Response to Building a Better Browser

Scott Berkun, former Internet Explorer program manager, has written an interesting article: How to build a better web browser. A few friends have asked for my comments, so here goes.

For readers unfamiliar with my background, I’m the developer of the NetCaptor web browser. NetCaptor introduced "tabbed browsing" to the world back in 1998, long before Opera or Firefox.

Scott is right on in his opinion on intelligent bookmarks. A system that automatically builds a list of your most frequently visited sites, whether from the address bar, Links, Favorites, Aliases, or other means has been on my TODO list for years – I just need to pull the trigger one of these days.

Scott thinks Favorites should be searchable, and notes that Firefox has that feature. NetCaptor has had it also… for longer than most of my children have been alive. It would be slick to allow searching by other site metadata as well. NetCaptor just searches the actual Favorites files themselves (essentially little .ini files), and it wouldn’t be too hard to add the site metadata to that file when its created.

About sidebars. I think one of the reasons that IE’s sidebars never really caught on is that they are so hard to switch between. They are totally independent of one another. Want to switch from your Favorites to your History bar? If you click the History button, the Favorites bar goes away. Where’d it go? I think NetCaptor’s tabbed sidebar is a much better implementation.

The part of Scott’s article that really got me going was his discussion of Security and Stability.

Something is wrong if competition in any product line continually focuses on security and stability. These design attributes are basic requirements, not advanced features. You won’t see advertisements for toaster ovens that say "Now, it explodes less often!"

He’s right… there is something wrong – what’s wrong is that the market leader IE has made security features and usability an afterthought. How many clicks does it take to add a web site to your Trust Sites zone in Internet Explorer? About 9. Tools > Internet Options > Security Tab > Trust sites icon, sites button, type the site, hit OK twice, and then you’re done. And you have to type the site address correctly. In NetCaptor, its a two clicker with no typing: Security menu, Add to Trusted Sites zone. How many clicks does it take to disable javascript in IE? About 5. In NetCaptor, its 2 again. Does IE let you look at the cookies that a current site has stored on your system? Nope. Someday alternative browsers will move beyond the focus on security, but only when IE is so secure that improvements aren’t necessary.

One last gripe. Scott thinks browsers should store credit card numbers so users never have to type them twice.

[P]rovide a standard secure way for me to pay for things on the web, and don’t ever require me to type in that 16 digit # again.

No, no, no. Please don’t store credit card numbers locally. Why? There is no secure way to store them locally so that a spyware or trojan app can’t steal them. Even if you encrypt them on your local machine, you need to decrypt them on the local machine. Anything you do on your machine is crackable, so it would be fairly trivial to write a trojan to steal that data. IE puts its autocomplete data in "protected storage", but its trivial to get it out again. I’ve got an app I never released that goes through and shows you exactly what’s stored by autocomplete – sometimes its not pretty.

Advertisements

4 thoughts on “Response to Building a Better Browser

  1. If you have spyware or a trojan running arbitrary code on your machine, why aren’t they just sniffing your keystrokes for the credit card numbers? If they’re able to intercept either post-decryption memory in the browser or the master password when entered by the user, they’ve already won, and no “don’t save that on the disk!” approach will help.

  2. To Mike. You’re open to anything if a trojan can run arbitrary code on your box. But at least they have to wait for you to type those CC numbers. The time delay from trojan install to snatching CCs may be long, giving users much more time to catch these kinds of trojans. By storing credit cards (or SSNs, etc) to disk, you are setting yourself up for a snatch-and-grab robbery. I’ll take the time delay every time.

  3. Many of the points listed in your response to Berkun is why I evangelize NetCaptor. When others see its clean interface and customizability, it often provokes a “Wow!” moment.

Comments are closed.