Security and privacy shouldn’t be optional
ø
I saw a reference today to an interesting service called AwayFind, which allows you to link from your Out of Office message to a website form, just in case someone really needs to reach you. You can customize how you get notified (cell phone, SMS, etc.), set filters, etc.
In looking through their pricing plans (one free, one paid), I saw something that I’ve seen before with web 2.0 type services: only the paid plan uses SSL security to protect a user’s privacy and security when logging in and viewing his/her data.
I fully understand and support the idea of a premium tier of service, and at times, there may be added-value security services that can be included in this. But basic, relatively inexpensive security like SSL for submitting passwords and accessing sensitive data should be standard, not a premium option. This is especially true for a service that markets itself to people who are likely to be accessing the site from public Wi-Fi hotspots, where they will be transmitting data in the clear over the airwaves.
I wish the folks at AwayFind all the best, but I encourage them to consider their users’ security and move SSL encryption into the “free” column, rather than treating it as an add-on.
