imified – Broken for Backpack via SSL
via Lifehack.org:
With Imified you can use Web applications like Google Calendar, Basecamp, Backpack, Remember the Milk, WordPress, and Blogger, all from within your favorite instant messaging client.
But what it doesn’t do is work with your Backpack if you use SSL. I wrote them last week about this, and it still doesn’t work. I’d like to use imified a bit more, and it seems quite interesting but I’m not really that sure what I can trust with it.
On the imified privacy and security page it says this:
Your data is stored encrypted on our servers in a secure data center in the Rocky Mountains. All interaction on the Imified website is handled over SSL. We do not ask that you enter login details for accessing an application over IM. To add a service we present you with a link to a secure web page for the purpose of entering this information. We store this data securely so you can interact with your services over your IM client without having to repeatedly enter your login details. We encrypt your data using private key 128 bit AES encryption. Please be aware that the IM messages you send to Imified are not and cannot be encrypted due to the nature of the protocol. We have no control over this.
We personally use Imified all day long to interact with a number of services and our friends and family do to. We take every precaution to keep your data safe and secure.
I understand that the transactions between the services are as safe as their APIs are, and I also understand that my IM traffic isn’t encrypted. I’m curious how the data is stored encrypted on their end though, since obviously it has to be decrypted to present it to me.
So are the filesystems encrypted? Is that why they tell me that the data center is in the Bat Cave somewhere in Rocky Mountains?
I’m more interested in knowing what the providers of applications like this do for code review. What standards they hold themselves to. What best-practices and guidelines and methodology for testing and assessment are used, if any.
The service is free, and has no warranty. But I think users should start asking for more information about how their data is retained, retrieved, and what has been done to prevent things such as another user gaining access to My Stuff by impersonating me to imified by sending queries for data that belongs to me. There are any number of ways that this could happen—there are, after all, no fewer than 5 ways to get at the service, over 5 different protocols.