Saturday, January 27, 2018

Safeguard Your Social Security Number

The FTC Warns About the SSN Scam

Your Social Security number is an important key for an identity thief. Scammers want it, and they think of all sorts of ways to trick you into giving it away.

Here at the Federal Trade Commission, we’re getting reports about calls from scammers claiming to be from the Social Security Administration. They say there’s been a computer problem, and they need to confirm your Social Security number.

Other people have told us that they have come across spoof websites that look like the place where you would apply for a new Social Security card – but these websites are actually a setup to steal your personal information.

If you get a phone call or are directed to a website other than ssa.gov that is claiming to be associated with the Social Security Administration, don’t respond. It’s most likely a scam.

Here’s some tips to deal with these government imposters:
  • Don’t give the caller your information. Never give out or confirm sensitive information – like your bank account, credit card, or Social Security number – unless you know who you’re dealing with. If someone has contacted you, you can’t be sure who they are.
  • Don’t trust a name or number. Con artists use official-sounding names to make you trust them. To make their call seem legitimate, scammers use internet technology to spoof their area code – so although it may seem they are calling from Washington, DC, they could be calling from anywhere in the world.
  • Check with the Social Security Administration. The SSA has a warning about these scams and suggests you contact them directly at 1-800-772-1213 to verify the reason for the contact and the person’s identity prior to providing any information to the caller.
  • If you come across one of these scams, please report it to the Social Security Administration’s Fraud Hotline at 1-800-269-0271 and then tell the FTC about it. https://www.ftccomplaintassistant.gov/
 
The Social Security number has become a national identification number in the United States, and as a result of this it has also become the key to identity theft. Many people assume that they are required to give their SSN whenever and by whoever asked. That is simply not true.  Federal law does not prohibit a merchant or other business from requesting your SSN. However, there is no state or federal law that requires you to provide your SSN to any entity not authorized by law to require it.
 
Agencies that may require your SSN:
  • Government tax and welfare agencies, including the IRS, other federal agencies (for health benefits and other entitlements), state/local tax or revenue agencies.
  • State professional/occupational/recreational licensing agencies.
  • Other governmental agencies -- under federal law, they must tell you why your SSN is needed, whether giving your SSN is mandatory or voluntary, and how your SSN is to be used.
  • Employer – You employer can require it for wage/tax purposes, but NOT from a job applicant.
  • Banks and securities brokerages -- under the USA Patriot Act, 31 U.S.C. § 5318, financial institutions are required to establish minimum standards for properly identifying their customers opening new accounts (include checking, savings, loans, safe deposit boxes, and/or investments). Under federal regulations adopted in May 2003, banks, savings associations, credit unions, securities broker-dealers, futures commissions merchants, and mutual funds were required to have Customer Identification Programs (“CIPs”) in place by October 1, 2003. Information required to identify customers under a CIP includes name, date of birth, address, and a social security or federal tax identification number.
  • State motor vehicle departments – the may collect your SSN but some state laws prohibit the recording of your SSN on your driver’s license or state identification card.

According to the Social Security Administration: Organizations should avoid using Social Security numbers (SSNs) as identifiers for any type of transaction.
 
In an effort to curtail identity theft, the Social Security Administration (SSA) is initiating a public information program to encourage the use of alternate identifiers in place of the Social Security Number (SSN.) Many organizations including businesses, government agencies, medical facilities and educational institutions continue to use the SSN as the primary identifier for their record keeping systems. [The Social Security Administration is] seeking your support, as well as the support of the general public, in helping to ensure the integrity of individual SSNs.

Identity theft is one of the fastest growing crimes in American society. The routine and often indiscriminate use of SSNs as identifiers creates opportunities for individuals to inappropriately obtain personal information. Repetitive use and disclosure of SSNs in organizational record keeping systems, multiplies the susceptibility of persons to potential identity theft. Through misuse of SSNs, individuals are subject to the danger of identity theft and its repercussions. Access to an individual’s SSN can enable an identity thief to obtain information that can result in significant financial difficulties for the victim. While this can be disruptive for the individual, it can also lead to civil liability for the organization and its individual employees if someone is harmed by information that has been made available to others.

An organization’s collection and use of SSNs can increase the risk of identity theft and fraud. Each time an individual divulges his or her SSN, the potential for a thief to illegitimately gain access to bank accounts, credit cards, driving records, tax and employment histories and other private information increases. Because many organizations still use SSNs as the primary identifier, exposure to identity theft and fraud remains.

  • Never list an SSN when posting a paper record on a public bulletin board
  • Never send SSNs via an electronic format
  • Never have a computer log-in system where a person has to use their SSN
  • Never use SSNs on ID cards
  • Never send SSNs on postcards
  • Never store SSNs on unprotected computer systems
  • Never carry a Social Security Number card on your person 

Guard Your Last Four. Although most widely used and shared, the last four digits of your SSN are in fact the most important to protect. These are truly random and unique; the first five numbers represent when and where your Social Security card was issued (prior to 2011). So don’t use the last four of your SSN as a PIN, or as a way to confirm your identity over the telephone. Ask companies to use an alternative identifier.

The ACLU recommends that you "Use caution when giving out your SSN to a government agency. They are required by the Privacy Act of 1974 to tell you why your SSN is necessary, whether giving your SSN is mandatory or voluntary, and how your SSN will be used. [Always get a written copy of the Privacy Act requirements when a government agency asks for your personal information.] And stop giving your SSN to private organizations. Suggest they use an alternative identifying number. If they refuse, think about taking your business elsewhere."

The Electronic Privacy Information Center (EPIC) has stated "The widespread use of the SSN as an identifier and authenticator has lead to an increase in identity theft. According to the Privacy Rights Clearinghouse, identity theft now affects between 500,000 and 700,000 people annually... Identity theft litigation also shows that the SSN is central to committing fraud. In fact, the SSN plays such a central role in identification that there are numerous cases where impostors were able to obtain credit with their own name but a victim's SSN, and as a result, only the victim's credit was affected."

The bottom line is that use of your SSN to identify you across multiple records and systems of records puts you at risk. Whenever a business or government agency asks for your SSN that risk is increased. Always understand what use will be made of your SSN if you provide it. For government agencies, always obtain a written copy of the Privacy Act provisions related to their request for your SSN. For private businesses, always ask that they not include your SSN in their records and that they use an alternate identifier. For businesses that insist on having your SSN, consider filing complaints with the Better Business Bureau and your state consumer protection agency. As a general rule whenever you are asked to provide your SSN (or even your last 4) - Just Say No!


 
 

Friday, January 26, 2018

Russia Orders Messaging Apps To Hide Cooperation With Law Enforcement


According to an article in the Moscow Times: Messaging services in Russia have been banned from disclosing any cooperation with law enforcement agencies, according to a new government decree.

A 2015 law requires internet companies to store Russian citizens’ personal data on local servers accessible to local law enforcement. Over the past year, the popular Telegram messaging app has been embroiled in a legal battle with Russia's Federal Security Services (FSB) over refusing to provide access to the online conversations of users, including suspected terrorists.

The new decree orders messengers to ensure the non-disclosure of any information regarding specific facts and contents" when cooperating with the authorities.

The messengers are also required to provide remote access to their systems no later than three months after receiving a request from the FSB.

Last year, Telegram appealed to the UN  to intervene in its legal battle with the FSB over online privacy rights.  Telegram's founder, Pavel Durov, has previously said that the FSB's demands violate the constitutional rights of Russian citizens to the privacy of correspondence.

--
I respect Telegram for standing up for the privacy rights of Russian citizens (and all users of Telegram), much as Apple did in the United States when faced with demands from the FBI to create a backdoor to defeat the encryption on iPhones.

Telegram, has a feature called "Secret Chats" which increases the security of your communications by providing end-to-end encryption. The Telegram FAQ page says:

"Secret chats are meant for people who want more secrecy than the average fella. All messages in secret chats use end-to-end encryption. This means only you and the recipient can read those messages - nobody else can decipher them, including us here at Telegram (more on this here). On top of this, Messages cannot be forwarded from secret chats. And when you delete messages on your side of the conversation, the app on the other side of the secret chat will be ordered to delete them as well.

You can order your messages, photos, videos and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then disappear from both your and your friend's devices.

All secret chats in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret chat from their device of origin. They are safe for as long as your device is safe in your pocket."

You can download Telegram here: https://telegram.org 

PacSafe

Protect your valuables while you're out exploring with the Pacsafe Travelsafe portable safe, which is available in two sizes - five liters (5L) and twelve literes (12L). The poly-canvas material is embedded with Pacsafe's patented 360-degree eXomesh locking system, a stainless steel wire mesh that helps prevent would-be thieves from breaking into the safe.

It comes with a TSA accepted 3-dial combination lock, and it features a padded EVA foam laminated and soft brushed polyester lining, water resistant exterior, and handles for convenient carrying. The 12L model can fit a 13-inch laptop, while the 5L model can store an iPad (10-inch tablet)

When you're not using it, the Pacsafe Travelsafe portable safe conveniently folds down flat to fit into your luggage.

PacSafe Travel Safe is an excellent way to secure valuables in your vehicle against smash and grab theft.



Thursday, January 25, 2018

Opt-Out of People Search Databases (UPDATES)


At the beginning of the month (January 2018) I posted a list of links allowing you to Opt-Out of People Search Databases.

Here are an additional ten data broker opt-out links. All of these are now also included in my original post.

DOB Search - https://www.dobsearch.com (Select "Manage My Listing")
Info Tracer - https://members.infotracer.com/customer/terms?tab=optout
Go Lookup - https://golookup.com/support/optout
LexisNexis (KnowX) - https://optout.lexisnexis.com/oo.jsp
PeopleLooker - https://www.peoplelooker.com/f/optout/search
Public Records Directory - https://publicrecords.directory/contact.php
Research.Com - https://www.research.com/people-search/opt-out
Seek Verify - https://seekverify.com (e-mail: privacy@seekverify.com to opt-out)
US Identify - http://www.usidentify.com/company/privacy.html (See para. IV. Choice & Opt Out)
Truth Finder - https://www.truthfinder.com/opt-out/

What are data brokers? Spokeo, White Pages, Intelius, Been Verified, People Finders? This article by Abine* is a good overview of data brokers and how to opt-out of having our data displayed by many of these companies. The article ends with a recommendation to use the Abine "Delete Me" service to help remove your personal information from the Internet. 

*Abine, Inc. is The Online Privacy Company. Founded in 2009 by MIT engineers and financial experts, Abine’s mission is to provide easy-to-use online privacy tools and services to everybody who wants them.


Wednesday, January 24, 2018

Zello - Walkie-Talkie App

Zello is an application startup located in Austin, Texas. The application emulates push-to-talk (PTT) walkie-talkies over cellular networks. The apps is available for Android, iOS, Blackberry, Windows Phone, Windows PC, rugged mobile devices and two-way radios. Zello is free while the Zello@Work application is free for up to five users. For more than five users Zello@Work costs $6.00 per user / per month. Perks that Zello@Work offers include private networks, dedicated servers, management interfaces for users and channels, higher security, cloud history and tech support.
 
Zello turns your phone into a walkie talkie and works anywhere in the world as long as you are connected to the internet! Please note however that the Zello app cannot function without cellular data service or an available Internet (WiFi) connection on your cell phone. Users can join channels and instantly send voice messages or photos, and the app even works over older 2G networks.
 
Zello made the news in June 2013 when Turkish protesters used it to circumvent government censors. As a result, Zello was the top most downloaded application in Turkey during the first week of June 2013. In February 2014, it was blocked by CANTV in Venezuela. Zello issued workarounds and patches to overcome the blocks to support approximately 600,000 Venezuelans who have downloaded the application to communicate with each other amidst protests. It "has been one of the most downloaded applications in Ukraine and Venezuela." In April 2017, the Roskomnadzor instructed Russian Internet Service Provides to block mobile access to Zello. Under Russia’s data privacy law passed last year, all companies processing the personal data of Russian citizens are obliged to store it on servers within the country’s borders for a half of the year and provide it to law enforcement if necessary. Zello has more than 400,000 users in Russia. In August 2017 during relief efforts following Hurricane Harvey in Texas, Zello became a popular method for communications between volunteer rescuers and people stranded by the widespread flooding. The app received over 6 million signups in one week as Florida residents prepared for Hurricane Irma.
 
According to the Zello Support web-site: "Starting in June 2017 all private voice messages in Zello are end to end encrypted when you are using a version of the app released after 06/06/2017. Voice in public channels is not encrypted as they are open to the public and anyone can listen."
 
Zello's encryption protocol is:
  • 1024 bit RSA for authentication, digital signatures and secure media session keys exchange.
  • 256 bit AES for audio and call alerts.
  • TLS for control traffic encryption between Zello client and Zello server

Zello can also be connected by a radio bridge to your computer, allowing you to use your radio to communicate over the Internet. The procedure to do this easy, and demonstrated in several YouTube videos.
 
 
 
I like Zello, and recommend it a one method of communication. There are some limitations to the Zello App - it requires an Internet connection, and it is possible for governments to block Zello; but overall Zello is an excellent communications tool.  
 
 

Tuesday, January 23, 2018

FireChat


FireChat is a mobile app that uses wireless mesh networking to enable smartphones to connect via Bluetooth, Wi-Fi, or Apple’s Multipeer Connectivity Framework without an internet connection by connecting peer-to-peer. FireChat was introduced in 2014 with the ability to post messages to public chatrooms that counld be viewed by anyone using FireChat. In 2015, FireChat added private messaging, allowing users to communicate privately with each other, and in July of that year added end-to-end encryption to protect one-to-one private chats.

FireChat builds its own mesh network, connecting directly to other FireChat users up to 200 feet away. FireChat's store and forward function allows users to pass messages anywhere within the mesh network, and the more people using FireChat in an area, the large the mesh becomes. In an area without cellular or WiFi service, several FireChat users could establish a mesh network providing communication over as large of an area as there were FireChat users available to participate in the mesh. Once the mesh includes users with Internet access, FireChat then has the ability has the ability to send and receive message anywhere in the world.

FireChat is available for both iOS and Android. A YouTube Video explaining FireChat can be found here:  https://www.youtube.com/watch?v=GogPPT3ePGQ

Intelligence Oversight



An Introduction to Intelligence Oversight and Sensitive Information: The Department of Defense Rules for Protecting Americans’ Information and Privacy 
-- April 2013 - The Army Lawyer - DA PAM 27-50-479

History abundantly documents the tendency of Government - however benevolent and benign its motives - to view with suspicion those who most fervently dispute its policies. Fourth Amendment protections become the more necessary when the targets of official surveillance may be those suspected of unorthodoxy in their political beliefs. The danger to political dissent is acute where the Government attempts to act under so vague a concept as the power to protect ‘domestic security.’ Given the difficulty of defining the domestic security interest, the danger of abuse in acting to protect that interest becomes apparent. . . . The price of lawful public dissent must not be a dread of subjection to an unchecked surveillance power. Nor must the fear of unauthorized official eavesdropping deter vigorous citizen dissent and discussion of Government action in private conversation. For private dissent, no less than open public discourse, is essential to our free society...(United States v. U.S. District Court, 407 U.S. 297 (1972), also known as the Keith case.)

Intelligence Oversight Related to CONUS
(Inspector General of the Marine Corps, Oversight Division) Oversight related to CONUS antiterrorism / force protection a few preliminary questions posed and answered.

Pentagon Releases New Procedures for Intelligence Collection

Intelligence Oversight applies to Department of Defense (DOD) intelligence activities, and is addressed by each military service. Here we will look briefly at how the US Army addresses intelligence activities:

Army Regulation 381-10 "U.S. Army Intelligence Activities" (May 3, 2007) applies to any Army component performing authorized intelligence functions. This includes "installation, organization, or facility security offices [e.g. operations specialists and anti-terrorism officers] when carrying out intelligence activities".

Intelligence activities are defined as: "Collecting information concerning, and conducting activities to protect against, intelligence activities directed against the United States, international terrorist and international narcotics activities, and other hostile activities directed against the United States by foreign powers, organizations, persons, and their agents."

Army law enforcement, "USACIDC, garrison provost marshals and security officers" as non-intelligence entities are not subject to the provisions of this regulation [AR 381-10], but must comply with DODD 5200.27.

It is DoD policy to protect the privacy and civil liberties of DoD employees, members of the Military Services, and the public to the greatest extent possible, consistent with its operational requirements.

DoD will not maintain information on how an individual exercises rights protected by the First Amendment to the Constitution of the United States, including the freedoms of speech, assembly, press, and religion, except when the record is pertinent to and within the scope of an authorized law enforcement, intelligence collection, or counterintelligence activity.

The collection, use, maintenance, and dissemination of information critical to the success of the DoD efforts to counter terrorist and other criminal threats must comply with all applicable laws, regulations, and policies regarding the safeguarding of personal freedoms, civil liberties.

When collected or received personally identifiable information concerning individuals will be handled in strict compliance with section 552a of Title 5, United States Code (U.S.C.), also known as "The Privacy Act of 1974". 

The DOD has published a Quick Reference Guide for Reporting Questionable Intelligence Activities at: http://dodsioo.defense.gov/Quick-Ref/

Most intelligence personnel correctly associate questionable intelligence activities with improper collection on U.S. persons; however, that is only one aspect of questionable intelligence activities.

A questionable intelligence activity is one that may violate the law, any Executive Order (such as EO 12333, United States Intelligence Activities) or Presidential directive or applicable Department of Defense policy (such as DoD 5240.1-R, Procedures Governing the Activities of DoD Intelligence Components that Affect United States Persons), as well as your parent organization's specific guidance.

Examples of a questionable intelligence activity include, but are not limited to, the following:

  • Alleged abuse and mistreatment of detainees and prisoners by or directed by intelligence personnel.
  • Tasking intelligence personnel to conduct intelligence activities that are not part of the organization's approved mission, even if they have the technical capability to do so.
  • Providing intelligence services and/or products without proper authorization.
  • Failure to file proper use statements for imagery collection associated with U.S. persons.
  • Collecting information on U.S. persons, even through open source, when it is not part of the unit's mission.

Monday, January 22, 2018

Privacy at Work: What Are Your Rights?


A person has far fewer privacy rights at work than they do in their personal life, but you are sometimes still entitled to some privacy at your job. Employers can usually search an employee's workspace, including their desk, office or lockers. The workspace technically belongs to the employer, and courts have found that employees do not have an expectation of privacy in these areas. This is also the case for computers. Since the computers and networking equipment typically belong to the employer, the employer is generally entitled to monitor the use of the computer. This includes searching for files saved to the computer itself, as well as monitoring an employee's actions while using the computer (e.g., while surfing the internet).

With regard to activities on computers and networks belonging to your employer:

1) Your employer can monitor pretty much anything you access on the company’s computer system, even your personal email account.
2) Assume any email, text message, or other electronic communication you send on your employer’s system can be used against you.
3) People in IT can look at anything, anytime they want to, for any reason they want to. They are agents of the employer, and it’s the employer’s system.
 
Workplace Searches and Interrogations

Federal and state laws govern employee's privacy rights in the workplace. Generally, employers may conduct workplace searches and interrogations of its employees if there is:

1) a reasonable basis for suspicion of employee wrongdoing, or

2) no reasonable expectation of privacy in the item or thing existed.

While most employee privacy rights claims are determined on a case-by-case basis, courts will typically look at the following factors to determine if an illegal workplace search and/or interrogation occurred:

1) Whether the employee was a public employee or a private employee. Public employees have greater protection under the Fourth Amendment;
2) Whether the search was on company or personal property;
3) Whether the workspace was open to the public or other employees;
4) The context in which the search took place;
5) Whether the employer had a clear policy informing its workers that public or personal property was subject to workplace searches.

An employee of a governmental employer may have a constitutionally protected reasonable expectation of privacy arising out of the Fourth Amendment. The Fourth Amendment doesn’t apply to a private employer’s property, on the other hand, when it comes to the relationship between employer and employee. However, there are still common law bases for a privacy interest... (American Bar Association)

Government employers are subject to federal constitutional constraints because their conduct is considered "state action."  Private employers are not subject to constitutional claims unless their investigations become intertwined with a state investigation.  Therefore, a search of an employee's office by a governmental employer is justifiable only "when there are reasonable grounds for suspecting that the search will turn up evidence ... of work-related misconduct, or that the search is necessary for a non-investigatory, work-related purpose such as to retrieve a needed file."- O’Connor v. Ortega, 480 U.S. 709, 716. (Harvard University)

The Federal Law Enforcement Training Center (FLETC) has a paper that discusses: “Warrantless Workplace Searches of Government Employees” (19 pages). If you work for a government agency, it is worth your time to read this paper.

To determine if your privacy rights were violated, ask yourself the following questions:

1) Does the company routinely conduct similar searches?
2) Were you properly notified of a search, or the potential for a search?
3) Was the search reasonable under the circumstances?
4) Was the person conducting the search authorized to do so?
5) Were you held against your will?
6) Did you cooperate with the search or interrogation?
7) Were you were physically or verbally threatened?
8) Was there a clear written policy in place concerning workplace searches?

Moreover, while employees may not have a reasonable expectation of privacy in their work effects, such as computers, desks, and lockers, employees generally have a reasonable expectation of privacy in their personal items, such as purses, briefcases, and luggage. Therefore, employers generally may not search personal items without a court-ordered warrant, for example.

Maintaining a Reasonable Expectation of Privacy in the Workplace

While you are at work, your employer is paying you to do the tasks that you were hired to do. While "limited personal use" of your employer's facilities and equipment may be permitted - it is always best to keep your work activities separate from your personal activities. If you need to make a phone call, check your personal e-mail, or look-up something on-line, use your personal smartphone, tablet, or laptop. Do not use your employer's computers, networks, or telephones for personal activities.

If you do make limited use of an employer's computer or e-mail system, make sure that your activities are encrypted (i.e. encrypt any e-mail you send). Password protect any personal documents that you create (use the Microsoft Office encryption function). Never store anything on your employer's system - your employer may allow you to type a personal letter or e-mail during your lunch break, but it should not be left on your employer's computer system.) - Generally speaking however, none of this personal activity should be done on your employer's time or equipment.

If you bring personal items to work, keep those items in a personal bag, case, or locker. Anything that you store in an employer's desk, locker, cabinet, etc. is subject to search. A personal container (especially one that is locked) has a  greater expectation of privacy than anything provided by your employer. A locked container, in your personal vehicle has greater privacy than anything you bring inside your employer's facilities.

Generally speaking, if you work for a private employer you have few privacy rights in the workplace. To maintain a right to privacy, you must demonstrate an expectation of privacy, and that expectation must be reasonable. If you work for a public employer (government) you have a greater right to privacy because you retain 4th Amendment rights against unreasonable search and seizure by the government (your employer).

The best way to maintain privacy in the workplace if to keep your private activities separate from work. What you do outside of work hours and off of your employers property is generally your private business and may not be monitored by your employer. Employees of government and public entities have a constitutional right to privacy that protects them from most employer monitoring of, or even inquiring about, their off-the-job conduct. For this reason, public employees are largely protected from monitoring. Even in states that don't provide private workers with a constitutional or statutory right to privacy, it is generally illegal for an employer to intrude unreasonably into the "seclusion" of an employee. Generally speaking, an employer may not inquire or otherwise obtain facts about employees' private lives. (NOLO Legal Encyclopedia)



Sunday, January 21, 2018

Privacy.Com


Privacy.Com allows you to create virtual VISA debit cards, that are linked to your bank account. Once you have a Privacy.Com account and have validated your bank account; anytime you want to make an on-line purchase you can create a virtual VISA debit card number to be used for that purchase.

There are two types of Privacy.Com virtual cards. The first is a "Merchant Card". This type of card is linked to a single merchant. If you are making several purchases from a single merchant (i.e. Amazon) over a period of time you create a merchant card that can only be used with that merchant. If the merchant gets hacked or somehow your card number gets compromised, it can’t be used at any other merchant. The second type of Privacy.Com virtual card is a "Burner Card". The burner card is valid for one transaction and then is automatically deactivated. Burner cards are useful for single transactions with a merchant, or where you may want to sign up for a service or subscription without having to worry about automatic renewals. One a Privacy.Com burner card has been used once, it can never be used again, so if the number gets compromised you are at no risk of unauthorized charges.

Another advantage of using Privacy.Com is that your debit card purchases are no longer associated with specific merchants in your bank records. Every purchase made through Privacy.Com can be reflected as Privacy.Com on your bank statement - By default, charges will show up on your bank statement as "the merchant + Privacy". You may turn on "Private Payments" in your Account page to change what shows up on your bank statement to just "Privacy.Com" (or to one of the following: H&H Hardware, Smileys Corner Store, or NSA Gift Shop). I recommend using the Private Payments option.

While Privacy.Com must validate your identity as part of establishing your account; they do not require that you use your real name and address when you make a purchase with a merchant. This is particularly useful when purchasing on-line services such as a VPN or a digital download, but can be used for any product you want delivered under a pseudonym or alias.

I think of Privacy.Com as a VPN for my debit card. It is a service that sits between my bank and the merchants that I shop with on-line. Privacy.Com gives me a layer of privacy, and helps me protect my account if my virtual debit card number is compromised in a merchant data breach.

Of course, like a VPN, I am trusting Privacy.Com to protect my information as they process debit card transaction for me. Privacy is part of the business model of Privacy.Com, and so far, I have seen nothing that would cause me not to trust them to protect the privacy of my financial transactions.
 
Every time you spend using Privacy.Com, the merchant or website pays a fee (called interchange) to Visa and the issuing bank. This fee is shared with Privacy.Com. You as the purchaser never have to pay an extra fee to use Privacy.Com. This interchange is something that is included with every debit (and credit) card transaction, regardless of what company processes it.

If you want to add some privacy to your financial transactions, and protect yourself in case of a merchant data breach, consider Privacy.Com (https://privacy.com).