« Telco Immunity Passes Senate, 31-67 | Main | DNS Advantage Phish Blocking: Lame? »

February 13, 2008

Some of Sandy's Documentation Does Privacy Warnings Right

I wrote Sandy up for Instant Messaging Planet a few days ago. Sandy is an e-mail based "personal assistant," which is to say it's a to-do list that can process lists and reminders based on e-mail messages you send it. I've got a Sandy account, and I'd like to use it more, but the jury's still out. In the mean time, while looking up the service's information on ways to get my information back out of it, I checked out the iCal subscription options. Sandy uses the same approach for that kind of thing other services do, relying on obfuscatory "secret" URLs instead of authentication. The part I like about Sandy's approach is the disclosure. It reads:

WARNING: Before you click that "Add" button!

Make sure the "Allow others to find this public calendar via Google Calendar search?" checkbox is *NOT checked! If you check that box, your I want Sandy calendar, it's contents, and private address will be added to Google Calendar's public calendar feed listings.

A second entry explains the whole obfuscated URL thing in useful detail, and offers more warnings:

Is Sandy's calendar feed public?

No, your calendar's public feed is not shown to anyone on iwantsandy.com. But it is publicly accessible by anyone who knows the your private iCalendar feed's address.

To keep your stuff safe, your feed's address is made extremely hard to guess by obscuring it with a randomly-generated key (that string of letter and numbers at the end of the address)

WARNING: Anyone with whom you share your private iCalendar feed's address will be able to see your reminders, appointments, and to-dos. If you've accidentally shared the address with someone you didn't mean to, click here to reset it ...

That's plenty more explication than I've seen elsewhere, even when other services do bother to offer a reset button.

Posted by mhall at 5:02 PM | Add Comment