Defending Safari – Putting YOUR money where MY mouth is
Last week PayPal issued a warning to all Mac and PC users advising them to steer clear of the Safari web browser when visiting PayPal. Apparently they take issue with the fact that Safari does not have any anti-phishing filters in place to help avoid online scams, nor does it offer support for Extended Validation (EV) certificates, something only Internet Explorer 7 on Windows currently offers.
Who cares?
While on the surface it would seem that PayPal is just looking out for its customers, this story comes across to me more as a press release by PayPal announcing they have all the available security measures in place than that it they are really worried about Safari’s lack of security.
The challenge
I use PayPal all the time running Safari, and I have yet to have my identity stolen. This all seems like lot of good, old-fashioned, publicity-grabbing-Safari-bashing to me, and I am willing to put your money where my mouth is. To that end, and solely in the interest of defending Safari, I have come up with a way to test just how secure PayPal is while running Safari, and it’s really quite brilliant. Here’s the plan… I suggest that each of you faithful, Safari-loving readers (purely as a test), fire up Safari and send me some money via PayPal. It can be any amount you want, but obviously sending me more money proves you have more faith in Safari than sending only a little money. Assuming each of our 12,000 daily readers sends in something, we’ll have a pretty convincing test case to wave in PayPal’s face.
If you believe in Safari, clap your hands
Just click the above button, send me some money (all major credit cards accepted) and if some time in the next 3 months your identity is stolen, let me know. I am willing to bet it won’t be. THAT’S how much I believe in Safari. Join me, and together we can show PayPal who has the best browser in the world! “SAFARI! SAFARI SAFARI!” Say it with me now!
Unfortunately, the button you made is not working correctly. Surly PayPal’s fault and not Safari.
Wow Rob, you actually clicked it?
Ok, well, in that case, FIXED!
-The Doc
$5 sent, I’ll sending you an email if my identity gets stolen in the next few months.
Thanks Rob, your faith in Safari, and Apple in general inspires us all, and I am willing to be even $5 more of your dollars you have nothing to worry about.
🙂
-The Doc
and again why do people want to send you money?
where is your lose if they are stolen?
I don’t think they whole point was to say that if you log onto paypal
with safari you will have your info stolen. but if you get an e-mail
as many have that is a phish that safari will no tell you that it is.
I have used paypal on the major flavors on mac and windows and i seem to be fine.
do you know what phishing is? what does safari’s security model have to do with phishing scams? many people click on emails that take them to nefarious websites that then ask for personal data. it has nothing to do with safari apart from the fact that safari does not block access to these websites as other browsers attempt to do.
You guys need to pay more attention to the tags.
Don’t you guys get the joke? This whole post is a phishing scam! And IE 7 with Extended Validation certificates doesn’t do anything to stop it. So, BFD.
I think the idea is that if you link to a fake PayPal site, it will not show you the funny bar that says it’s real, and you will be deceived. Sending the author of this blog entry money proves nothing, since for his own sake we know he is sending a genuine link.
Of course if he was a nasty Phisher, then the anti-Phishing features might have benefitted you.
For those of you with Macs, or who cannot bear to use Internet Explorer 7 (which I personally sympathize with), download FireFox 3 Beta to see it in action. They have implemented it pretty well, and in general FireFox 3 is way superior to the hideous, Windows-like FireFox 2.
I personally have never been deceived by a Phishing site. I only respond to email from companies when I expect it (i.e. when I have ordered from Amazon, for example).
In the continuous arms race otherwise known as the browser upgrade cycle, I expect that Safari will gain anti-phishing technology in the next month or so. Safari’s long term future is not in doubt.
D
Just for the sake of curiosity, it would be cool to have a status bar for the donations or, as we’d prefer, a Faith-in-Safari-meter bar 🙂
All you people that have no sense of humor… you make me laugh. I love you all.
somehow i get the feeling youre playing mind tricks in order to raise your salary… i’m gonna steal your identity in order to obtain your winnings on this plan of yours
Whilst I’m aware you’re not entirely serious I would have thought a better way to teach PayPal a lesson would be to not use their service. Instead find one that doesn’t take to bashing browsers.
Having said that though I’m on PayPal’s side, Safari should support EV and other measures that will protect consumers.
Firefox 3 has support for EV certificates, and actually has the best UI associated with them. When you visit an EV verified site, Firefox will display the name of the company that owns the site next to the location bar. This makes EV certificates a tiny bit useful, since if you visit a paypal phishing site it will not display “PayPal Inc.”, which a user is likely to pick up on if they are a slight suspicious.
I think EV certificates, though not the solution many companies brag they are for anti-phishing, have value in that you can be guarunteed that a website is owned by a certain company or person before submitting any information to them, whereas regular SSL only tells you that your connection to the website is encrypted, regardless of who’s website it really is.
Firefox 3, though it doesn’t have a release date planned, will likely be released within a month. Check out the beta to see how incredible it is on Mac now too — a lot faster as well!