Friday, April 19, 2013

TD Canada Trust and Online Security


For the past few weeks I've been unable to access the TDEasyweb site. Today I discovered that it's because "TD made a corporate decision to only support Windows and Mac".

I have a few problems with this. Personally, it's a hassle because I can no longer use their easyweb site unless I go borrow someone else's computer. This seems like an anti-security measure. It's extra insult because of the way it was not communicated responsibly.

I have a bigger problem because the response I got when I talked to a manager was that the only way of dealing with it was to write to a customer feedback email address. And the reality is, if not enough people complain, then they won't do anything about it. Basically, treating my issue as one of personal preference, rather than one of technical choices and security.

But on-line security is not at all a matter of personal preference. If a majority of users decided they didn't want as many security precautions as they've got, then would that mean you should remove them? I don't think so, and I don't think anyone else does either, but that might be what you'd get if you held a vote.

To add insult to injury: people don't use Windows just because "they prefer it". Most people's technical choices are governed by a much more complicated ecosystem of supply and capitalism and monopolies and corporate choices and evolving technologies.  And Windows computers are responsible for most of the worlds security issues - for lots of reasons. So TD's decision is reinforcing the serious internet security issue that we already have.

More specific to this issue - what actually happens when I try to use their system is that I get a "Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data." So that means, in implementing their new 'security' measure (presumably as a result of the Denial of Service attacks last month), I'd guess they have decided to filter incoming requests based on the user agent, and to only accept those that are in their "support" options. This sort of makes sense because it excludes old Windows IE users, which it should, but it's a terrible way to solve their problem, which it doesn't, because that's only a small part of the problem.

[Update later today: I've had no reply from TD, but a simple experiment shows me that my guess above was correct, i.e. they're filtering the incoming traffic based on the user agent string. I used the standard development tool with Chrome to use the IE9 user string, and voila, it connects. So my personal problem is easily fixed this way, and anyone else who's using a 'non-supported' platform. I'm really not impressed ..]

TD Bank Technical Department: I have written to you, please reply.

Thursday, April 04, 2013

Tax Havens

I've been working with Canadians for Tax Fairness since they started a couple of years ago, and it was extremely satisfying to see them in action during the current media frenzy around the tax haven data leak. Last December we created an issue specific campaign site about tax havens, and although it hadn't taken off, I'm hoping it's going to get a little bump now.

While I was waiting, I checked out google webmaster and noticed that the campaign site had been getting a search traffic increase over the past week or so, and I guessed that it was related to journalists searching who were in on the leak, preparing their stories. I was delighted to see our campaign site sitting at number 7 for the search term "tax havens".

Then it occurred to me to check out google trends to see what they had to say about the search term, and I offer you the following info graphics from them. I thought the geographic one might be especially illuminating, in particular showing that Australia is surprisingly interested. What's not evident is why they're interested - a nation of investigative journalists, or a a population desperate to hide their cash from the taxman?

Another curiosity - why is this only in Anglo-American countries + India? Then it dawned on me ... I'd have to look for the translation to get any traffic from say, Russia. After trying and failing to figure that out, I did manage this search trend for Cyprus.