Slashdot Mirror

← Back to Stories (view on slashdot.org)

PayPal Plans To Ban Unsafe Browsers

Posted by Soulskill on from the we-are-the-boss-of-you dept.

Alternative Details brings news that PayPal is developing a plan to stop users from accessing its financial services if they aren't using browsers with anti-phishing protection. PayPal is recommending the use of blacklists, anti-fraud warning pages, and EV SSL certificates. Browsers without anti-phishing features will be considered "unsafe." It seems likely Safari will be included in this category given PayPal's warning about the Apple browser last month. "'At PayPal, we are in the process of reimplementing controls which will first warn our customers when logging in to PayPal of those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe--usually the oldest--browsers,' he declared. Barrett only mentioned old, out-of-support versions of Microsoft's Internet Explorer among this group of 'unsafe browsers,' but it's clear his warning extends to Apple's Safari browser, which offers no anti-phishing protection and does not support the use of EV SSL certificates."

11 of 367 comments (clear)

  1. What If?... by Slashdot+Suxxors · · Score: 5, Insightful

    Instead of having to force PayPal users to use only specific browsers, they educate the consumers on safe browsing habits and not blindly clicking on "OMG SEND ME UR CC NUMBER AND BANK DETAILS LOLOL".

    1. Re:What If?... by causality · · Score: 5, Insightful

      Because whenever scammers come along to make stupidity more painful, we focus only on the fact that the scammers do this for their own short-term personal gain. Therefore, we lose sight of what happens to any community when all standards are lowered, no one is expected to think for themselves or make informed decisions, and causes (large number of clueless users) are confused with effects (criminals who take advantage of that cluelessness). It's easy for people who cannot separate their emotions from their intellect to get caught up in the outrage at parasitic people who profit from this situation and completely ignore why such scams are so successful in the first place.

      Unprincipled people apparently need a fire under their ass before they will willingly broaden their knowledge, expand their experience or otherwise understand anything beyond the superficial level. To me that's quite a shame that they really seem to consider learning, an appreciation for self-reliance, and thinking for yourself to be terribly hard work to be avoided at all costs, rather than a journey of discovery that makes life much less routine and much more interesting. At any rate, if the goal is to remove all incentive to ever actually understand the tools (computers, networks, etc) that we use each day, we are on the right track.

      As the saying goes, "A fool and his money are soon parted." Anyone who uses what he does not remotely understand and expects consistently good results qualifies as a fool. For some reason, when a computer is involved this commonsense concept is completely ignored.

      Now cue the apologists and their thousand excuses for why literate individuals with no learning disabilities should not be expected to understand the basic concepts behind tools that they decided, of their own free will, to use on a daily basis. It's willful helplessness, plain and simple.

      With the increasing social acceptability of this kind of victim mentality, the idea that you are responsible for your own well-being is apparently rather threatening to many people. This is obvious because they tend to give angry emotional responses instead of well-reasoned arguments explaining why they believe I am wrong.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    2. Re:What If?... by Anonymous Coward · · Score: 5, Insightful

      Grandparent is not equating being a victim with being stupid, but with being ignorant. Unfortunately in most cases, ignorant by choice. Notice he said "literate individuals with no leaning disabilities" should take responsibility for understanding what they are doing online. I imagine he, like me, would have more tolerance for the truly stupid who are literally incapable of doing any better.

      If you understand the basic concepts of how the internet works and apply critical judgment in your transactions, you don't need to have encyclopedic knowledge of every scam in human history -- that's the whole point.

      Grandparent also predicted that some would give "angry emotional responses instead of well-reasoned arguments." Nice job proving him right.

  2. Still vulnerable to phishing... by daeg · · Score: 5, Insightful

    Dear PayPal User:

    After much consideration, we've determined that your browser is safe again! Please log in at http://127.0.0.1/some/unsafe/address/.

    PayPal apologizes deeply for the inconvenience.

  3. Re:Banks should do this. by Tackhead · · Score: 5, Insightful

    Banks should have been doing this since they introduced internet banking.

    Are you nuts?

    "We're sorry. You're not using IE. And if you are using IE, your IE configuration isn't permitting us to run the MegabanX proprietary ActiveX control that our conslutants [sic] told us would eliminate all our liability. Please enable ActiveX support in order to continue banking with us, or turn off that Netscape thingy and upgrade to IE4.0 and resize your window to 800x600 while you're at it."

    Forgive me for the sarcasm, but I had to switch banks twice because of that sort of crap. Think back a few years. The last thing any of us would have wanted "since they introduced internet banking" was our banks doing User-Agent and Javashit-based snooping on our configuration.

  4. I have an idea... by Snowspinner · · Score: 5, Insightful

    Why don't you trust me not to be an idiot instead of requiring that I use a different browser due to the fact that other users of my browser are idiots?

    --
    Philip Sandifer's academic website
  5. Netcraft seems to have a slightly different take by micheas · · Score: 5, Insightful

    Paypal is hyping Extended Validation certificates after Netcraft posts articles like this:

    Extended Validation certificates and XSS considered harmful

    Curious if nothing else.

    --
    Work bio at MMWD
  6. Who are they to decide what is and isn't safe? by Antony-Kyre · · Score: 5, Insightful

    Who are they to decide what is and isn't safe? They're not a bank, so I don't think they necessarily have any liability if one of their customers loses money, correct? Please correct me if I am mistaken.

    Is this even legal? Seriously. If someone has money in PayPal, and if that same someone happens to be using a browser that is deemed "unsafe" and is sequentially banned, isn't that like PayPal holding the money hostage? What happens to those who refuse to "upgrade" in order to access their account?

    Maybe instead of doing stupid stuff like this, which breeds a false sense of security among some less-smart users of PayPal, they should think of new and innovative ways to prevent unauthorized access to accounts. (I don't care to list my ideas right now.)

  7. How about the other way around? by failedlogic · · Score: 5, Insightful

    How about the other way around? Have safe browsers ban PayPal!

  8. First, Ebay Should BAN Sending Email to Users by Ron+Bennett · · Score: 5, Insightful

    And yet, Ebay still sends email to users regarding important matters despite the security risks that poses - ie. how can a user know the email is real, it's not encrypted, etc.

    Instead of banning browsers, Ebay should address the bigger security issue of Ebay sending email to users - instead Ebay should only send notices simply saying one has new messages in their Ebay message center, and require the user to actually visit Ebay to view the message contents - not fool-proof, but would substantially reduce the effectiveness of email spoofs.

    Ron

    1. Re:First, Ebay Should BAN Sending Email to Users by Nushio · · Score: 5, Insightful

      Dear eBay User,

      There is a new message waiting for you. You may login into here to access it.

      Sincerely,
      eBay Scammer.

      --
      Check out Unsealed: Whispers of Wisdom! http://unsealed.k3rnel.net It's an action-RPG about Open Sourcerers.