Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside Safari 3.2's Anti-Phishing Feature

Posted by kdawson on from the just-tell-us dept.

MacWorld is running a piece from MacJournals.com's for-pay publication detailing how the Safari browser's anti-phishing works. The article takes Apple to task for not thinking enough of its users to bother telling them when Safari sends data off to a third party on their behalf. For it seems that Safari uses the same Google-based anti-phishing technology that Firefox has incorporated since version 2.0, but, unlike Mozilla, tells its users nothing about it. "Even when phrased as friendly to Apple as we can manage, the fact remains that after installing Safari 3.2, your computer is by default downloading lots of information from Google and sending information related to sites you visit back to Google — without telling you, without Apple disclosing the methods, and without any privacy statement from Apple."

3 of 135 comments (clear)

  1. Except the Google service is privacy preserving... by nweaver · · Score: 5, Insightful

    The google service is designed to minimize privacy leaks. It downloads a coarse-hashcheck database (so Google learns nothing). And then if something hits, it queries a detailed hash.

    So unless you get a match on the coarse-hash database, Google learns NOTHING. And google only learns a hash if it matches, which is not very useful, AND google doesn't store this information unless it is a match with their detailed database.

    --
    Test your net with Netalyzr
  2. Re:Data protection act? by negRo_slim · · Score: 5, Insightful

    but over on this side of the pond distributing personally-identifiable information to a third party without explicit consent is a criminal offence.

    Sorry I'm less than enthusiastic at your privacy laws considering there's a camera on every corner in your country, watching the citizenry.

    --
    On the Oregon Cost born and raised, On the beach is where I spent most of my days
  3. Re:It's Not About Who Sees What by AKAImBatman · · Score: 5, Insightful

    The problem is the lack of disclosure.

    I'm going to play devil's advocate for a moment and point out that such disclosure is getting harder and harder to comply with. Especially when the web is seen as a collection of cloud services. Should that piracy map viewer posted yesterday disclose to every user that they will connect to Google Maps for map data? Does every website disclose that you are downloading ads from Google or Doubleclick before you visit? Does your favorite web forum notify you that you'll be connecting to Youtube when users post videos?

    Those examples convey far more sensitive information than this anti-phishing technology. Yet we don't even bat an eye. In fact, we praise them for such useful extensions to their services. Should web browsers thus play by different rules and be required to notify the user of a non-existent violation of privacy before they do something useful?

    I'm not saying that some people don't feel slighted by this. I am saying that the web is evolving in ways that have already made this the norm rather than the exception. If you do feel slighted and wish to be excepted, you're probably going to have to get used to reconfiguring your browser in the same way you install adblock or flashblock.

    --
    Javascript + Nintendo DSi = DSiCade