[cyberferret]

No doubting the veracity of this occurrence, but it is baffling that it happened nonetheless - federal government departments here (Australia) are usually cautious to a paranoid level when it comes to people even looking at information. I remember cases when curious internal staff members at the tax and social security offices being sacked on the spot for merely doing searches on celebrity names without due reason.

Both my sisters work in law enforcement agencies, and tell me that their every action on their computer systems is tracked and logged. Once when my younger sister worked in the Traffic infringement section of the local police department, I asked her to check up if I was actually pinged by a remote speed camera that morning as I suspected I was. She refused, on the grounds that any such searches were tracked, and if it was found she did a search against a vehicle belonging to a close family member, it would trigger an internal investigation by the ethics team.

[josephg]

I'm an Australian who lived a couple of years in the Bay Area. The views people hold toward privacy was one of the most surprising cultural differences between our countries. As an outsider I was shocked to learn that privacy really is an afterthought for a lot of bay area residents.

US anecdote: a product I worked on had a feature which needs full access to a customer's email account to use. The feature scrapes their inbox and can send emails impersonating our customers' staff. I said there was no way I'd use that feature, but it proved to be super popular! People had no problem handing over access to their entire (work) email account to a startup.

Australia anecdote: When my uncle died we needed to hunt down his bank details. The banks (by law) weren't allowed to even tell us if he was one of their customers without seeing his death certificate and our documentation.

I'm now way more nervous about trusting US based startups with my data. Its not just that many of the engineers are inexperienced, and most startups don't have any security expertise. Its also that culturally I know they probably don't understand personal privacy. I can't trust that they'll protect my data if they might not bother protecting their own.

[feld]

Fastmail is Australian. If you have a support issue and need to have an email examined they refuse to help unless you create a top level folder called "forwebmaster" and put the email there.

The first time I had to do this it solidified my trust in their services.

[mdpopescu]

I worked on a financial product based on one of Intuit's. I was shocked to realize that this Intuit product was impersonating people (using their username and password) to log on to their bank accounts and download all transactions - which our product was then analyzing. I was sure nobody would allow that; who will give a third-party their bank username and password?

I was extremely surprised to find out that the answer was "at least tens of thousands of people".

[ceejayoz]

> I was sure nobody would allow that; who will give a third-party their bank username and password?

Banks have been extremely reluctant to hop onboard with APIs. KeyBank wanted to charge me $20/month to turn on a Quickbooks export, for example.

Capital One has a neat ability to generate read-only credentials for use with stuff like Mint. Wish more banks would do that.

[sp332]

Banks don't tend to have APIs though. Either you give up your username and password, or you don't get centralized reporting. Those are your only options.

Anyway fraudulent bank transactions are relatively easy to undo, and they have really high penalties and are enforced by FBI agents who don't play around.

[ourmandave]

I wonder if people know how much their data is being accessed by 3rd parties? Maybe it starts with Intuit getting permission for something convenient and a few unread, auto opt-in "change of service agreements" later, they can share it with everyone.

[feld]

cough Mint

[shiven]

cough cough Yodlee