huibert-aalbers.com
My home away from home
PayPal’s decision to stop supporting insecure browsers is positive for the industry
Earlier today, Ryan Naraine reported for eWeek that “PayPal, one of the brands most spoofed in phishing attacks, is working on a plan to block its users from making transactions from Web browsers that don’t provide anti-phishing protection”. The reason behind this decision is that “browsers that do not have support for blocking identity theft-related Web sites or for EV SSL (Extended Validation Secure Sockets Layer) certificates are considered ‘unsafe’ for financial transactions”.
This announcement has generated a lot of concern among Mac users since Safari, the most widely used browser on that platform does not support EV SSL. Even though I do use Safari as my main browser on both Mac and Windows, I do agree with the decision. The reason is simple, even though it is very simple to avoid phishing attacks on any computer by just pointing your DNS information to OpenDNS, few know how to do it or even understand how phishing works. Those who complain about the decision are obviously not aware of the size of the phishing attacks and the amount of fraud they represent. If PayPal‘s decision forces Apple to implement EV SSL support into Safari, I will certainly not complain. It is great to have a fast and standards compliant browser, but security for the technologically challenged users should be a major concern for Apple.
However, there are more reasons to back PayPal‘s decision. Too many users are still using old browsers and this his slowing down the adoption of new technologies. I would love to see more companies to stop supporting old versions of Internet Explorer or Netscape Navigator. That would really give web developers an opportunity to create great innovative applications. Right now, people too often prefer to use those old versions because there are still sites that require them. If large sites start requiring newer browser versions, those old sites will face increased pressure to modernize. That cannot be bad for the industry or the end-users.