Are social networking browsers a security risk?

A Chromium-based social networking web browswer called RockMelt has launched in beta, exciting many people around the world, but with the security and privacy of social networks being frequently called into question we wonder if this is the right direction to head in.

At first glance RockMelt looks incredibly good. It retains the sleek design of Google’s open source Chromium web browser, which is the code behind Chrome, but it adds a ton of new features that integrate social networking straight into the web browser. Feeds, friend tabs, and easy sharing and updating of your profile are just some of the things RockMelt has crammed in.

However, there’s nothing really new about this idea. Another web browser called Flock released a major update in May of 2009 that integrated social networking right into it with a live feed sidebar. It marketed itself as “the social web browser”, and the most recent version employs Chromium as well.

Yet it never really took off, and we wonder if a large reason behind this is simply that its focus is far too niche. The concept is good and helps distinguish these two browsers from the three main contenders – Internet Explorer, Firefox, and Chrome – but do people really want or need constantly updating sidebars while they’re trying to watch a video or write an email?

What could be a bigger problem, however, is security. Both of these browsers are touting themselves as secure and are both built on Chromium’s code, which is fairly safe. But that’s not where the problem arises – it comes from the social networks themselves, which have come under heavy fire over the past several months for continued data leaks and poor privacy policies.

Facebook is one of the best examples. It has been widely criticised for its terrible approach to user privacy, hiding options for making profiles private or friends-only and leaking out personal information. In May it was revealed that users could spy on their friends’ supposedly “private” chats. More recently people discovered that many of the apps on Facebook leaked out private information.

Facebook is not the only culprit, however. Other major social networks like Twitter have been found to contain major loopholes that can be exploited by hackers to gain access to passwords and other private information. The OAuth authentication process for Twitter was heavily criticised, despite it being an update to an even less secure method.

Do we really need to stuff these websites, with all their flaws and gaping holes, into a web browser that we might use to access our bank accounts or make purchases online? Do we really need to have our friends and colleagues, not to mention the total strangers that end up adding us on Facebook, watching our every move with updates straight from our browser?

While social networking has brought many benefits, its popularity has caused it to become a primary focus of hackers and scammers, who often employ mouse-over exploits and clickjacking within seemingly innocuous updates to social networks as a way to lure users into lowering their defences. The last thing we need is to have this built straight into our browsers.