New template designed by Tina of the Blogger team. Plus tons of snark and even actual content from ol' Fake Steve. Nice!
in reference to: The Secret Diary of Steve Jobs (view on Google Sidewiki)
2009/09/27
Mint Promises
Mint is a great service, and I'm actually trusting it quite a bit. But their re-assurances are giving me the willies:
Your credentials are safe on Mint.com. We use bank-level encryption to secure your login credentials, they cannot be compromised. We are establishing a read-only connection to your bank, we cannot move or transfer money. -- mint.com
- Of these 3 statements, the first is hopefully true for some reasonable value of "safe". The second and third statements are demonstrably untrue, and they undermine the first assertion. (As a matter of fact, when my bank offered a "read only" username/password mechanism, I tried it out with Mint -- Mint choked on the results.) Mint has full access and can impersonate me to my bank. I strongly dislike this situation and want Mint and the banks to change this.
- Mint + Banks: Please implement a least-privilege access mechanism. OAuth would be great, but frankly anything including a read-only password would be better than today's situation. Mint: You really want to be able to prove that you couldn't be culpable if there is a leak or a bug. Banks: You don't want people impersonating your customers, do you? Do it the right way, guys.
Subscribe to:
Posts (Atom)
COVID-19: Evaluating School Closures
I'm getting increasingly concerned that many Santa Clara County public schools are continuing normal operations when -- based on availab...
-
Last night Rachel Maddow talked about an apparently fake NSA document "leaked" to her organization. There's a lot of info t... -
I've had a Facebook account for a few years, largely because other people were on it and were organizing useful communities there. I s...
-
I'm getting increasingly concerned that many Santa Clara County public schools are continuing normal operations when -- based on availab...