June 27, 2011

Would you grant complete access to your Twitter account?

Rafal Los posed the question recently in his blog: "am I too paranoid?"

The context is he was speaking about a Twitter statistics website that he found which requires your login credentials in order to provide capabilities beyond statistics. Being the good security-minded chap that he is he looked into what this widget will do for you if you provide your credentials. Here's what he found.

It will...

* Read Tweets from your timeline.
No worries here, everyone can do that.

* See who you follow and follow new people.
Okay to the see who you follow, that's public. ...wait, "follow new people"? Why? What makes it think I want to follow these people it auto-follows? Nope, don't like this. I would accept suggestions on who to follow though.

* Update your profile.
Huh? What for? What would it add? Don't like that. Rafal mentions he doesn't even let his marketing people do that. Heh, I don't have marketing people but if I did I might let them access it...well maybe.

* Post Tweets for you.
What are you going to post? Advertisements spamming ppl? That's get me fewer followers. Ah no, no you won't you lil widget, you won't be doing this.

* Reading direct messages.
Excuse me! Why? For what purpose?

There's no way I would want a widget like this to have complete access to my Twitter profile. Am I too paranoid like Rafal? Maybe but I think for good reason, well many reasons. One such reason is need to know principle. In my opinion, this widget does not need access to some of the areas it accesses. It's the same reason why I don't give out my social security number easily or without asking why they need it. At the DMV, sure, at a department store, nope.

So no Rafal, you aren't being too paranoid...you're being sensible, safe, smart.

Check out Rafal's blog, he writes some good stuff.
http://h30499.www3.hp.com/t5/user/viewprofilepage/user-id/604516

Entry related to this topic:
http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/Am-I-Just-Too-Paranoid-Federating-Identity-by-Twitter/ba-p/2414931

June 24, 2011

Get your milk, bread, beer, and ID theft insurance from one place...huh?

"Honey on the way home from work pick up some milk, bread, bananas, pound of hamburger, and identity theft insurance." "Wait, what?"

Bet you never heard that one before. So I was in Kroger(1) the other day picking up some of the staples and as I was walking past the end of an aisle I saw something that stopped me in my tracks. A brochure advertising identity (ID) theft protection.
My jaw dropped. I mean, come one, who goes to a grocery store to pick up ID theft protection? Not the place I would expect it.

A division of Kroger called Kroger Personal Finance offers something PrivacyGuard. Essentially it's a monitoring service which will watch your credit cards and credit information, alerting you if any anonmalies are detected. It will also alert you when someone requests your credit report.

Unfortunately it won't alert you when you are low on milk or bread. Maybe that's another service Kroger should offer: Kroger Food Pantry Monitoring. ;) Makes a little more sense than ID theft insurance.

(1) This blog posting is in no way endorsing any brand or product.