So… the no-cost commercial privacy browser Browzar is adware. Of course it is. That’s how you make money on free things. The real question is why people buy its privacy story.
Browzar says that it prevents information from being left on the computer you used. Independent testers deny this. I don’t have Windows so I can’t verify either claim.
Even if Browzar does what it says, people may be under the impression that it will keep their browsing private. For instance, the BBC says Net browser promises private surf. Browzar promises users total privacy when surfing the web. Not true!
Privacy on the web
Browzar’s underlying assumption is that data on your computer is less private that data off it: by not saving any data, no incriminating evidence is left. This sidesteps the fact that everything you do on the internet is public. The websites you use, and the computers that route your traffic know who you are and could record what you do. By not saving data, the browser has to fetch it more often, actually increasing your chances of being seen on the net.
To strengthen your privacy on the internet you have to:
- Minimize your internet traffic.
- Encrypt your internet traffic.
- Prevent your browser from identifying you to the website you are browsing.
Minimizing your internet traffic means caching things on your home computer, thereby reducing your internet usage.
Encrypting your internet traffic generally means using SSL: use the https prefix instead of the http prefix wherever possible (for instance when reading your mail from gmail).
Preventing the browser from identifying you to the website you are using is nigh impossible because it goes against the way the internet works.
- When you request a page from a website, the website needs to know where your computer is so that it can send the information back to you. This is one way that search engines such as AOL identify all a users’ searches. Anonymous proxies, such as those provided by Tor, can hide your computer behind an effective smokescreen of other computers.
- Your browser requests data from the address it was given. By uniquely tailoring this address to you, you can be identified: For instance web bugs in an email, if downloaded, can tell a webserver that your read that email. “Phishing detection” tries to address this by telling you whether the phishing-detector’s author trusts the website.
- Browsers pass sideband information to the website in what are called headers. These include what you typed into forms, cookies, the last page you were on, and so on. Because this information is not shown to users, many websites leak private data here. Privoxy strips this information out at the cost of requiring user tinkering
- Furthermore every plugin including Java run by your browser implements whatever security it feels fit. For instance, Flash can be told to save information on your computer, emulating cookie behavior even if you turned cookies off. Legitimate uses include Pandora which uses this to track which songs you’ve listened to. However a bugs in any common plugin could be used to read your personal files on your harddrive
Given these hurdles, it’s best to think of everything you do on the internet as being public.
Network tools shows you what your browser is leaking. To learn more, go to Shields Up.
Privacy at home
It is not socially acceptable to read someone else’s diary, but for some odd reason, it’s OK to use someone else’s webbrowser. A partial solution is provided by Safari’s “Private Browsing” mode, but it increases one’s internet traffic. A better solution might be to provide quick switching between different private browsing sessions. The key would be to make the switching painless.
What can we learn from Browzar?
- The media didn’t fact check this story. Even the BBC seems to have just published Browzar’s press release.
- Browzar’s story is a purple cow. It took off like wildfire because people really want the easy-to-use privacy they promised.
- If something commercial is free, it’s because it was worthwhile for someone to pay to get your attention for their own benefit.
- The internet is self-correcting to those in the know, but let’s hope that noone gets into trouble.