In Related News, PayyPall.comm Has Endorsed Safari for Exactly the Same Reason
“There is of course, a corollary to safer browsers–what might be called ‘unsafe browsers.’ … Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts.” This according to PayPal (EBAY) Chief Information Security Officer Michael Barrett, who says the company plans to block browsers that lack anti-phishing features and support for EV (extended validation) certificates.
In the interest of public safety, of course. Among those browsers, older versions of Microsoft’s (MSFT) Internet Explorer and Firefox and, presumably, all versions of Apple’s (AAPL) Safari browser that PayPal recently cautioned users against. “Apple, unfortunately, is lagging behind what they need to do to protect their customers,” Barrett said this past February. “Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out or Firefox 2 or Firefox 3, or indeed Opera.”
UPDATE: PayPal now says it never planned to block Safari.
PayPal is developing features to block customers from logging in to PayPal when using obsolete browsers on outdated or unsupported operating systems. An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98. In doing so, we better protect our customers from viewing a phishing site through their browser. We have absolutely no intention of blocking current versions of any browsers, including Apple’s Safari, from our Web site.”
So to recap:
- PayPal Chief Information Security Officer Michael Barrett warns against using Safari.
- PayPal publishes a paper, authored by Barrett, saying the company will soon protect users against unsafe browsers that lack phishing protections like blacklists, anti-fraud warning pages and Extended Validation SSL Certificates.
- Safari lacks these protections.
- PayPal says: Go ahead and use Safari. We have absolutely no intention of blocking it. But God forbid, don’t use IE4 on Windows 98.
Know what IE4’s share of the browser market was in 2007?
I’d imagine its share of the market on Windows 98 machines in 2008 is quite a bit less than that. You might as well warn against using IE4 on MS-DOS.