About
Memengo, Inc. is a small Seattle-area startup that strives to make your information available to you. Our first effort to reach this goal is Memengo Wallet ™ application – it lets you enter and read small notes (or passwords) online or from your mobile phone (some models), keeping them in sync. Since you are almost always nearby a web browser or your own mobile phone, you will always have your data within reach.
Here we will blog about new features planned or added to Memengo Wallet and any new products we come up with to further our mission – your data within your reach.
Feel free to ask questions or provide feedback – just reply to any post here.
August 4, 2008 at 9:59 am |
I like the way you have set this up. iPhone and on-line backup is a good idea. I may try it soon, but first I was wondering why you don’t have a privacy policy published, and why you don’t have a better business bureau membership, or an ssl security certificate (such as from Thawte). There are also services that confirm your site is hacker proof.
If I’m going to put my personal financial data on your servers, I would like to know a little more about your firm and how my data is protected. I know you state my data is encrypted within my browser and that it resides on your servers that way, but I would feel foolish not knowing a little more about your firm and the precautions you take before I proceed.
August 4, 2008 at 11:25 am |
Hi Kevin, thanks for stopping by!
We actually do have SSL – the login procedure will use HTTPS form post and entirety of the session remains HTTPS afterward. It’s also noted in our FAQ, question #4: http://www.memengo.com/info/faq/
I have added a link in the “blogroll” to HTTPS login page, that way you can find what you need easier and google remains happy with non-https link.
I’ll see if I can squeeze it on the front page without creating too much clutter. Maybe I’ll put up a SSL/HTTPS badge somewhere.
Privacy policy is actually linked off the main page on our site, it’s right nearby the “sign up” button. There’s not much in there, be sure to let us know what else do you want to see in it.
I’m not sure of value of those “hacker-proof” badges. Can you recommend a reputable security company? Something that you and others would actually trust?
BBB membership is a great idea. Why didn’t I think of that? I’ll go look at it right away.
I appreciate validity of your concerns and value of your suggestions. I also hope to hear from you again, if not right away then after we’ve implemented few of the changes you suggest.
August 4, 2008 at 1:30 pm |
Denis,
Thanks for your quick response. Sorry I did not see your privacy notice at sign in. I would suggest it always be available at the bottom of each page, or at least the home page and log in page. I guess I should have known you would have an SSL certificate since IE did not question my going to your site. However, I am used to seeing the secure site logo for Thawte or Verisign or Geotrust.
As for privacy statements, I’m no lawyer, but I do want to see a commitment to protect our data, not use it improperly and not give it to anyone else except where required by law. You seem to have this mostly covered.
I don’t know if these services are effective or worth it for a web site, but as a new one that is accepting very important and private data from clients, it might add some legitamacy and a level of comfort for users.
Here are a couple of links for “hack proof” service providers I have seen:
http://www.comodo.com/hackerproof/index.html?gclid=CKuJjez-9JQCFQVkswodhBOXrQ
http://www.mcafeesecure.com/us/
Thanks.
August 15, 2008 at 10:51 am |
Having that logo come up in the IE browser just makes it easy for the user to see that the certificate has the policy object identifier (OID) of a company that has had extended validation (These will mostly be companies that have been in the CA business a while Comodo, Entrust, Verisign, etc). Extended validation costs more like around 500.00 dollars on up and still will not prevent a phishing attack. If you really want to trust the certificate I suggest opening up the certificate with Windows CAPI, verifiying the key size is at least 1024, the hash is sha1 till sha256 is supported on Windows if it is not already on Vista, the policy OIDs, the CDP and AIA extensions, key usage, and then downloading the certificate revocation list CRL to make sure the certificate is still valid.
Sven