Safari 3.2, which Apple released last week, warns users when the browser is steered toward known phishing sites that try to trick people into divulging personal information, including usernames and passwords to online bank accounts.
Apple, however, did not provide any details about the new tool in Safari's help file or its online documentation, nor have company representatives responded to questions about how the feature works, what database it uses to blackball sites, and whether it relays URLs back to Apple for checking or relies on a locally stored database.
Some answers are apparent when a user clicks on links in the display that pops up after Safari encounters an identity-stealing site.
The warning includes two links, both of which lead to pages on Google's Web site. The first link, "Learn more about phishing scams," takes users to a stock description of phishing attacks, while the second, "Report an error," ends up at another Google page where false positives can be reported.
Other sources, however, claimed that Safari actually uses a blacklist that combines both Google's database and that of PhishTank, a community phishing-site reporting project run byOpenDNS, a San Francisco company best known for providing a free DNS service. OpenDNS, however, did not return a call asking the company to confirm.
Safari was the last of the major browsers to add antiphishing protection, but at least two rivals also rely on Google for its blacklist.
Mozilla Corp.'s Firefox, which added a warning tool in 2006 with Version 2.0, calls on Google's "Safe Browsing" code to decide whether a site is potentially dangerous, as does Chrome, the browser beta that Google launched for Windows XP and Vista in early September.
Safari 3.2 can be downloaded from Apple's site, while users can update their editions using the browser's built-in update feature or, on Windows, by running the separate Apple Software Update utility.