As I sit here I am listening to what I am assuming a representation of TIPI and hearing him talking about this app called TIPI which now has been installed in hostels around Australia. After doing much research it is apparent that any hostel that has this app customers are forced to use this app in order to check-in. Customers are then forced to scan a copy of their drivers licence or passport. Where are these images stored and how are they stored ? Are they encrypted ? From my research it is hard to know as there website does not provide any information on security of customers data.
It is comical listening to this TIPI employee as he is boasting about his travels interstate and each person he meets he thinks it important to let them know that he has just arrived back and about the drinking he has done. Not a very good look.
Anyway back to this insecure app.
Here is a question for the TIPI people. How can your customers be assured that their data is stored securely when their own website does not use any form of encryption such as SSL ( https ) ? This is the most basic form of protection and they cannot even get that right so how can customers rely on them to know anything about security ?
Here is the insecure website URL http://tipi.me/
After reading their privacy document it is written that even though you can delete your information from their servers they are not responsible for any of their ‘partners’ as they do shared your information with these partners to know doubt provide spam emails and to provide marketing benchmarks. It seems that TIPI does not have any idea on security and I would be VERY wary of giving them a colour scanned copy of my passport of drivers licence as who knows who could have a copy of your documents in the future as it is clear that TIPI have zero ability when it come to CyberSecurity or OpSec.
It is comical that TIPI states that they are 100% Percent Secure yet they cannot even install SSL on their own website…..amateur hours me thinks.
The Services include several features that may allow you to share your information with others. Please remember that if you choose to provide personal information using certain features of the Services, that information may be available to the wider Services community, or may be published on our Sites, which is subject to indexing by third party search engines
In light of this I thought I would write to TIPI to inform them of a few home truths. I shall post their response soon should they provide one.
To Whom it may concern,
I am a little concerned with your statement about security when your own site does not even use SSL.
In addition to this you site does not inform customers about where customers data is stored and what protections including security of servers, network infrastructure are in place to guarantee that the identity documents you collect remain secure in encrypted form and accessing these are closely monitored to prevent abuse.
You as a business are obliged to protect customers data especially since you are collecting each customers identity documents and as stated above your cannot even get the basics right so how can we ever expect you to provide the level of security required for storing customers data ?
Regards,Ben McGuireHead Of Cyber Operations
OneHost Cloud & Security
UK Ph: +44 20 3519 2171
AU Ph: +61 (03) 85920571
Leaders In Cyber Security & Hosting