On Thu, Oct 7, 2010 at 14:56, Justin Dugger jldugger@gmail.com wrote:
Here's the deal: you live in America, land of the business deal. OFX
The world is what you make of it. I live in the Land of the Free.
When was the last time you received a document containing sensitive information that was encrypted? Now how many of those documents came through the USPS unencrypted? I have more confidence in the reliability and secrecy of email than USPS mail.
I've received lots of documents via HTTPS that were encrypted.
No. You have not. You can not receive documents over HTTPS. You may retrieve them over HTTPS, and the difference betewen retrieve and receive is significant. I tried to illustrate that difference when I made you retrieve my earlier reply from http://bcrook.com/.reply.txt I guess it wasn't clear enough.
They could deliver statements via https rss feed with authentication.
That's a winner.
The reason it is less than ideal is that the recipient has to poll the sender. Ideal is senders pushing to recipients.
Fundamentally, they prepare the document. They know first when it is ready. It is their duty to transmit it to me without my involvement. Email fits that profile well. What I want is every midnight of the first day of the month, the statement for the last month gets saved in all of my replicated servers, and pops up in evince on all of my desktops. I should not have to click links or enter passwords or fore-go secrecy.
Their duty is to protect your money and your privacy. If you're following proper security procedures, your PGP key is encrypted on disk, requiring you to decrypt it before passing it to evince (really, your ideal world involves PDF?!?)
Their duty is to satisfy me more than their competition can, or I will go somewhere else, like I am doing now. An individual's 'proper security procedures' are whatever they decide is the best balance of security and convenience. Mine do actually include storing keys exclusively on encrypted storage, because using Free Software, the effort required is trivial.
Sorry I used the word 'evince' btw. I didn't mean to distract you from the point. s/evince/viewer/g
However, I'm actually not 100% against PDF. So long as PDFs are generated by parties whom you trust not to have interests averse to your own, they're not that dangerous. Most people probably think of account statements as paged documents that they never edit, and PDF is the most common format with the slimmest viewer software that fits the bill, but I'll consider your suggestion if you have a better alternative document format.
I'll take PDF over paper any day, and it's the best multi-page format, that the best Free Software document scanning program I could find, can use, so it already makes up the majority of my records. When I retain statements from a website I typically do [ctrl]+[s], and save HTML rather than printing to PDF, and if I can get the data from which that statement was generated, I'll do that.