Comments on: Safeguarding Your Data: The Privacy Wall

By: One more thing…. Browser Snapshot and file attachments « Wesabe: Your Money. Your Community.

Wed, 18 Nov 2009 03:30:20 +0000

[...] of the way our privacy wall works, attachments are currently stored on disk in unencrypted form. We’re planning an update [...]

By: Pop-ups ads tricking people into monthly charges « Wesabe: Your Money. Your Community.

Wed, 18 Nov 2009 03:28:51 +0000

[...] 17 Wesabe users have charges from Reservation Rewards, totaling $397.00. Because of the way our privacy wall works, we have no way of knowing who those people are, but I’ve written a Wesabe tip pointing [...]

By: Reminders: SXSW and ETech « Wesabe: Your Money. Your Community.

Reminders: SXSW and ETech « Wesabe: Your Money. Your Community. — Wed, 18 Nov 2009 03:28:14 +0000

[...] privacy. (Brad wrote up one of those techniques, the “Privacy Wall” technique, earlier.) Also, I’ll be presenting my “Coder to Co-Founder: Entrepreneuring for Geeks” [...]

By: Reminders: SXSW and ETech « Wesabe: Your Money. Your Community.

Reminders: SXSW and ETech « Wesabe: Your Money. Your Community. — Wed, 18 Nov 2009 03:28:14 +0000

[...] privacy. (Brad wrote up one of those techniques, the “Privacy Wall” technique, earlier.) Also, I’ll be presenting my “Coder to Co-Founder: Entrepreneuring for Geeks” [...]

By: Brad Greenlee

Brad Greenlee — Fri, 23 Feb 2007 14:27:42 +0000

Rob: that sounds like a great idea. I look forward to checking it out.

Leadhyena: no, we’ve come up with a way to avoid losing all your data when you forget or change your password. In a nutshell, we store a version of the secret hash encrypted with the answers to the user’s security questions. Provided you don’t forget those as well, we can easily recover all your data. I’m glad you brought that up, though–I’ll update my longer post.

By: Leadhyena

Leadhyena — Fri, 23 Feb 2007 14:04:50 +0000

I bet that makes recovering lost password a real pain. Seriously, when you lose your password, does that mean that you lose all your internal data, tags and all? I’d feel more secure that way, but most people would be freaked out too much about losing their Wesabe password, that they’d resort to other security violations to get back to it (writing the password down, storing it in browser, storing it in a spreadsheet, etc.).

By: Rob Rubin

Rob Rubin — Fri, 23 Feb 2007 13:30:32 +0000

My company is rolling out a web service (BankSwitcher) to make switching banks easier — we look at your banking activity to identify everything that needs to be “switched” like automatic debits (mortgages, utility bills, etc.), direct deposits and online billpay information. We’ve built a directory of switching instructions and forms for over 1500 billers to produce a personalized switching checklist with everything you need to switch banks (you can go to http://beta.facilitas.com if you want to register to use it for free).

The most sensitive (dangerous in the wrong hands) personal information we require is usernames and passwords for bank accounts. We do not save these data anywhere (I describe it with the phrase “once you use it, we lose it”). In fact, if we have a failure while our systems are in the process of downloading banking activity, the user will need to start over again. This isn’t the best user experience, but we think it’s a small price to pay for safety.

We do save users banking activity in encrypted formats using multiple keys to maintain and improve our database of matching patterns (how specific billers are rendered on transaction lines — AMEX, AMEXP, AMERICAN EXPRESS) and to identify billers we don’t have in our database yet. While we DO NOT associate banking activity with users, we still delete it after 7 days because some transaction lines may contain personal information like your name or an account number.

I’m very impressed with Wesabe’s transparency with regards to privacy and security — we intend to follow suit. Thanks.