NNSquad - Network Neutrality Squad
[ NNSquad ] Update on Android "Dolphin HD Browser" URLs privacy problem
Update on Android "Dolphin HD Browser" URLs privacy problem Yesterday in http://j.mp/v5kPw3 I noted concerns over a popular Android browser apparently sending user URL information (including https: SSL URLs) "in the clear" apparently to a Dolphin server. The original source for the story at: http://j.mp/rBwTZz (Android Police) has some updates now, with "damage control" information from Dolphin. In short, Dolphin acknowledges that they were sending the URLs, and minimizes the issue even though (apparently) user SSL URLs were reportedly being sent through an http: channel. They claim they were not actually *collecting* the data, but using the URLs to compare against a "Webzine" feature list. They also say they've disabled this mechanism in their new update and will make it opt-in the future (but will they protect the URL transmission channels with SSL? No word on that.) Dolphin HD is a *very* nice browser overall, but this was a seriously amateurish problem, which does not give one a nice warm feeling about their privacy and security practices in general. --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org Founder: - Network Neutrality Squad: http://www.nnsquad.org - Global Coalition for Transparent Internet Performance: http://www.gctip.org - PRIVACY Forum: http://www.vortex.com Member: ACM Committee on Computers and Public Policy Blog: http://lauren.vortex.com Google+: http://vortex.com/g+lauren Twitter: https://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com