touch-packages team mailing list archive

Thread
Date

[Bug 1489643] [NEW] Paypal login cannot be assured to be from paypal

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Stuart Langridge <sil-launchpad@xxxxxxxxxxxxx>
Date: Thu, 27 Aug 2015 22:30:50 -0000
Reply-to: Bug 1489643 <1489643@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When paying for an app with Paypal, the Paypal login screen is presented
in an Ubuntu wrapper. There is no indication on this page that I'm
actually looking at paypal.com rather than being phished or that some
bad DNS has pointed me to a wrong site. The padlock in the top corner
doesn't indicate anything I'm inclined to believe -- is it showing that
the connection is https? Has it verified that I'm really talking to
Paypal? How can I know that? This is encouraging people to type their
Paypal password into phishing sites. The previous step in the purchase
process, where I'm choosing which payment system to use, also displays a
padlock, and that hasn't connected to any payment site at all.

** Affects: unity-scope-click (Ubuntu)
Importance: Undecided
Status: New

** Attachment added: ""Paypal" login in Ubuntu wrapper"
https://bugs.launchpad.net/bugs/1489643/+attachment/4453547/+files/screenshot20150827_230910161.png

--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity-scope-click in
Ubuntu.
https://bugs.launchpad.net/bugs/1489643

Title:
Paypal login cannot be assured to be from paypal

Status in unity-scope-click package in Ubuntu:
New

Bug description:
When paying for an app with Paypal, the Paypal login screen is
presented in an Ubuntu wrapper. There is no indication on this page
that I'm actually looking at paypal.com rather than being phished or
that some bad DNS has pointed me to a wrong site. The padlock in the
top corner doesn't indicate anything I'm inclined to believe -- is it
showing that the connection is https? Has it verified that I'm really
talking to Paypal? How can I know that? This is encouraging people to
type their Paypal password into phishing sites. The previous step in
the purchase process, where I'm choosing which payment system to use,
also displays a padlock, and that hasn't connected to any payment site
at all.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity-scope-click/+bug/1489643/+subscriptions

Follow ups

[Bug 1489643] Re: [pay UI] Paypal login cannot be assured to be from paypal
From: Rodney Dawes, 2016-02-05
[Bug 1489643] Re: Paypal login cannot be assured to be from paypal
From: Rodney Dawes, 2015-09-02
[Bug 1489643] Re: Paypal login cannot be assured to be from paypal
From: Jamie Strandboge, 2015-08-28
[Bug 1489643] Re: Paypal login cannot be assured to be from paypal
From: Jamie Strandboge, 2015-08-28
[Bug 1489643] Re: Paypal login cannot be assured to be from paypal
From: Alejandro J. Cura, 2015-08-28
[Bug 1489643] Re: Paypal login cannot be assured to be from paypal
From: Alejandro J. Cura, 2015-08-28