2009/09/30

Really awesome new look for Fake Steve Jobs

New template designed by Tina of the Blogger team. Plus tons of snark and even actual content from ol' Fake Steve. Nice!

in reference to: The Secret Diary of Steve Jobs (view on Google Sidewiki)

2009/09/27

Mint Promises

Mint is a great service, and I'm actually trusting it quite a bit.  But their re-assurances are giving me the willies:
Your credentials are safe on Mint.com.  We use bank-level encryption to secure your login credentials, they cannot be compromised. We are establishing a read-only connection to your bank, we cannot move or transfer money. -- mint.com
Of these 3 statements, the first is hopefully true for some reasonable value of "safe".  The second and third statements are demonstrably untrue, and they undermine the first assertion.  (As a matter of fact, when my bank offered a "read only" username/password mechanism, I tried it out with Mint -- Mint choked on the results.)  Mint has full access and can impersonate me to my bank.  I strongly dislike this situation and want Mint and the banks to change this.

Mint + Banks:  Please implement a least-privilege access mechanism.  OAuth would be great, but frankly anything including a read-only password would be better than today's situation.  Mint: You really want to be able to prove that you couldn't be culpable if there is a leak or a bug.  Banks:  You don't want people impersonating your customers, do you?  Do it the right way, guys.