> I would never use online banking, and I advise all my friends and colleagues (particularly those who _aren't_ computer-security-geeks) to avoid it. >
I have to say that I am puzzled by the way that this thread has unfolded. It started off with Dan Geer: "You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't." John Gilmore also agreed that he doesn't and won't. And the thread has continued with other people either saying similar things or admitting that they do use it or may use it in limited ways, as if it was somehow shameful to manage risk rather than avoid it. I think there was just one posting that actually explicitly talked about a risk evaluation and decision to use OLB. I'm surprised to see how much "risk avoidance" is practiced by members of the list. I personally think that the "why" is the more interesting question, not the original binary question. Why do you not use OLB? What would need to be fixed for you to use OLB in the future? What is your threat model (WIYTM)? What risks are present in OLB that are not present in the offline world? What about the risks of the offline financial world? For example, all of the information that someone needs to put money in, or take it out, of your checking account via ACH is nicely printed in magnetic ink on your checks in the US. And you give it out to anyone when you write them a check. This reminded me of how I laughed when I saw an interview with a local security person where he said that he didn't even connect a computer to the Internet at home due to the risk. To me, this seems akin to deciding to not leave your house because you "can't be sure" someone won't shoot you dead. -Jason --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
