Netflix Fanatic 1.0.1

Safari uses the keychain to store login information. The keychain doesn't limit passwords to a single app unless told to. If Netflix Fanatic also uses the keychain and happens to want the same information, of course it'll use your login info from Safari...

Yes, but I didn't even get a keychain dialog when Netflix Fanatic read the information. And the keychain shows that the only app that's allowed access to that information without asking is Safari.

On first launch, the program explains that it gets information from Safari cookies to connect to your Netflix account. It does not use the Keychain. Cookies are stored in a plain text file in ~/Library/Cookies, but Netflix Fanatic accesses them using the public WebKit framework.

If you look at the cookies that Netflix stores for you inside Safari, you'll see that it's just a bunch of gibberish alphanumeric strings that only mean something to Netflix. Netflix Fanatic sends the cookies when connecting to Netflix, which is the same thing that Safari does when you connect to the Netflix website in Safari. So, if you think it's normal that you can go to Netflix's website in Safari and not be asked for your name/password, then why not feel the same way when it's another application? :)

It doesn't say that it uses cookies. It says:

Netflix Fanatic uses information stored in your Safari preferences to connect to your Netflix account, so this program will not ask you for your Netflix account name or password.

However, I'm happier now that I know it's not using the Keychain. Safari accessing the name and password doesn't bother me, because I trust Apple and the Safari developers. What bothers me is that your application demonstrates that from now on any application that I download has easy access to my cookies (I understand cookies, but hadn't really though about them in this context before) and could use them to do stuff behind my back. I think perhaps Safari should store cookies encrypted, or in the Keychain.

I see. I thought the complaint was with my program doing something nefarious, but it looks like you're taking issue with Apple allowing access to your cookies via a publicly available framework (which is known as WebKit and first shipped with Safari 1.0) so that applications like mine can easily get access to them. All browsers since the beginning of time have stored cookies in plain text files on your hard drive -- The only thing different is that now Apple is officially providing an API for developers to access this information for their own applications rather than having to roll their own.

If this is really of concern to you, I suggest you let Apple know since what I'm doing with my application is officially supported by Apple in their new APIs. Try the Mac OS X feedback page for starters:

http://www.apple.com/macosx/feedback/

Yes, I have no problem with what your program is doing. Like I said, I was impressed that it made everything so easy. And I realize that the security issues with cookies are not new. However, your program made me realize that the barriers to entry are now very low for making a utility like Netflix Fanatic that's really a Trojan horse. I think there needs to be some sort of authentication before an application can get at the cookies.

I have been googling for somewhere that still has a copy of Netflix Fanatic to download, and can't find any... Can anybody tell me where it is still available?

Cricket, what's the latest news? Any chance of resolving the problem? Or passing the source on to anyone else for continued development and maintenance?

I'm a longtime Netflix user, and since discovering Netflix Fanatic on the web, was looking forward to trading in my old mac and moving to os x. Finally did that this month, and really pissed to discover your problem. That sucks... Netflix should be supporting more innovation, there is a lot that can be done, and its surprising to me that they are not. Oh well.

Netflix Fanatic wasn't canned because of Netflix.

ftp://ftp.tidbits.com/ info- mac/ app/ netflix- fanatic- 114.hqx