New template designed by Tina of the Blogger team. Plus tons of snark and even actual content from ol' Fake Steve. Nice!
in reference to: The Secret Diary of Steve Jobs (view on Google Sidewiki)
2009/09/27
Mint Promises
Mint is a great service, and I'm actually trusting it quite a bit. But their re-assurances are giving me the willies:
Your credentials are safe on Mint.com. We use bank-level encryption to secure your login credentials, they cannot be compromised. We are establishing a read-only connection to your bank, we cannot move or transfer money. -- mint.com
- Of these 3 statements, the first is hopefully true for some reasonable value of "safe". The second and third statements are demonstrably untrue, and they undermine the first assertion. (As a matter of fact, when my bank offered a "read only" username/password mechanism, I tried it out with Mint -- Mint choked on the results.) Mint has full access and can impersonate me to my bank. I strongly dislike this situation and want Mint and the banks to change this.
- Mint + Banks: Please implement a least-privilege access mechanism. OAuth would be great, but frankly anything including a read-only password would be better than today's situation. Mint: You really want to be able to prove that you couldn't be culpable if there is a leak or a bug. Banks: You don't want people impersonating your customers, do you? Do it the right way, guys.
Subscribe to:
Posts (Atom)
Start School Virtual, Go Physical When Feasible
These are my observations for our local conditions (Santa Clara County, July 10-12, 2020), which to summarize: Observations There are still ...
-
These are my observations for our local conditions (Santa Clara County, July 10-12, 2020), which to summarize: Observations There are still ... -
Last night Rachel Maddow talked about an apparently fake NSA document "leaked" to her organization. There's a lot of info t... -
It's not really a secret that AOL has been experimenting with OpenID . As I've said , I think that user-centric, interoperable id...
