I think the key word there is 'every day person', which for most non-technical people means that they trust someone has looked after the problem, and may actually feel safer by paying someone to do so.
Oh there's no problem paying somebody to do a job. But somehow you'll need to be able to check that the job is done. Or at least read the opinion of somebody who has no stake in the matter to attest to the job being done.
So "the job" here involving making a browser not do things, which you can't see. How often pray tell do you pay somebody to perform a job you can't verify the outcome of, but take him by his word that he did it?
If I got an email from george@avoid416scam.com claiming to protect my bank account from 416 scams for free if I give him access to my bank account, I'd be suspicious.
Instead I got a website from whitehatsec.com claiming to provide me a more secure web browser for free, claiming it's perfectly safe to put in my bank account info into it.
Won't touch it with a barge pole. My spidey sense is tingling for one reason or another.
"And yet not a single browser vendor offers ad blocking, instead relying on optional third-party plugins, because this breaks their business model and how they make money.".
I'm actually happy when browsers keep their core features as lean as possible and instead do the work that enable plugin creators to create functionality. More true for ad-blocking, where you want the plugin to be updated more often than the browser itself (e.g., for newer lists, new techniques for detecting ads).
Adblock plugins slurp down new lists without updating the plugin code itself. Newer techniques, sure, but I don't think ABP's release cycle is substantially faster than Firefox's.
" As the adage goes, “If you’re not paying for something, you’re not the customer; you’re the product being sold.” Browsers are no different,
...
WhiteHat Security has no interest or stake in the online advertising industry, so we can offer a browser free of ulterior motives. What you see is what you get. We aren’t interested in tracking you or your browsing history, or in letting anyone else have that information either."
I hope they're more careful with their software design and monetization plan than they were with that announcement. And at some point they should probably address that it's still an advertisement–for their services.
Never heard of this company before, not sure what to think of their blog post announcing the availability of this browser. If I'm not mistaken, one can pretty much configure any browser to do what they have identified done in their browser, unless there's more.
"Closed Source: Check
Potential GPL license violation: Check
Random “whitehate” company using wordpress to host website: Check.
Maybe it’s just me, but unless I see the source, I wouldn’t touch this with even a virtual machine."
I wonder how diligently updates will be handled. Do the authors have access to all the restricted/confidential security chromium bug reports, and will they be able to push out updated binaries the same second chrome does? Otherwise this could quickly end up leaving users visibly exposed to otherwise-well-known future vulns.
Later: Answer: Yes. https://twitter.com/jeremiahg/status/392335814048247808