TruPhone, recently as of this passed CES 2010, touted somewhat highly - if not at least as popular, "...[I am] a frequent user while traveling...", by famous podcaster - has got to be the worst web 2.0 experience in "total lack of security and oblivious to that problem" company as I have ever witnessed.
You sign up with the usual:
Username (your phone number is used - is changeable later)
Password
PIN Number
However, what is NOT usual for most companies that provide services to their customers which will inevitably need credit card information from you, they sent IN PLAIN TEXT the following (credentials have been altered for obvious reasons):
"...Doing this will ensure your details are secure at all times, and enable you to add credit to your account.
The Truphone website has a My Account section where you can update your details, top up your account, access your account balance and call history, and more. Visit http://www.truphone.com/myaccount and log in using your Truphone account details below.
**Your Truphone User Name and Number is: 12244214122
**Your Truphone Web password is: lover.mare
**Your Truphone Security PIN is: 4173
Please keep these details safe, and we recommend you change your password the first time you log in to My Account. You can also change your username if you wish. You will need to enter your Truphone PIN whenever you top up."
Actually, the password is generated as a temporary (who knows why? I cannot figure that one out at all) - I wouldn't have picked two standard English-language words for a password at any rate.
Also: absolutely don't need the PIN# for website access, don't know why its sent.
Notice the convoluted statement of concern regarding security WE should follow, yet they recommend we change our temp password first time signing in - wouldn't be better to say "as soon as possible"? Of course it would be better.
They sent back the following response to my incredulousness of the matter with:
"We are sorry for the delay in getting back to you!" [There really was no delay]
Looking at your account I can see you have successfully validated your email
address notmyrealgmail@gmail.com Regarding the email Truphone sent you, I am unsure as
to what information you are referring to. If someone resets a password etc. and
has account details emailed to their personal email address, it is expected that
changes would be made immediately by the customer to ensure their security.
If you have any further queries please reply to this email for assistance.
Regards,
Matthew
The Truphone Support Team"________________________
Notice he includes my email account in the plaintext email response...
Does this make sense to ANYBODY BUT MATTHEW?
And TruPhone will want my credit card info if I decide to stick with them and once I use up their token 50 cent?
PLEASE.
You think it would stop there, wouldn't you. No.
Testing the TruPhone experience, I notice that my whole dialing string - which Google Voice does not do without asking, by the way, from a contact - and kept that whole string as if it was a contact phone number rather than merely the phone number. The whole string was sent to the contact!?
Also, I noticed 12 hours after signing up, I received an unsolicited SMS with, you guessed it:
" **Your Truphone User Name and Number is: 12244214122;**Your Truphone Web password is: lover.mare;**Your Truphone Security PIN is: 4173"
in one string.
Un. Be. Lievable.
Leo Laporte, I ask you: "Really!?". Please pass this on to Steve Gibson for a good laugh.
________________________________________
Ad nauseum:
The link directly above is supposed tp show TruPhone customers their Call History of:
Calls Recieved
Calls Dialed
SMS Recieved
SMS Sent
Mine shows nothing made, yet I did do a test call AND I received their SMS with the above mentioned credentials. This is not looking any better for this new startup known only as:
TruPhone
-----------------------------
Now, for the other thing - which is entirely MY fault, I installed the TruPhone app on my Droid, even though it wasn't fully supported for the Droid (yet), so I chose the "Install Anyway" option given!
Well, "no duh" it is NOT ready for the Droid, as upon testing (see above) I tried to end the call; the little Droid bot disappeared, but the dialing controls froze - the only thing I could do was PULL THE BATTERY. Total crash - but as I said, my fault for that one.
Eh, what can I say - I'm a PowerUser. And a mini-review-er.
---------------------------------------
And one more thing today (1-13-2010):
Today I received a Hello and Welcome email from TruPhone, in part said:
"Happy chatting,
The Truphone Team
p.s. You should have received an email with your account details, and a link to validate your email address (let us know by email if you haven't).
If you have any questions, please visit the Support page or give us a call (contact details here)."
ARGH! But that's not all.
As I first received the original Download to install via the Android Market, and have since Uninstalled the program, today along with several other (normal) updates for the Droid, I see an Update for TruPhone!!! How ca that be, as we all know the Market to be a highly efficient and competent entity! I have NEVER seen an app in the Market present me with an Update AFTER I HAVE UN-INSTALLED THAT PROGRAM!
There is a serious problem going on in the background of my phone - either on the SD card or in memory - Android Team has got to do something about this ASAP; either the apps uninstall FULLY or they don't uninstall FULLY, which is it, Android Team, what the hell piece of data can a program leave behind that tells the Market that the app is still installed on the phone, even though it has been uninstalled?
I am going to check the folder system for any remnants of TruPhone; this is redonk.
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vKnQacqA1tKnr0ECVuwtVYGz553_lJ8wO99Q2B5ppyUrlqY66Bil1VhRLfnxik0jwenMUUDL7dW5AC_BqUZev-bepCBh4nIC9jR6CrjpYeGSG6CVGffmQJkfk1LGyXc4hbm3uVNxfU1dbkEy-Ezrko=s0-d)
No comments:
Post a Comment