New template designed by Tina of the Blogger team. Plus tons of snark and even actual content from ol' Fake Steve. Nice!
in reference to: The Secret Diary of Steve Jobs (view on Google Sidewiki)
2009/09/27
Mint Promises
Mint is a great service, and I'm actually trusting it quite a bit. But their re-assurances are giving me the willies:
Your credentials are safe on Mint.com. We use bank-level encryption to secure your login credentials, they cannot be compromised. We are establishing a read-only connection to your bank, we cannot move or transfer money. -- mint.com
- Of these 3 statements, the first is hopefully true for some reasonable value of "safe". The second and third statements are demonstrably untrue, and they undermine the first assertion. (As a matter of fact, when my bank offered a "read only" username/password mechanism, I tried it out with Mint -- Mint choked on the results.) Mint has full access and can impersonate me to my bank. I strongly dislike this situation and want Mint and the banks to change this.
- Mint + Banks: Please implement a least-privilege access mechanism. OAuth would be great, but frankly anything including a read-only password would be better than today's situation. Mint: You really want to be able to prove that you couldn't be culpable if there is a leak or a bug. Banks: You don't want people impersonating your customers, do you? Do it the right way, guys.
Subscribe to:
Posts (Atom)
Suspended by the Baby Boss at Twitter
Well! I'm now suspended from Twitter for stating that Elon's jet was in London recently. (It was flying in the air to Qatar at the...
-
Last night Rachel Maddow talked about an apparently fake NSA document "leaked" to her organization. There's a lot of info t... -
Congratulations to the Ficlets teamon their launch(escape?) . In addition to being a neat site, it's also a greatdemonstration of what...
-
XAuth is a lot like democracy: The worst form of user identity prefs, except for all those others that have been tried (apologies to Churc...