Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Is Safari an insecure browser?

Ambrosia7177

Ambrosia7177

macrumors 68020
Original poster
Feb 6, 2016
2,078
396
In the past I had heard that you shouldn't use Safari as it was insecure.

Is this still true?

What do you think is the best browser for SECURITY?

What do you think is the best browser for PRIVACY?
 
The same as with all the other browsers....as long as you know what you are doing :)
 
Texas_Toast said:
What do you think is the best browser for SECURITY?

What do you think is the best browser for PRIVACY?
Click to expand...

I prefer Firefox for this reassons:
  • Committed to privacy.
  • Not part of a comercial company that want to earn money on you.
  • Open source.
  • Works on most platforms.
  • Working bookmark sync.
  • Lot's off functionality.
I use Mac, Linux, iOS and Windows. I do therfor need a browser that does all of those platforms.
 
  • Like
Reactions: Michaelgtrusa and Ambrosia7177
Superspeed500 said:
I prefer Firefox for this reassons:
  • Committed to privacy.
  • Not part of a comercial company that want to earn money on you.
  • Open source.
  • Works on most platforms.
  • Working bookmark sync.
  • Lot's off functionality.
I use Mac, Linux, iOS and Windows. I do therfor need a browser that does all of those platforms.
Click to expand...

I agree with what you say, and that has been my stance in the past.

My only gripe about FireFox is that it seems to crash an enormous amount of the time starting about 3 years ago. It seems very unstable and buggy and that made me switch to Chrome, but I still worry about the money factor when it comes to privacy in Chrome.

I have stayed away from Safari because in the past I had read it was insecure.
 
Texas_Toast said:
I agree with what you say, and that has been my stance in the past.

My only gripe about FireFox is that it seems to crash an enormous amount of the time starting about 3 years ago. It seems very unstable and buggy and that made me switch to Chrome, but I still worry about the money factor when it comes to privacy in Chrome.

I have stayed away from Safari because in the past I had read it was insecure.
Click to expand...

I use safari and have done for years with no problems: I find it stable, fast and convenient. Where did you read it was insecure?
 
Phil A. said:
I use safari and have done for years with no problems: I find it stable, fast and convenient. Where did you read it was insecure?
Click to expand...

Oh I don't have any links, but in years past that was pretty much conventional wisdom.

Because the Internet and threats and browsers change so often, this is probably a hard topic to get a really accurate answer on.
 
Texas_Toast said:
I agree with what you say, and that has been my stance in the past.

My only gripe about FireFox is that it seems to crash an enormous amount of the time starting about 3 years ago. It seems very unstable and buggy and that made me switch to Chrome, but I still worry about the money factor when it comes to privacy in Chrome.

I have stayed away from Safari because in the past I had read it was insecure.
Click to expand...
I guess this is slightly off-topic, but you're the OP and you started it. haha

I've used Fx for several years in various OSes and haven't had a single crash. Something must've been screwy with your install, or you had software conflicts, or maybe because of the extensions you were using, etc...

In recent times, I've not read that Safari is insecure. One thing in its favor is its sandboxing capability. Even though Fx still doesn't use sandboxing, from a security/privacy standpoint, I prefer it to Safari partially because of the extensions NoScript and uBlock Origin.
 
rshrugged said:
I guess this is slightly off-topic, but you're the OP and you started it. haha

I've used Fx for several years in various OSes and haven't had a single crash. Something must've been screwy with your install, or you had software conflicts, or maybe because of the extensions you were using, etc...

In recent times, I've not read that Safari is insecure. One thing in its favor is its sandboxing capability. Even though Fx still doesn't use sandboxing, from a security/privacy standpoint, I prefer it to Safari partially because of the extensions NoScript and uBlock Origin.
Click to expand...

Do your fears about a for-profit company providing a browser extend to Apple's Safari?
 
Texas_Toast said:
Oh I don't have any links, but in years past that was pretty much conventional wisdom.

Because the Internet and threats and browsers change so often, this is probably a hard topic to get a really accurate answer on.
Click to expand...

I think there were some issues years and years ago (particularly on Windows) and some controversy about Safari being slow to adopt EV Certificate identification, but that's all pretty much in the past. Looking up CVE stats for Safari, Chrome and Firefox shows Safari with the lowest number of vulnerabilities overall and the lowest in each of the last 3 years and no exploits since 2010 (to be fair, neither Chrome nor Firefox have had an exploit either since 2010, but the number of vulnerabilities is far higher)

http://www.cvedetails.com/product/2935/Apple-Safari.html?vendor_id=49
http://www.cvedetails.com/product/15031/Google-Chrome.html?vendor_id=1224
http://www.cvedetails.com/product/3264/Mozilla-Firefox.html?vendor_id=452


There are many reasons to prefer a browser other than Safari, but I wouldn't be overly concerned that it's any less secure than the competition
 
  • Like
Reactions: Ambrosia7177
Phil A. said:
I think there were some issues years and years ago (particularly on Windows) and some controversy about Safari being slow to adopt EV Certificate identification, but that's all pretty much in the past. Looking up CVE stats for Safari, Chrome and Firefox shows Safari with the lowest number of vulnerabilities overall and the lowest in each of the last 3 years and no exploits since 2010 (to be fair, neither Chrome nor Firefox have had an exploit either since 2010, but the number of vulnerabilities is far higher)

http://www.cvedetails.com/product/2935/Apple-Safari.html?vendor_id=49
http://www.cvedetails.com/product/15031/Google-Chrome.html?vendor_id=1224
http://www.cvedetails.com/product/3264/Mozilla-Firefox.html?vendor_id=452


There are many reasons to prefer a browser other than Safari, but I wouldn't be overly concerned that it's any less secure than the competition
Click to expand...

As I asked above, do you think there is a profit motive with Apple that could provide a less secure or private browser in Safari, or is that just a Google and Chrome issue?
 
Texas_Toast said:
As I asked above, do you think there is a profit motive with Apple that could provide a less secure or private browser in Safari, or is that just a Google and Chrome issue?
Click to expand...


I don't think it's an issue with either Safari or Chrome to be honest: Google want to monetise your browsing habits by selling targeted ads, but they would have nothing to gain (and a lot to lose) if they deliberately introduced vulnerabilities into their browser - they get enough data legitimately without having to do anything underhand.

As for Apple, it would be commercial suicide to do that as they have made a massive noise recently about how they value their customer's privacy and if they were up to no good then it would be discovered pretty quickly and would possibly destroy them
 
  • Like
Reactions: Ambrosia7177
satcomer said:
Google tracks you and Crome sucks on a Mac!
Click to expand...

I've been happy with performance of Chrome on my old cMBP. It is definitely more stable than Firefox.

Somewhat off topic, but if you are not logged into your Google account, can Google still track you in Chrome?
[doublepost=1479069146][/doublepost]
Phil A. said:
I don't think it's an issue with either Safari or Chrome to be honest: Google want to monetise your browsing habits by selling targeted ads, but they would have nothing to gain (and a lot to lose) if they deliberately introduced vulnerabilities into their browser - they get enough data legitimately without having to do anything underhand.

As for Apple, it would be commercial suicide to do that as they have made a massive noise recently about how they value their customer's privacy and if they were up to no good then it would be discovered pretty quickly and would possibly destroy them
Click to expand...

As just asked, if you aren't logged into Google, then is there any way to track people?

In the past I use Firefox and Chrome and I stay logged out of Chrome so it isn't tied to my account.

As you can see, I am no privacy or security expert, but I am trying to learn! :)

My gut says that Firefox is the most private and secure browser out of the major browsers, but the more I Google this topic the more I see there really aren't any definitive reviews or answers on this topic, which is why I thought I'd ask you all.
 
Superspeed500 said:
I prefer Firefox for this reassons: […] Committed to privacy.
Click to expand...

I find that a very empty commitment. Firefox sends diagnostic reports by default (for every user) and it defaults to Google Search. It also accepts all cookies by default. At least Safari blocks third-party cookies by default. I also find Firefox’s settings menus (and Chrome’s!) pretty terrible and it is easier to configure Safari from scratch.

I don’t think there are particular risks with Safari, but the browser is not the privacy enthusiast’s first choice. You cannot set the user agent to something else permanently and I think Apple could do more about cookies and local storage. I am currently using the app Cookie to periodically delete cookies and local storage from my non-favourite websites. I think it is absolutely shameful that browsers keep all cookies until they are either cleaned manually or expire (many websites set ridiculous expiration times, such as 10 years). There should be a middle-ground, such as a reasonable, maximum expiration time and an option to keep cookies from websites you have in your favourites or visit frequently.
 
Last edited:
  • Like
Reactions: Ambrosia7177
KALLT said:
I find that a very empty commitment. Firefox sends diagnostic reports by default (for every user) and it defaults to Google Search. It also accepts all cookies by default. At least Safari blocks third-party cookies by default. I also find Firefox’s settings menus (and Chrome’s!) pretty terrible and it is easier to configure Safari from scratch.

I don’t think there are particular risks with Safari, but the browser is not the privacy enthusiast’s first choice. You cannot set the user agent to something else permanently and I think Apple could do more about cookies and local storage. I am currently using the app Cookie to periodically delete cookies and local storage from my non-favourite websites. I think it is absolutely shameful that browsers keep all cookies until they are either cleaned manually or expire (many websites set ridiculous expiration times, such as 10 years). There should be a middle-ground, such as a reasonable, maximum expiration time and an option to keep cookies from websites you have in your favourites or visit frequently.
Click to expand...

Sounds like there is no clear judgement on Safari (or other browsers). :(
 
Texas_Toast said:
Sounds like there is no clear judgement on Safari (or other browsers). :(
Click to expand...

The best browsers for privacy are not the mainstream ones. Look for other third-party browsers. There are browsers that are built upon the source code of Chromium and Firefox, such as Brave. As for security, there are currently no browsers that are particularly vulnerable or problematic. If you are always running the latest versions available and in the case of Safari are also running it on the latest version of OS X, then there is no problem on that end.
 
KALLT said:
The best browsers for privacy are not the mainstream ones. Look for other third-party browsers. There are browsers that are built upon the source code of Chromium and Firefox, such as Brave. As for security, there are currently no browsers that are particularly vulnerable or problematic. If you are always running the latest versions available and in the case of Safari are also running it on the latest version of OS X, then there is no problem on that end.
Click to expand...

So maybe my concerns are outdated...
 
It seems so. Safari used to have a poor reputation when it had no process separation and sandboxing. This was also a huge problem on iOS, where the browser mostly ran with elevated privileges. These are different times.
 
Texas_Toast said:
I've been happy with performance of Chrome on my old cMBP. It is definitely more stable than Firefox.

Somewhat off topic, but if you are not logged into your Google account, can Google still track you in Chrome?
[doublepost=1479069146][/doublepost]

As just asked, if you aren't logged into Google, then is there any way to track people?

In the past I use Firefox and Chrome and I stay logged out of Chrome so it isn't tied to my account.

As you can see, I am no privacy or security expert, but I am trying to learn! :)

My gut says that Firefox is the most private and secure browser out of the major browsers, but the more I Google this topic the more I see there really aren't any definitive reviews or answers on this topic, which is why I thought I'd ask you all.
Click to expand...

As soon as you visit a website someone is likely trying to track you for the purposes of analytics, determining your browsing habits to target adverts at you, etc, etc

If that's a major concern to you then I wouldn't recommend using any of the major browsers as none of them are particularly good at stopping all forms of tracking (this isn't the same as being insecure though as this sort of tracking doesn't use vulnerabilities in your browser, but things like cookies, etc).

Personally, I try not to worry too much about advertising companies tracking me, but If you're wanting a browser that's more careful with your privacy, have a read of this: http://www.techworld.com/security/best-8-secure-browsers-2016-3246550/
 
Phil A. said:
As soon as you visit a website someone is likely trying to track you for the purposes of analytics, determining your browsing habits to target adverts at you, etc, etc

If that's a major concern to you then I wouldn't recommend using any of the major browsers as none of them are particularly good at stopping all forms of tracking (this isn't the same as being insecure though as this sort of tracking doesn't use vulnerabilities in your browser, but things like cookies, etc).

Personally, I try not to worry too much about advertising companies tracking me, but If you're wanting a browser that's more careful with your privacy, have a read of this: http://www.techworld.com/security/best-8-secure-browsers-2016-3246550/
Click to expand...

When I ran the Setup Assistant on my new rMBP, what data was being sent over the Internet to Apple?

The motivation for this thread is that at the time I was worried about using Safari and the library's free wifi.
 
Texas_Toast said:
When I ran the Setup Assistant on my new rMBP, what data was being sent over the Internet to Apple?

The motivation for this thread is that at the time I was worried about using Safari and the library's free wifi.
Click to expand...
Have a read of this - http://www.apple.com/legal/privacy/en-ww/ - that explains what data they collect under what circumstances

Personally, I never, ever use public WiFi (I always tether to my phone or iPad) because there are far more risks to your security doing that than any browser choice: It's trivially easy for someone to spoof a public WiFi hotspot and you're then sending all your data to someone who has nefarious desires on your data. Have a read here for more info: https://blog.lookout.com/blog/2016/04/21/spoofed-wi-fi-60-minutes/
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back