PayPal Plans To Ban Unsafe Browsers

Alternative Details brings news that PayPal is developing a plan to stop users from accessing its financial services if they aren't using browsers with anti-phishing protection. PayPal is recommending the use of blacklists, anti-fraud warning pages, and EV SSL certificates. Browsers without anti-phishing features will be considered "unsafe." It seems likely Safari will be included in this category given PayPal's warning about the Apple browser last month. "'At PayPal, we are in the process of reimplementing controls which will first warn our customers when logging in to PayPal of those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe--usually the oldest--browsers,' he declared. Barrett only mentioned old, out-of-support versions of Microsoft's Internet Explorer among this group of 'unsafe browsers,' but it's clear his warning extends to Apple's Safari browser, which offers no anti-phishing protection and does not support the use of EV SSL certificates."

Re:What about older OSes?

[Orion Blastar]

They can always download and install Firefox. Then install an anti-phishing addon.

Firefox works as far back as Windows 95 IIRC? I installed Firefox on my uncle's Windows 98 box, the only issue was that the start bar title icon didn't show up properly but it ran.

Sure he can't use his iPod with Windows 98, but Firefox works great. If he gets a RAM upgrade he can run Windows 2000. But technically with 128M of RAM or more he can run Windows XP on his 333Mhz processor, but it will be really slow.

I don't think we can afford to buy a new machine, and his old machine runs great.

Re:User Agent Change

[Nullav]

And for Konqueror, it's 'Tools > Change browser identification'.

Really, I'd love to see someone knock PayPal out of the spotlight. For those of us without credit cards, it's usually the only option.

Re:Yes.

[willyhill]

Anyone moderating this thread should be aware of the fact that twitter == Mactrope == gnutoo == Erris == inTheLoo. A little army of sockpuppets.

More [slashdot.org] information [slashdot.org] here [slashdot.org] and here [slashdot.org].

Re:I am an unhappy customer

[Apple Acolyte]

I reject the notion that Safari is less safe than other browsers. There have been very few serious security flaws found in Safari, even after Apple opened the platform to Windows. I'd say Safari is one of the most secure browsers out there.

Firefox also works on NT 3.51, BTW

[Anonymous Coward]

Windows NT 3.51 is technically older than Windows 95, so you can go that far back if you want. The problem will be for Windows 3.x users, though, and yes there still are some out there on the WWW (including myself on occasion.) However, I never trust the web for anything financial anyway, due to exploits I find on my own, so I'm not impacted anyway. :)

Re:Yes.

[Opportunist]

First of all, thanks for belittling me. I was that bank IT guy, from 98 to 02. And contrary to your opinion, the IT staff of the average bank is quite good. It's just hard to find someone with good hacking skills and no police record these days.

What's true, though, is that the prophet ain't worth a dime in his own country. Only after I quitted and started consulting, they hired me and took me serious, essentially paying me to tell them the same thing I repeated over and over while i was there. Banks do take security serious. Mainly out of self interest. First of all, the obvious loss of money. But more important even, the possible loss of goodwill. Usually a bank settlement after a fraud takes place can be summed up as "we pay, you shut up".

So whether they're liable for the loss is moot anyway. Paying some moron the 2k he lost when his account was hijacked and ransacked is peanuts compared to bad press. Banks will pay. Even if they keep telling that they won't (this is mostly hoping people will start getting a bit more wary when doing online banking).

Banks already started to acknowledge that there is a problem. Recently we had a week long two page "bank security course" in our major newspaper. To understand the quality of this, you have to know that no paper can write anything the major banks don't want it to write (banks are amongst the most important ad buyers here, piss off the banks and you close your doors). Actually, I know it was some sort of "sponsored report", if you know what I mean.

So appearantly banks did wake up to hear the music. And when you look at their pages, they try to inform about the most recent frauds taking place, but that simply isn't enough. When you do your online banking once a week, you might already have clicked that "give info now or your account is gone" mail, without reading the warning.

What I'd envision is something like a quiz, where you can win a savings account with some token amount of money predeposited if you answer it all right. People like quizzes, especially when you can win something. The selling point would be that your bank does care about your money and your security, something that sells pretty well here (people would rather give you the keys to their home than their banking info, or tell you how much they earn, here).

Re:Yes.

[AvitarX]

I don't want to get into an argument, or act judgmental, so I apologize in advanced.

As a firm believer of the second amendment I wanted to put out there another lobby group that I personally find more reasonable:
http://www.huntersandshooters.com/ [huntersandshooters.com]

I warn you though, I believe strongly in allowing gun ownership and freedom, but also believe in requiring trigger locks, and tracking of gun ownership. Believing that the true meaning of the second amendment is to protect the opportunity for armed rebellion and against government backed militias. As such truly acting upon its intended (in my interpretation) purpose is an honorable act of treason such as the American revolution was to England, but an act of treason none the less.

Again, I do not want to start a debate, and do not mean to offend or imply my judgment is better than yours. I just wanted to put out there another group that believes in the second amendmant, that was formed by gun owners who believed the NRA was taking stand on issues not close to their hearts, and dividing and conquering the second amendment fight. Hanging gun owners in more liberal states out to dry.

Thanks if you read this far.

re: But IQ tests filter PayPal, don't they?

[King_TJ]

Considering the plan for eBay to start REQUIRING PayPal as the only form of payment for auctions, PayPal's notorious habits of freezing people's accounts unfairly and improperly, and now, their intentions of banning popular web browsers just because they don't include dubious "anti-phishing" technologies in them ... I'd say the INTELLIGENT thing to do is give PayPal the boot!

I did... Google Checkout works fine for me as an alternate way to accept credit card payments from people, and seems to cost a little less too.