I needed a QuickBooks Desktop license to access a company file for a lawsuit, so I bought one. Being paranoid, of course I put it on a machine not on the internet so that nothing I did could expose it (it’s not my data, of course I wouldn’t want it accessible online).
Since I did have the new QB Desktop (QB Premier 2021) I fired it up to experiment with importing transactions.
And discovered that in order to use QB Desktop I had to be online and logged into Intuit.
For my security I had to expose my accounting data to the internet …
The Intuit Rationale
To be reasonable, I want to explain their rational by citing their site:
So, this is introducing security protocols. Great, let’s see what features I need to be logged in to access?
So, to be clear, it’s crucial that my offline computer be connected to the internet (with any risks associated) in order to protect me by requiring me to create an account with an external company (Intuit) that identifies me … this is to make me safer. Because, being completely disconnected isn’t safe?
And, if I wished to track timesheets or manage receipts (both of which can be done locally) I must also be online.
And, if you don’t connect your new company file to an Intuit account (the one that they said was needed to create it, in fact, it’s not) within 28 days — then what? It doesn’t say, but I’m hoping not “You’re locked out,” though that wouldn’t surprise me.
Why would I want QB Desktop instead of QB Online? Perhaps, so that my accounting data was kept secure without being embedded inside an external corporate honeypot?
This is an example of failing to understand the customer’s needs. I understand the rationale that Intuit is offering, but let me re-state it in straight language and not market-speak: Intuit doesn’t believe that their customers have sufficient discipline when using the product and therefore are enforcing Intuit server-driven control for access and operation even on a Desktop product.
Are there some people who use QuickBooks that are in fact going to screw things up? Of course there are. But are you one of them? Am I?
If the product asked when setting up the company “Do you want to enable the Intuit Security Protocol and Intuit Account Integration?” and then explained what the linked page quoted above said, and people chose it that would be Intuit leading with courage by enabling (!!!) their customers who need the support to have it instead of punishing those who don’t need it by mandate.
Why Mandates Are Generally Unwise
The problem with a mandate is that it becomes inescapably enforced. There are some mandates that are reasonable. I am generally glad that it’s illegal to murder, for instance.
But almost all mandates that aren’t domain based are a mistake. Mandates are the opposite of choice.
For an accounting program, such as QuickBooks, a domain mandate is that for each transaction the sum of debits and credits match. That’s a key factor of double entry book keeping. Violating that would be to fail the constraints of an accounting program.
A choice is to connect to the bank online to pull records or to go to the bank’s website and request a QBO file, which can then be imported from the local drive later. QB has that choice, and that’s a powerful choice, better than forcing the computer to connect to the bank.
Of course, QB Desktop mandates that you be connected to the Intuit account online in order to import the QBO file that was copied over via sneakernet (a USB stick). Oops. They crippled their choice by allowing you to only import a local file if connected to the online Intuit account.
This is the other problem with mandates. They infect everything else. Once the assumption that there’s always the internet then even features which do not need the internet will be unable without it. Because it’s always there, it’s suddenly required for everything.
A Recurring Problem
This assumption is really common in many things today. For instance, everyone is expected to be able to use their phone to scan a QR code to show a restaurant’s menu. Except — not everyone actually has a cell phone that does that. For instance, I use a flip phone still.
And of course, if you have a device, it’s always got the internet available. Always, eh? Even when a mile or two offshore on a sailing catamaran? When making a passage over an ocean, I’m not allowed to do book keeping while belowdecks, on a program installed on my computer, because it can’t reach the internet to authenticate?
Assumptions are horrible things. Assuming an internet connection doesn’t even work when ashore. Drive between Las Vegas, NV and Phoenix, AZ. There are many stretches where there are zero bars of cell coverage. Hope nothing you sought to do on your 3G iPad needed to be online…and given how many installed apps (such as The Economist app) requests you login with your Apple ID if you aren’t (I never leave the iPad connected with my apple ID live) you’d be surprised what sometimes you can’t do when in airplane mode.
In fact, an iPad can’t even be _used_ until it’s connected to Apple — because of course you connect with an Apple ID and register your device. Apple has many good reasons for why that’s useful, but in fact, if you then flip the device to airplane mode and never use it online again it will work, so why mandate having linked it to an Apple ID?
Am I Just Paranoid?
At some point, most of my friends think I’m paranoid. I run web browsers with no-script and I run Little Snitch on the Mac — and required everything to be whitelisted. On my machine, I can’t hit anything without pre-approving it when it tries.
But I have a few issues, which are painfully real:
- I worked in cybersecurity for nuclear power plants and actually learned what’s out there and how dangerous it is.
- I do cruise in a sailing catamaran that has no internet.
- I do use detached computers because if you run Microsoft Windows without an internet connection it’s stable and never needs updating.
Most people don’t go the extremes that I go, but should it be hard or impossible to buy a device, not hook it to some mega-corporation, and use it?
It’s very hard to attack my offline computers. It’s possible to attack my Mac, albeit very difficult.
I understand the argument, “We have to do the things that protect our less savvy customers and if you’re that special a case you’re not important enough to us and go elsewhere.” And that’s fine — except that their protections weaken the very “unsavvy” users they seek to protect, by teaching them to use centralized ID (such as an Apple ID or mobile phone number) across multiple services and then to respond to requests to authenticate anytime they pop up…
These are the very behaviors that let all of your online actions be tracked and tied to you, and why when a mistake is inevitably made, identity theft is so powerful. All those things tied to that single ID fall like dominoes.
And in security, it only take one thread to pull and you’ve got them. Attackers have that edge. That’s what it means for them to be an adversary.
Security theater (as Bruce Shneier calls it) is actually bad for being secure.
So yes, I’m paranoid — because we all know that no major companies or national agencies have ever been hacked and we’ll never have what we’ve been forced to share and inter-connect used to harm us. I mean, that would never happen, right?
And I’ve got a wonderful Golden Gate Bridge for sale, get it cheap. Just send me your credit card, expiration date, and three digit security code …
(EDITED TO ADD — WSJ had an article on the problems of everything being networked and smart published right after I wrote this: Stressed by Smart Tech? Consider These ‘Dumb’ Devices. They address failure and privacy more than just security.)
Keep the Light,