Bank websites

Billy Crook billycrook at gmail.com
Thu Oct 7 15:44:06 CDT 2010 

On Thu, Oct 7, 2010 at 14:56, Justin Dugger <jldugger at gmail.com> wrote:
> Here's the deal: you live in America, land of the business deal. OFX

The world is what you make of it.  I live in the Land of the Free.

>>When was the last time you received a document containing sensitive information that was encrypted?  Now how many of those
>>documents came through the USPS unencrypted?  I have more confidence in the reliability and secrecy of email than USPS mail.
> I've received lots of documents via HTTPS that were encrypted.

No.  You have not.  You can not receive documents over HTTPS.  You may
retrieve them over HTTPS, and the difference betewen retrieve and
receive is significant.  I tried to illustrate that difference when I
made you retrieve my earlier reply from http://bcrook.com/.reply.txt
I guess it wasn't clear enough.

>>They could deliver statements via https rss feed with authentication.
> That's a winner.

The reason it is less than ideal is that the recipient has to poll the
sender.  Ideal is senders pushing to recipients.

>>Fundamentally, they prepare the document.  They know first when it is ready.  It is their duty to transmit it to me without my
>>involvement.  Email fits that profile well.  What I want is every midnight of the first day of the month, the statement for the last month
>>gets saved in all of my replicated servers, and pops up in evince on all of my desktops.  I should not have to click links or enter
>>passwords or fore-go secrecy.
>
> Their duty is to protect your money and your privacy. If you're
> following proper security procedures, your PGP key is encrypted on
> disk, requiring you to decrypt it before passing it to evince (really,
> your ideal world involves PDF?!?)

Their duty is to satisfy me more than their competition can, or I will
go somewhere else, like I am doing now.  An individual's 'proper
security procedures' are whatever they decide is the best balance of
security and convenience.  Mine do actually include storing keys
exclusively on encrypted storage, because using Free Software, the
effort required is trivial.

Sorry I used the word 'evince' btw.  I didn't mean to distract you
from the point.  s/evince/viewer/g

However, I'm actually not 100% against PDF.  So long as PDFs are
generated by parties whom you trust not to have interests averse to
your own, they're not that dangerous. Most people probably think of
account statements as paged documents that they never edit, and PDF is
the most common format with the slimmest viewer software that fits the
bill, but I'll consider your suggestion if you have a better
alternative document format.

I'll take PDF over paper any day, and it's the best multi-page format,
that the best Free Software document scanning program I could find,
can use, so it already makes up the majority of my records.  When I
retain statements from a website I typically do [ctrl]+[s], and save
HTML rather than printing to PDF, and if I can get the data from which
that statement was generated, I'll do that.

More information about the KCLUG mailing list