We’re just looking at this Blippy snafu all wrong

blippy.png

Today Philip Kaplan, co-founder of the website Blippy responded to news that Blippy had revealed users' credit card numbers online, which google crawled, indexed and shared with the internets. In this blog post, by Kaplan, we get some real gems.

Kaplan explains that the problem of Blippy revealing users' credit card numbers on the internet is "a lot less bad than it looks". He goes on to explain why it's less bad :

Many months ago when we were first building Blippy, some raw (not cleaned up, but typically harmless) data could be viewed in the HTML source of a Blippy web page. The average user would see nothing, but a determined person could see "raw" line items. Still, this was mostly harmless -- stuff like store numbers and such. And it was all removed and fixed quickly, months ago.

Here Kaplan somehow tries to skirt around the fact that though the "raw" data typically contains harmless data, in this case it contained users' credit card numbers and that the data was put up on the internet.

Enter Google's cache. Turns out Google indexed some of this HTML, even though it wasn't ever visible on the Blippy website, and was removed from the HTML code months ago. Which exposed 4 credit card numbers on Google.com (but a scary 196 search results).

He continues, trying to somehow explain that the real problem is that Google indexed their site, not that they publicly shared users' credit card numbers. To me this seems like a burglar telling the judge that the one to blame is the snooping neighbour who saw the burglar robbing a house and called the cops. If that damn neighbour had just minded his own business we wouldn't be in this whole snafu.

In general, it's important to remember that you're never responsible if someone uses your credit card without your permission. That's why it's okay to hand your credit card over to waiters, store clerks, e-commerce sites, and hundreds of other people who all have access to your credit card numbers. Still, this should have never happened and we take responsibility.

Kaplan finishes with this winner by explaining how it's ok that his company revealed these users' credit card numbers to everyone on the internet because you and I share our credit card numbers with waiters, clerks and "hundreds of other people" all the time. Wow, he's right. Blippy isn't the bad guy here. The bad buys are google for catching them and revealing their blunder, and every merchant in the world who requires our credit card numbers in order for us to purchase goods. It's so simple.

I'm no expert, but it seems to me that "co-founder a PR expert does not make". I can easily imagine a companies response to a mistake like this which would at the very least not further detract from my trust in that company, but having the founder come on and clarify

  • how we're really blowing this out of proportion
  • how we should be focussing on what that nefarious google was doing indexing their pages
  • and how we broadcast our credit card numbers every day already to all of the merchants that we buy things from

is a complete fail. I'd never heard of Blippy before this. With a more reasonable response in which they took responsibility for what they'd done I can imagine using their service. I can guarantee that I will not ever use their service now though.

Leave a Reply

Your email address will not be published. Required fields are marked *