Do you know how many online accounts you’ve created? How many of those have personal information that could be exploited or sold? According to lastpass I have approximately 350 Online account profiles created. The exact number of those that have personal identifying information such as my name, address, email, or even credit card I’m not sure. I am guessing out of all those maybe 1/3 to 1/2 of those sites require a physical address and maybe a credit card or some sort of payment information. In this day and age when Yahoo has at least two or more compromises to their security I personally cannot trust random institutions on the Internet to keep my information safe.
I’ve had this conversation with many people and depending on the audience i am considered a tinfoil hat crazy or just a determined realist. Either way the state of the Internet today where many sites require registration is such that I am concerned about the level of personal information I’m trusting with people that frankly don’t deserve or have not earned that trust.
There is no one simple fix to this challenge. I have taken a multileveled approach to addressing the situation depending on my use of a particular website.
For websites requiring a name and email address I simply provide an alternative name as well as either a unique email address I can destroy as needed for generic email address that I periodically destroy. If I create a unique address I can simply destroy the address when I no longer need that website. The process of creating an address does take a few minutes however so for one off sites that I need to register with and don’t intend to use again addresses that I delete every few months. That helps me reduce any spam.
The above solution only works for websites that do not require payments of any kind. Things get complicated when you start dealing with websites requiring some sort of payment method. To limit exposure I’ve used a few different options depending on the situation.
The simplest solution is when I have a service provider for a website that provides digital goods and they accept Bitcoin. In this scenario I would need to provide any personal information or any reasonable payment information. The challenge here is the number of websites that offer Bitcoin payment options are limited. One example of this use case would be my VPN provider.
The next area would be a website that does not offer bitcoin however I still need to pay for services that do not require shipping anything to me. In this case I would look to use PayPal when possible since none of my personal information are stored with the website only on PayPal systems. If that’s not possible I will use a real credit card. For recurrent purchases as of now I’m currently stuck and need to continue to provide my real information and a credit card. For nonrecurring services I will use blur. Blur is a service that allows me to buy prepaid credit card. What is unique about this service is that it allows me to use their address and any name you want on the virtual card. It’s also completely virtual so you can use it as a one-off disposable credit card number. I’m trying to go back to websites where they require credit for details however I don’t shop with them at all anymore or often. I replace any valid credit cards with one of the disposable ones from Blur. It requires a lot of effort however update the site or two here and there when I think I have a few minutes to spare.
One of the challenges with blur is that in some cases I have had issues validating the credit card. It’s hit or miss so I’d like it to be more reliable however it’s still a good choice to use I no longer want my personal detail shared however the account on the site cannot be canceled. At that point filling in details not specific to my personal information is useful.
The most complicated scenario is when I need a real physical address to have something shipped to me. In those scenarios Apple pay, or PayPal is preferred. That way my details are not stored on a any websites systems. In recent months I’ve been surprised how many services do you offer PayPal however the majority of times it feels like I do need to provide my credit card information. In cases where I do have to give my real credit card details I will try to not create an account on the site. Many websites force you to do that however. In those cases I try to remember afterwards to go back and provide non-identifiable information in my profile. That way if the site is hacked all the have is my purchasing history and identifiable information that cannot be tied to me. I’m not as consistent in doing that as I would like to be however the past year and more diligent about cleaning who has personal identifiable information.
Within that last group of sites there are some that I frequently reuse. Under those circumstances I don’t have a choice at this time other than to maintain my personal information including credit card details with that website. In the case of someone like an Amazon I use two factor authentication however does not prevent them from being hacked in their database stolen. At present maintaining information on these sites is a risk I have to take if I want to use the Internet. All of what I described previously enables me to minimize the number of sites I have to trust with this information.
Even with all of these actions I’m not where I want to be with regards to personal information exposure online. I’m probably better off than 99% of the population however I know what specific actions I need to do to secure myself further. Now it’s just a matter of finding the time to go through the list of sites I’ve recorded that I’m registered with and make necessary updates. At the time of writing this I’m about 60 to 70% done. The challenges it only takes one site like the Yahoo breach to have bad things happen.