why your browser matters€¦ · © 2012 online trust alliance +1 425-455-7400 page 1 why your...
TRANSCRIPT
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 1
Why Your Browser Matters
promoting teachable moments
Craig Spiezle
Executive Director & President
Online Trust Alliance
Why Your Browser Matters
• Role of the Browser
• Factors Impacting Adoption
• Benefits
• Innovation Overview
• Teachable Moments
• Case Studies
© 2012. All rights reserved. Online Trust Alliance Page 2
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 2
Role of the Browser
Web Sites – The Internet
Your ISP
Your Network
Your Browser
© 2012. All rights reserved. Online Trust Alliance Page 3
Status
• ~ 40% use of non-current browsers. – Lack integrated security protection and privacy
controls.
– Lead to stolen passwords, account takeover's, identity theft and loss of PII & business data.
– Lost productivity.
– Impact to their browsing experience.
• OTA best practice since 12/09 https://otalliance.org/resources/principles.html
© 2012. All rights reserved. Online Trust Alliance Page 4
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 3
Impacting Adoption
• Awareness of benefits & risks
–Security
–Privacy
–Online Experience
• Corporate IT policies
• Legacy operating systems
• Compatibility with auto updating
© 2012. All rights reserved. Online Trust Alliance (OTA) Slide 5
Why Care - Sites & Brands
• Help protect site visitors & customers.
• Reduce risk of account takeovers.
• Development resources & testing.
• Plug-in & extensions dependency.
• Brand & domain protection.
• Reduce risk of employee data from being compromised.
© 2012. All rights reserved. Online Trust Alliance Page 6
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 4
Why Care - Performance
• Experience
–Performance & Capabilities
–Captivating graphics & animation
–3D graphics, HTML5, EV SSL, domain highlighting…
© 2012. All rights reserved. Online Trust Alliance Page 7
Windows Browser Review
© 2012. All rights reserved. Online Trust Alliance Page 8
• Chrome 17.0.963.66 m
• Internet Explorer 9
• Mozilla Firefox 10.0.2
• Opera 11.61
• Safari 5.1.2
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 5
Privacy Enhancing Chrome FF IE Opera Safari
Pop Up Blocker ● ● ● ● ●
Private Browsing ● ● ● ● ●
Do Not Track Header Extension ● ● ● ●
Tracking Lists Extension Extension ● Extension
Clear History ● ● ● ● ●
Preserve Opt-Out Cookies Extension
2
Clear Recent History ● ● 3
Preserve Favorites History ● ●
© 2012. All rights reserved. Online Trust Alliance Page 9
2 If the site of the cookies you are opting out of is added to your “favorites” and you select preserve favorites when deleting your history.
3 Does not offer the granularity (last hour), as offered in Chrome or FF
Privacy Innovation
DNT - Design Considerations
• Persistent, giving greater assurance to privacy-conscious users.
• Will apply to whatever underlying tracking technology is used: cookies, flash stored objects, browser fingerprinting, or future techniques.
• Will apply universally, so users are not required to take additional action for each new tracking service they might encounter
© 2012 All rights reserved. Online Trust Alliance (OTA) Slide 10
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 6
Do Not Track Header
• Why is it needed? (is it needed?) – Limitations of opt-out cookie, added controls
• Open issues – yet progress – 1st party vs third party
– Mixed content / mashups / analytics
– Do not track or do not collect
– Exception to allow list or favorites
– W3C discussions – next meeting April10/12 DC
http://www.computerworld.com/s/article/9224583/FAQ_What_Google_s_Do_Not_Track_move_means © 2012 All rights reserved. Online Trust Alliance (OTA) Slide 11
Do Not Track Header
• A simple HTTP header that will allow users to express a preference regarding being tracked online, and what is necessary to comply with the user's preference.
–1 - User prefers not to be tracked
–0 - User prefers to allow tracking
–null (no header sent) user has no preference.
–The default is to not send the header
© 2012 All rights reserved. Online Trust Alliance (OTA) Slide 12
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 7
Do Not Track Header
• DNT header field is hereby defined as the means for expressing a user's tracking preference via HTTP
DNT-field-name = "DNT" ; case-insensitive
DNT-field-value = ( "0" / "1" ) *DNT-extension ; case-sensitive
DNT-extension = %x21 / %x23-2B / %x2D-5B / %x5D-7E ; excludes CTL, SP, DQUOTE, comma, backslash
© 2012. All rights reserved. Online Trust Alliance (OTA) Slide 13
Security & Stability Chrome FF IE Opera Safari
Anti-Phishing ● ● ● ● ●
Outdated Plugins ● ● ActiveX
Auto-Updating ● ● ●
EV SSL Certificates ● ● ● ● ●
Cross Site Scripting ● ● ● ● ●
Domain Highlighting ● ● ● ● ●
Phishing / Malicious Sites URLs ● ● ● ● ●
Malware Downloads ● ● ● ● ●
Session / Tab Recovery ● ● ● ● ●
Sandboxing ● ● ●
Mixed Content (http vs https) ●
Application Reputation ● ●
© 2012. All rights reserved. Online Trust Alliance Page 14
= limited
Security Innovation
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 8
Why Your Browser Matters
© 2012. All rights reserved. Online Trust Alliance Page 15
Consumer Education
• Impact and effectiveness of broad based campaigns.
• Limitations.
• Credibility.
• Awareness & Impressions ≠ Action
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 9
Solution
• Educate & enable at “point of browsing”
• Vendor neutral; no competitive migration
– Communicate the value proposition of security and privacy enhancements
• Customized referral re-direct pages
• Provide alternative in-page notification, directing users to click to re-direct page
– Point of interaction determined by site
© 2012. All rights reserved. Online Trust Alliance Page 17
Option In Page Notification
User visits a
site / page
Dynamic banner
in DOM presented
Current Yes Code / script on page completes a version check No
Upgrade
No
Yes
Opens new
page to
download @
Vendors Site
Page
rendered
Why Upgrade
Browsers 1 -4
No Action banner disappears User clicks and
is taken to why upgrade page
© 2012. All rights reserved. Online Trust Alliance Page 18
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 10
Concepts
© 2012. All rights reserved. Online Trust Alliance Page 19
https://otalliance.org/Browser/index-old%20browser.html
© 2012. All rights reserved. Online Trust Alliance Page 20
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 11
https://otalliance.org/Browser/whyupgrade2.html
© 2012. All rights reserved. Online Trust Alliance Page 21
Case Studies
• PayPal
• PrivacyChoice
• Publishers Clearing House
• TicketMaster
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 12
Considerations
• Site abandonment if you do not support legacy browsers
• Failing to protect consumers by allowing the use of legacy browsers
• Friction vs fraud discussion
• Overhead and dev resources required by supporting legacy browsers
• Requirement of internal polices for employees and partner access to portals / intranets
© 2012. All rights reserved. Online Trust Alliance Page 23
PayPal
© 2012. All rights reserved. Online Trust Alliance Page 24
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 13
© 2012. All rights reserved. Online Trust Alliance Page 25
PayPal
© 2012. All rights reserved. Online Trust Alliance Page 26
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 14
PayPal – Why We Care
• Reduce risk of account take over via a compromised machine.
• Communicate to users PayPal care's about their security & privacy.
• Reduce support for legacy browsers.
• Take advantage of leading technologies.
• Lead industry to invest in security and privacy innovation.
© 2012. All rights reserved. Online Trust Alliance Page 27
Privacy Choice
© 2012. All rights reserved. Online Trust Alliance Page 28
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 15
Publishers Clearing House
© 2012. All rights reserved. Online Trust Alliance Page 29
PCH - 120 Day Results
• 34% of IE 6 & 25% of FF users upgraded.
• Huge impact on dev and QA.
• Allows us to grow as developers and not write (as much) browser specific code.
• More quickly roll out updates of our browser rules to our entire network.
• Focus testing against the latest browsers.
• Users are better protected and provided a better browsing experience.
© 2012. All rights reserved. Online Trust Alliance Page 30
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 16
Ticketmaster
© 2012. All rights reserved. Online Trust Alliance Page 31
Ticketmaster
© 2012. All rights reserved. Online Trust Alliance Page 32
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 17
Next Steps
• Audit usage on your site.
–OS & Browser
–Map to engagement
• Make Security & Privacy part of your value proposition.
• Validate internal usage.
• Consider point of notice.
–Pre or Post transaction
© 2012. All rights reserved. Online Trust Alliance Page 33
Summary
• Upgrading Users (& employees) is good for your brand the ecosystem and your business.
• Need to support Privacy and security innovation.
• Embrace, supports user choice, controls and self-regulation.
© 2012. All rights reserved. Online Trust Alliance Page 34
© 2012 Online Trust Alliance https://otalliance.org +1 425-455-7400 Page 18
We Need Your Support
• Requires a Multi-Stakeholder Review
• Silo Mentality = Failure
Security Privacy Marketing
Advertising & Ops
© 2012. All rights reserved. Online Trust Alliance Page 35
More Information
• Why Your Browser Matters
–https://otalliance.org/browser
• Related Efforts https://otalliance.org
–Data Protection & Breach Readiness
–Always On SSL
–Anti-Malvertising
–Email Authentication & DMARC
–Botnet Remediation
© 2012. All rights reserved. Online Trust Alliance Page 36