I’ve been using the Vivaldi browser on my Mac for two or three weeks now. There are plenty of things that I love about Vivaldi, but there are also a couple of reasons that I’ve been hesitant to trust the browser enough to blog about it or to make it my default browser. They are as follows:
The second of these messages only appears once I’ve clicked “Allow” for the first. They would go away, entirely, if only I would click “Always Allow” on both pop-ups, but frankly, these messages skeeve me out a bit, and I haven’t worked up the gumption to give the browser permanent access.
But it seems that Vivaldi has at least one security leg up on Chrome, a feature that it shares with Apple’s Safari, and sorta-kinda shares with Firefox (once its user has tweaked one about:config parameter).
What I’m talking about is Punycode. I’d never heard of Punycode until the 14th of this month, when Wordfence posted about phishing attacks where domains are made to look not just similar to, but identical to other, trusted domains.
As pointed out in the Wordfence post, Internet Explorer and Safari browsers aren’t vulnerable to this type of domain spoofing. Firefox is vulnerable, but also easily fixable. With Chrome, however, you get to wait for Google to roll out a fix.
I assumed that since Vivaldi is based on Chromium, it, too, would be vulnerable to this type of spoofing.
You can take my word for it, you can read the forum post which corrected my assumption, or you can test it out via Wordfence’s “epic”1
(har, har) proof-of-concept domain for yourself (see link four paragraphs up).
Regardless of source, the point is that Vivaldi is, in this instance, a more secure bit of bytes than Google’s established browser is. And if that helps me justify my preference for a still-baking browser which changes colors to match whatever site I’m visiting and provides me with a well-organized internet experience, all while providing a better extension experience than Safari and being miles more on fleek2 than Mozilla’s present offering?
That’s a reason to post.
1. As an aside, my wife has made three trips to the real Epic’s campus in Verona, Wisconsin, this year, and is currently completing her certifications in a whole bunch of stuff that I barely understand. Mazel tov, honey! (This footnote will only make sense if you read the Wordfence article, BTW.)↩
1. Get off my lawn. And off my slang, too. Damned kids.↩