WhiteHat Aviator Browser

01
of 08

WhiteHat Aviator

whitehat aviator
(Image © Scott Orgera).

WhiteHat Security made the decision in January of 2015 to make the Aviator browser an open source project, discontinuing official updates and support. The code base for Aviator can now be found in a public GitHub repository. Because of this change in direction, we no longer recommend using this browser as it cannot be considered a secure option.

You may be interested in Tor Browser as an alternative.

WhiteHat Aviator is a customized browser built on top of Chromium, the open source core also utilized by Google Chrome. The company originally claimed that the browser's original purpose was to be used internally by its employees. Make no mistake, many of today's mainstream browsers do provide a significant level of security; powered even further when integrated with various extensions intended to protect you and your data. However, not feeling totally comfortable with the safeguards the popular options presented, WhiteHat took matters into their own hands and developed Aviator.

While the look and feel may seem very familiar to Chrome users, it's the under the hood differences that makes WhiteHat Aviator attractive from a safety standpoint. This article walks you through the main distinctions between Aviator -- available for both Windows and Mac OS X platforms -- and many of today's mainstream browsers from a security perspective, providing examples of each as well as how to modify their related settings where applicable.

02
of 08

User Intervention Required to Execute Plug-Ins

browser plug-ins
(Image © Scott Orgera).

Plug-ins play an integral role in the browsing experience, allowing the browser to display popular file types such as PDF and process Java and Flash content -- among others. While a necessity to achieve the desired behavior in certain situations, plug-ins have routinely been a weak spot when it comes to being exploited by malware. They can also be utilized for tracking purposes. Because of this, Aviator takes a very aggressive stance when it comes to these necessary but risky browser components by blocking them all by default. Each time a website attempts to execute a plug-in, a notification such as the one shown in the screen shot above will be displayed. If you'd like to allow that plug-in to run, simply click on the notification.

You can also add individual websites to Aviator's whitelist, ensuring that its plug-ins will run without the need for user intervention. The browser also provides the ability to disable individual plug-ins, such as Flash, altogether. To access Aviator's plug-in settings, take the following steps. First click on the Aviator menu button, located in the upper right hand corner of the main browser window and represented by three horizontal lines. When the drop-down menu appears, click on the option labeled Settings. Aviator's Settings should now be displayed in a new tab. At the bottom of this screen, click on the Show advanced settings... link. Next, scroll down until you've located the Privacy section and click on the button labeled Content settings... Aviator's Content settings interface should now be displayed. Scroll down until you locate the Plug-ins section, which contains the configurable options described above.

03
of 08

Protected Mode

protected mode
(Image © Scott Orgera).

Enabled by default and signified by a green and white PROTECTED graphic displayed towards the far right hand side of the browser's address bar, Protected Mode is similar in many ways to Incognito Mode in Chrome, Private Browsing in Firefox and InPrivate Browsing in Internet Explorer. Where Aviator differs in this area, however, is that Protected Mode is automatically activated when the application is launched. In most other browsers the user needs to manually toggle on this functionality.

While surfing the Web in Protected Mode, any private data stored by the browser on your local hard drive is immediately wiped out each time Aviator is restarted. This includes your browsing history, cache, cookies, autofill information such as name and address, as well as other potentially sensitive data components. Having these items removed from your device without any manual user intervention needed is a welcome convenience for those users concerned about privacy and security, whether it be from prying eyes on the physical computer itself or malware designed to exploit saved login credentials or other autofill information.

Unprotected Mode

As mentioned above, Protected Mode is enabled by default. Be that as it may, there are times where you may want these private data components to be stored locally as each one does in fact serve a purpose and can enhance your browsing experience in future sessions. To launch an unprotected browsing session first click on the Aviator menu button, found in the upper right hand corner and represented by three horizontal lines. When the drop-down menu appears, select the option labeled New Unprotected window. You can also choose to utilize the following keyboard shortcut in lieu of this menu option: CTRL+SHIFT+U

A new Aviator window should now be displayed. You will notice that the PROTECTED image has now been replaced with a red and white NOT PROTECTED label. Browsing history, cache, cookies, autofill information, and other private data stored by the browser on your local hard drive during this session will not be deleted upon restart. You can, however, manually remove these data components yourself by taking the following path: Aviator Menu -> Tools -> Clear browsing data...

Please note that you should never utilize Unprotected Mode when browsing the Web on a shared or public computer.

04
of 08

Connection Control

connection control
(Image © Scott Orgera).

A plausible security threat that is taken seriously by network administrators but often ignored by the general online public is Intranet hacking via the Web browser. If your security settings are lax in this particular area, a malicious website could conceivably utilize the browser to connect to IP addresses other than your own within your internal network. If the network configuration itself is not airtight against such behavior, the possibility of exploitation becomes a reality.

Aviator's Connection Control functionality blocks all sites, by default, from accessing any IP addresses on your Intranet. On occasion you may need to permit this type of internal passage, making the browser's blanket restrictions less than ideal. If you find yourself in this situation, Connection Control allows you to edit its existing rules or create your own custom regulations. Aviator even provides the ability to load these blocked URLs in the external browser of your choice, as evidenced in the screenshot above.

To access the Connection Control interface, first click on the Aviator menu button -- located in the upper right hand corner of the main browser window and represented by three horizontal lines. When the drop-down menu appears, click on the option labeled Settings. Aviator's Settings should now be displayed in a new tab. At the bottom of this screen, click on the Show advanced settings... link. Next, scroll down until you've located the Network section and click on the Connection Control button.

05
of 08

The Disconnect Extension

disconnect extension
(Image © Scott Orgera).

Highly lauded by tech-savvy media and everyday users alike and bundled with Aviator, the Disconnect extension proactively scours the Web searching for websites that silently track your Internet activity -- stifling their tracking requests at the browser level. Each time a request is detected and blocked (or allowed if whitelisted), it is then categorized and shown in a convenient pop-out window; accessible via the Disconnect button found to the right of Aviator's address bar and shown in the screen shot above. This window not only allows you to view these requests as they are made but also provides the ability to add/remove individual sites from the extension's whitelist.

In addition to blocking a significant number of tracking requests, Disconnect also claims to load Web pages over 25% faster by eliminating the bandwidth used by these requests.

06
of 08

Sending Data to Google

google web services
(Image © Scott Orgera).

As touched upon in the introduction to this article, Aviator was built on top of the same browser core as Google Chrome. One of the more popular feature sets in Chrome revolve around its integrated Web services and prediction services, functionality intended to improve your overall browsing session in a number of ways. Some of these include automatically completing your keyword search entries and suggesting alternative websites when the one you've attempted to reach is unavailable.

In order for these services to function as expected, certain data including some of your browsing history and online behavior needs to be sent to Google's servers. Although the chances that Google is using this data in an underhanded way are extremely slim, Aviator's creators prefer to disable these features by default -- as opposed to vice versa -- in an effort to protect your privacy. To enable them at any point, take the following steps. First click on the Aviator menu button, located in the upper right hand corner of the main browser window and represented by three horizontal lines. When the drop-down menu appears, click on the option labeled Settings. Aviator's Settings should now be displayed in a new tab. At the bottom of this screen, click on the Show advanced settings... link. Next, scroll down until you've located the Privacy section. The first two options in this section, accompanied by checkboxes, are labeled Use a web service and Use a prediction service. To enable one or both of these services, simply place a mark next to each by clicking on its empty checkbox.

There is also additional data that Google Chrome, as well as some other browsers built on top of the Chromium core, send to Google by default. This includes tracking statistics along with user-specific data for those who choose to utilize Chrome's sync functionality across multiple devices. As a precaution, Aviator excludes the ability to log in to your Google account and stops any tracking traffic data from being transmitted to external servers. Once again, these particular settings are in step with WhiteHat's privacy ideology as opposed to protecting you from anything malicious as is the intention of some of its other features.

07
of 08

Referer Leaks

referer leaks
(Image © Scott Orgera).

When you click a link to an external website, the HTTP referer passes header data to the destination server which can contain the URL of the Web page that you came from, the search engine terms used to find the link in the first place, your IP address, as well as other information that you may not wish to share. Commonly named referer leaks, the transfer of this information to domains other than the one you are currently viewing is automatically blocked by Aviator -- which only sends HTTP referer information to other pages within the same domain. This behavior cannot be modified.

08
of 08

Other Privacy and Security Settings

duckduckgo
(Image © Scott Orgera).

Up to this point we've detailed a number of privacy and security-centric features that WhiteHat Aviator offers. While this article does not cover the entire scope of the browser it does discuss its main selling points, so to speak. Below are just a few more settings meant to ensure a safe and secure browsing experience.

Third-Party Cookies

Third-party cookies, traditionally utilized by advertisers, can track your online behavior and later utilize that data for the purposes of marketing and other internal analysis. Most browsers provide the ability to stop websites from dropping these cookies on your hard drive if you so choose. Aviator, however, blocks all third-party cookies by default. If you wish to enable these cookies on some or all websites, take the following steps.

First click on the Aviator menu button, located in the upper right hand corner of the main browser window and represented by three horizontal lines. When the drop-down menu appears, click on the option labeled Settings. Aviator's Settings should now be displayed in a new tab. At the bottom of this screen, click on the Show advanced settings... link. Next, scroll down until you've located the Privacy section and click on the button labeled Content settings. Aviator's Content settings interface should now be displayed. Locate the Cookies section, which contains various settings related to both first and third-party cookie behavior within the browser.

Default Search Engine

When developing Aviator, it appears that WhiteHat considered even the smallest of details when it came to privacy. The browser's default search engine was no exception. Rather than go with Google or one of its mainstream competitors like Bing or Yahoo, they decided on the lesser known DuckDuckGo for its community-driven engine centered around less advertising and -- perhaps more importantly -- lack of tracking behavior.

To change Aviator's default search engine to Google or another option that you are more familiar with, take the following steps. First click on the Aviator menu button, located in the upper right hand corner of the main browser window and represented by three horizontal lines. When the drop-down menu appears, click on the option labeled Settings. Aviator's Settings should now be displayed in a new tab. Locate the Search section and click on the button labeled Manage search engines...

Do Not Track

Speaking of tracking... Do Not Track technology, spurred by an increase in third-party monitoring and the accompanying uproar from the online community, allows Web surfers to opt-out from being recorded. Unfortunately, websites are not required to honor this setting, leaving open the possibility that your actions can still be tracked even if you choose to opt-in. A respectable number of sites, however, do observe the Do Not Track header tag, making it worthwhile to enable it if privacy is a concern.

Aviator enables the Do Not Track setting by default. If you would like to disable it, take the following steps. First click on the Aviator menu button, located in the upper right hand corner of the main browser window and represented by three horizontal lines. When the drop-down menu appears, click on the option labeled Settings. Aviator's Settings should now be displayed in a new tab. At the bottom of this screen, click on the Show advanced settings... link. Next, scroll down until you've located the Privacy section. Finally, remove the check mark accompanying the Send a "Do Not Track" request with your browsing traffic option by clicking on it once.