puts the consumer's needs first. Features such as "Do Not Track," private browsing and ad blockers are enabled by default. Similar features can be activated on other browsers, but most users won't know how.

Aviator's developers believe maximizing privacy settings by default gives users a distinct advantage.

"This democratizes security and privacy for the masses," Hansen said.

What does Aviator do?

By stripping away ads and disabling autoplaying of media files, Aviator cuts off two main avenues for malware infection.

Most browsers let media files, such as Adobe Flash Player files, automatically play by default. Click on a YouTube URL, and the video immediately starts playing. Malicious code can also automatically run if you end up on the wrong page.

In Aviator, you have to click to activate every piece of Flash on a Web page. Only the files you permit to run will do so.  

If Web pages viewed with Aviator look sparser than usual, it's because the ads that usually crowd every blank space of a browser window are gone.

Aviator opens by default in Incognito, or private browsing, mode. Your search history will be deleted when you close your browser, and URLs will not autocomplete in the search bar.

MORE: Top 10 Apps for Remembering Your Passwords

Aviator's default search engine is DuckDuckGo, a privacy-focused search engine that does not profile users or collect their IP addresses.

Google and most other search engines create user profiles and use them to tailor search results. This can create a "filter bubble" in which a user sees the same types of links recur, instead of a more diverse selection.

Private browsing, click-to-run and private searching can be implemented in any Web browser, but Aviator has other complex security and privacy features that set it apart.

Tracking software blocked

For example, Aviator blocks tracking software used by online marketing tools such as Google Analytics, Omniture and DoubleClick.

Hansen explained that although most browsers give users the option to send a "Do Not Track" request, many websites do not honor this request.

"We would much prefer to do something called 'Cannot track,'" Hansen said. "Our version is: Just do not allow them to track in the first place. Blow away their tracking pixels. Don't even connect to them in the first place.

"Yes, I'm sure it hurts their business models," he said, referring to ad networks and websites. "But because they haven't given consumers a way to protect themselves, we're giving it to [consumers]."

Furthermore, Aviator blocks HTTP referers, which are hidden messages that tell a website how you reached it. If you are on Site A and you click a link that takes you to Site B, a referer would automatically tell Site B that you came to it from Site A.

MORE: Future Browsers Will Protect You from Spying

Referers contain potentially very serious and private information. Most browsers allow them; Aviator does not.

Additionally, Aviator keeps outsiders from your home network by blocking access to local non-routable IP addresses, such as those belonging to home computers, tablets or printers.  

"Consumers are actually more at risk [from this type of attack] than enterprises, because consumers have low-grade equipment, and the equipment only has default usernames and passwords," Hansen said.

Hansen said some professionals dislike this Aviator feature because it impedes development work — not something the average Internet user has to worry about, but a concern nonetheless.

Should I use Aviator?

Aviator is designed for people who are serious about online security and privacy. But they should be prepared to sacrifice some convenience.

Because Aviator starts in private mode, it won't keep users signed into websites between browser sessions. To make Aviator remember passwords, you'll have to go into the settings and check "Offer to save passwords I enter when in protected/unprotected mode."

For some security researchers, Aviator might not be secure enough.

Nadim Kobeissi, creator of the encrypted instant-messaging service Cryptocat, praised Aviator for using Chromium as its base, but added that the browser is only a first step toward online privacy.

"I'm not sure that’s enough to protect your privacy entirely," Kobeissi said, "but it's an interesting and legitimate step."

Other researchers have criticized Aviator for not being open-source, unlike Chromium.

Open-sourcing the browser software "would make [Aviator] auditable to security researchers, and would allow people to build their own," said a malware researcher based in Bangkok known only as The Grugq.

Bottom line

We liked the way Aviator comes with security and privacy features pre-installed. However, that doesn't mean users can skip the Settings menu; most will probably want to set passwords to autocomplete or to occasionally disable private browsing.

Heavy Google users who want seamless access to the Googleverse may find Aviator obstructive, and might choose to sacrifice some privacy. Overall, though, Aviator is an excellent option for those who value privacy over convenience.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects.