Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside Safari 3.2's Anti-Phishing Feature

Posted by kdawson on from the just-tell-us dept.

MacWorld is running a piece from MacJournals.com's for-pay publication detailing how the Safari browser's anti-phishing works. The article takes Apple to task for not thinking enough of its users to bother telling them when Safari sends data off to a third party on their behalf. For it seems that Safari uses the same Google-based anti-phishing technology that Firefox has incorporated since version 2.0, but, unlike Mozilla, tells its users nothing about it. "Even when phrased as friendly to Apple as we can manage, the fact remains that after installing Safari 3.2, your computer is by default downloading lots of information from Google and sending information related to sites you visit back to Google — without telling you, without Apple disclosing the methods, and without any privacy statement from Apple."

3 of 135 comments (clear)

  1. Re:So... by ttlgDaveh · · Score: 3, Informative

    First off, because it drives me nuts, it is "couldn't care less". (Cue picking on grammar errors in this post. Maybe I'll drop a couple in intentionally!)

    Secondly there is adblock (and flashblock) for Safari in the form or SafariBlock, or if you don't care for Input Managers there's always things like GlimmerBlocker which is a local HTTP Proxy which will block ads (and flash and do other fancy things) across the whole system and not just one browser.

  2. It's not that hard to write a clear privacy policy by Animats · · Score: 4, Informative

    Our AdRater plug-in has similar privacy issues. It's a plug-in that "phones home" to get information about the advertisers whose ads appear on a site. Here's what we tell users:

    AdRater "phones home", but tells us as little as possible. AdRater sends the domain name associated with each advertisement you see to SiteTruth. Thus, we can tell what advertisers have reached you, but cannot tell what web pages you have been viewing. We can't tell if you click on an ad. AdRater does not use "cookies" or any other user identifiable information other than your current IP address.

    If we change any of this, the changes will not take effect until you download and install a new version of AdRater.

    AdRater does not rate ads on secure pages, so no information about a secure page is ever sent to our servers.

    Now that wasn't hard, was it?

    For really technical users, we publish the API AdRater uses, so you can check to see that we're telling the truth about what data goes back and forth.

  3. Re:It's Not About Who Sees What by AKAImBatman · · Score: 4, Informative

    Glad you feel that way. I'll get a few post-event disclosures out of the way then:

    1. Your IP address, browser, operating system, installed plugins, and physical location were logged by Google Analytics as soon as you hit Slashdot.

    2. If you don't have adblock installed, your browser contacted doubleclick.net when you visited Slashdot and uploaded the unique id assigned to your browser. If you did not have a unique id, one was assigned to you. Additional information such as the site you are visiting, your browser, your plugins, your geographic location, and other information may have been collected during this transaction.

    Hope that helps!

    --
    Javascript + Nintendo DSi = DSiCade