I’ve mentioned the Blur privacy service a lot in the past but I’ve yet to fully review it. This post will serve as review, how-to, and as a chance to point out some important security features of the service. So what is Blur and why would you want to use it? That is hard to put into a single sentence. Most importantly for me, Blur offers a one-stop location from which I can mask my email address, my phone number, and my credit card. Unlike Pay With Privacy which I detailed last week, Blur is not a single-function service.
Blur Privacy Service – Masked Email
Blur Masked Email is by far my favorite email privacy service. I greatly prefer it over 33mail.com because the single, common domain necessary for 33Mail ties all your accounts together, while all Blur users share the “@opayq.com” domain. To create a masked email, login to your Blur account. Click the “Masking” icon. Click “Masked Emails” on the next screen. To create a Masked Email address click the “+New Masked Email” button. A pop-up will appear. Enter a descriptive name for your email address and click “Create Masked Email”. A new masked email address will appear in your list of addresses. Each one of these addresses can be given out and will forward mail to your real inbox.
This is a boon to making unique usernames for accounts, and for protecting your real email account. Additionally, you can permanently delete any of these addresses. If you don’t wish to receive emails (i.e. if you are getting spam from a particular address) you can simply turn forwarding off. You won’t get any more emails in your inbox, but you have the address should you need to turn it back on.
Blur Privacy Service – Masked Cards
This is absolutely my favorite feature of Blur. Being able to create masked cards allows you to protect your real credit card number. This is incredibly useful when purchasing from sites that are not fully trusted, when purchasing subscriptions for which recurring subscriptions are the norm, or making purchases for which you don’t wish to provide your true billing address. Here’s how it works: you give Blur your credit card number. After it is validated, you can create masked cards.
Each card is a virtual card, complete with a Mastercard number, expiration date, and CCV code. These cards all share a billing address, but everything else is up to you: billing name, shipping name, shipping address, etc. To make one go to the Masking menu and click “Masked Cards”. Click “+New Masked Card”. A new window will appear. From the drop-down select your payment method. Choose the amount for which you wish the card to be valid. Finally, make a descriptive note of where you plan to use the card; this is optional, but great for organizational purposes.
Masked cards are a premium feature and require a paid account. In addition, Blur charges a $2.00 fee for each card under $100, plus a charge of 1.5% for cards over $100. This is still far less than the charge for prepaid credit cards. Cards can be made in any increment from $10.00 to $1,000.00. When you are finished with a card or its balance is exhausted you can close it (this is why I feel comfortable posting a credit card number online). If there is a balance remaining when you close a card, it will be refunded.
Blur Privacy Service – Masked Phone
I admit that I don’t use this service very much. With a premium membership you can setup a Blur Masked Phone number that will forward calls, texts, and voicemails to your real phone. I mostly use this number when I am making a purchase online and using a Masked Email address and Masked Card. You can call out from this number but you must do so from the Blur mobile app or from the web interface. I don’t mean to downplay the significance of this. Having a strong, working phone number that will forward calls and texts to your device is an excellent feature.
Blur Privacy Service Settings
Blur’s settings are all available in one easy-to-access location. All are easily modified by clicking the “Edit” button to the left of the setting. I am very happy to report that your Blur account can be locked down fairly tightly. I’ll go through the settings that I think are important for security in the order that they appear:
- Email Address: Blur uses your email address as your username. As readers here know I consider usernames a security measure, so I don’t use an easily predictable email address. Unfortunately, because this is a financial account, I am uncomfortable using a forwarding service (like 33mail.com or NotSharingMy.Info) as the login. Instead I use a ProtonMail alias that is random and not easily guessable. If you have already setup your Blur account and have used an email address that you’ve used elsewhere it is easily changed
- Password: I have not yet found a meaningful limit on password length with my Blur account. I have successfully used passwords in excess of 100 characters.
- Auto-Lock: This setting allows you to choose the inactivity interval before you are required to re-login. Obviously a shorter interval is better from a security standpoint, but may be more inconvenient. Because I typically login, conduct my business, and log out, I have not found the shortest interval (15 minutes) to be overly burdensome. The options are Never (not recommended), every 15 minutes, 30 minutes, 1 hour, 2 hours, 3 hours, or every day.
- Password Security: Enabling this setting will require you to re-enter your password after a defined interval. Like Auto-Lock, a shorter interval is more secure but may be less convenient.
- Two-Factor Authentication: Of course I recommend that you turn this feature on. Blur only uses a software token and requires that you have an app like Google Authenticator or Authy installed on your device.
- Anti-Theft: This is not a setting, but a place where you can view the last 20 logins to your account, by browser, OS, and platform (computer, mobile, etc.). These are ordered by most recent and include a date/time stamp.
- Backup Passphrase: This is a long passphrase composed of multiple dictionary words. If you lose your two-factor token this is the only way back into your account. I recommend recording it in your password manager entry’s notes section.
- Backups: Blur offers you a number of backup options. You can store your Blur backups locally or on Abine’s servers. Though I am generally not in favor or cloud storage, in this instance I choose to backup my Blur data to Abine. There are a couple of reasons for this. First, the company operates a zero-knowledge server (or “host-proof” in their terminology). This means that you are the only person that can decrypt and access your data. Secondly, I am routing both emails and financial transactions through them anyway, so I don’t see the risk as manageable.
- Delete Account: I am really happy to see this. Many online services make it extremely difficult to close your account. Doing so with Blur is painless.
Blur Privacy Service
I haven’t fully covered everything that Blur does. I have mainly focused on the stuff that I use the most and find most important. Blur also has add-ons for Chrome and Firefox, as well as apps for Android and iOS devices. Subscriptions run $79/3 years, $59/2 years, or $39/1 year. This is one service that I use on a daily basis, and that has been worth every penny.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.