Comments on: How to End Phishing With RSS http://www.hexten.net/2006/09/25/how-to-end-phishing-with-rss Better than Slashdot Fri, 09 Jan 2009 10:32:22 +0000 http://wordpress.org/?v=2.6 By: Andy http://www.hexten.net/2006/09/25/how-to-end-phishing-with-rss#comment-3688 Andy Tue, 26 Sep 2006 08:04:39 +0000 http://www.hexten.net/?p=56#comment-3688 Hence offering it as an option - to wean people off email. It only has to be as secure as email currently is - it's not going to be used for anything that they don't currently put in an email notification. Generating a random, unguessable feed URL gets you just about as much security as mail gives you. Hence offering it as an option - to wean people off email.

It only has to be as secure as email currently is - it’s not going to be used for anything that they don’t currently put in an email notification. Generating a random, unguessable feed URL gets you just about as much security as mail gives you.

]]> By: Olly http://www.hexten.net/2006/09/25/how-to-end-phishing-with-rss#comment-3680 Olly Tue, 26 Sep 2006 00:28:19 +0000 http://www.hexten.net/?p=56#comment-3680 It's a great idea in theory, but I think it has a way to go before joe public can use it. To begin with, most users don't have a clue what an RSS/Atom feed is - hopefully the functionality in IE7/Safari/Firefox/Opera will go some way towards rectifying that. Secondly, you need to deal with authentication - you don't really want your personal ebay / paypal / bank / etc account feed to be public, do you? The thing is, you can't do that until the most popular feed-readers support SSL, http-auth, etc. Some of the big names still don't. Much more viable in the longer term methinks. Mind you, there's nothing to stop them implementing it now for the likes of you and me :) It’s a great idea in theory, but I think it has a way to go before joe public can use it. To begin with, most users don’t have a clue what an RSS/Atom feed is - hopefully the functionality in IE7/Safari/Firefox/Opera will go some way towards rectifying that.

Secondly, you need to deal with authentication - you don’t really want your personal ebay / paypal / bank / etc account feed to be public, do you? The thing is, you can’t do that until the most popular feed-readers support SSL, http-auth, etc. Some of the big names still don’t.

Much more viable in the longer term methinks. Mind you, there’s nothing to stop them implementing it now for the likes of you and me :)

]]>