Security
Headlines
HeadlinesLatestCVEs

Headline

Vivaldi browser founder Jon von Tetzchner puts privacy at the center of development

A man for all four seasons

PortSwigger
#vulnerability#web#android#git#chrome

A man for all four seasons

INTERVIEW Jon von Tetzchner has launched not one, but two web browser companies in his career.

Today, he is CEO of Vivaldi Technologies, the business behind the Vivaldi browser, which launched in 2016.

Before that, von Tetzchner co-founded Opera Software, to develop and market browser technology originally developed by Telenor, the Norwegian state telecoms firm.

Catch up on the latest browser security news and analysis

With Vivaldi, von Tetzchner has developed a browser that’s optimized for privacy and security. The intention is to keep Vivaldi free of charge, and the company employee-owned.

A night at the Opera

In addition, Vivaldi will continue to serve the needs of more technical users.

“I’ve been doing browsers as long as I have been alive, more or less,” von Tetzchner told The Daily Swig. “I started doing browsers in 1994. This is my second browser company… After I left Opera, Opera went in the same direction as all the other browsers.”

The software developer continued: “Browsers are competing, mostly on how good their distribution is. We think that there is a need for a browser that has a different approach and different thinking.”

Jon von Tetzchner, CEO of Vivaldi Technologies

Taking back control

Part of Vivaldi’s mission, according to von Tetzchner, is to give users more control over their browsing experience.

“You’re spending so much time in front of your browser. It’s the most used tool in the world. If you’re going to be using a browser, isn’t it great to have a browser that actually takes into consideration your needs as a user and not just some random, median person?”

The technologist describes the browser as a “cross-platform application platform”.

“What we have is the ability to write applications that will run anywhere, and you can run almost everything in the browser,” von Tetzchner explains. “Most of the time, when you are running applications now, it is really in the browser. It’s using web technologies, just in a separate window.”

Big browser is watching you

The trusted status of browsers as a platform through which multiple applications run raises critical questions around security, and privacy. Von Tetzchner stresses that Vivaldi is not in the business of collecting personal information. But data collection and tracking on the web, including for advertising, is a real issue.

“I don’t think from a security perspective, you can ignore the fact that our data has been collected in the ways that it is, and I think it’s a massive security problem,” he said. “And we are seeing the consequences of that on a daily basis.”

YOU MIGHT LIKE What does the future hold for browser security? Check out the latest features destined for mobile and desktop

“Most people don’t realise the quantity of the data and the kind of data that is being collected,” von Tetzchner added. “It is whatever you do on the web, and it’s not just the pages that you view. It is the links that you click, how long you watch, what you hover on, where you stay on the page. There’s a lot of details that I don’t think people realise.”

Von Tetzchner adds: “And then there’s the location information, including Bluetooth beacon technologies, which will track [you] inside buildings. Worst of all, is the collection of that information into a single profile. It’s definitely a ‘1984’ kind of situation.”

The Vivaldi co-founder says this data collection leads to internet users being targeted, be it for their political beliefs, what they read, or their tastes in music. “The privacy side is a massive security problem and it’s being used in the worst-case scenario, for warfare,” he warns.

On the wrong track

Ultimately, von Tetzchner would like to see user profiling banned.

He concedes that there are legitimate reasons to collect user data: traffic information, or health data, as long as it is used only for that purpose. But going beyond that, and profiling users, is not justified.

“The fact that the data exists, doesn’t give the company the right to misuse it,” von Tetzchner argues. “You would not expect your mailman to read your mail, you wouldn’t expect your telco to listen to your calls and you wouldn’t expect the carpenter to make an inventory of your furniture. So, it’s just a question of what’s reasonable.”

Read more of the latest browser security news

Von Tetzchner raises concerns about spyware, and objects to technologies that track users between sites. He believes that most internet users accept “normal ads”, not those that follow the viewer online. The browser pioneer feels these encourage business models that “invent news or copy news”, rather than rewarding those who create original content. And tracking is pushing internet users towards ad blockers.

“In a way going back to the model that we had before [trackers] would be better for all… I think a lot of people wouldn’t mind seeing ads, but I think they’re being scared with the level of tracking that’s happening.”

This has prompted Vivaldi to give its users more control over the types of data that they share, in contrast to most other browser companies.

Chromium codebase

When it comes to securing the browser application itself, von Tetzchner views Vivaldi’s place as within the Chromium ecosystem.

Vivaldi is based on Chromium code, with security issues and fixes mostly contained within the Chromium ecosystem.

“We do changes to that code,” von Tetzchner says. “A lot of that is related to privacy, [for example] not calling home as much and stuff like that. But overall, there’s a multitude of companies using the same code base, all trying to keep it safe.”

YOU MAY ALSO LIKE Chromium browsers vulnerable to dangling markup injection

Most of Vivaldi’s user interface (UI) technology is web based, especially for the desktop clients.

But, if there are code changes for security, or other reasons, then the firm releases them back into the Chromium community as open source software.

Users, though, whether individual or in corporations, need to look after their own security, ensuring that operating systems and other tools are up to date.

“If you think about it, we’ve had massive hacks… the reality [is] the wealth of information in these [online] platforms is huge. It shouldn’t be accessible in any way. And it shouldn’t be collected in this way.

“There’s really bad things that can happen with people hacking all kinds of devices, particularly as we are moving forward with the internet of things, with proprietary solutions, quite often with hardware which is great, with software that is not. Maybe running outdated operating systems and the like. I do think that is a security issue. All devices that you’re able to connect to are hackable. And again, if they’re, in addition, collecting information that makes it even worse.”

It is for users to guard against vulnerabilities.

“It is basic things like making sure that everything that you’re running is running updated software. Obviously, running a browser that doesn’t spy on you is a good idea as well,” von Tetzchner advises.

“Be careful where you go. Don’t go to stupid sites. Don’t give your information to random people. Use the password manager so you don’t use the same passwords everywhere.

“Use a mail client. The reality is, if you’re using webmail quite often it will show you the HTML mail. Is it enabling tracking? People don’t think about that. [It] may be just by reading an email you’re giving [up] information. And that obviously shouldn’t be that way.”

Vroom, Vroom

Over recent years, Vivaldi has added a mail client, calendar and feeds to its product suite.

But von Tetzchner does not see that as the limit. The company recently ported their browser to run on the Polestar range of electric cars.

“This is Android automotive, and there’s a lot of manufacturers that are going in that direction,” he explains. “And as part of that package, there is no browser. So, we saw an opportunity to go in there. I mean, what’s the point of having internet in your car if you can’t do anything with it?”

This, von Tetzchner says, is the other part of Vivaldi’s mission: “delivering the browser as widely as possible”.

“It’s like working on a real computer,” von Tetzchner said. “If I’m doing serious work, I like to have a keyboard and now I have a keyboard in my glove compartment. I can get real work done, if necessary, even if I don’t have my computer.”

Whether opening up browsers to the automotive world brings more security and privacy concerns, remains to be seen.

RELATED Cloudflare CTO John Graham-Cumming envisages a frictionless future for website Turing tests

PortSwigger: Latest News

We’re going teetotal: It’s goodbye to The Daily Swig