If so, then they might want to look a bit deeper, as AWS gives you a lot of control on how the file is accessed.
So… given my immense understanding of the situation and technology (which amounts to the same understanding I have of Swahili), I take it that you both have the same technology/security here?
Pretty much (from the cursory glance I have given the Linkedin post) You can read @daniel’s explanation of why/how this is secure above
If only someone had linked that earlier…
How long is the Starling URL?
16 characters based on this tweet
May not be 100% correct as that’s just what he put in the tweet, but all the info I’ve seen to that effect
Hmmm. If it is AWS then this is potentially a lot of guff about nothing.
If we knew the domain we’d be able to figure it out based on the HTTP response headers, as they’d include certain AWS specific headers. If this is in their support software, this may be a behaviour of that which Starling has no control over?
It’s a load of waffle about nothing.
But it’s not the URL security that I think is the issue. It’s the way the starling staff dealt with the problem,they seemed to brush it off rather than either explain in layman terms how and why it’s secure(they might of done in Person messages but I doubt it). Or remove the passport photo completely
If this is indeed correct this doesn’t look like an AWS URL. In this case it’s powered by their helpdesk (Zendesk) and its a URL for a manually uploaded attachment.
Still secure (I expect the last part of the URL to be a random UUID serving as the access key) and it actually has nothing to do with the app as it’s a file manually attached to a ticket by a CS rep so you aren’t affected at all unless they actually sent you the file as per your request.
It seems to have made the telegraph:
The Telegraph: Starling Bank reviewing data policy after customer complains his passport was shared in a web link.
This would have been shut down quick time if the Starling forum was still open.
Nah, Megan or Anne would have come on and explained how ridiculous this all was.
Although, the fact that Starling have no said they’ll “improve” their processes, whilst they mean well by it, just adds fuel to the invisible fire.
I’ve been blocked by Starling on Twitter. I wasn’t rude, nasty or horrible at all. I just sent them a direct message with feedback and something I think could be improved.
So much for ‘continuing the conversation’.
The unique vertical, numberless debit card just disappears in these ads. Once again Starling just don’t quite get things right.
Yep the teal background probably wasn’t the best idea if you want to make the card stand out.