NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Update on Android "Dolphin HD Browser" URLs privacy problem

Update on Android "Dolphin HD Browser" URLs privacy problem

Yesterday in http://j.mp/v5kPw3  I noted concerns over a popular Android
browser apparently sending user URL information (including https: SSL
URLs) "in the clear" apparently to a Dolphin server.

The original source for the story at: http://j.mp/rBwTZz (Android Police)
has some updates now, with "damage control" information from Dolphin.

In short, Dolphin acknowledges that they were sending the URLs, and minimizes
the issue even though (apparently) user SSL URLs were reportedly being
sent through an http: channel.  They claim they were not actually *collecting*
the data, but using the URLs to compare against a "Webzine" feature list.
They also say they've disabled this mechanism in their new update and will
make it opt-in the future (but will they protect the URL transmission
channels with SSL?  No word on that.)

Dolphin HD is a *very* nice browser overall, but this was a seriously
amateurish problem, which does not give one a nice warm feeling about
their privacy and security practices in general.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com 
Google+: http://vortex.com/g+lauren 
Twitter: https://twitter.com/laurenweinstein 
Tel: +1 (818) 225-2800 / Skype: vortex.com