Inside Safari 3.2’s anti-phishing features

1 2 Page 2
Page 2 of 2

This is not how companies like Apple are expected to behave towards their customers, even if Firefox already had the same feature. Mozilla is very clear about how Firefox does this. Apple refuses to say anything about how Safari does this, and for no other reason than that the company simply thinks so little of its customers that it doesn’t feel the need to keep them informed about data Safari transmits on their behalf. For a Web browser to do things like this without explicit documentation is inexcusable.

MacJournals sent its analysis to Apple’s privacy and press relations folks on November 17 with questions about the latest consequences of the company’s continued decision to not disclose information to its customers. Neither Apple’s public relations nor privacy departments have, as of press time, responded to MWJ’s queries about this.

We’re not holding our breath.

In the meantime, from what we can tell, the anti-phishing features in Safari 3.2 looks as innocuous as it can be and still be reasonably effective. It does not send data about the pages you visit to Google unless one of them matches a hash prefix on Google’s list, and even then, it only gets the full hash value for the hash prefix in question—as far as we know. That alone might be enough for Google to do interesting things with the data, unless some unstated privacy policy prohibits it. If you have doubts, or simply don’t want to spend the network bandwidth on maintaining a 25MB database full of potentially malicious hosts, you can disable the feature in the “Security” tab of Safari 3.2’s “Preferences” window.

It would be much easier to recommend leaving it enabled if Apple believed you had a right to know when its Web browser was collecting and sending information on your behalf.

This story, "Inside Safari 3.2’s anti-phishing features" was originally published by MacJournals.com.

1 2 Page 2
Page 2 of 2
  
Shop Tech Products at Amazon