Starling Discussion & Feedback


If so, then they might want to look a bit deeper, as AWS gives you a lot of control on how the file is accessed.

(Hugh Wells) #1026

I think this would be relevant here.


So… given my immense understanding of the situation and technology (which amounts to the same understanding I have of Swahili), I take it that you both have the same technology/security here? :sweat_smile:

(Hugh Wells) #1028

Pretty much (from the cursory glance I have given the Linkedin post) :sweat_smile: You can read @daniel’s explanation of why/how this is secure above :+1:

( #1029

If only someone had linked that earlier…

(Tom ) #1030

How long is the Starling URL?


(Peter Reid) #1033

16 characters based on this tweet


May not be 100% correct as that’s just what he put in the tweet, but all the info I’ve seen to that effect

(Tom ) #1034

Hmmm. If it is AWS then this is potentially a lot of guff about nothing.

(Peter Reid) #1035

If we knew the domain we’d be able to figure it out based on the HTTP response headers, as they’d include certain AWS specific headers. If this is in their support software, this may be a behaviour of that which Starling has no control over?

( #1036

It’s a load of waffle about nothing.

(Neil M) #1037

But it’s not the URL security that I think is the issue. It’s the way the starling staff dealt with the problem,they seemed to brush it off rather than either explain in layman terms how and why it’s secure(they might of done in Person messages but I doubt it). Or remove the passport photo completely

(Andre Borie) #1038

If this is indeed correct this doesn’t look like an AWS URL. In this case it’s powered by their helpdesk (Zendesk) and its a URL for a manually uploaded attachment.

Still secure (I expect the last part of the URL to be a random UUID serving as the access key) and it actually has nothing to do with the app as it’s a file manually attached to a ticket by a CS rep so you aren’t affected at all unless they actually sent you the file as per your request.


It seems to have made the telegraph:

The Telegraph: Starling Bank reviewing data policy after customer complains his passport was shared in a web link.

(All Hail the Almighty Doge) #1040


This would have been shut down quick time if the Starling forum was still open.


Nah, Megan or Anne would have come on and explained how ridiculous this all was.

Although, the fact that Starling have no said they’ll “improve” their processes, whilst they mean well by it, just adds fuel to the invisible fire.


I’ve been blocked by Starling on Twitter. I wasn’t rude, nasty or horrible at all. I just sent them a direct message with feedback and something I think could be improved.

So much for ‘continuing the conversation’.

(Stefano) #1043

I’ve been seeing quite a few of these today – all portrait.

(Jamie 🏳️‍🌈) #1044

The unique vertical, numberless debit card just disappears in these ads. Once again Starling just don’t quite get things right.

(Andre Borie) #1045

Yep the teal background probably wasn’t the best idea if you want to make the card stand out.