Get out your Sharpies, because today is a momentous occasion. I have, against my better judgment and intestinal heath, purchased an item online. With a credit card. My own credit card, even!

You must understand my trepidation, what with working in software development — and information security no less. Software just isn’t inherently secure. Especially software that I haven’t had my mitts into.

Anyhow…. After reading the vendor’s security and privacy statements, I felt ready to lose some money. The usual legalese (probably ripped off from some other site that also has no idea what’s going on) insisted my transaction would be safe.

Imagine my surprise when my snooping of the transaction showed no untoward security gaps! Well, at least none that joe-average script kid could take advantage of. Everything seemed to be proceeding nicely with security certificates and encrypted data being flung around, and non-secured information kept to a minimum.

Things were downright rosy — I mean, sure, my data was probably stored on some server connected directly to the Internet for no reason just waiting to be hacked, but otherwise some thought had obviously gone into the process.

That is, up until I received a confirmation email displaying my credit card number and expiry date. In plain, unencrypted text. By my count, it sifted through 17 different servers in five different cities (Ottawa, Toronto, Montreal, New York, Chicago).

Thanks, morons!