PayPal Plans To Ban Unsafe Browsers
Alternative Details brings news that PayPal is developing a plan to stop users from accessing its financial services if they aren't using browsers with anti-phishing protection. PayPal is recommending the use of blacklists, anti-fraud warning pages, and EV SSL certificates. Browsers without anti-phishing features will be considered "unsafe." It seems likely Safari will be included in this category given PayPal's warning about the Apple browser last month.
"'At PayPal, we are in the process of reimplementing controls which will first warn our customers when logging in to PayPal of those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe--usually the oldest--browsers,' he declared. Barrett only mentioned old, out-of-support versions of Microsoft's Internet Explorer among this group of 'unsafe browsers,' but it's clear his warning extends to Apple's Safari browser, which offers no anti-phishing protection and does not support the use of EV SSL certificates."
Would they really block Apple and GNU/Linux users as "unsafe"?
Considering their basis for this decision is some kind of market data about fewer IE7 users abandoning their accounts, yes they would be dumb enough to block free browsers that run on more secure platforms than Windoze. The whole phishing problem is one created by M$ - it would not exist without the high percentage of compromised desktop machines that are sending out spam in the first place. IE7 is no more safe than it is standards compliant because the platform itself is easily, remotely compromised with keyloggers that report user information regardless of user activity. This whole thing is stupid.
http://slashdot.org/comments.pl?sid=216934&cid=17629948
People who run Safari are not idiots and PayPal does not have any data indicating one browser is any more secure than another. The only basis for this stupid policy is that IE7 has some kind of anti-phishing and they noticed that IE7 users don't abandon PayPal as frequently as users of other browsers. That's it, leap of logic and case closed.
M$ has it's hooks deep into PayPal for them to say crazy shit like that.
http://slashdot.org/comments.pl?sid=216934&cid=17629948
So you just want to ignore the whole botnet thing that's creates the opportunity to screw up? That's a bad idea because everyone makes mistakes. Some make fewer than others but everyone will fail given enough chances. This also points out the futility of Paypal's ill advised action. The platform is insecure so their little green bandaid is not going to fix anything.
Pay Pal does not really have or they have chosen not to publish what browsers are "safe" based on actual fraud. Safari and other blocked browsers would not be at the top of that list, but any version of IE would and let's face it, IE 7 users are pushovers likely to get screwed. Windows itself is unsafe with anyuser, so the whole thing is just stupid.
http://slashdot.org/comments.pl?sid=216934&cid=17629948