The Apple vs. FBI Debate: My Thoughts

This week has been awash in coverage of a federal court ordering Apple to unlock an iPhone 5c used in the San Bernardino shooting.  This story began for me when I awoke Tuesday at 5 a.m. EST to half a dozen text messages linking me to Tim Cook’s “A Message to Our Customers.” I have had almost a week to digest the letter, follow the story, and reach some conclusions.  My thoughts and observations on the “Apple vs. FBI” debate are listed below.

  1. The FBI has chosen to use this issue to paint encryption in an unfavorable light.  This single issue has advanced the government’s position that encryption is a tool for terrorists and criminals.  James Comey (the Director of the FBI) has long been an outspoken advocate for encryption “backdoors” and “front doors” but until now has had few concrete examples to sell the public on such mechanisms.  This is the chance they have been waiting for.
  2.  There is probably very little to find on the phone in the first place.  I talked about why I believe this a couple weeks ago on a podcast interview.  I talked about why I believe this which basically boils down to: there isn’t much to find on the phone that can’t be gotten elsewhere.  Jonathon Zdziarski posted an even more thoughtful list of reasons this device probably doesn’t contain anything of real intelligence value.
  3. This is an opportunity for the FBI to put Apple in the unenviable position of looking unreasonable and uncooperative.  It’s just one phone, and they were terrorists, after all.  The problem is, as Apple points out, is that it creates a dangerous precedent.  We have consistently seen mission creep with other laws and technologies that were designed for use in very isolated instances but have been used to pursue an increasing number of lesser crimes.
  4. The FBI is essentially conscripting Apple software engineers to write code for the government’s use.  This should be alarming to any business owner.  If the federal government can compel a company like Apple to write code (or do any work, really) without pay and against its objections, it can do so to anyone.  Apple, it should be pointed out, was only recently overtaken by Google as the world’s most valuable brand.
  5. Apple has its own set of motivations for defying the judge’s order to open the device.  This has been pointed out vociferously.  My own opinion is that regardless of why Apple is taking a pro-privacy stance, they are.  The market wants privacy, and Apple fills the void.  Apple is not a non-profit, not a humanitarian or philanthropic organization, and it is not the EFF.  Very few for-profit companies are filling this void, so my money will go to the one who is.
  6. An interesting article arose out of this controversy that backs up my call for longer, stronger passcodes on your iOS devices.
  7. Encryption works.

This has certainly been an interesting week, and there are certainly more to come.

Book Review: Future Crimes, Marc Goodman

In an age of almost weekly hacks on various multinational corporations, banks, Hollywood movie studios, and government agencies—each more brazen or damaging than the last—it’s no surprise that a spate of books on the subject has hit the market in recent months. After all, those hacks, along with the countless others that go unrecorded every day around the world, affect us all in one way or another.

Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, by Marc Goodman is one of those books that addresses the growing chasm between our Internet-woven lives and the security necessary to protect us from the people who would exploit our reliance on it.

And it’s an eye-opener. Goodman, a former police officer, current cyber security expert and founder of the Future Crimes Institute, makes his living studying cyber threats and the people and organizations who perpetuate them. He’s one of the leading experts in the field, having worked with the FBI and Interpol, among others. Given his credentials, Future Crimes is exactly what you might expect it to be: a well-researched tome of extremely detailed case studies covering everything from hacks and cyber attacks committed against private individuals and organizations to the methods used to gain access to some of the most protected security systems in the world.

As it turns out, according to Goodman, hacking is no longer solely relegated to the realm of lone teenagers working out of their parents’ basements. Instead, hacking has become a multi-billion dollar industry, with operations as sophisticated and well-funded as some of their targets. Singletons, terrorists, organized crime syndicates, state sponsored hackers, and “hacktivists” (groups of hackers who do what they do for what they perceive to be good causes) all have staked a claim in the digital gold mine that is the Internet. They work full-time, attempting—and usually succeeding—to access and steal data that can be used to turn a profit or, in some cases, wreak unimaginable havoc.Future Crimes

In one of his more eye-opening chapters, Goodman discusses how terrorist groups have upped their game when it comes to harnessing technology to achieve their goals. Describing in minute detail how the terrorists in the 2008 Mumbai attacks used Google Earth, BlackBerrys, and real-time social media updates to plan and conduct their attacks (the same technology we use to plan a date), Goodman lays bare the terrorists’ tactics, techniques and procedures. The actual operatives on the ground, he writes, had constant, direct communications with an operations center in Pakistan staffed by commanders who were watching events unfold on major news networks, allowing them to monitor their operatives’ progress and the Indian government’s response.

Goodman also discusses the darker side of the internet, or the Dark Net, a digital underworld built specifically for illicit use that most of us don’t know even exists. He tells the story of Silk Road, the “eBay of drugs and vice,” where, if you’re savvy enough to gain access and speak the language, you can hire assassins, buy or sell child pornography freely and without fear of law enforcement interference, and even trade in human organs.

Setting aside the more nefarious aspects of the cyber world to discuss the legitimate, day-to-day aspects of the Internet doesn’t do the reader’s nerves any good. Future Crimes also details the easy and legitimate access we all either freely give away or inadvertently leak to data brokers every time we use our computers or smart phones.  The staggering net worth of this raw data—ages, genders, browsing habits, sexual preferences, medical conditions, personal networks and the like—collected about tens of millions of people around the world, every day, climbs into tens of billions of dollars each year. This information is not only attractive to criminals, but to legitimate companies “across all industries, whether retail, transportation, or pharmaceuticals” as well. The World Economic Forum regards our personal data as “the new oil” when it comes to overall value.

Despite being well-written, Future Crimes is a veritable train wreck of a book, brutal in its detail, with case studies piling on top of each other like so many derailed freight cars. The never-ending string of crimes related in the book becomes so mind-numbingly messy that it eventually exhausts the reader. This, unfortunately, begins around the halfway point and dilutes the overall effectiveness of the message Goodman is trying to impart. He knows the ultimate effect his book will have on the reader, though, stating in the prologue that “if you proceed in reading the pages that follow, you will never look at your car, smart phone, or vacuum cleaner the same way again.”

While heavy on the “crimes” portion of the world in which we now live, Future Crimes unfortunately offers very little in the way of solutions for the current state of affairs. The few fixes under our control are consigned to a short appendix at the end of the book that Goodman promises, if followed, can help the reader avoid 85 percent of current threats. Beyond that, though, it’s apparent that our inexorable link to all things digital now and forever makes being hacked just a matter of time.

If you’re interested in security, cyber security, or how the details of your life can be probed, stolen or affected by accessing the Internet, this book is a must-read. If you’d rather not know, exactly, how almost every pixel of your online existence is accessed, mined, and sold or stolen over and over again, take a pass.

FUTURE CRIMES: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It

By Marc Goodman

Anchor Books, 512 pp.

Thom Nezbeda is a journalist focusing on global conflict, crisis, and security issues. He writes about Middle Eastern and European affairs, military affairs, counterterrorism, national security the growing refugee crisis, and religious persecution. A former on-air radio personality and general assignment reporter after college, Thom put his journalism career on hold to join the military, where he spent nine and-a-half years as a Marine Corps Infantry Squad Leader and team leader in the Army, with combat tours to Iraq and Afghanistan. He is a graduate of the Defense Language Institute’s Arabic Basic Course, speaks French, and has extensive experience in Europe and the Middle East. Thom has written for The Georgia Guardian, Blue Force Tracker, The CP Journal, and The Soufan Group among others.  For more information or to follow Thom visit http://www.thomnezbeda.com/.

COMSEC: Signal Private Messenger

Signal Private Messenger is a free application, and my new favorite encrypted communication solution.  Signal supports both voice and instant messaging (texting) in a single app.  It is incredibly easy to use, and convince others to use.  There is no complicated setup and no username or password to create and remember.  This app is incredibly intuitive and resembles native phone and texting applications.

Signal uses your phone’s Wi-Fi or data connection.  Signal has replaced the legacy RedPhone and TextSecure apps for Android and merged them into a single platform.  To use Signal Private Messenger simply install the application.  You will be prompted to enter your telephone number for verification.  I have successfully used a Google Voice number for this, even though Signal specifically warns that GV numbers will not work.  Full disclosure: I have also seen GV numbers fail.  This is the ONLY reason for which I use a Google Voice number.  I have no problem with this because the number is only used as an identifier and no data is sent though Google after the initial verification message.  The app will verify the number by sending you a code that you must enter into the application.  No other personal information is required or requested.

Signal

If you allow Signal Private Messenger to access your contacts it will identify the ones who have Signal installed.  There is one slight downside to the way Signal identifies its users: in order for others to contact you via Signal they must have the telephone number you used to register the app in their contacts.  This requires that you give out this number to others with whom you wish to use Signal.  For this reason I recommend setting up a Google Voice number that is used only for Signal, and giving that number out to friend, family, and business contacts that are likely to use Signal (or be persuaded to), rather than giving out your real phone number.  I will post in the future about why giving out your real phone number may be a bad idea.

Signal’s interface is almost disconcertingly simple.  Tapping the “+” icon in the upper right of the interface a list of your contacts who have Signal installed.  Tapping one of these contacts will open a new message to that contact.  From there you can send a text message, photo, or video, or type the handset icon to initiate a voice call.  In the search bar on this screen you may input a telephone number, which Signal will then search to see if the number has the app installed.  Once a call is initiated a more typical phone interface is displayed with some standard phone options to mute the call or use the phone’s speaker.

The call interface will also display two random words.  The words displayed will change with each voice call but should match on both handsets involved in the call.  These words are used to ensure the call is not being tampered with by a man-in-the-middle.  If an attacker were to successfully get in the middle of a call each phone would display different authentication words.  This is becasue each handset would establish a key with the attacker rather than the intended recipeint’s handset .  I recommend ALWAYS validating these words at the beginning of each conversation made over Signal.  This is especially important before engaging in sensitive communications.  The messaging portion of the application is likewise incredibly simple.  Messages are composed and set like they are in any other messaging application.  Attaching a file is as simple as tapping the paperclip icon beside the compose pane.  Signal also supports group messaging.

Signal is one of the best privacy-enhancing applications available (especially considering its cost) and I strongly encourage its use.  It’s encryption utilizes the “axolotl ratchet”, a system of perfect forward secrecy.  Perfect forward secrecy means that each message is encrypted with a unique, ephemeral key.  If one message is decrypted it has no impact on the others since each has a unique key.

As pointed out by the grugq, however, Signal does leak a great deal of metadata about you.  This includes your contact list, who you talk to, and the frequency with which you talk to them.  This metadata is certainly no worse than that generated by your normal telephone conversations.   It is also not any worse than that created by other encrypted messaging applications.  For this reason it may not be suitable for defeating certain threat models.  For encrypting your day-to-day comms that would otherwise be made through insecure means, Signal is a major upgrade.  Signal is funded by donations and grants, and much of the work in developing and maintaining the app is done by volunteers.

Signal Private Messenger is free and available in the App Store and on Google Play.  For more information on Signal visit https://whispersystems.org/blog/signal/.

The Privacy and Security Benefits of a P.O. Box or CMRA

As a privacy advocate I am constantly surprised at the number of people who freely give out their home address without a second thought.  It shocks me endlessly that people will give over their actual, physical home address in exchange for slight discounts on groceries, when creating accounts for online services of all types, to have a miniscule chance of winning a new car, etc.  I would never dream of giving out my true home address for any of these reasons, and I always take pains to avoid it for reasons that are much more serious than these.

IMG_2104

Regardless of this and the fact that much of we all still need to receive mail.  Receiving this mail at home opens you up to a number of vulnerabilities including:

Mail Theft:  Mail theft still happens and it recently happened to one of my clients.  Some of her checks were stolen and forged for cash.  To conceal the crime the thief (who knew where she lived because her address was on her checks) stole her bank statements from her mailbox.  She did not know she had been the victim of a crime for several months.  I am continually surprised at the vast numbers of people who are content to let bank statements, pre-approved credit card offers, utility bills, and other very sensitive items be left in an unsecured mailbox for hours or days at a time.  The theft of such personal information could lead to identity theft, credit fraud, and other crimes.

Much of this threat can be alleviated by going paperless where possible.  Just ensure that you are securing your online accounts with unpredictable usernames, good, strong passwords, and two-factor authentication.

Social Engineering:  A quick glance at mere junk mail from your mailbox can reveal your name and the names of your family members and roommates.  This information can be used to launch a social engineering attack against you.  How would you react if someone appeared at your door and seemed to know the names of all the members of the household?  An attacker could use this information to convince you (or your children) that he or she is a trusted figure.  This information could be used in a variety of imaginative ways to manipulate you or your family.

Data Marketing:  Though the threats of mail theft and social engineering are relatively rare ones, the possibility of your name being associated to your home address through the mail you receive is all but guaranteed.  When you order a package from an online retailer your name and address is added to their database and will eventually be sold to data marketers.  Then Fedex, UPS, and yes, even the US Postal Service will collect this same name and address data and sell it to data marketers yet again.  The end result of this, in addition to tons of junk mail, is that your home address and name are in numerous databases, many of which are available on open-source internet sites.

THE BENEFITS

Using a post office box or commercial mail receiving agency (CMRA)(such as Fedex or UPS stores) you can be reasonably assured that your mail is secure.  It is stored behind lock and key until you come get it, and many such facilities have security cameras. This does not mean that a very determined adversary could not access it, but it is still much safer than it is in an open mailbox on your street.

There are some additional benefits to using a CMRA that are not offered by the U.S. Postal Service, and CMRAs are subject to the same strict security standards as the U.S. Postal Service.  For example, they cannot give your mail to anyone who has not been added to the mailbox and who does not present a photo ID.

Package Delivery:  If you are expecting a package it is much a CMRA it can be received and held by a CMRA.  In contrast Fedex and UPS will not deliver to Post Office boxes.  If a signature is required for the package a representative from the store will sign for it, as well, preventing you from missing an important delivery, and preventing packages from sitting unattended on you front porch.

Street Address:  Rather than having to give out a P.O. Box, with a CMRA you will be given a street address and box number.  Though you cannot use a CMRA as your home address for official records like drivers’ licenses (because they are flagged as commercial facilities), you can give this address out to many parties without it being obvious it is a mail receiving agency.  You can further obscure the nature of your address by adding “Apt” or “Suite” in front of the box number; you mail will still find you, but the address will appear to be a residential or business address.

Using a P.O. Box or a CMRA will make you neither invisible nor anonymous.  But if you have taken steps to obscure you home address to prevent identity theft, stalking, or other threats against you, using one will help prevent your name from being associated with your physical location.  You can make this pay off even more by getting a mailbox in another city or town.  For example, when I had a “normal” job and commuted, my CMRA mailbox was in the town in which I worked, which was roughly 30 miles from my home.  I created quite a trail of information to that mailbox, but it was far enough away from my home that I didn’t lose any sleep over it.

Privacy and Security Considerations when Upgrading to Windows 10

With free upgrades to Windows 10 fully out in the wild the migration to the new OS has been, by all accounts, a resounding success for Microsoft.  Though Windows 7 will doubtlessly remain king of the hill for the immediate future, with 75 million downloads in the last month Win10 is making serious inroads.  Though popular out of the gate, it has not been received without some legitimate complaint.  There are some major privacy issues with the new OS.

Windows_logo_-_2012.svg

Express Settings:  When going through the  upgrade process, do NOT choose the “Express settings” option.  In Express settings mode you are not allowed the opportunity to change privacy and security settings and they are set to defaults.  Worse, allowing the Express settings can cause an encrypted version of your Wi-Fi password to be shared with your friends through Wi-Fi Sense so they can use your Wi-Fi if and when they are at your house.  Instead choose the “Customize settings” option.

Forced Updates:  Perhaps the fiercest complaint about Win10 is that updates are mandatory, not optional.  While I strongly encrourage staying up-to-date, the ability to opt-out of select updates should be everyone’s right.  This ability is especially importan when updates are buggy or cause system instability as has been the case with some updates for 10.  Windows 10 users have no choice in the matter, though.  At least now Windows actually offers some transparency and explains what these updates do.  Before upgrading you should seriously consider whether you are willing to accept mandatory updates whether you want them or not.

Privacy Policy:  Windows 10’s privacy policy has been described by Ars Technica as “the new normal“.  While all operating systems send some information back some information the data collected and transmitted by Windows 10 is fairly significant by comparison but is, as Ars also points out, part of a continuing evolution of increasing data collection.

Data Collection by Default:  Windows 10’s data collection is enabled on the OS by default.  The new Cortana feature (the competitor to Apple’s Siri and Google’s Now) constantly records you and your actions to “get to know you”.  Windows 10 also has a very intuitive, very user-friendly Settings menu that contains a well laid-out Privacy section (shown below).  Unfortunately most of these privacy settings are enabled to collect data by default.  I strongly recommend going through these privacy settings immediately upon installing the new OS.  These settings are not complete; there are .  For more information on setting up the initial Privacy and Security settings in Windows 10 visit https://fix10.isleaked.com/.

Screenshots of my Win1o Privacy settings are attached a the end of this post.  Note that for most of these settings you must enable the global setting before disabling individual apps.  After you have disabled every app I recommend once again disabling the global settings.  Also note that these settings are not a substitute for using basic best practices and security utilities like encyrption and antivirus.

Some good news:  Windows 10 will still work with the security applications we know and love, like TrueCrypt, Password Safe, and others.  In fact, aside from OS-specifics, nearly everything I detailed in Your Ultimate Security Guide: Windows 7 Edition is still applicable.  Just one quick word of warning: if you are full-disk encrypted, DECRYPT YOUR HARD DRIVE before upgrading and re-encrypt upon completion of the upgrade.  I learned this the hard way.

Everyone loves the appeal of a new operating system.  Even I was excited at the prospect of an entirely new look when the computer finally finished installing 10.  But the more rational side of me dislikes change just for the sake of change.  After I complete the next installment of the Your Ultimate Security Guide series which will cover Windows 10 (look for it in March 2016) I plan to revert back to either Windows 7 or, much more likely, go full-time with a Linux distro.

12345678910111213

 

Privacy Compromising Updates in Windows 7/8.1

Since the release of Windows 10 it has been no secret that Windows is collecting a great deal of data about its adopters be default.  Though some of this tracking cannot be opted out of most of it can, and this blog will cover these techniques for Win10 next week.  What is more alarming (at least to me) is that Windows is quietly installing some of these privacy-invading “features” on Windows 7 and 8.1 machines in the form of updates.  These updates send a great deal of information about your usage back to Microsoft.  Fortunately for users of Windows 7 and 8.1 these updates can be quickly and easily uninstalled.

The updates are (each is hyperlinked to a full description at microsoft.com) :

To uninstall these updates navigate to Control Panel>>System and Security>>Windows Update.  Click “View Update History”, and the click “View Installed Updates”.  This will open a list of the updates that have been installed on your machine.  Search for each of the four updates listed above.  If you find that any of them have been installed, right click on the update and select Uninstall.  You will be asked to confirm your decision.

Win7 Privacy UpdateI am disappointed that Microsoft has chosen to hold user privacy in such disregard, though my disappointment does not rise to the level of surprise.  This is a great example of something I talked about in Your Ultimate Security Guide: Windows 7 Edition.  Allowing updates to download and install automatically can have some serious negative consequences.  I prefer to download updates automatically but choose when to install them.  This gives you the chance to avoid updates like these that are not in your best interest.

Paper v. Plastic: The Case for Cash

The adage that I’ve used several other times on this blog, my books, and one that is nearly a personal credo: convenience is inversely proportional to security.  This seems to apply equally well to personal privacy.  Said another way, the more convenient something is, the more personal privacy and control of your identity you are probably sacrificing.  Credit and debit cards are one such convenience.  Though it is certainly more convenient to swipe a credit card for purchases that in is to use cash it also creates a tangible record of each transaction.  With cash you have to make time to visit an ATM, carry bills, manage change, etc.  Making matters worse, all of these inconvenience factors are compounded if you make multiple small purchases throughout the day.

shutterstock_110580023

Despite its inconveniences, making multiple small purchases throughout the day is precisely the reason you should use cash.  Your purchases record a wealth of data about you, including your location and movement, purchases, interests, hobbies, and a plethora of other information about us.  I didn’t fully realize the extent to which my personal pattern of life was spelled out in black in white until I bought my first home.  One of the requirements for the loan application was to submit three months of statements for all bank and credit accounts.  I was very, very disheartened when I had to submit statements for several accounts that looked something like this:

Date Transaction Description Amount
07/01/15 Debit – Local Grocery Store #1 $17.35
07/01/15 Debit – Local Grocery Store#2 $31.53
07/02/15 Debit – National Coffee Chain near Work $4.88
07/02/15 Debit – Convenience Store near Work $2.37
07/02/15 Debit – Lunch Restaurant near Work $12.72
07/02/15 Debit – Gas Station $43.68
07/02/15 Debit – Local Grocery Store #2 $8.19
07/03/15 ATM Withdrawal $60.00
07/04/15 Debit – National Coffee Chain near Work $4.88
07/04/15 Debit – Big-Box Department Store $81.41
07/04/15 Debit – Local Dinner Place near Home $27.12
07/04/15 Debit – Large National Bookstore $27.19
07/05/15 Debit – Fast Food Place near Work $6.01
And on, and on, and on….

Unfortunately, years prior I had subscribed to the philosophy that plastic is easier to use and somehow inherently better than paper.  What I did not realize was that I was sharing a ton of personal details about my life with others.  The packet I handed over to the loan officer painted a very thorough picture of my pattern of life for the three months prior to my loan application (which could be extrapolated to the last few years).  Though there was nothing “shady” on my cards, it was a little embarrassing to share such granular level of detail about my life with strangers.  The sickening realization that I had been sharing all of this information with my bank and creditors for years sank in that day, too.

Purchasing with cash offers much more anonymity.  Unless you are purchasing something that requires you provide your real name, firearms and cars being obvious exceptions that come easily to mind, purchases with cash are about as close to anonymous as you can get.  There is no paper trail, no bank statement, and no overarching record of your life and activities.  If I had it to do over again (and I do going forward) I would have made some changes in my personal habits.  My account statements would have reflected the same period of time a bit more succinctly, like this:

Date Transaction Description Amount
07/01/15 ATM Withdrawal $400.00
07/08/15 ATM Withdrawal $400.00
07/20/15 ATM Withdrawal $500.00

You will notice that because I used cash, this brief statement covers a period over four times as long as the above example, while still being eight lines shorter.  Not only is this statement more compact, it also reveals very little about me.  It does not reveal where I buy my groceries or how often, or the location my favorite coffee, lunch, and dinner restaurants, or my culinary preferences.  It does not associate my name to any of my purchases.

I attempt to use cash as much as possible but I realize I will never be able to fully eliminate credit cards from my life.  Air travel, rental cars, and hotels require credit cards.  I still find myself in locations where I don’t want to pay exorbitant ATM fees, and end up using my card.  But I use it a lot less, which is what I am truly advocating: using more cash and less plastic.  This reduces the amount of information about yourself that you give over to your bank, your lenders, anyone curious enough to swipe a statement out of your mailbox (assuming you don’t use a P.O. Box), and yes, maybe even the NSA.

Using cash isn’t bulletproof, and it won’t make you totally anonymous.  But it will lower your signature, offer you a lot more anonymity, and make an attacker’s job a bit harder.  Every little bit helps.

Complete Privacy and Security with Michael Bazzell

I am proud to announce that I am currently co-writing a book with well-known author and privacy expert Michael Bazzell.  Michael is the author of several privacy- and security-related works including Hiding from the Internet and Personal Digital Security: Protecting Yourself from Online Crime, as well as the immensely popular Open Source Intelligence Techniques.  The idea for this project has been a long time coming and we are well underway with the process.

Large3D

The working title is currently The Complete Privacy and Security Desk Reference.  This 600+ page work is intended to a be an all-inclusive privacy and security resource for law enforcement, special operations and intelligence personnel, victims of identity theft and domestic violence, and those with an avid interest in privacy and security.  The book will draw from our collective experiences and previous writings and will contain a myriad of new material and techniques.  Our intent is to provide the reader with a book that will 

“explain how to be digitally invisible. You will make your communications private, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, and home address hidden. You will remove all personal details from public view and will reclaim your right to privacy. You will no longer give away your intimate details and you will remove yourself from the system. When taken to the extreme, you will be impossible to compromise.”

The Complete Privacy and Security Desk Reference is due for release in January 2016.  An accompanying five-day live training course with Justin Carroll and Michael Bazzell will also be available beginning in 2016.

 

Blur: The One-Stop Privacy Shop

As any of my readers know I hesitate to give out any personal information.  Using the same physical address, email address, phone number, and credit card number helps data marketers build very thorough profiles about us and I do everything I can to undermine this.  A service that is relatively new (at least to me) helps to make it much easier to avoid giving out this information.  This service is called Blur.

Before moving on it should be pointed out that Blur is a paid service.  Though there is a free version available, its functionality is very limited.  Blur Premium costs a very reasonable $39/year with discounts for purchasing multiple years ($59/2 years and $79/3 years).  For the features Blur provides the cost is totally worth it, and most of the features described below require a premium subscription.

full_MaskMe_512x512@2x

Blur helps to protect your privacy through a number of features including Masked Emails, Masked Phones, and Masked Cards.  The Masked Emails function works similarly to services like notsharingmy.info and 33mail.  When you create a masked email, Blur will give you a randomly-generated email address that will forward your mail to your real account.  You can create as many masked email addresses as you like, allowing you to have unique usernames on your accounts and protect your real address.  Masked Emails even protect your email address when you reply, a feature not currently offered by notsharingmy.info and only offered as a paid feature in 33mail.  Blur allows you to cancel forwarding to any masked email at any time, so if you sign up for a service that is bombarding you with junk mail you can simply login to your account and toggle forwarding to “off”, or delete the address entirely.

Blur also has a built-in username and password generator.  When you sign up for a new account or service and generate a username with Blur it will be a masked email address.  Unfortunately the passwords generated by Blur are only 12 characters long (though they are complex) and I have found no way to change this.  Masked Phone is another interesting feature that allows you to generate a phone number through Blur that will forward calls and text messages to your phone.  Unfortunately you can only have one Masked Number at a time, and the cost to change your masked number is $7; additionally there is a $.01 charge for each incoming call, for each minute used, and for each incoming text.  At this time you cannot send outgoing text messages from your masked number.

Blur’s most exciting feature by far is Masked Cards.  Blur allows you to create masked credit cards for online purchasing.  When you wish to make an online purchase you log into Blur and create a new masked card.  The amount of purchase will be charged to your “real” card, and the masked card works much like a pre-paid gift card.  Blur will give you a credit card number, expiration date, CCV, and billing address, and you can choose the name and shipping address.  This limits the amount of information that retailers, credit card companies, and third-parties can accumulate about your purchases, the benefits of which are obvious.  It also limits the exposure of your real credit card number on the internet.

With the ability to obscure your email address and phone number, create masked credit cards, generate unique, complex usernames and passwords, and manage it all in one place, Blur is almost a one-stop-privacy solution.  Your Blur account can be protected with very strong passwords (I haven’t found a length limit yet) and two-factor authentication and can be accessed through your browser, Blur’s add-on for Firefox/Chrome, or their Android/iOS app.