ALARMED: Security in Motion

Principles are always taxed. To save the environment, you'll pay a seven-grand premium for a hybrid car. To keep your driving habits private, your time is taxed while you wait at turnpike tolls rather than speed through the Fast Pass lane. And if you want to be secure online by using an alternative browser, you are denied access to many IE-only Web pages, like and the site for the US Court for the Eastern District of Michigan. And you won't get the Web's latest features like, ESPN Motion.

ESPN Motion is a feature that slickly sticks full-frame video and sound right into the sports empire's homepage. It downloads content over a broadband connection in the background while you're doing other stuff. I wanted to try it out one day (at home, boss, I swear). But after tapped on my system, it said I couldn't use ESPN Motion unless I switched to Internet Explorer.

I use Mozilla Firebird. Firebird is adware-, spyware- and mallware-free. It blocks ads and pop-ups if I want it to. And, in the DIY browser security tests I ran, fewer vulnerabilities turned up on Firebird than on Internet Explorer, suggesting it has more secure code. It's definitely more secure culturally. The fact that IE is such a fat target for hackers makes avoiding it good risk management.

The Motion feature debuted as part of a major redesign of in which standards compliance was a huge motivating factor. The idea was that as long as your browser was standards-compliant, you got the full experience. Mike Davidson, an associate art director with ESPN, was a roving diplomat for the redesign, posting messages at developer's blogs, responding to complaints and so forth. In one interview, Davidson said, "Everyone agreed embracing standards was the right thing to do.…" Aha! I thought, I will be able to take advantage of a cool feature while sticking to my security principle. I e-mailed Mike to ask when Motion would work with all standard browsers.

He replied and seemed eager to continue with his diplomacy, but "hating to do this," he directed me to PR before we spoke. We'll get back to you, PR said. For a month.

In the meantime, I poked around. Firebird is open source, and developers are constantly adding "extensions" to it. I stumbled across one extension called "User Agent Switcher," a few K of code that allows you to change the name of your browser from Firebird to Internet Explorer (or anything else, actually). The user agent string is what many (but not all) sites use to detect what kind of browser you use. I installed it and, lo and behold, some sites that would politely tell me to go get IE now let me in. In other words, there was no real technical obstacle to my getting into some sites, just the name of the browser.

I went back to the ESPN Motion site to see if my "Internet Explorer" passed its ESPN Motion compatibility test. Where it used to tell me to download IE, it now said "Passed."

In other words, ESPN motion wasn't really looking for IE for any technical reason. When you think about it, and the MSN portal have a tight relationship. Maybe this was just a way to get even more people to switch to IE.

Finally, yesterday, ESPN PR, which had dished me off to Disney PR, which sent me back to ESPN PR, delivered replies to my questions about whether the decision to develop ESPN Motion for IE-only was driven by technical requirements or simple business decisions, or if it was even a real requirement.

The answers weren't particularly useful and they were varnished with corporate lacquer. (You can see the complete transcript below.) What I gleaned from it is that this was indeed largely a business decision; there simply aren't enough non-Internet Explorer users for ESPN to worry about them. Mike Davidson in fact had talked in that interview about how "blessed" was to have 98 per cent of its traffic come from standard browsers. "The majority of our traffic comes from the workplace,” he notes, “where companies seem to have settled on IE 5 and 6 in a pretty overwhelming way."

But something about Davidson's constant beating of the standards drum in his online postings was a little unsettling when the crown jewel feature in his website (one in which he may or may not have been involved — they wouldn't let him talk to me) appears to be anything but standard, unless standard is defined as "most people use it.” Not only did it require Internet Explorer when there are plenty of other standard browsers out there (Firebird included), but it also required the user to download and use Windows Media Player, a vendor-specific product. But, hey, most people use it.

And while my "IE" browser passed the test, the install of ESPN Motion didn't proceed because the site told me I had to install Windows Media Player, which I already had done. Whether this was related to my duping the system with the User Agent Switcher or not remains unclear. Neither ESPN nor Disney answered technical questions.

Normally, I don't mind paying the security tax; I understand I'm part of a tiny minority that uses Firebird and sometimes, for both business and technical reasons that are valid, that means I get a quirky page load or I miss out on a new feature like ESPN Motion. But in this case, I'm not sure the reason I'm paying the security tax is valid, since all I had to do was change the name of my browser, and not the browser itself to pass a compliance test. If it turns out this is just marketing, just an effort on Disney's and Microsoft's part to get more people to say, Oh well, fine, I'll switch to get the cool feature (Motion technology is now found on ABC and Disney as well), then I mind mightily.

In the meantime, my boss will be happy to know, I'm sticking with Firebird. No ESPN Motion for me. I hear they put commercials in, anyway.

"Alarmed" is a biweekly column about security and privacy. Look for a new version every other Thursday.

SIDEBAR: Transcript of replies from ESPN PR

1. How, technically, does ESPN Motion work?

ESPN Motion was created through proprietary and patent-pending technology; therefore, we are limited in what we can discuss. What we can share is that ESPN Motion is designed such that videos are downloaded onto an end-user's machine in advance of playback. This provides a much better video quality for our fans.

2. Why, technically, does ESPN Motion only work with IE?

The current implementation of ESPN Motion on was not designed to function in multiple configurations. When embarking on a software or Web-based development project, it is not unusual to fully develop the project to function on one chosen platform/configuration (typically that chosen platform/configuration represents the majority of the user-base). Following success in the initial platform/configuration, the project may be extended into other platforms/configurations more easily.

3. Would it have been possible, technically, to have developed ESPN Motion to a generic standard and applied it to all browsers? If so, would this have affected its performance? Would it have limited features or any other aspect of ESPN Motion?

What I can tell you is that following the success we experienced with the PC-Version of ESPN Motion, we undertook development for a MAC-Version. The MAC OS X version of ESPN Motion will be debuted in a beta form within the next few weeks.

4. How much development went into ESPN Motion, that is, in worker-hours, lines of code, days/weeks/months from the start of development? The more metrics the better.

We do not share development schedule details, but it is safe to say that this project represents work performed from multiple parts of the company, including executive, engineering, design, production and editorial.

5. Does developing new versions of ESPN Motion require you to start from scratch, or just tweak the code that you have?

It would truly be a rare set of circumstances that resulted in us "starting from scratch" when developing new versions or enhancements to the ESPN Motion product. There is so much learning that goes with the development and maintenance of a project like this that there is always something to carry forward into related projects regardless of the scope.

6. Will you develop ESPN Motion to work with Apple Safari, Netscape Navigator 7.x, Mozilla 1.x, Mozilla Firebird, Opera or any other browser?

We are unable to share specific product and/or development strategies outside the company, but this question may best be addressed through sharing our philosophy. It is our development and product strategy to serve the sports fan wherever and whenever the fan seeks sports entertainment and information. This philosophy helps to determine the extent to which we cross-platform develop. — Scott Berinato

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ABC NetworksCrownMicrosoftMSN

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Scott Berinato

Latest Videos

More videos

Blog Posts