How Much Do You Value Privacy?

People in my company travel a lot, and they like to have their itineraries easily accessible.  My wife wants to know when and where I will be, and that’s not at all unreasonable.  So, how best to process and share that information?  There are now several services that attempt to help you manage it.  One of those services, TripIt.Com, will take an email message as input, organize your itinerary, generate appropriate calendar events, and share that information with those you authorize.

The service is based in the U.S., and might actually share information with those you do not authorize, to market something to you- or worse.  If the information is stolen, as was the case with travel information from a hotel we discussed recently, it can be resold to burglars who know when you’re way.  That can be particularly nasty if in fact only you are away, and the rest of your family is not.

But before we panic and refuse to let any of this information out, one should ask just how secure that information is.  As it happens, travel itineraries are some of the least secure pieces of information you can possibly have.  All a thief really needs is an old ticket stub that has one’s frequent flyer number, and we’re off to the races.  In one case, it was shown that with this information a thief could even book a ticket for someone else.

So how, then, do we evaluate the risk of using a service like TripIt? First of all, TripIt does not use any form of encryption or certificate trust chain to verify their identity.  That means that all of your itinerary details go over the network in the clear.  But as it turns out, you’ve probably already transmitted all of your details in the clear to them by sending the itinerary in email.  Having had a quick look at their mail servers, they do not in fact verify their server identities through the use of STARTTLS, not that you as a user can easily determine this in advance.

Some people might have stopped now, but others have more tolerance for risk.

Perhaps a bigger problem with TripIt is that neither its password change page nor its login page make use of SSL.  That means that when enter your your password, the text of that password goes over the network in the clear, for all to see.  It also means that you cannot be sure that the server on the other end is actually that of TripIt.  To me this is a remarkable oversight.

For all of these concerns, you still get the ability to generate an iCal calendar subscription as well as the ability to share all of this information with friends and family.  Is it worth it?  One answer is that it depends on whether you actually want to enter the information yourself, whether you care about security concerns, and whether you like using calendaring clients.  It also depends on what other services are available.

Another service that is available is Dopplr.  It also attempts to be a social networking site, not unlike Linked In.  Dopplr allows you to share you itineraries with other people, tells you about their upcoming trips (if they’re sharing with you), and it lets you create an iCal subscription.

Dopplr also has some security problems, in that they do not use SSL to protect your password.  They also do not use SSL for their main pages.  They do, however, support OpenId, an attempt to do away with site passwords entirely.  I’ll say more about OpenId in the future, but for now I’ll state simply that just because something is new does not make it better.  It may be better or worse.

And so there you have it.  Two services, both with very similar offerings, and both with almost the same privacy risks.  One of them, by the way, could distinguish themselves by improving their privacy offering.  That would certainly win more of my business.

California Prison Guards Misfire

According to the Associated Press, California prison guards now want to recall Governor Arnold Schwarzenegger using the same procedure that removed the previous governor, Gray Davis.  What great wrong has Arnold Schwarzenegger committed that he should deserve such an ignominious end?  He didn’t give them special treatment, when he cut pay while the budget dispute there drags on.

The job of a prison guard is a miserable one, there can be no question.  Some of the people who take the job aren’t far from the people their guarding in mentality.  But their unions have been a huge force in California politics, with strong mobilization efforts.

By handing themselves to him on a silver platter, the unions have provided the governor exactly what he needs right now: a big target that people can dislike more than him.  Not only will they succeed in their recall efforts, but by failing they will be politically neutered with their loss, making it possible for anyone to get elected without them.  Now those are handcuffs worth throwing off.

Tax & Spend Administration?

Bureau of Economics

Last night Secretary Paulson announced that the U.S. would seize control of Fanny & Freddy Mae, the two largest loan corporations in America.  Those two are so large that they could not fail, and yet there was the distinct possibility.  And so the government stepped in.  The terms of the seizure are not yet clear, but it’s sure to cost tax payers a bundle, although it will surely be less than if the loan system failed.

The administration probably did the responsible thing at this point in the game, by acting to see that chaos didn’t prevail in the loan market.  However, all of their protestations of keeping government small should be taken with a very very very small grain of salt, given that this administration will have spent more money and placed America in more debt than the previous two administrations combined (and perhaps the 2nd Reagan administration).  Also, stricter regulation of the loan market would have prevented such silliness in the first place, proving that some regulation actually saves us money.

So when Republicans say they’re for smaller government, be sure to ask who’s paying the bill for Fanny and Freddy.

Google Chrome?

A picture of a mess of wires

This past week Google released a new browser called Chrome.  Google has been a principle and driving donor to the Mozilla Foundation, the people who brought you Firefox.  Why, then, would they abandon that work in favor of starting from scratch?  There are any number of reasons I can think of, putting aside what they in fact wrote:

  • One of Google’s interests is to be able to compete with Microsoft in the applications space.  Google already has a spreadsheet and a document editor available on their web site for free.  However, the browser interface itself gets in the way of the user experience.  By way of an example, if you wish to save documents to your desktop, something everyone does, one has to invoke a download function, which might in fact cause the document to be displayed in the browser, rather than being saved.  Otherwise it might bring up the download windows, which is rather clunky.
  • To take this a step further, it is equally possible that Google is unsatisfied with the semantics to be found with the combination of HMTL, Javascript, and Java.  One thing we do not see in the announcement, for instance, is a discussion of standards adherence.  Google has a history of attempting to set de facto standards.  The problem with this is that people moving from Microsoft could end up exchanging one evil for another.  Don’t get me wrong- EVERY company wants to play this game.  However, in Microsoft’s case, they are supervised by at least two government bodies to see that their interfaces remain (at least somewhat) open.
  • There is perhaps a more obvious reason.  Firefox in particular is one of the most complex pieces of code in the world, making use of nearly every C++ construct that exists.  Few on this earth are really qualified to make changes to the code because of the level of sophistication.  Sometimes, in such circumstances, starting from scratch is easier.

Is there room in the market for Chrome and whose market share will it take?  My guess is that Firefox will bear the brunt of the loss, but sometimes hype is sufficient to steal from others as well.  If there truly are new capabilities in Chrome, they will quickly find their way into other browsers.  Unless Google encumbers the work in some way, Chrome will end up being a demonstration project.  Of one thing we can be assured: the hackers are still out there, and they will be among the first to use Chrome, to find its weaknesses, and to exploit them.  We can say that the other browsers are well vetted (yes, even IE).  Here is another opportunity for PCs to be 0wn3d.

Oops! McCain loses one point

He was doing just fine at his lovefest in the Twin Cities, but then Senator John McCain started talking about cutting taxes.   As I wrote earlier, he was palatable because he was talking about the least offensive tax, a corporate tax cut.  As he takes a more offensive position by generalzing cuts, especially in light of news like the Federal Highway Fund running out of money, now I’m giving Obama the win for the economy, and McCain loses personality points for pandering.