News

Allan Benamer recently pointed out a number of security issues with HTML-based fundraising widgets on his Non-Profit Tech Blog:

He discussed a number of security issues that widgets involving ecommerce should be aware of, including authentication, verification, and encryption. In fact, he found it so easy to cut and paste the code to create an authentic-looking widget he put a fake copy from a real fundraising widget on the blog’s home page. see copy of his fake widget below

This is similar to the scam where thieves create a fake official-looking facade for an ATM, allowing unwitting victims to enter their credentials. This problem is relevant to any widget that asks for personal information or links to payment pages that ask for personal information. How do you know you can trust this new technology?

At ChipIn we actually looked at HTML-based widgets early on and found a number of problems with them:

• It was too easy for someone to copy content, modify it, and pose as a fake widget
• Trying to use SSL in an iframe on non-SSL sites causes some browsers such as Internet Explorer to pop up security alerts, something we found was not popular with our users
• Implementing the type of rich media features and polish we wanted proved to be too time consuming with just JavaScript and HTML, given that we wanted to work consistently on many different widget and gadget platforms/APIs (Google, Netvibes, Widgetbox, Typepad, Apple’s Dashboard, etc.)

We know that no security solution is 100% foolproof, but the best we can do is make use of a few techniques to raise the barrier to entry:

• Making it harder to copy the widget. We currently obfuscate and encrypt the widget’s bytecode to make it a little less easy to just copy and paste. Right now our institutional organizers can moderate and disable widgets that appear on unknown or undesired Web pages. Widget configuration parameters (such as size, color, and branding elements) can be locked so they are tied to a specific event ID and cannot be overridden.
• Adding authentication. The next generation of our patent-pending system will make use of one time encryption keys and SSL so that not just any widget will be able to communicate with our servers to receive rich content. This system will also feature a verification link on our widget that goes to ChipIn so users can verify whether or not we support an event. Creating such a link in HTML is somewhat easier to fake.
• Adding richer interactivity. Already our widget has YouTube-like capabilities, allowing one to play widget-specific video clips as well as Flash movies either as features or backgrounds, along with multiple content panels. The more we can make our widget distinct in a rich interactive way, the harder it will be to simply emulate.

There’s a lot more planned down the road, but we want you to know that we’re thinking hard about these issues so that the emerging field of widget-based fundraising can eventually blossom into a powerful social force.

This entry was posted on Friday, December 29th, 2006 at 4:07 am and is filed under ChipBlog.