Security in Motion

We embrace standards compliance...if you comply with our standard.

By Scott Berinato

January 15, 2004 — CSO — Principles are always taxed. To save the environment, you'll pay a seven-grand premium for a hybrid car. To keep your driving habits private, your time is taxed while you wait at turnpike tolls rather than speed through the Fast Pass lane. And if you want to be secure online by using an alternative browser, you are denied access to many IE-only Web pages, like Buymusic.com and the site for the U.S. Court for the Eastern District of Michigan. And you won't get the Web's latest features like, ESPN Motion.

ESPN Motion is a feature that slickly sticks full-frame video and sound right into the sports empire's homepage. It downloads content over a broadband connection in the background while you're doing other stuff. I wanted to try it out one day (at home, boss, I swear). But after ESPN.com tapped on my system, it said I couldn't use ESPN Motion unless I switched to Internet Explorer.

I use Mozilla Firebird. Firebird is adware-, spyware- and mallware-free. It blocks ads and pop-ups if I want it to. And, in the DIY browser security tests I ran, fewer vulnerabilities turned up on Firebird than on Internet Explorer, suggesting it has more secure code. It's definitely more secure culturally. The fact that IE is such a fat target for hackers makes avoiding it good risk management.

The Motion feature debuted as part of a major redesign of ESPN.com in which standards compliance was a huge motivating factor. The idea was that as long as your browser was standards-compliant, you got the full experience. Mike Davidson, an associate art director with ESPN, was a roving diplomat for the redesign, posting messages at developer's blogs, responding to complaints and so forth. In one interview, Davidson said, "Everyone agreed embracing standards was the right thing to do.&" Aha! I thought, I will be able to take advantage of a cool feature while sticking to my security principle. I e-mailed Mike to ask when Motion would work with all standard browsers.

He replied and seemed eager to continue with his diplomacy, but "hating to do this," he directed me to PR before we spoke. We'll get back to you, PR said. For a month.

In the meantime, I poked around. Firebird is open source, and developers are constantly adding "extensions" to it. I stumbled across one extension called "User Agent Switcher," a few K of code that allows you to change the name of your browser from Firebird to Internet Explorer (or anything else, actually). The user agent string is what many (but not all) sites use to detect what kind of browser you use. I installed it and, lo and behold, some sites that would politely tell me to go get IE now let me in. In other words, there was no real technical obstacle to my getting into some sites, just the name of the browser.

• Print