[P.K.]

Internet Explorer 7, Firefox 2 and Opera 9 have phishing filters. Does OmniWeb 5.7 have such a filter? Sure hope so. Current article in MacWorld says to stay clear of many browsers, including Safari... however, does not mention OmniWeb.

Anybody know?

P.K.

[Forrest]

It doesn't.

I'm not really fond of them either. No filter can solve the problem, and it gives people a false sense of security. Education is a much better tool.

This is also an instance where I think the OG needs to define their audience and cater to it.

[JKT]

Quote:

Originally Posted by Forrest

I'm not really fond of them either. No filter can solve the problem, and it gives people a false sense of security. Education is a much better tool.

It also means that you send your entire browsing history to someone like Google (if you use them as the source of info for what are potential phishing sites). Colour me cautious, but I am extremely wary of doing that given how bad Google's etc. track records are on privacy and data retention. Personally, I would say that this is the real reason why PayPal want you to use a browser that has phishing filters built-in (no doubt, they aim to be the source of their own filter list at some point, which you will then have to use if you want to keep using PayPal) and the reason why Mozilla offers Google as the default source (more revenue from Google for them).

It is either that or downloading a list of potential phishing sites (and keeping doing so to make sure it is up-to-date).

Personally, neither option is at all attractive, each is very prone to giving false negatives and neither will beat being cautious and actually thinking about who you are giving your credit card etc info to.

[P.K.]

So, the question remains - at some time in the future will users of OW need to switch (if only temporarily) to Firefox or Opera to complete a Pay-Pal transaction?

Or will Pay-Pal ultimately pull back from their current effort to block those browsers not using a phishing filter?

[Forrest]

I'll stop using PayPal if they force me to use another browser. It already has a hard enough time with Firefox. No way I'm going to use Opera just for PayPal.

[ptomlins]

I'd like to see this feature in version 6

The problem with education is that people have already had a chance and these things are happening. Do I think omniweb users are vulnerable? I think they are probably some of the least vulnerable users around (based on browser choice I think they are already pretty cluey). However I think this is going to become basic browser functionality. If your tired and not thinking properly and you do something stupid it does protect you as a last line of defense.

The argument about privacy and paypal and co wanting your browser history. I think PayPal/Ebay wants to reduce fraud as it is costing them money and this is where intent is coming from. The providers of these services have there own reasons .They could be trying to protect themselves (MS I believe offers something and that is to protect its user bases, Google probably has a host of reasons, make money somehow someday? )

I do believe that people should be able to use these services without being tracked so to speak. (In the interium maybe omni could provide a button to the system preferences where one can enter proxy settings for http like safari)

[m-rick]

OW definetely needs a built-in phishing filter : Firefox has one Opera too and M$ IE 7 too, and eBay and Paypal are on the way to request one from the browser to get access on their website, so when they will do it, we will not able anymore to access them with OW. And if they do it, a lot od sites will do the same ...

I don't want to have hundred browsers on my Mac. I have Camino too but I almost never use it now since this latest version of OW is very stable and more compatible with almost all the websites.
So I hope OmniGroup is going into consideration on this.

http://forums.appleinsider.com/showthread.php?p=1242183

Quote:

PayPal may block Safari users
As part of a multi-tiered approach to guarding against online fraud on its site, PayPal says it will block the use of any web browser that doesn't provided added validation measures, potentially restricting the current version of Safari from the e-commerce site.

The money transfer service's Chief Information Security Officer, Michael Barrett, makes the new policy clear in a white paper (PDF) posted this week, which highlights the browser as a key means of putting an end to phishing (false website) scams alongside such steps as blocking fraudulent e-mail messages and criminal charges.

When addressing web access, Barrett argues that any user visiting a financial site such as PayPal should know not only that their browser will block fake sites meant to steal information, but also that the browser can properly indicate a legitimate site. Without either precaution, visitors may not only be victims of scams but may lose all trust in an otherwise safe business. This doubly harmful outcome is likened to a car crash without protection.

"In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts," the expert says.

To that end, PayPal is said to be implementing steps that will first provide warnings against, and eventually block, any browser that doesn't meet these criteria.

Most modern web browsers, including Firefox and newer versions of Microsoft's Internet Explorer, are able to support at least basic blocking of phishing sites. The newest, such as Internet Explorer 7 or the upcoming Firefox 3, also support a new feature known as an Extended Validation Secure Socket Layer (EV SSL) certificate. The measure of authenticity turns the address bar green and identifies the company running the site, letting the user know any secure transactions are genuine.

Safari, however, lacks either of these features and so could fall prey to the blocks and warning messages. Barrett doesn't mention the browser by name but notes that any "very old and vulnerable" software would ultimately be blacklisted from the future update to PayPal's service, placing Safari in the same category of dangerous clients as Microsoft's ten-year-old Internet Explorer 4.

Apple's approach to browser security has so far been tentative. The Mac maker has briefly incorporated Google's database of fraudulent sites into a beta builds of Mac OS X Leopard this past fall, only to pull the feature in later test versions. Release builds of the stand-alone browser for both Macs and Windows PCs have also gone without the anti-phishing warnings, but notably leave code traces inside the software that raise the possiblity of improvements through a later update.

Apple hasn't responded to the white paper but is likely to face pressure as PayPal and similar institutions ask for an all-encompassing approach to fighting scams that involves EV SSL and other software techniques. Internet Explorer 7's debut has already had a demonstrated effect on customers, who are more likely to finish signing up for PayPal knowing that the web browser has authenticated the registration page.

"We couldn’t eradicate this problem on our own – to make a dent in phishing, it would take collaboration with the Internet industry, law enforcement, and government around the world," Barrett explains.

[JKT]

http://forums.omnigroup.com/showthread.php?t=7816

[Forrest]

Quote:

Originally Posted by ptomlins

The problem with education is that people have already had a chance and these things are happening.

Really? Got anything to support that? As far as I know, I have yet to see a site require any sort of education to access their site.

Quote:

If your tired and not thinking properly and you do something stupid it does protect you as a last line of defense.

I'd also like to see some evidence of that. From what I know of phishing filters, they either only protect against known issues or they tell you there is a problem on a site unless the site owner has shelled out extra $$$.

To think that phishing filters will protect you if you do something stupid is far from accurate.

[Forrest]

TUAW: PayPal says it won't block Safari

in a brief addendum to a post at the Wall Street Journal last week it was reported that -- while Paypal will be blocking older browsers (IE4-era) and older operating systems -- Safari is safe from the cut.