Do I TRUST mint with my money management?

Mint - refreshing money management

So I've been using Microsoft Money for quite a while to manage my money but since moving to gnu/Linux, I've not really converted the money file over to anything else. I was checking out the KDE application Money2 but started thinking there has got to be a better way to do this?

Well in steps Mint fresh faced from the Techcrunch conference. When I first heard rumours about it, I thought it was something to do with that terriable credit card company in the UK with the same name. However Mint.com promises to refresh money management by adding all the goodness of Web 2.0.

So I've been checking it out, and to be honest I like what I see but I'm not convinced they can be trusted with my finanical information. Now don't get me wrong I'm no hot shot with millions in the bank but I still wouldn't want what how much I pay for lunch (not a lot thanks to Tesco) in the public domain. I'm not saying Mint are leaking this information, I'm just not sure. I've been reading there Privicy policy and it all looks ok but I have this naggy feeling that this is dangerious and should be avoided for a while longer, at least let someone else be the test muppet. I had this feeling when I first heard about Paypal and to be honest I do use it but tend not to keep money in it for long and I use its most basic features. All those advanced features like hooking it into your bank i've avoided because it worries me. Although in a recent episode of Security now, Paypal's Director of Account protection was on talking about the levels of security and privicy they have for users of their service. SecureID was one of the solutions and to be honest, if my bank offered that, I would gladly use it.

I guess my fear of using Mint is a little overboard but like linking my facebook profile to some of the other sites I use, I think somethings are maybe left alone till I can trust them. Trust is a funny thing, I mean I trust my bank, paypal, amazon, Tesco, Plaxo, etc. But I don't trust Facebook, Mint, etc with my credit card details. They haven't been around long enough to prove their trustworthness. There rep is 0 in my book. I need Facebook to stop mining my information and start offering me real uses. Mint I guess will have to rely on good feedback from people on there own blogs before I start using it.

Its all useless anyway, mint is american centric, requiring a zip code before you can sign up. Have they never heard of Open ID? Simon Wilison was right, all startups should use Open ID if they want people to use their service. Now Mint you've lost a customer because although I could make up a zip code, why the hell should I?

Comments [Comments]
Trackbacks [0]

VPN tunnel your way to safe ground with Hamachi

Hamachi on windows

What is Hamachi?

Hamachi is a UDP-based virtual private networking system. Its peers utilize the help of a 3rd node called mediation server to locate each other and to boot strap the connection between themselves. The connection itself is direct and once it's established no traffic flows through our servers.

Hamachi is not just truly peer-to-peer, it is verifiably secure peer-to-peer.

Believe it or not, but we are able to successfully mediate p2p connections in roughly 97% of all cases we dealt with so far (few tens of thousands as of early March). This includes peers sitting behind different firewalls and/or broadband routers (aka NAT devices).

Oh my goodness, if you have not tried out Hamachi and want access to your home network from elsewhere. You need to try it out! I heard it about it ages ago but dismissed it because I didnt really see the need. Well that was before I learned about how insecure Wifi can be. So during hearing this week's Security Now podcast

I spent a hour checking out Hamachi. At the moment it runs on Windows and Linux but after verison 1.0 (there currently 0.99) it will be developed for the Mac too. I dont see why you cant run the Linux version on a Mac command line but I'm sure there is a reason. So anyhow once you got it installed you can follow the Wizard which is a little too simple but good for those not deeply into networking, its easy to escape at anytime.
Once your setup its just a matter of making a new network or joining another one. You can easily make one and the the security is then all hanged off your stupidly impossible to crack password. GRC recommends some 63 character password string which can be generated here at the High security password generator. I actually went for a stupid 96 ASCII character password with all types of characters. I'll switch it down to 63 because Hamachi uses a 256bit AES crypto for authentication. After setting the password and name of the network you can go to another machine and do the same but this time hit join and enter the same details.

Before you know it your on a new type of network. Actually a 5.x.x.x IP address. I didnt even know you could actually have one of those for a network, I always thought 10.x.x.x was the lowest things went. Ok so once you got two machines on the same p2p network your away. I was able to tunnel out of my work network and on my own computer at home and launch VNC and access the net and machines attached to the same physical network. Everything is accessable and the speed is amazing. Oh yeah by the way, I only had to open one port on Smoothwall for it to work, most firewalls and NAT environments can be traversed without opening ports and port forwarding according to the Hamachi creators. I did nothing to the work network, like Skype it just worked. Crazy but true. I also tried using Hamachi with some of the sniffing tools out there and glad to say it works perfectly. All traffic is secured and even insecure connections like POP3 retrivial can not be discovered as it all looks like normal web traffic. Honestly I cant wait for version 1.0 of Hamachi. Its solved so many of my problems its untrue.

Comments [Comments]
Trackbacks [0]