There's been some talk about PayPal blocking Safari from using its services, and I'm among those concerned about it... even if only from a convenience standpoint. Originally the news was gleaned from statements by PayPal Chief Information Security Officer Michael Barrett regarding browsers without phishing protection -- which most assumed included our beloved Webkit-based compass. But in a brief addendum to a post at the Wall Street Journal last week it was reported that -- while Paypal will be blocking older browsers (IE4-era) and older operating systems -- Safari is safe from the cut.
I'm relieved, at least from the previously mentioned convenience standpoint. I prefer Safari as my surfing browser1 and I frequently use PayPal. It's too bad that there are still a good number of sites that, while not blocking Safari, just plain don't work with it yet. Add to that some of the great plugins available for Flock/Firefox and you'll almost always find me with multiple browsers open. In much the way that the iPhone is preventing Gargoylism* by consolidating peripherals, I'm hoping for a day when I open just one browser in the morning. I'm getting a little teary-eyed thinking about it.
1Since I know it will be bandied about in the comments, I'd like to offer these reasons for preferring Safari: It's faster (in general). It's more elegant (or prettier, either way it's subjective). It's AppleScriptable (which I make daily use of). And it's more elegant (redundant, but worth mentioning again).
Reader Comments (Page 1 of 2)
4-21-2008 @ 8:08PM
webmaster said...
If someone can't figure out they're at 1123.123.23423/paypal instead of paypal.com they deserve to lose their money anyway.
Reply
4-21-2008 @ 8:46PM
Sam Hall said...
I would say that people who blindly click on links from emails and enter their personal account info are "stupid", but my mother was taken like this and it is not polite to call your mother "stupid".
In a perfect world, people would be savvy enough to check this, but most users are not. Apple should add the anti-phishing capability in and be done with it.
As to Safari, I wholeheartedly agree. I tried FF3b for a while. Wrote about it here and here. Went back to Safari.
Reply
4-21-2008 @ 8:52PM
Sam Hall said...
That would be here:
http://samrhall.com/2008/03/26/firefox-3-versus-safari-31/
and here:
http://samrhall.com/2008/04/12/and-the-winner-is-safari/
:)
4-21-2008 @ 9:43PM
Ed said...
I did the same. Firefox is a great browser, and the best on any other platform, but you just can't match Safari on OS X.
4-21-2008 @ 8:59PM
Justin said...
How do you use Applescript + Safari? (Not "how" as in how does it work.. but what do you use it for?)
Reply
4-21-2008 @ 9:47PM
Brett Terpstra said...
Quite a few possibilities, given the ability to retrieve names and urls of any tab in any window, the ability to run javascript within any page, open and close windows and tabs, pull the source of a page, etc.
My #1 use of AS and Safari is within TextMate, where I can highlight text and hit a key combo to pop up a menu of all open Safari tabs, pick one and have the highlighted text link to that page with a title attribute. I've also recreated the feature as a ruby script that uses osascript to accomplish the same thing from other programs. I can also hit a key combo (FastScripts) to open a list of all tabs, select multiple list items and have it close those tabs or all but those tabs when I hit OK.
I call osascript a lot from other languages to incorporate the information you can retrieve from Safari into things like Scrivener, VoodooPad, etc.
It should be noted that it's possible to get *some* info from Firefox, it's just not fluid enough to make it worthwhile. This is starting to sound like its own post...
4-21-2008 @ 9:41PM
John from buffalo said...
Damn straight motha-fsckr!
I would simply use the enable-debug tools, and set my browser signature to be sent in HTTP as IE 6.0. Stop that ....
Reply
4-21-2008 @ 9:45PM
Ed said...
bash-3.2# fsck -mom
4-21-2008 @ 9:56PM
Rubbinz said...
The whole idea of PayPal blocking any browser is just stupid. How does blocking a browser from the official PP site prevent some fool from blindly falling for a phishing scam? It doesn't, as the scam is taking place on a site not controlled by PP. All it does is prevent that fool from going to the real PayPal.
Reply
4-21-2008 @ 10:05PM
Ed said...
The idea is to decrease the use of those browsers by idiots who use PP all the time but are too stupid to know phishing when they see it. Most such idiots would not know how to do anything except switch to a supported (with phishing protection) browser.
4-22-2008 @ 5:00AM
basscadet said...
No Anti-Phishing apps support says it all. What Paypal wants to protects is users that wouldn't notice that small coma (,) at the end of a URL that would mask a fake URL.
4-21-2008 @ 10:01PM
Sabi said...
I hate paypal...
seriously worst company ever for sellers.
I hope they disintegrate...
(sorry for the hate but it has to be said)
Reply
4-21-2008 @ 11:14PM
Mark Studdock said...
nice Snow Crash reference.
Reply
4-21-2008 @ 11:51PM
theGeoffMeister said...
Don't block Camino.
Don't block Camino.
Reply
4-22-2008 @ 12:12AM
Ed said...
Change your user agent.
Change your user agent.
http://pimpmycamino.com/parts/user-agent
4-22-2008 @ 12:02AM
garbish said...
What's all this cocoa and carbon all you douches are talking about, Heloooooooooo. DO YOU PEOPLE KNOW WHAT WINDOWS IS? Apes.
Reply
4-22-2008 @ 1:20AM
michas_pi said...
Yes, we know what Windows is; it's a piece of shit :)
I kid, I kid.
4-22-2008 @ 4:10AM
Tom said...
A bit late in the day, but I wondered who's responsible for the security of Safari?
Is it Apple of Webkit? I get the feeling it's Apple, and kind of hope that they'll realise it's a problem now it's all been through the news and do something about it...
Reply
4-22-2008 @ 5:36AM
Michael said...
WebKit is the rendering engine Safari uses.
WebKit is open source, and Apple employees aren't the only ones working on WebKit. If someone else whose product uses WebKit finds a bug in the code that's a potential security problem, then he could submit a patch, too.
I don't know exactly who has or hasn't got commit access and how far that's controlled by Apple.
AFAIK, much else apart from the rendering engine that's used in Safari is closed source and specific to Apple. So only Apple employees will be concerned with that code.
Paypal's gripe with Safari, as I understand it, is that Safari does not support "Extended Validation". (You could look that up at Wikipedia, if you wanted to know more.) It's basically a scheme where a website will pay a helluva lot more for a special SSL certificate. There's more extensive vetting, and anyway, an EV SSL certificate costs more than a phisher would be likely to want to pay.
When a browser that supports these certificates reads one its address bar will go green. at one time only IE 7 supported EV, but now Firefox 3 beta does, too.
Go to Charles Schwab in FF3 beta if you want to see EV in action:
https://www.schwab.com/
Extended Valuation doesn't mean a lot to most people, because few sites use it -- not even many major sites that do a lot of online business, like Amazon. It's hardly surprising that Safari (and *release* versions of Firefox) and have not yet implemented the scheme.
However, PayPal uses EV certificates on its sites. I doubt IE users notice the green bar or know what it's for. But it sounds like PayPayl is pissed off at Safari, because it's paid for the damn certificates, and now it wants to feel its getting value from its purchase.
I shouldn't fret over it. There's not many sites using EV, and I'm sure Safari will get EV support at some point.
4-22-2008 @ 6:28AM
Jonathan Entwistle said...
Plus, Safari is a Cocoa App which just means that it sits nice and seamless in OS X
Reply