{"id":374,"date":"2008-09-11T12:40:08","date_gmt":"2008-09-11T10:40:08","guid":{"rendered":"http:\/\/www.ofcourseimright.com\/?p=374"},"modified":"2008-09-11T12:39:37","modified_gmt":"2008-09-11T10:39:37","slug":"how-much-do-you-value-privacy","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=374","title":{"rendered":"How Much Do You Value Privacy?"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-medium wp-image-26\" style=\"border: 0pt none; margin: 0px 5px;\" title=\"Cybercrime\" src=\"http:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2008\/06\/cybercrime.jpg\" alt=\"\" width=\"115\" height=\"132\" \/>People in my company travel a lot, and they like to have their itineraries easily accessible.\u00a0 My wife wants to know when and where I will be, and that&#8217;s not at all unreasonable.\u00a0 So, how best to process and share that information?\u00a0 There are now several services that attempt to help you manage it.\u00a0 One of those services, <a href=\"http:\/\/www.tripit.com\">TripIt.Com<\/a>, will take an email message as input, organize your itinerary, generate appropriate calendar events, and share that information with those you authorize.<\/p>\n<p>The service is based in the U.S., and might actually share information with those you do not authorize, to market something to you- or worse.\u00a0 If the information is stolen, as was the case with travel information from a hotel we discussed <a href=\"http:\/\/www.ofcourseimright.com\/?p=304\">recently<\/a>, it can be resold to burglars who know when you&#8217;re way.\u00a0 That can be particularly nasty if in fact only you are away, and the rest of your family is not.<\/p>\n<p>But before we panic and refuse to let any of this information out, one should ask just how secure that information is.\u00a0 As it happens, travel itineraries are some of the least secure pieces of information you can possibly have.\u00a0 All a thief really needs is an old ticket stub that has one&#8217;s frequent flyer number, and we&#8217;re off to the races.\u00a0 In one case, it was shown that with this information a thief could even book a ticket for someone else.<\/p>\n<p>So how, then, do we evaluate the risk of using a service like TripIt? First of all, TripIt does not use any form of encryption or certificate trust chain to verify their identity.\u00a0 That means that all of your itinerary details go over the network in the clear.\u00a0 But as it turns out, you&#8217;ve probably already transmitted all of your details in the clear to them by sending the itinerary in email.\u00a0 Having had a quick look at their mail servers, they do not in fact verify their server identities through the use of STARTTLS, not that you as a user can easily determine this in advance.<\/p>\n<p>Some people might have stopped now, but others have more tolerance for risk.<\/p>\n<p>Perhaps a bigger problem with TripIt is that neither its <a href=\"http:\/\/www.tripit.com\/account\/edit\/section\/change_password\">password change page<\/a> nor its login page make use of SSL.\u00a0 That means that when enter your your password, the text of that password goes over the network in the clear, for all to see.\u00a0 It also means that you cannot be sure that the server on the other end is actually that of TripIt.\u00a0 To me this is a remarkable oversight.<\/p>\n<p>For all of these concerns, you still get the ability to generate an <a href=\"http:\/\/www.ietf.org\/rfc\/rfc2445.txt\">iCal<\/a> calendar subscription as well as the ability to share all of this information with friends and family.\u00a0 Is it worth it?\u00a0 One answer is that it depends on whether you actually want to enter the information yourself, whether you care about security concerns, and whether you like using calendaring clients.\u00a0 It also depends on what other services are available.<\/p>\n<p>Another service that is available is <a href=\"http:\/\/www.dopplr.com\/login?from=%2Ftraveller%2Fpigdog234\">Dopplr<\/a>.\u00a0 It also attempts to be a social networking site, not unlike <a href=\"http:\/\/www.linkedin.com\">Linked In<\/a>.\u00a0 Dopplr allows you to share you itineraries with other people, tells you about their upcoming trips (if they&#8217;re sharing with you), and it lets you create an iCal subscription.<\/p>\n<p>Dopplr also has some security problems, in that they do not use SSL to protect your password.\u00a0 They also do not use SSL for their main pages.\u00a0 They do, however, support <a href=\"http:\/\/openid.net\/\">OpenId<\/a>, an attempt to do away with site passwords entirely.\u00a0 I&#8217;ll say more about OpenId in the future, but for now I&#8217;ll state simply that just because something is new does not make it better.\u00a0 It may be better or worse.<\/p>\n<p>And so there you have it.\u00a0 Two services, both with very similar offerings, and both with almost the same privacy risks.\u00a0 One of them, by the way, could distinguish themselves by improving their privacy offering.\u00a0 That would certainly win more of my business.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>People in my company travel a lot, and they like to have their itineraries easily accessible.\u00a0 My wife wants to know when and where I will be, and that&#8217;s not at all unreasonable.\u00a0 So, how best to process and share that information?\u00a0 There are now several services that attempt to help you manage it.\u00a0 One &hellip; <a href=\"https:\/\/ofcourseimright.com\/?p=374\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;How Much Do You Value Privacy?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,11,9],"tags":[172,170,37,496,171,169,168],"class_list":["post-374","post","type-post","status-publish","format-standard","hentry","category-internet","category-internet-consumer-identity","category-security","tag-encryption","tag-openid","tag-privacy","tag-security","tag-ssl","tag-thieves","tag-travel"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=374"}],"version-history":[{"count":4,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/374\/revisions"}],"predecessor-version":[{"id":380,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/374\/revisions\/380"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}