So here’s the list of Prepaid Credit Cards I will be investigating and detailing the conditions and requirements:

• GreenDot
• WebSecret
• Vanilla Visa
• Privacash
• All-Access Gift Card

компютри

• Simon Gift Card

If anyone can think of anymore I should review, please let me know. Reviews on the above cards coming in January. I’m afraid however the news won’t be good. Most cards all appear to be checking for SSN’s and verifying them due to the Patriot Act.

I’ll keep you posted.

• Seek complete anonymity
• Seek to avoid identity theft

The latter of the two is what the a.K.a card accomplishes, while it’s not bullet proof for complete anonymity, since real addresses have to be used even on the alternate identity of the a.K.a Card. Plus the bank has a slew of information so that it can verify me and issue me a revolving credit card. This is NOT an anonymous credit/debit card like Vanilla Visa and others.

Either way, I’ll be filling this out and submitting the information this weekend. I’ll keep everyone updated.

So what does this service offer? When you go to shop online and you put in your credit card information, sometimes you don’t know just how securely the merchant on the other end will protect your information. Even if they do everything they can, sometimes mistakes are made, or accidents happen and servers and databases get hacked. With a.K.a Card when you buy online, you give the merchant your alternate identity with a totally different name, address and card number. The theory is that if or when the merchant is compromised, the attacker doesn’t walk away with your real credit card number or even real name.

So you’ve heard me talk about anonymous prepaid credit/debit cards before, however this is different. The goal with the a.K.a Card is to prevent identity theft. I see a couple problems though that I hope to get ironed out either by speaking with the folks at a.K.a Card or someone posting a comment on here.

The first problem is that if the merchant requires the billing and shipping address to match then that could be a problem if your address for the alternate identity is not an address where you can receive mail. For example, I set up my alternate address as 123 Nowhere St., but I want my goods sent to 505 Somewhere Ln., then that may not jive.

Second problem is the alternate name. I think it’s awesome you can assign any name you want for an alternate identity, but what if the address you’re receiving your merchandise at doesn’t know you by your fake name? For instance in the scenario presented on a.K.a’s website, “Melissa Miller” is telling us how she uses her card. She uses the pseudonym of “Jane Freedom” and she also uses her office address as the alternate address. Let’s say Melissa/Jane orders some brand new shoes from an online vendor and has them shipped to her work address since the merchant will only ship to the billing address. The shoes show up at her office and the mail room employees try to look up “Jane Freedom” in their directory seeing as how they don’t know what floor Ms. Freedom sits on. Well, guess what? There’s no Jane Freedom at that company. Hrm. You see where I’m going with this.

I really, really want to like all products out there that even remotely seem to help in the defense of identity theft and defense of privacy. However, do I see the a.K.a Card as something that I would pay $9.99/month for, much less $14.99/month? I’ll soon find out as I’m going to be applying for one later today (hopefully I’ll be approved) and then will attempt to test it out. I feel actually trying out the product I’m reviewing is the only fair way to write a decent review about it.

I’d really love to hear any comments from anyone else who looks at this product. What do you think? Is it worth it? Anyone got some great ideas on how to utilize this card?

One excerpt from the report states:

“We are aware that the decision to place Google at the bottom of the ranking is likely to be controversial, but throughout our research we have found numerous deficiencies and hostilities in Google’s approach to privacy that go well beyond those of other organizations. While a number of companies share some of these negative elements, none comes close to achieving status as an endemic threat to privacy.”

Some of you may remember last year the big fiasco Google raised when it challenged the DOJ’s subpoena request to review millions of user’s search requests. A feather in their cap for privacy advocates right? This along with their agreement to “sanitize” search data after 18-24 months has created some confusion as to just how Google could have received the lowest ranking of all companies analyzed. Privacy International came to it’s conclusions based off of 6 months of research conducted with 30 professors from the US and the UK.

Some of the takeaways from both the Washington Post article and Privacy International’s actual report are as follows:

• Out of 23 total companies, Google received the lowest ranking allowed and was the only one to receive that rank.
• “An independent European panel recently opened an inquiry into whether Google’s policies abide by Europe’s privacy rules.” – Washington Post
• Three consumer groups in the United States are pressuring government regulators to force Google to change some of it’s privacy policies before allowing the $3.1 billion deal with online ad service Double-Click.
• Google’s ability to match data gathered by its search engine with information collected from other services such as e-mail, instant messaging and maps is equally concerning.

I believe Google is keeping privacy in mind when it comes to third parties. I don’t believe they are sharing data with anyone else or advancing the rise in spam traffic. However, I also believe they are gathering and analyzing data in ways that will benefit them greatly and anyone else that had this same type of market research. They obviously won’t share this type of research with competitors but will use this information any way they can to serve their own interests. At least, that’s just my opinion.

Do I think they’re in bed with the government like Facebook has been suggested to be? No. Do I think they have very valuable information that the government and/or corporate entities would like to get their hands on? Absolutely.

This video correlates to my post earlier this month about how Facebook and MySpace are privacy nightmares. This video sheds light on a different privacy concern however. In my earlier post I was discussing the threats that normal people could pose by using information from the two social networking sites. Now we’re faced with the very possible potential that Facebook has a direct relationship with the federal government and that it may even be involved as a source of data mining for the government. During the past couple years it’s been publicized that these data mining and surveillance programs do exist. Look at the AT&T and NSA story. The Bush wiretapping and surveillance project. No longer does the Facebook/Government relationship seem like just a conspiracy theory.

In my own personal opinion, you are a moron if you put as much information on these websites as is possible. Facebook goes as far as to ask you for everything from movies interests, job history, hometown, phone numbers, email, clubs, sexual orientation, etc. Again, this is why I don’t have an account on either site. I’m not a glutton for attention. I don’t have to have it and I’m sure not going to publish all my personal information for everyone to see.

Another aspect some people haven’t embraced is the fact that employers are starting to use these two sites to screen potential employees. Your next job could be lost or gained based on your Myspace and Facebook profiles. Scary? You bet. Law enforcement has even begun to use these two sites as sources of information, clues, and leads in ongoing investigations and potential threats. Think back to 2006 and the number of school “threats” that were circumvented due to the moron posting his plan and ideas on his Myspace page.

Watch the video, and tell me what you think. Facebook and the Government, not as far fetched as one might hope.

In case some of you didn’t know, Google can perform a limited reverse lookup service. There’s a good chance if you type your home phone number into Google, it will display your name and address. Or as in the case of my parents, the last owner of their current phone number.

If you don’t have a home line, or you have a VOIP phone line, you have nothing to worry about. At least not yet.

I, the Privacy Guy, could not have a MySpace page. There wouldn’t be anything on it. I guess I could have friends and such, but no one would really no who I am. The problem comes when people that actually know me in real life, would “become my friend.” This could in theory create a link that people could use to establish my real identity. This is why I ask people who know me and want to link to my blog, to never mention my name or say I’m a friend of theirs. This way, an outsider couldn’t begin to track me down using my friends as a lead. It would be relatively easy to do; especially if I have very chatty friends that post a lot of pictures and information about themselves and/or their lives for the world to see.

This is why I don’t post personal pictures or musings in a public forum where they can be indexed and archived and saved for later, UNLESS I’m comfortable with anyone in the entire world (including my mom) seeing that particular picture or reading that text I wrote. Whether you believe it or not, people are watching you and looking at your content if you’re on a social networking site. Just look at all these high school kids that have been suspended or even expelled for some of the content they have posted online.

If anything, use this as a little reminder to be mindful of what you post online and as always, what information you give out in person to people. Privacy can still be had, and Identity Theft does not have to happen to you.

I found out about PassPack the other day while I was scrolling through my daily blog feeds and I was immediately intrigued. PassPack is an online password manager. For those of you who don’t know what a password manager is, it’s simply a program or web based application that is used to manage the dozens of passwords you have to maintain and keep up with on a daily basis. I personally have over 47 passwords I keep in my manager; that’s probably minute compared to a lot of other people. The need for password managers arose from the security best practice of not using the same password more than once.

I know the majority of users do use the same password or some minor variation for everything from their online banking to favorite message board, but this is a bad habit for people to engage in. However, I am not writing today to discuss password policies; I want to highlight PassPack and why I think it rocks!

The first thing that caught my attention is that PassPack is completely anonymous. They gather NO personal information from you. The only information you submit to them is a user name, passphrase and a packing key. A packing key you say? Yes, a packing key. This is one of the great features of PassPack. First, you need to understand a little bit about how PassPack works. When you go to their website to login, you are prompted with a Username and Password field. This information gets you access to your “pack”. Your pack is your passwords all packed up in one single encrypted package. This AES government approved encrypted pack is all that is stored on PassPack’s servers, not the passwords themselves. This is why your passwords are truly secure and non-readable by ANYONE including the PassPack staff.

Once you have logged in successfully to your account, your pack is then sent over a secure connection using SSL to your browser. Mind you, your pack which has all your passwords and information, is still encrypted and never gets transmitted in the clear, so this encryption on top of SSL encrypted transmission is double security. Once your browser has received your pack, it then asks you for a packing key. This packing key is then used to decrypt the pack that your browser is holding for you. This means your packing key is never transmitted over the wire at all. Another bonus for security in depth approach.

When you add new passwords and usernames to your pack, they are never sent over the Internet. Once you are done adding new password information, you can save your pack. At this point, the pack is encrypted again and sent over SSL to PassPack’s servers. Simple enough right?

This new application is by no means without it’s opponents. Many people have already voiced staunch disapproval for any type of online password manager stating that the risk is just to great for the compromise of the stored passwords in question. While I agree with this — and never before PassPack have I considered an online password manager — I am comforted that my passwords are not stored on the server per se, only my encrypted password pack. This technology is still very vulnerable to a keylogging attack, so I’m not ecstatic about that. My number one request would be for PassPack to add some type of two-factor authentication. I would by all means pay for a token to have this added security. Then your packing key could be your two-factor authentication code. Until then, just be mindful of what computers you are accessing your PassPack account from and ensure they are trusted computers.

So to wrap up, here are my pro’s and con’s for PassPack:

Pro’s:

• Encrypted passwords are stored on a server accessible from any browser and any location in the world
• Complete secure transmission of password pack using AES encrpytion and SSL
• Anonymous
• Complete security even if PassPack servers get hacked

Con’s:

• Vulnerable to key logging attack that local password managers would not be susceptible to
• No two-factor authentication
• Not able to contain password pack on physical medium (ie. usb key)

For more information and further reading about PassPack check out the following links:

Who is PassPack?
Password and Packing Keys

I could go through $100 in a weekend, so it could get expensive paying $5.95 for every $100 card. I’m going to keep looking for a card that I could load with $500 or so. My other alternative is to just use the “clean card”, as I like to call it, with a little discretion. I’ll keep you posted.

For quite a while, I’ve been looking for an anonymous credit card. A truly anonymous credit card as in no personal information is associated with the card or stored on the card itself. If you Google “anonymous credit cards” you will get a number of links supposedly offering you anonymous credit cards, but proceed with caution.

I had in the past managed to find a number of anonymous “virtual” credit cards from my Google results, where I could get a number, expiration date and even CVV2. The problem was these cards were just virtual cards, but not physical cards that I could swipe. While this virtual credit card was great for online purchases and even mail order shopping, it didn’t offer a solution for my day to day needs like purchasing gas, groceries, etc. where a physical card is necessary.

Luckily, one of the links you will eventually always come across when searching for privacy friendly credit cards–which are technically prepaid debit cards– is a link directing you to Ryan Barrett’s site snarfed.org and his discussion on anonymous prepaid debit cards, which includes some physical cards. While this article was originally written in late 2005, it has remained fairly up to date through various blog comments and discussion.

It is through this article that I found out about Vanilla Visa prepaid debit cards. You can get these prepaid debit card/gift cards from CVS, Rite-Aid, Walgreens and a couple other places. Today, I purchased one. The purchase started off shaky as I couldn’t find them in the CVS I was in so I was getting worried. Finally I asked the girl behind the counter if they carried gift cards and she pointed me to a whole display of gift cards and prepaid Visa and Mastercard’s. Let me caution you, do not be duped into buying any of the other prepaid Visa or Mastercard card’s unless you know for sure that they will not require a SSN or other personally identifiable information upon activation. Be very sure to stay away from the GreenDot cards as their last remaining anonymous card, WebSecret, was discontinued late last year. While the WebSecret website is still online, you can no longer buy them anywhere. All Green Dot cards now require a SSN to activate.

So after the girl pointed me in the right direction, I began looking through the dozens of gift cards on the rack. At the very bottom I found two rows of vanilla visa cards, the $50 and the $100. I grabbed the $50 card and headed up to the counter where I was able to make my purchase with cash and completely anonymously. There are some “service fees” associated with these cards when you purchase it, but they are minor in comparison to the benefits offered. The fees are $3.95 for a $25 card, $4.95 for a $50 card, and $5.95 for a $100 card. Personally, I feel it’s well worth the fee for a truly anonymous product.

Just because this card is anonymous and doesn’t have your personal info stored on it, does not mean you can’t use it online. When shopping online, you can use any address you would like for the shipping address since there is no personal information associated with this card. One of the few negatives with this card is that if you attempt to purchase anything that is more than the remaining balance on your card, it will be declined. All this means is that you will need to pay for the difference in price (assumedly with cash since you’re being anonymous) before paying the remaining amount with your card. For all the gotcha’s, I would suggest you check out their FAQ page.

I will update as I start to use my anonymous card. I can’t see any huge problems or negatives however, so I highly recommend the vanilla visa gift card for all my other privacy aware friends.