Dolphin Admits to Massive Privacy Hole in Dolphin Browser HD
One of the main features of the Dolphin HD alternative browser is its Webzine mode, which presents websites in a format optimized for casual browsing on a mobile device. Recent analysis of information transmitted during browsing sessions has revealed that Webzine may be a privacy liability, sharing details of your session with Dolphin. The company has now responded to the issue; what went wrong, and how has it been fixed?
As it turns out, the browser has been passing along the URL for every single page you’ve visited to one of Dolphin’s servers. The company has explained that this was so the browser could check to see if a Webzine-optimized version of the content was available, and that users’ URL information was never stored. While that explanation makes sense, it paints Dolphin in a seriously troubling light, suggesting it has very little concern for its users’ privacy; it’s really hard to imagine a company thinking this sort of action either wouldn’t be noticed or would be readily tolerated.
What’s worse is how huge a bandwidth waste this is. Dolphin supports Webzine with something like 300 sites. That means it’s been checking the entire contents of the internet against this short list to see if a Webzine version of a site was available. First work-around that comes to our head: since it’s such an extremely short list, have the browser request the entire thing at the beginning of a browsing session, updating it once a week or so, and store it locally.
Dolphin claims it has now disabled the feature in Dolphin Browser HD 7.0.2, and future versions will be opt-in only.