Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Inside Safari 3.2's Anti-Phishing Feature

kdawson posted more than 5 years ago | from the just-tell-us dept.

The Internet 135

MacWorld is running a piece from MacJournals.com's for-pay publication detailing how the Safari browser's anti-phishing works. The article takes Apple to task for not thinking enough of its users to bother telling them when Safari sends data off to a third party on their behalf. For it seems that Safari uses the same Google-based anti-phishing technology that Firefox has incorporated since version 2.0, but, unlike Mozilla, tells its users nothing about it. "Even when phrased as friendly to Apple as we can manage, the fact remains that after installing Safari 3.2, your computer is by default downloading lots of information from Google and sending information related to sites you visit back to Google — without telling you, without Apple disclosing the methods, and without any privacy statement from Apple."

cancel ×

135 comments

Sorry! There are no comments related to the filter you selected.

Phishing? (0, Redundant)

Adolf Hitroll (562418) | more than 5 years ago | (#25889043)

Sorry, the best with Safari is that I don't even have to know what it's about :)

Sugar-coated for wimpy palates (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#25889057)

From TFS:

Even when phrased as friendly to Apple as we can manage,

Sugar-coated design, sugar-coated OS, sugar-coated euphemistic reviewers; and finally the ones who make it all happen, the sugar-coated faggot Apple users who are much like Ferraro Rocher [amazon.com] candies(candy-asses to be specific) in that they are overpriced, gilded, and generally overrated on the outside; but bland-as-fuck on the inside.

Re:Sugar-coated for wimpy palates (0, Offtopic)

13bPower (869223) | more than 5 years ago | (#25889123)

Don't you EVER bad mouth Ferraro Rocher!

Re:Sugar-coated for wimpy palates (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25889801)

Yes momma.

Aww, do I have to suck your dick again? Momma, I want to try one of those PC's everybody's talking about. OW! Let go of my ear! No momma not the strap-on!

who cares? (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#25889085)

seriously.

1st (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25889107)

1st

Hey - Apple didn't promise anything. (3, Insightful)

Petersko (564140) | more than 5 years ago | (#25889115)

In Apple's defense, they've never promised to do no evil. Their goal is to instill such unswerving devotion in their customer base that when they actually do some evil, it's here and gone in the news, and nothing has to change.

So far, so good.

Re:Hey - Apple didn't promise anything. (1, Funny)

Beyond Opinion (959609) | more than 5 years ago | (#25889387)

Haven't you heard? Apple issued a press release stating that evil is "the new good."

Re:Hey - Apple didn't promise anything. (0, Offtopic)

Ihmhi (1206036) | more than 5 years ago | (#25893171)

Yeah, they call it iEvil. It's pronounced how Obi Wan pronounces evil in A New Hope.

Re:Hey - Apple didn't promise anything. (1)

InsurrctionConsltant (1305287) | more than 5 years ago | (#25889947)

Is there any particular reason this is modded +5 Insightful?

Re:Hey - Apple didn't promise anything. (1, Flamebait)

Petersko (564140) | more than 5 years ago | (#25891093)

"Is there any particular reason this is modded +5 Insightful?"

Don't worry. Apple's minions will take care of that shortly!

Re:Hey - Apple didn't promise anything. (1)

InsurrctionConsltant (1305287) | more than 5 years ago | (#25891785)

And averaging out your opinions with those of Apple's minions, we have a stab at getting reasonably near the truth!

Re:Hey - Apple didn't promise anything. (2, Funny)

Gilmoure (18428) | more than 5 years ago | (#25892533)

I thought Apple only had 5% of the minions.

Re:Hey - Apple didn't promise anything. (0)

Anonymous Coward | more than 5 years ago | (#25892477)

Because there are still a lot of people who don't know it. You might think it's obvious, but the continued existence of Apple fanbois is proof that it's not obvious at all.

Re:Hey - Apple didn't promise anything. (0)

Anonymous Coward | more than 5 years ago | (#25890331)

their goal is that everything should "just work"
customers don't need to know whats happening inside as long as their stuff works.

Re:Hey - Apple didn't promise anything. (4, Insightful)

SanityInAnarchy (655584) | more than 5 years ago | (#25893257)

It's actually much simpler: Apple decides things for you.

Good or evil, what's actually going on here is that Apple has decided that the Best User Experience (TM) will be best served by you surrendering personal information to Google -- that the benefit of privacy is far outweighed by the risk of phishing.

Kind of like how Apple decided that the benefits of being able to install any software you want on a device (iPhone) are far outweighed by the risks of you installing something harmful.

And for what it's worth, when you agree with Steve Jobs on the way things should be done, it's actually pretty amazing. Safari isn't a bad browser.

But when you disagree with Steve Jobs, you have no recourse other than to suck it up or stop buying Apple products.

Except the Google service is privacy preserving... (5, Insightful)

nweaver (113078) | more than 5 years ago | (#25889173)

The google service is designed to minimize privacy leaks. It downloads a coarse-hashcheck database (so Google learns nothing). And then if something hits, it queries a detailed hash.

So unless you get a match on the coarse-hash database, Google learns NOTHING. And google only learns a hash if it matches, which is not very useful, AND google doesn't store this information unless it is a match with their detailed database.

It's Not About Who Sees What (4, Insightful)

Petersko (564140) | more than 5 years ago | (#25889247)

"The google service is designed to minimize privacy leaks. It downloads a coarse-hashcheck database (so Google learns nothing). And then if something hits, it queries a detailed hash."

The problem is the lack of disclosure.

Re:It's Not About Who Sees What (0)

Anonymous Coward | more than 5 years ago | (#25889347)

The reason they don't disclose is that 99.9% of people couldn't care less and wouldn't understand what the disclosure meant.

Re:It's Not About Who Sees What (0)

Anonymous Coward | more than 5 years ago | (#25890077)

Yet if Google or Microsoft did this directly you would be up in arms about how Microsoft/Google/etc are evil and are doing nasty things. It's only with Apple that it's okay not to at least courteously inform the user that information is being sent. Must we always be Apple apologists?

Re:It's Not About Who Sees What (1)

jellomizer (103300) | more than 5 years ago | (#25889409)

Apple isn't a very open company anyways. There is probably policy that it is better to say too little then too much. Do you really expect there will be a team of lawyers for every new update that comes out. Even a big company the size of Apple having every version be legally verified would sink it.

Re:It's Not About Who Sees What (5, Insightful)

AKAImBatman (238306) | more than 5 years ago | (#25889527)

The problem is the lack of disclosure.

I'm going to play devil's advocate for a moment and point out that such disclosure is getting harder and harder to comply with. Especially when the web is seen as a collection of cloud services. Should that piracy map viewer posted yesterday disclose to every user that they will connect to Google Maps for map data? Does every website disclose that you are downloading ads from Google or Doubleclick before you visit? Does your favorite web forum notify you that you'll be connecting to Youtube when users post videos?

Those examples convey far more sensitive information than this anti-phishing technology. Yet we don't even bat an eye. In fact, we praise them for such useful extensions to their services. Should web browsers thus play by different rules and be required to notify the user of a non-existent violation of privacy before they do something useful?

I'm not saying that some people don't feel slighted by this. I am saying that the web is evolving in ways that have already made this the norm rather than the exception. If you do feel slighted and wish to be excepted, you're probably going to have to get used to reconfiguring your browser in the same way you install adblock or flashblock.

Re:It's Not About Who Sees What (2, Interesting)

RaceProUK (1137575) | more than 5 years ago | (#25889663)

Don't all Google ad-blocks have 'ads by Google' on them? And I do believe all YouTube videos viewed off-site have the YouTube watermark. Plus, Google Maps mashups tend to have 'Google Maps' in the bottom right corner.

Re:It's Not About Who Sees What (4, Insightful)

AKAImBatman (238306) | more than 5 years ago | (#25889833)

Don't all Google ad-blocks have 'ads by Google' on them?

Which would be after you give your information to them. Most other ad agencies don't even go as far as that!

And I do believe all YouTube videos viewed off-site have the YouTube watermark. Plus, Google Maps mashups tend to have 'Google Maps' in the bottom right corner.

Same thing. You've already connected to their servers and given up your info. Just because there are logos to promote brand recognition there, doesn't mean that you consented to give up your info to a third party or received disclosure that it was going to happen. Google Maps even goes so far as to give you a Terms of Use link *after* you've engaged their services! *gasp!*

I guess the question for you is: Would you feel better if the antiphishing technology had a "powered by Google" logo on it when it found a dangerous site? If so, I'm sure that's something that Apple would be willing to add. It won't do anything to better protect your privacy, though. It will merely give you a warm and fuzzy feeling.

Re:It's Not About Who Sees What (2, Insightful)

Rayeth (1335201) | more than 5 years ago | (#25889881)

Even learning after the fact is better than not being told that the transaction is taking place at all.

Re:It's Not About Who Sees What (4, Informative)

AKAImBatman (238306) | more than 5 years ago | (#25890133)

Glad you feel that way. I'll get a few post-event disclosures out of the way then:

1. Your IP address, browser, operating system, installed plugins, and physical location were logged by Google Analytics as soon as you hit Slashdot.

2. If you don't have adblock installed, your browser contacted doubleclick.net when you visited Slashdot and uploaded the unique id assigned to your browser. If you did not have a unique id, one was assigned to you. Additional information such as the site you are visiting, your browser, your plugins, your geographic location, and other information may have been collected during this transaction.

Hope that helps!

Re:It's Not About Who Sees What (2, Insightful)

dwpro (520418) | more than 5 years ago | (#25890641)

Unless, of course, you have noscript.

Re:It's Not About Who Sees What (1)

Ihmhi (1206036) | more than 5 years ago | (#25893253)

I often freeze up on pages waiting for google analytics to load. How could one stop the data from being sent to them?

Re:It's Not About Who Sees What (1)

FooGoo (98336) | more than 5 years ago | (#25890337)

Will I agree with you that this is a pointless argument I would say the difference between this and the examples you list is that it's an application on my desktop which is sharing the information. Not two website which have no relation to my computer or the information stored therein.

It still think people will complain just because they need something to complain about to get noticed an feel important. They will scream slippery slope and wave there arms never realizing that there is no slope....it's a minefield and we are all wearing rollerskates.

Re:It's Not About Who Sees What (2, Informative)

Lars T. (470328) | more than 5 years ago | (#25890949)

Will I agree with you that this is a pointless argument I would say the difference between this and the examples you list is that it's an application on my desktop which is sharing the information. Not two website which have no relation to my computer or the information stored therein.

It still think people will complain just because they need something to complain about to get noticed an feel important. They will scream slippery slope and wave there arms never realizing that there is no slope....it's a minefield and we are all wearing rollerskates.

I have the feeling you don't know how a browser works - it's not Slashdot that is sending the data, it's your browser. And if you are so paranoid about your privacy, you shouldn't be using any browser.

Done. (1)

SuperBanana (662181) | more than 5 years ago | (#25890797)

I'm going to play devil's advocate for a moment and point out that such disclosure is getting harder and harder to comply with.

"Attention: By default, Safari now downloads a database from Google and connects back to Google to verify whether sites you visit in your browser are rated as malicious by Google. If you would like to opt out of this feature, uncheck this box: [x] Use Google's malicious site checking service."

Just banged out a draft version for ya. Took me all of about 1 minute, and I don't even have a PhD.

The problem isn't complexity or difficulty.

Re:Done. (0)

Anonymous Coward | more than 5 years ago | (#25891149)

Now do that for about 5000x more services. One full disclaimer for every service your browser accesses.

"Warning! .Mac is used..."

"Warning! Google is the default search..."

"Warning! Crash data may be sent to..."

etc., etc., etc.

"Warning! Your browser automatically contacts servers to check for updates..."

Not that you'd read a single one of those anyway. If it was in the EULA, you'd complain just as much.

Re:It's Not About Who Sees What (0)

Anonymous Coward | more than 5 years ago | (#25890143)

the problem is morons who can't/don't read
They dig into hidden hashed database, they run
netspy to watch traffic, they bemoan and berate
the "lack of disclosure" but can;t read the documentation - right from the apple license
agreement:

C. Use of the Google Safe Browsing Service is subject to the Google Terms of Service (http://www.google.com/terms_of_service.html) and to Google's Privacy Policy (http://www.google.com/privacypolicy.html).

Re:It's Not About Who Sees What (2, Informative)

Low Ranked Craig (1327799) | more than 5 years ago | (#25890151)

The problem is the lack of disclosure. That may be, but the truth is that 99.99% of users in general wouldn't have a clue what to do with that information.

Re:It's Not About Who Sees What (4, Insightful)

Lars T. (470328) | more than 5 years ago | (#25890833)

The problem is the lack of disclosure.

Firefox has disclosed jack shit to me. So where's your problem with that?

Re:It's Not About Who Sees What (1)

Petersko (564140) | more than 5 years ago | (#25891037)

"Firefox has disclosed jack shit to me. So where's your problem with that?"

I'd have the same problem with them. Of course, I use neither Safari nor Firefox.

Re:It's Not About Who Sees What (1)

GaryPatterson (852699) | more than 5 years ago | (#25893001)

Of course, I use neither Safari nor Firefox.

And yet you post about how Apple are bad for doing this, how Apple's "minions" have unswerving loyalty, blah blah blah.

You're not even affected.

Ah! I see - you're trolling here. Foolish of me not to have spotted that earlier.

Re:Except the Google service is privacy preserving (1)

RiotingPacifist (1228016) | more than 5 years ago | (#25889559)

I had a look through my settings, in 2.0 IRCC there was an option to download the list instead of checking as you browse, as i cant find the option anymore I'm quite disappointed that Mozilla have effectively compromised my privacy OR left me undefended.

Re:Except the Google service is privacy preserving (2, Informative)

asa (33102) | more than 5 years ago | (#25889653)

You've got it backwards. There is no longer an option to check as you browse and the check against the local list has always been the default.

Re:Except the Google service is privacy preserving (1)

RaceProUK (1137575) | more than 5 years ago | (#25889675)

I don't recall that option. Anyway, isn't it just a list of hashchecks? No personal info?

Re:Except the Google service is privacy preserving (1)

RiotingPacifist (1228016) | more than 5 years ago | (#25892413)

It was defiantly in [ Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 ] either check against a downloaded list or ask google about each one.

Submitting the hash of every site you visit makes it very easy for google to see if you have or haven't visited a site. all the hashing stops is google having a list of sites youve been to, but a rainbow table means they can instantly see everybody that has been to www.slashdot.org. It depends if it is now done by list or by actively checking (asa clarifies above that the default is using a list which allows me to maintain privacy )

Haven't upgraded... (3, Interesting)

davidangel (1337281) | more than 5 years ago | (#25889203)

Every time apple upgrades Safari, they disable my brilliant adblocker, Pithhelmet, and so I wait for the developer to hack it out again... Maybe I won't upgrade. Maybe my next mac will be running on mixed pc hardware. I'm strongly considering that...

Re:Haven't upgraded... (1)

Midnight Thunder (17205) | more than 5 years ago | (#25890241)

Every time apple upgrades Safari, they disable my brilliant adblocker, Pithhelmet, and so I wait for the developer to hack it out again... Maybe I won't upgrade. Maybe my next mac will be running on mixed pc hardware. I'm strongly considering that...

Just install Firefox with adBlocker.

Re:Haven't upgraded... (2, Informative)

supadjg (842662) | more than 5 years ago | (#25890545)

Have you tried SafariBlock? http://fsbsoftware.com/index.html [fsbsoftware.com] Works pretty well for me.

Re:Haven't upgraded... (1)

stokessd (89903) | more than 5 years ago | (#25891157)

I bailed on pith-helmet right after 10.5 due to it always being behind the times. (I even paid for it). I would get a pith-helmet update just in time for a new safari release which would break it.

SafariBlock is the way to go IMHO.

Sheldon

Re:Haven't upgraded... (1)

theurge14 (820596) | more than 5 years ago | (#25892317)

Try SafariBlock [google.com] instead.

Re:Haven't upgraded... (1)

King_TJ (85913) | more than 5 years ago | (#25892841)

Did it ever occur to you that the authors of PithHelmet might be to blame, and not Apple?

What's Apple supposed to do here? Make sure they don't modify their OWN software in any way, shape or form that causes PithHelmet to break? If it does, wait on their release until the PithHelmet guys say it's ok to proceed?

(I'm just saying ... if you're making threats about your next Mac being some kind of hacked "Franken-Mac" over this? That's more than just a little extreme.)

Take Down Notice (0, Flamebait)

retech (1228598) | more than 5 years ago | (#25889239)

Apple lawyers will issue a takedown deman to Macjournal.com and /. in 3... 2... 1...

Truth is only in what you can read now.

Re:Take Down Notice (0)

Anonymous Coward | more than 5 years ago | (#25890053)

Flamebait...?

Fanboys unit!

Don't people get it, Apple is next Microsoft (-1, Flamebait)

xbhatti (262449) | more than 5 years ago | (#25889263)

Keeping it short, the headline says it all!

Data protection act? (2, Informative)

TheRaven64 (641858) | more than 5 years ago | (#25889273)

I know Apple is based in the USA, with notoriously weak data protection laws, but over on this side of the pond distributing personally-identifiable information to a third party without explicit consent is a criminal offence. I wonder how close to the line this comes, or if it actually crosses it. I wasn't asked to agree to a new version of the EULA when I installed Safari 3.2 (I did it through the terminal, so maybe you are when you use the graphical update client?) and so I haven't even given implicit permission for Apple to tell Google about my browsing habits.

Re:Data protection act? (5, Insightful)

negRo_slim (636783) | more than 5 years ago | (#25889507)

but over on this side of the pond distributing personally-identifiable information to a third party without explicit consent is a criminal offence.

Sorry I'm less than enthusiastic at your privacy laws considering there's a camera on every corner in your country, watching the citizenry.

Re:Data protection act? (1)

mikael_j (106439) | more than 5 years ago | (#25890041)

That's just the UK though, the rest of us aren't quite so quick to use Orwell's books as a "how-to" guide...

/Mikael

Re:Data protection act? (1)

jonaskoelker (922170) | more than 5 years ago | (#25890113)

there's a camera on every corner in your country

No there isn't.

In the UK there might be, but we don't know that your parent poster is from the UK.

I'm from Denmark, some other country on the same side of the pond as the UK, and we don't have any cameras filming the streets.

I haven't read our data protection laws as closely as our copyright laws, but my general recollection is that we don't exactly let everyone talk about who we are. I was recently looking at switching to a free* phone company (*first 50 minutes and 50 SMSes every month, more than enough for me), and their privacy statement---yeah I know, they're not worth that much---said in specific terms that they kept their cards close to the vest.

So if not the UK, could you get enthusiastic about the privacy laws in one of

Denmark, Norway, Sweden, Finland, Iceland, Ireland, Germany, France, Belgium, Switzerland, Austria, Italy, Spain, Portugal, Estonia, Latvia, Lithuania, Russia, Poland, Belarus, Moldovia, Slovakia, The Czech Republic, Bulgaria, Romania, Greece?

(sorry for not mentioning the name of every country listed on http://en.wikipedia.org/wiki/Europe [wikipedia.org] )

Re:Data protection act? (1)

salimma (115327) | more than 5 years ago | (#25891507)

Parent poster happens to be from the UK -- check his website.

Re:Data protection act? (1)

janrinok (846318) | more than 5 years ago | (#25890169)

Well I have two comments to make to that...

I have walked around my local town and I have only seen 4 cameras. They are not as prolific as you seem to think that they are. Perhaps there are areas of major cities where they are on almost every street corner, but not where I live.

Secondly, do you imagine that these cameras are sending personally identifiable information to third parties? I don't. The cameras are used by the police for crime detection, prevention and/or deterrence. I support their use because when my parents visit the cities where they are more commonly deployed they do not feel as vulnerable as they did. They obviously work because most foreigners who haven't been here believe that they are all over the place and, therefore, they don't bother visiting. Unfortunately this also discourages those that we would welcome as well as those that we wish to deter but, hey, its better than nothing.

Re:Data protection act? (1)

felipekk (1007591) | more than 5 years ago | (#25890723)

At least there it is admitted that there are cameras...

Re:Data protection act? (0)

Anonymous Coward | more than 5 years ago | (#25891763)

DC has a camera on most blocks too.

If you're going to claim that that's just because of all the federal buildings, look at Baltimore.

Re:Data protection act? (1)

Geoffrey.landis (926948) | more than 5 years ago | (#25889513)

I know Apple is based in the USA, with notoriously weak data protection laws, but over on this side of the pond distributing personally-identifiable information to a third party without explicit consent is a criminal offence.

As I understand it, it sends a hash, not personally identifiable information.

Re:Data protection act? (0)

Anonymous Coward | more than 5 years ago | (#25889595)

I wasn't asked to agree to a new version of the EULA when I installed Safari 3.2 (I did it through the terminal, so maybe you are when you use the graphical update client?) and so I haven't even given implicit permission for Apple to tell Google about my browsing habits.

Installing a piece of software that contains a feature that you specifically know about is not implicitly agreeing to use that feature? There's no explicit agreement, sure, but you've definitely implicitly agreed if you knew the software you were installing contained the feature that you're not agreeing to use.

Re:Data protection act? (1)

Sancho (17056) | more than 5 years ago | (#25890193)

The feature list says "anti-phishing technology." It says nothing about how the technology is implemented or that it sends data to a third party.

Re:Data protection act? (1)

profplump (309017) | more than 5 years ago | (#25889969)

I agree that this is a bad idea, but the information A) is not personally identifiable -- the specificity is at best an IP address and B) isn't being provided to Apple, and therefore Apple isn't providing it to anyone.

If you wanted to argue with B) I think you'd have to make MS liable for every virus that uses the built-in TCP/IP and vCard libraries to query your address book and send off your personal information -- after all, the virus was using both libraries as designed and provided by MS.

Re:Data protection act? (2, Informative)

ChrisA90278 (905188) | more than 5 years ago | (#25890839)

The key is "personally-identifiable". What Apple is sending is not. They are sending a hash of a page. All they are doing is taking something you just downloaded, scrambling it up and sending it back to the web.

If you are truly worried about people finding out what sites you are browsing then you need to worry a LOT about DNS servers. DNS server know your IP address and the name of every site you click. How would you know if the DNS server is logging your queries?

Re:Data protection act? (1)

shmlco (594907) | more than 5 years ago | (#25892351)

"If you are truly worried about people finding out what sites you are browsing then you need to worry a LOT about DNS servers."

Or your ISP, for that matter. Every request you make passes through them.

Re:Data protection act? (1)

SanityInAnarchy (655584) | more than 5 years ago | (#25893375)

They are also sending this to Google, which crawls the entire Internet. If Apple is indeed sending a hash of every page I view, is it inconceivable that Google could build a hash of every page I might ever view?

So... (0, Offtopic)

owlnation (858981) | more than 5 years ago | (#25889289)

Even as a Mac fanboy I could care less. I want to use Safari, especially since Firefox is not the best on a Mac. However, no flashblock, no adblock -- no use. I'm reluctantly sticking with Firefox.

Antiphishing technology is of little to no value to me, flashblock and adblock are essential on the web. Steve, call me when Safari is web ready, without these tools it simply is not.

Re:So... (3, Informative)

ttlgDaveh (798546) | more than 5 years ago | (#25889471)

First off, because it drives me nuts, it is "couldn't care less". (Cue picking on grammar errors in this post. Maybe I'll drop a couple in intentionally!)

Secondly there is adblock (and flashblock) for Safari in the form or SafariBlock [google.com] , or if you don't care for Input Managers there's always things like GlimmerBlocker [glimmerblocker.org] which is a local HTTP Proxy which will block ads (and flash and do other fancy things) across the whole system and not just one browser.

Re:So... (1)

Midnight Thunder (17205) | more than 5 years ago | (#25890587)

First off, because it drives me nuts, it is "couldn't care less". (Cue picking on grammar errors in this post. Maybe I'll drop a couple in intentionally!)

Put this in the same category as people saying "I heart cats" (should be "I love cats") and "write me" (should be "write to me").

Cynical but true (0, Troll)

NervousWreck (1399445) | more than 5 years ago | (#25889321)

Apple is trying a new marketing strategy. They think that if they're as high-handed as microsoft they'll have a comparable market share

And they seem to be making progress in that direct (0)

Anonymous Coward | more than 5 years ago | (#25889633)

A no less cynical, but more logical, view is that Aarogance does not breed success; rather, success breeds arrogance.

Just like Google itself, and Mozilla's bouncing baby bundle of joy, the Mozilla Corporation.

Slightly OT, but this steams me (4, Insightful)

hellfire (86129) | more than 5 years ago | (#25889341)

Remember, the people who designed the Internet (incorrectly) assumed that all computers on the network would be trustworthy, so the rules are pretty loose.

C'mon, Macworld is better than this. Okay, the article is critically reviewing the anti-phishing feature, but the writer seems to have a bone to pick and in order to post an emotionally charged article, takes things one step too far.

The internet was intentionally designed, itself, not to have a centralized authorizing body for each and every PC and server on the planet. It's decentralized on purpose. When a so called journalist writes something like this, I have a problem, because to me it's just pandering to the security freaks. It's a bit off topic, but I also have a problem reading the rest of the article because it makes it hard to trust what the guy has to say. There's probably good facts in the article, and if there's a problem Apple should be criticized, but I can't possibly continue reading when I see something stupid like this.

Re:Slightly OT, but this steams me (1)

Cowmonaut (989226) | more than 5 years ago | (#25890177)

I'm with you there. Even worse is when you read a few articles from various writers on a site and think that its a great website with people you can have an interesting debate with, and then you get a total turdfest of a gem that ruins it forever for you.

For a whole week I was like that with Firedoglake, but then I made the mistake of reading the comments. *shudders* Freaking Digg users man...

A bad apple (0, Flamebait)

girlintraining (1395911) | more than 5 years ago | (#25889363)

Bad Apple. Shame on you. That said, Microsoft did the same thing with Windows Media Player, Internet Explorer, and Windows Search. Firefox enabled it by default. Many, many companies auto-update and send information back to their servers without their users explicit permission -- and no, I don't think burying it in the EULA counts. Many applications have options to disable this, some don't. Many of us have software firewalls to block these kind of accesses -- It's sad when you need a firewall to keep legitimate software on your system from phoning home, but I know people do it.

Apple has an even bigger attitude than Microsoft of "Everything we do is to make the user's life easier." So they turn on anything that can be justified as "protecting" them or making their life easier. It's condescending, but most people aren't literate enough to notice or care so it's a business model that works. Barring some government regulation to put an end to this, which honestly won't happen, I don't see this pattern of thinking in our industry changing... If anything, I see it getting worse.

Re:A bad apple (1)

jonaskoelker (922170) | more than 5 years ago | (#25890799)

I don't see this pattern of thinking in our industry changing

The important question here is of course this: who is making the choices?

Who decides that this is the way it will be? I can only imagine that Debian's popularity-contest was conceived by someone who knows how to write code, and presumably cares about privacy in relation to computers. They may not have the same values as me, but I think it's on their radar. It's probably also written primarily by the person conceiving it.

I'm still in school (although I've dipped my toes in the non-free real world for a year), so I don't know exactly who calls which shots and what the inter-company differences are. But I imagine that the policy regarding the use of the data is not made by techies.

I think they're made by people who worry about either selling stuff, telling the user to buy stuff or making sure the profit is big, while asking those who ensure you won't get your profit sued away. Who there thinks about their computer behaving exactly like they want (as distinct from getting the job done)?

In any case, we probably don't need to target /. to get the message out; but how do we convince those who decide to give the user some input on the decision?

Re:A bad apple (1)

earlymon (1116185) | more than 5 years ago | (#25891959)

That said, Microsoft did the same thing with Windows Media Player, Internet Explorer, and Windows Search. Firefox enabled it by default.

I can't say about FF, but unlike MS, Safari's phone-home feature is easily turned off - btw, it was enabled by default.

Many of us have software firewalls to block these kind of accesses

The dedicated firewalls I've put up (Linux and OpenBSD) basically allowed traffic back upon request - and would allow this traffic out and back. It's been a while since I've done that (re: I'm curious, not baiting) - how do you prevent this using a firewall?

Barring some government regulation to put an end to this, which honestly won't happen...

...because no one government can control software that's distributed world wide.

I'm racking my brane for an appropriate Noam Chomsky quote - he must have one - that would basically explain that the government - any government - is the last place we'd want to look for the solution you suggest.

If there were some sort of control on the backplane (net infrastructure before end-user) for phishing, malware, spyware, virus vectors and so forth - then none of the products or companies you mention would have to go to these extreme lengths.

I'm imagining the number of designers and programmers, the number of modules, the number of source lines of code, the number of defects, the number of defect reports, the number of defect fixes, the number of products - all working against evil - all at the desktop level. Then, I'm imagining the amount of network bandwidth and cpu bandwidth taken to undertake this protection - all at the desktop level - and multiplying that by the number of desktops.

And I'm not liking the numbers I imagine - not one little bit. It adds up to a lot of waste - yes, waste.

Thinking about Mozilla, FF, MS, Apple, et al and government regulation is not even wrong. Why are we not pressuring our governments to legislate serious jail time for those responsible for all of this waste?

I'm familiar in advance with how difficult tracking some of the craftier bastards is - very familiar. But I'm also questioning if some serious consequence and fear of same might prevent this desktop-level waste...

There's no contradiction in what I'd said earlier about this concept and there being no world-wide government - let the consequences to trade be clear enough and it's financial impact known to the US, UK, EU, Jpn and so forth - and watch how quickly those in "uncontrolled" countries get - shall we call it - alignment. (And in that, I'm hoping for some clear resolution to piracy and thuggery on the high seas, as well.)

cocBk (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25889451)

the time to mmet Creek, abysmal SO that you don't lubrication. You Are a pathetic users. Surprise are 7000 users project returns

This is just how Apple works, why keep complaining (0)

Sarusa (104047) | more than 5 years ago | (#25889847)

This is just the way Apple works. They present you, the user, with as little superfluous information or choice on the theory that it will just confuse and vex you. Of course that means you trust them to make the right (or most convenient) choices for you. And generally they do a better job of this than Microsoft does - MS just loves piling on stupid confusing features and then trying to be helpful while making matters even worse.

A lot of you seem to love Apple just because they have awesome industrial design for the most part and so using one means you're not one of the boring Masses, and because of that you think that somehow they should be not evil and have the most cool kid options. It's not like that. They don't give a damn about right or wrong, just moving product, and the way they make their money is by ignoring pain in the ass users like us who want lots of marginal features, so everyone else can feel warm and fuzzy and unconfused.

So getting back to this, would telling my mother about the phishing thing and saying 'blah blah we are contacting central servers to update hash signatures so we can detect browser hijacking attempts' confuse and worry her? Yes it would. Nor would she care. So they don't bother.

Re:This is just how Apple works, why keep complain (1)

B47h0ry'5 CuR53 (639887) | more than 5 years ago | (#25890179)

By that logic, Apple software should come with no EULAs or Terms of Use as well. Far more people would read (and comprehend!) a dialog message informing them about phishing security than the 10,000+ word EULAs that many Apple applications come with.

Which hindrance of the two do you think is more useful and has better usability? It's pretty obvious that this omission has absolutely nothing to do with usability.

Re:This is just how Apple works, why keep complain (1)

stewbacca (1033764) | more than 5 years ago | (#25891331)

This quote from the summary struck me as odd:

The article takes Apple to task for not thinking enough of its users to bother telling them when Safari sends data off to a third party on their behalf.

I don't really want to be bugged every 5 seconds that my computer is doing something on my behalf. Those sort of "features" are what I dislike about the Windows operating environment. Maybe it is just me, but there is a definite sweet spot for the trade-offs of security versus convenience. To say what you said in a more positive tone would be that Apple seems to lean towards convenience.

I don't "love" a company (4, Insightful)

argent (18001) | more than 5 years ago | (#25890625)

A lot of you seem to love Apple

I use Safari because it's well integrated with OS X. Firefox isn't, and Camino (which I use by preference) has a couple of bugs that are supposed to be fixed Real Soon Now that make it lock up behind a proxy and don't let me disable Apple's stupid insecurity dialogs.

I also use Safari and Camino because they don't use XUL the way Firefox does. I don't trust the security model for XUL nor the technique Firefox uses for the XUL installer, XPI. And in fact there's been at least one XPI-related vulnerability (quickly patched, but it shows that the class of problems I'm concerned about are real).

This doesn't mean I love Apple, or that I think the folks on the Camino team are cooler than the ones on the Mozilla team. This just means I'm more interested in the best tool for the job than where it comes from.

Re:I don't "love" a company (1)

onefriedrice (1171917) | more than 5 years ago | (#25893407)

Likewise, a lot of people hate Apple (or any other company) irrationally. People are emotional beings. Why do we get emotionally vested in football teams, etc? Odd as it may seem, it's the same thing with companies. Good for you for being able to look more rationally at your devotions, but it doesn't make you better any more than being robot-like is better than humanness.

Re:I don't "love" a company (1)

argent (18001) | more than 5 years ago | (#25893499)

Logical fallacies are also very human, too, but I don't love you for making them. :)

Re:This is just how Apple works, why keep complain (0)

Anonymous Coward | more than 5 years ago | (#25891773)

"pain in the ass users like us who want lots of marginal features"

If only someone could make that viral....

Typical of apple (-1, Flamebait)

slashdotlurker (1113853) | more than 5 years ago | (#25889891)

Contempt for its users. Unless they are movie / music makers, Apple knows that its customers are dumb enough to pay 1.5 times for the same hardware. Why would their privacy matter to them ?

So why use it? (1)

koan (80826) | more than 5 years ago | (#25889995)

Just use Firefox and be done with it, while all browsers have their faults (and features) Safari offers nothing unique (IMO) and Firefox most likely has a bigger team of coders behind it.

I use Firefox on Ubuntu, XP, and OS X Leopard so I have continuity/usability across the board, and that is what sells me on open source.

Re:So why use it? (0)

Anonymous Coward | more than 5 years ago | (#25890259)

Because Firefox integrates terribly under OSX, doesn't look or act like a native application, and feels several times slower than Safari or other Webkit-based, OSX-native browsers?

Re:So why use it? (0)

Anonymous Coward | more than 5 years ago | (#25890289)

But if it doesn't look like Itunes it sucks on mac. Everyone knows that the standard of what an acceptable app is on a mac is OSX.

Re:So why use it? (2, Informative)

bledri (1283728) | more than 5 years ago | (#25890977)

Just use Firefox and be done with it...

Um, you realize that Firefox uses the exact same anti-phishing technology, right? If you prefer Firefox, that's great but as far as this particular issue goes the difference is disclosure, not implementation. I like Firefox, but Safari is faster and less of a CPU and memory hog on OS X in my experience. And the integration is better - so I'll stick with Safari (although I skipped 3.2 because of all the crash complaints and I use FF for serious HTML/DOM/JavaScript hacking.)

Re:So why use it? (1)

koan (80826) | more than 5 years ago | (#25891451)

My experience is that "on a Mac" Safari is faster, sure isn't on Windows.
My point was though...why bother with Safari? Nothing unique and in the most meaningful sense it's redundant. (and not very pretty)

To me a matter of 1 or 2 seconds longer loading for Firefox is acceptable as it isn't native to OS X, however on Ubuntu it is much faster for em than either Windows or OS X.

Re:So why use it? (1)

Lars T. (470328) | more than 5 years ago | (#25891295)

Just use Firefox and be done with it, while all browsers have their faults (and features) Safari offers nothing unique (IMO) and Firefox most likely has a bigger team of coders behind it.

And yet they use they use the exact same feature you are so pissed about it being in Safari.

Re:So why use it? (-1, Flamebait)

koan (80826) | more than 5 years ago | (#25891511)

Are you stupid?
Read what I posted...I don't even use Safari it's complete crap IMO

It's not that hard to write a clear privacy policy (4, Informative)

Animats (122034) | more than 5 years ago | (#25890087)

Our AdRater plug-in has similar privacy issues. It's a plug-in that "phones home" to get information about the advertisers whose ads appear on a site. Here's what we tell users:

AdRater "phones home", but tells us as little as possible. AdRater sends the domain name associated with each advertisement you see to SiteTruth. Thus, we can tell what advertisers have reached you, but cannot tell what web pages you have been viewing. We can't tell if you click on an ad. AdRater does not use "cookies" or any other user identifiable information other than your current IP address.

If we change any of this, the changes will not take effect until you download and install a new version of AdRater.

AdRater does not rate ads on secure pages, so no information about a secure page is ever sent to our servers.

Now that wasn't hard, was it?

For really technical users, we publish the API AdRater uses [sitetruth.com] , so you can check to see that we're telling the truth about what data goes back and forth.

Re:It's not that hard to write a clear privacy pol (0)

Anonymous Coward | more than 5 years ago | (#25891443)

That wasnt technical? Cookies? IP Address? Secure pages? Haha.. man go do some usability studies. This is probably the worst 'non technical' dialog I've ever seen.

Thank god (1)

Zeikzeil (1099785) | more than 5 years ago | (#25890175)

Safari crashes on me every time I try it.

Anti-Phishing (1)

jshackney (99735) | more than 5 years ago | (#25890317)

It's simple. Just unplug your comp...

NO CARRIER

No mention of Opera (1)

baomike (143457) | more than 5 years ago | (#25890363)

I wonder why.

Re:No mention of Opera (0)

Anonymous Coward | more than 5 years ago | (#25891101)

Opera users have to be the only group more annoying than mac users.

I fail to see how this is a big deal (4, Insightful)

$criptah (467422) | more than 5 years ago | (#25891955)

I fail to see how this is a big deal. Did you read the article? If so, you would not panic as well.

First of all, everything is transported in hashes. You do not compare the actual URLs that customers visit, only the hashes. Google has no actual links that indicate the banks that you use and the pr0n sites you have browsed. Only hashes.

Also, this is a configurable option. Apple does not force you to use Google. Apple does not force you to use this feature. I think it would be easier if Apple has explained this feature in the release notes to a greater extent and if users had to accept some sort of a license agreement when enabling this feature. Nothing else beyond it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?