Priveon Labs Security Blog

This entry comes from the department of: Why would anyone do this?

If you have not already heard about Blippy.com, check it out. Basically, it allows you to link various bill payment/purchasing solutions to their account so you can share all of your purchases by location and dollar amount in real-time! This includes credit cards... Oh, and once set up, you can link this to your Facebook and/or Twitter accounts so everyone can be informed immediately.

This is insane. Give me a single good reason why this should ever occur.

Now, just to illustrate a piece of the problem, try the following:

1. Open a browser to Google.com and search for "capitalone site:blippy.com"
2. Look for the entry for "Capital One on Blippy" and click the link
3. Now, look around... several transactions come right up...
4. Want to look at more interesting info? Click on one of the usernames on this page
5. Now you can see what a specific individual has been spending in relation to their Blippy tracking.
6. Oh, and if you are interested... You can add the RSS feed to keep up... :)

While Blippy has a 'Follow-me system', by default all of your transactions are shared with the public unless you change that setting to private.

Is it me, or is everyone's Proof of Concept application (First one they write) for Facebook and Twitter going immediatley viral? Rather than to the bit-bucket...

If this trend continues, I think privacy will not be a concern at all. A divide-by-zero error of sorts...