All sorts of cloud services want to get their hands on all sorts of private data these days.
Case in point today, Funambol — looks like a nice combination of cross-platform synchronization software, a bunch of open source software to build applications on top, and a probably useful web service. Now, do I trust this service with my address book?
Conveniently, the fail begins early enough that I don’t even get to the point where I look at the privacy policy: Not just are password choices that I can make when signing up constrained in all the wrong ways — all the interaction with the web portal is, of course, through plain HTTP.
Why, exactly, dear Funambol, do you think that I’d trust you with others’ home addresses and private phone numbers when you don’t even bother to take the elementary steps to keep my password and those data out of the hands of the attacker who’s probably sniffing the wireless network I’m using at the airport?
Come back when you’ve built a secure site. Right now, you’re not even getting past the smell test.
No Such Weblog 