Browzar is ++ungood (and peek into future)

The latest entrant to the crowded Internet browser market is the appropriately named Browzar, a tool designed to protect users' privacy by not retaining details of the Web sites they've searched. Most Web browsers automatically save users' searches in Internet caches and histories. Users have the option of deleting the history folder and emptying the Internet cache, but many people either don't know how to do that or tend not to, leaving a trail of where they've been online in the browser.
...
Browzar is the brainchild of Ajaz Ahmed, the man behind Freeserve, the first U.K. Internet service provider (ISP) to offer free Internet access to customers in the late 1990s. He sold Freeserve -- which quickly became the U.K.'s largest ISP -- to France Télécom SA's Wanadoo operation in 2001 for $3 billion.

A Web browser built to truly protect a user's privacy would be a hot commodity these days as people fret over falling victim to user-profiling and AOLesque data spills. Thus it's no surprise that the birth of Browzar generated so much excitement, in that it was hyped as just the kind of Web browser privacy-conscious users were craving. However, some pundits, myself included, may have gotten a leetle overexcited, thus creating a misleading impression of what Browzar is and can do.
...
The most Browzar seems to do insofar as masking your comings and goings to the outside world is ... it eats your cookies. The point, though, is that Browzar won't stop ISPs and search engines from compiling your personal information and search history ... [but] Ajaz Ahmed, the main man behind Browzar, did invoke AOL's notorious data-spill when pimping Browzar ... That's misleading in the context of what his product actually does, no? Like saying "Hurricanes are a big concern in the wake of Katrinas, so try out this umbrella I'm selling."

The joke here is that Browzar is a wrapper around Internet Explorer ... I fired it up and visited the naughtiest site I could think of, Pl*yboy, while running Filemon ... Then I closed the browser...You can see here that it deleted a bunch of cookies and such, trying to clean up. However, while it deleted the cookies, it didn't delete the page itself ... later, I find the file in my IE Cache ... So, Browzar, at least this version, is totally not doing what it says it does.

A 45 minutes analysis showed that Browzar™ does not securely destroy the history, cookies, nor other kind of medias downloaded with it. Indeed, those files are fully recoverable ... Browzar™ offers a false sense of privacy and security, and should only be used to hide traces from unknowledgeable people.
...
[It] does not completely protect your privacy ... inherits any problems Internet Explorer might have ... permits access to anyone that wants to restore your history, cookies or temporary internet files from the dark corners of your disk ...doesn't take care of securely deleting history, cookies or any other temporary internet files ... doesn't take care of making the file names unsignificant ... is not ready to be deployed on public computers.

The story was widely circulated, including writeups on BBC, CNET, Slashdot and Digg, among others. We even wrote about it on TechCrunch UK ... None of the publications above did enough research into the product to realize that not only is Browzar not really an interesting product from a security point of view, but that the “browser” is going to great lengths to force users to click on Overture ads by constantly redirecting them to search ad pages served by Browzar itself.
...
Browzar appears to be nothing but a simple shell to IE which forces Overture ads on its own users. The creators didn’t write a cache or history function, calling this a feature, and users are unable to change the search function or home page to anything other than Browzar ad results. Furthermore, some users are complaining that URL auto-complete is not working properly and also redirects to the Browzar home page, with ads, when it shouldn’t.
...
Make sure you know what it is you are downloading before you pull the trigger.

After looking at it closer, I found out that it’s not a browser at all, and moreover, this software thrusts search via it’s own PPC-SE full of ads on user.
...
After starting, Browzar shows its’ homepage, and these settings cannot be changed. Homepage offers to “Search the Web…”, but gives weird results from weird SE. I input “del.icio.us” and got ... Really odd results, “Delicious at Amazon.co.uk“, “Find Delicious on eBay“…
Attention to status bar!!! You’ll see links to… www6.overture.com. Overture is well-known PayPerClick-SE! It’s no wonder that search field on browser toolbar operates via Overture too.

It doesn't suprise me, the guy behind it started Freeserve, which was another rubbish company. Also AKQA, although I always thought they were an okay agency. Mind you, I think his greatest skill is marketing vapour.

• Richi Jennings: New Spammer Tactic: Blipverts
• BeyondVC: Google and enterprise SAAS
• Parmeshwar: Basic questions for Security Code Review
• Michael Santo: CA Antivirus Software IDs Windows Component as Malware
• Ars Technica: EA's Madden 2007 sells briskly, but are games gaining on movies?
• Tom Olzak: Desperation doesn't justify bad security.
• Techdirt: Google Takes On ESP Game, But Needs Some Marketing Help

• Jerri Ledford: Identity protection for devices
• Robert L. Mitchell: Keep your paws off my NonStop
• Martin MC Brown: T1000 in more detail
• Preston Gralla: Terminator turns into Girly Man over Wi-Fi bill
• Shark Tank: Why we love marketing
• Douglas Schweitzer: When it comes to security, who helps the little guy?

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.