PayPal says it won't block Safari
There's been some talk about PayPal blocking Safari from using its services, and I'm among those concerned about it... even if only from a convenience standpoint. Originally the news was gleaned from statements by PayPal Chief Information Security Officer Michael Barrett regarding browsers without phishing protection -- which most assumed included our beloved Webkit-based compass. But in a brief addendum to a post at the Wall Street Journal last week it was reported that -- while Paypal will be blocking older browsers (IE4-era) and older operating systems -- Safari is safe from the cut.
I'm relieved, at least from the previously mentioned convenience standpoint. I prefer Safari as my surfing browser1 and I frequently use PayPal. It's too bad that there are still a good number of sites that, while not blocking Safari, just plain don't work with it yet. Add to that some of the great plugins available for Flock/Firefox and you'll almost always find me with multiple browsers open. In much the way that the iPhone is preventing Gargoylism* by consolidating peripherals, I'm hoping for a day when I open just one browser in the morning. I'm getting a little teary-eyed thinking about it.
1Since I know it will be bandied about in the comments, I'd like to offer these reasons for preferring Safari: It's faster (in general). It's more elegant (or prettier, either way it's subjective). It's AppleScriptable (which I make daily use of). And it's more elegant (redundant, but worth mentioning again).
Share
Categories
There's been some talk about PayPal blocking Safari from using its services, and I'm among those concerned about it... even if only from a...
Add a Comment
The idea of using a browser that makes me hit apple-shift-curlybrace to go the next tab is ludicrous. Who does that? How about a little control tab action, safari? (And I tried changing the hotkey in system prefs, but it won't let you do control tab there either. Just goes 'ding'.)
April 22 2008 at 12:05 PM Report abuse Permalink rate up rate down ReplySafaristand: enable tab switching with comma and period :).
April 22 2008 at 1:31 PM Report abuse Permalink rate up rate down Replyi Personally would never do a transaction with a site I have never dealt with on my iPhone/iPod Touch. Why? for the simple fact that i do not know anything about it. If I know a site then I wouldn't have a problem because I already have experience.
http://hacktheiphoneitouch.blogspot.com/
I want to use Safari. I like the Services menu, its use of Keychain, and its integration in syncing bookmarks with my iPhone. However, uploading files through an HTTP POST form fails consistently for me and that's something I use a lot.
Firefox 3b5 is pretty nice. It seems faster for the sites I visit, and the address bar is incredibly smart when you begin typing a URL. I do miss Safari though; there's an inexplicable elegance to it (in OS X, the Windows version sucks pretty bad). Hopefully the quirks that bother me with it will be fixed soon.
A bit late in the day, but I wondered who's responsible for the security of Safari?
Is it Apple of Webkit? I get the feeling it's Apple, and kind of hope that they'll realise it's a problem now it's all been through the news and do something about it...
WebKit is the rendering engine Safari uses.
WebKit is open source, and Apple employees aren't the only ones working on WebKit. If someone else whose product uses WebKit finds a bug in the code that's a potential security problem, then he could submit a patch, too.
I don't know exactly who has or hasn't got commit access and how far that's controlled by Apple.
AFAIK, much else apart from the rendering engine that's used in Safari is closed source and specific to Apple. So only Apple employees will be concerned with that code.
Paypal's gripe with Safari, as I understand it, is that Safari does not support "Extended Validation". (You could look that up at Wikipedia, if you wanted to know more.) It's basically a scheme where a website will pay a helluva lot more for a special SSL certificate. There's more extensive vetting, and anyway, an EV SSL certificate costs more than a phisher would be likely to want to pay.
When a browser that supports these certificates reads one its address bar will go green. at one time only IE 7 supported EV, but now Firefox 3 beta does, too.
Go to Charles Schwab in FF3 beta if you want to see EV in action:
https://www.schwab.com/
Extended Valuation doesn't mean a lot to most people, because few sites use it -- not even many major sites that do a lot of online business, like Amazon. It's hardly surprising that Safari (and *release* versions of Firefox) and have not yet implemented the scheme.
However, PayPal uses EV certificates on its sites. I doubt IE users notice the green bar or know what it's for. But it sounds like PayPayl is pissed off at Safari, because it's paid for the damn certificates, and now it wants to feel its getting value from its purchase.
I shouldn't fret over it. There's not many sites using EV, and I'm sure Safari will get EV support at some point.
What's all this cocoa and carbon all you douches are talking about, Heloooooooooo. DO YOU PEOPLE KNOW WHAT WINDOWS IS? Apes.
April 22 2008 at 12:02 AM Report abuse Permalink rate up rate down ReplyYes, we know what Windows is; it's a piece of shit :)
I kid, I kid.
Don't block Camino.
Don't block Camino.
Change your user agent.
Change your user agent.
http://pimpmycamino.com/parts/user-agent
nice Snow Crash reference.
April 21 2008 at 11:14 PM Report abuse Permalink rate up rate down ReplyI hate paypal...
seriously worst company ever for sellers.
I hope they disintegrate...
(sorry for the hate but it has to be said)
The whole idea of PayPal blocking any browser is just stupid. How does blocking a browser from the official PP site prevent some fool from blindly falling for a phishing scam? It doesn't, as the scam is taking place on a site not controlled by PP. All it does is prevent that fool from going to the real PayPal.
April 21 2008 at 9:56 PM Report abuse Permalink rate up rate down ReplyThe idea is to decrease the use of those browsers by idiots who use PP all the time but are too stupid to know phishing when they see it. Most such idiots would not know how to do anything except switch to a supported (with phishing protection) browser.
April 21 2008 at 10:05 PM Report abuse Permalink rate up rate down ReplyNo Anti-Phishing apps support says it all. What Paypal wants to protects is users that wouldn't notice that small coma (,) at the end of a URL that would mask a fake URL.
April 22 2008 at 5:00 AM Report abuse Permalink rate up rate down ReplyDamn straight motha-fsckr!
I would simply use the enable-debug tools, and set my browser signature to be sent in HTTP as IE 6.0. Stop that ....
Hot Apps on TUAW
Deals of the Day
more deals- Refurb Apple MacBook Air Laptops: 12" 64GB SSD for $699 + free shipping
- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
26 Comments