By Patrick | June 28, 2007
One really awesome feature I did not cover in my previous review of the Online Password Manager, Clipperz, was their Direct Login feature. This is a feature that allows you to configure Clipperz to automatically log you in to various websites with a single click.
When I first signed up for Clipperz I did not use this feature at all. However, upon Marco’s suggestion that I should really try them out, I decided I would take a look. The first account I configured for Direct Login was one of my bank accounts. It was extremely easy to configure in Clipperz and within a couple minutes I had one-click login access to my bank account. I’m VERY sold on Direct Logins. I immediately started adding any other accounts that I could. Be forewarned, Direct Logins do not work for every site. I had a couple they would not work for, but that’s a minor inconvenience.
Clipperz definitely has a one up over PassPack in this area. Everyone knows I’m a PassPack evangelist because of it’s lightweight feel and it’s blazing speed. However, I also love Clipperz for it’s multi-field cards that can store custom data, not just usernames and passwords.
The solution to this multi-password-manager dilemma? I have accounts at both places. And to be honest, it will remain that way for as long as Clipperz is the only one with Direct Login.
Popularity: 6% [?]
By Patrick | June 28, 2007
I received a letter in the mail from the bank that issues the a.K.a Card requesting more information from me. They asked me for a copy of my driver’s license, a W-2 from last year showing my gross income, and then an employment history. When I first received I was a bit taken aback. This seemed like a lot of information to be giving up for an anonymous card, but I had to remember the bank has to know who I am. And from my earlier post there are two main roads you can go down in the privacy-aware lifestyle:
- Seek complete anonymity
- Seek to avoid identity theft
The latter of the two is what the a.K.a card accomplishes, while it’s not bullet proof for complete anonymity, since real addresses have to be used even on the alternate identity of the a.K.a Card. Plus the bank has a slew of information so that it can verify me and issue me a revolving credit card. This is NOT an anonymous credit/debit card like Vanilla Visa and others.
Either way, I’ll be filling this out and submitting the information this weekend. I’ll keep everyone updated.
Popularity: 6% [?]
By Patrick | June 25, 2007
I was contacted the other day by a nice woman from The a.K.a Card. She was contacting me to inform me about their product that offers “Total Anonymity, Privacy and Freedom”: the a.K.a Card. In a nutshell what it is is a credit card you apply for and upon approval are sent a card that has two identities. One is your real identity that you used when you applied for the credit card and the other is one you make up and use when purchase items online. They have a pretty decent explanation here and their FAQ can be found here. Currently, a.K.a Card is running an introductory special where you can sign up for $9.99/month or $99.99/yr. Normally I think the price is $14.99/month.
So what does this service offer? When you go to shop online and you put in your credit card information, sometimes you don’t know just how securely the merchant on the other end will protect your information. Even if they do everything they can, sometimes mistakes are made, or accidents happen and servers and databases get hacked. With a.K.a Card when you buy online, you give the merchant your alternate identity with a totally different name, address and card number. The theory is that if or when the merchant is compromised, the attacker doesn’t walk away with your real credit card number or even real name.
So you’ve heard me talk about anonymous prepaid credit/debit cards before, however this is different. The goal with the a.K.a Card is to prevent identity theft. I see a couple problems though that I hope to get ironed out either by speaking with the folks at a.K.a Card or someone posting a comment on here.
The first problem is that if the merchant requires the billing and shipping address to match then that could be a problem if your address for the alternate identity is not an address where you can receive mail. For example, I set up my alternate address as 123 Nowhere St., but I want my goods sent to 505 Somewhere Ln., then that may not jive.
Second problem is the alternate name. I think it’s awesome you can assign any name you want for an alternate identity, but what if the address you’re receiving your merchandise at doesn’t know you by your fake name? For instance in the scenario presented on a.K.a’s website, “Melissa Miller” is telling us how she uses her card. She uses the pseudonym of “Jane Freedom” and she also uses her office address as the alternate address. Let’s say Melissa/Jane orders some brand new shoes from an online vendor and has them shipped to her work address since the merchant will only ship to the billing address. The shoes show up at her office and the mail room employees try to look up “Jane Freedom” in their directory seeing as how they don’t know what floor Ms. Freedom sits on. Well, guess what? There’s no Jane Freedom at that company. Hrm. You see where I’m going with this.
I really, really want to like all products out there that even remotely seem to help in the defense of identity theft and defense of privacy. However, do I see the a.K.a Card as something that I would pay $9.99/month for, much less $14.99/month? I’ll soon find out as I’m going to be applying for one later today (hopefully I’ll be approved) and then will attempt to test it out. I feel actually trying out the product I’m reviewing is the only fair way to write a decent review about it.
I’d really love to hear any comments from anyone else who looks at this product. What do you think? Is it worth it? Anyone got some great ideas on how to utilize this card?
Popularity: 7% [?]
By Patrick | June 21, 2007
Tell me again why I should trust the government with any of my sensitive data? Tell me why it is that so many people are in favor of a national ID card (AKA Real ID)? When are people going to get it through their head that personally identifiable information is best left private with the individual; not with the government or some corporate entity.
This one quote from this particular article about a state government’s latest data loss kills me (emphasis added):
The tape was stolen June 10 out of the unlocked car of a 22-year-old intern who had been designated to take the backup device home as part of a standard security procedure.
What kind of screwed up security policy is that procedure a part of? Not surprisingly, the governor has suspended that procedure of taking home any dat-backup devices and is “mandating a review of how state data is handled.” Good call Gov.
Popularity: 3% [?]
By Patrick | June 13, 2007
A couple months ago, I posted a brief review of PassPack, an Online Password Manager (OPM). When I posted the initial review of PassPack, I was aware of another similar, but different OPM by the name of Clipperz. Today I want to take the time to review Clipperz, some of it’s features and flaws.
First of all let me say that I will not be incorporating any screenshots into this post, so allow me to give you this link that has numerous screenshots for your viewing pleasure. Now, on to the review!
Upon first use, you obviously need to sign up. Clipperz makes registration a breeze. One thing I love immediately is that registration is anonymous. Their signup process asks for three things: a username, a passPHRASE and verification of the passphrase. That’s it. Just two pieces of information you have to remember. I capitalized phrase in passphrase intentionally a moment ago. That’s because your passphrase is the ONLY thing standing between no access and full access to your passwords. So a super strong passphrase is highly recommended.
One other thing that you might notice right off hand, and will definitely see throughout the Clipperz application, is a password strength meter. Whenever you are typing in a password or a passphrase, this strength meter is displayed beneath the text field in which you are typing. As your password becomes longer and more complex, the meter changes from bright red (least secure) to bright green (very secure). Most of us know what is and isn’t a good, strong password, however it’s a really cool feature to have and you’ll see why later.
Once you log in with your new account, you land on the “card view” screen. This is where you create your various cards that will hold passwords or information for various websites, companies, individuals, etc. Think of it as an online Rolodex per se. You might have cards for things like Gmail, Digg, MyBank, MyStockAccount, etc. When you click on “Add new card” you are given a number of predefined template cards to choose from. These templates consist of cards with certain fields already defined for you. Card templates for simple simple web password credentials, online banking information or even an address book entry card.
Now this is where Clipperz has a huge one up on PassPack. These cards have an unlimited number of “fields” that they can contain. And the predefined “template” cards can have any and all of their fields modified, added to, or even removed. Clipperz offers you full control and tons of flexibility on the type of information you can store in your cards. It’s virtually limitless on the number and type of data sets you can store.
Of the field definitions, the “password” type is one that will probably be most often used. When you store information in a password type field, the text is always displayed as stars. While great for that nosy coworker or curious boss, this is a problem. It’s a problem because there is no single click or otherwise convenient method to reveal the password that is behind the stars. Most password managers have a descramble or reveal button you can click to see the password in the clear. This is one of my biggest complaints of the application. Clipperz does allow you to click on the stars themselves which copies the field data (password) to the clipboard. This enables you to quickly paste the password into a waiting login prompt or webform. Still, I would love to see a one-click button that would change those stars into the clear text password when I needed to view a password quickly, and not necessarily copy it to the clipboard every time.
You remember how I said the password strength meter had another great use? Well, here’s where I give you a real life example. I have a number of clients I consult for at various times. Each client has their very own card in Clipperz. I store numerous passwords for each client in their respective cards. Passwords for their routers, firewalls, servers, etc. It would not be uncommon for me to have 10-15 password fields on one card. With the password strength meter, I can glance at a card for a client and get an overall idea how strong their passwords are for all their devices I have information for. It may seem small to some people, but it’s a feature I really appreciate.
My favorite feature of almost all real OPM’s (including Clipperz and PassPack) is the encryption and security aspect. All my information remains encrpyted safely on their servers and never passed in the clear. Encryption and decryption takes place on the client side in the browser, so even if the Clipperz servers were compromised, your data would be safe and useless to the perpetrators. Plus, there’s no worry if a Clipperz employee ever turns rogue and tries to walk off with all the sensitive information that is home to the Clipperz servers.
To wrap up, I like Clipperz. The interface isn’t as easy or simple as PassPack. But then again, you have a lot more flexibility and can do so much more in Clipperz than you can PassPack. I still give really big kudos to PassPack for having the unscramble button next to their password fields. Whichever OPM you choose, you Clipperz is definitely an option worth investigating.
Popularity: 10% [?]
By Patrick | June 12, 2007
Slashdot has an article talking about some Google Privacy Quickies. A recap of sorts of some of the latest Google privacy news and statements.
Google Privacy Quickies – Slashdot
Popularity: 2% [?]
By Patrick | June 11, 2007
Privacy International is an International (duh) Privacy watchdog group that just released a report of privacy rankings for many of the Internet’s major players (ie. Google, Microsoft, MySpace, Facebook, etc). The Washington Post has an article talking about the report here.
One excerpt from the report states:
“We are aware that the decision to place Google at the bottom of the ranking is likely to be controversial, but throughout our research we have found numerous deficiencies and hostilities in Google’s approach to privacy that go well beyond those of other organizations. While a number of companies share some of these negative elements, none comes close to achieving status as an endemic threat to privacy.”
Some of you may remember last year the big fiasco Google raised when it challenged the DOJ’s subpoena request to review millions of user’s search requests. A feather in their cap for privacy advocates right? This along with their agreement to “sanitize” search data after 18-24 months has created some confusion as to just how Google could have received the lowest ranking of all companies analyzed. Privacy International came to it’s conclusions based off of 6 months of research conducted with 30 professors from the US and the UK.
Some of the takeaways from both the Washington Post article and Privacy International’s actual report are as follows:
- Out of 23 total companies, Google received the lowest ranking allowed and was the only one to receive that rank.
- “An independent European panel recently opened an inquiry into whether Google’s policies abide by Europe’s privacy rules.” – Washington Post
- Three consumer groups in the United States are pressuring government regulators to force Google to change some of it’s privacy policies before allowing the $3.1 billion deal with online ad service Double-Click.
- Google’s ability to match data gathered by its search engine with information collected from other services such as e-mail, instant messaging and maps is equally concerning.
I believe Google is keeping privacy in mind when it comes to third parties. I don’t believe they are sharing data with anyone else or advancing the rise in spam traffic. However, I also believe they are gathering and analyzing data in ways that will benefit them greatly and anyone else that had this same type of market research. They obviously won’t share this type of research with competitors but will use this information any way they can to serve their own interests. At least, that’s just my opinion.
Do I think they’re in bed with the government like Facebook has been suggested to be? No. Do I think they have very valuable information that the government and/or corporate entities would like to get their hands on? Absolutely.
Popularity: 3% [?]
By Patrick | June 6, 2007
Real ID Watch is a blog any concerned citizen should keep in their respective RSS reader. A couple weeks ago they had a great post about how Conservatives have given up on Freedom and a Limited Government.
I used to be a staunch Republican. Then for a while I was simply calling myself a Conservative. Now it appears that title doesn’t even fit anymore. I’m just glad Ron Paul is on the Republican ticket this time. I would’ve voted for him in ’88 when he ran on the Libertarian ticket, and I’ll definitely vote for him this time.
Popularity: 3% [?]
By Patrick | May 21, 2007
This is hysterical. You have to watch this:
Popularity: 4% [?]
By Patrick | May 18, 2007
Again, this has privacy nightmare written all over it. An article entitled “Use Your Driver’s License as a Debit Card” ran in Tuesday’s BusinessWeek. The general premise is that why should we as consumers, be burdened down with all these credit cards, debit cards and customer loyalty cards, when we already have a driver’s license that (most likely) has a magnetic strip on the back of it and could serve as a debit card.
A company by the name of National Payment Card has been working over the past couple years on a campaign to get gas stations to sign up with their e-check Driver’s License payment program. It’s a simple process really. All it takes is your driver’s license number and bank account information and you’re good to go. Government (Driver’s License) and Business (NPC) mixing together in a far too close manner. I just don’t like it from a privacy standpoint.
Popularity: 5% [?]