—————————————

Hello, Eric Wolbrom, Co-Founder of KeepYouSafe.com, here. Just wanted to respond to some of the issues you raised in your comment on our Secure Online Safe Deposit Box service.

Sorry that we got your “spidey sense tingling.” You do raise some good points, thanks, and we appreciate the opportunity to address them.

>1. Nowhere on the site is there any identifying information – there’s no information on the company founders, no information about the background of the company, and generally, no identifying information at all. And nothing in the domain registry info, either.

You’re absolutely right. In the last minute rush to get our site launched, (the service itself has been fully tested and retested and vetted, the site is still just a bit under construction) we haven’t put up all of the planned public web pages yet. We focused more on the technical information than the personal info, because that’s what we personally gravitate to when we’re evaluating a service.

Our bios were added to the site early this afternoon. We’ll also be adding information shortly about our company and our board of advisors, many of whom have backgrounds in law enforcement or network/data security. As you can now read in our bios, both myself and my partner are CISSP’s (certified information system security professionals) and have been since 2000. Our company, Information Survival, LLC, is a member in good standing of the NYECTF (the New York Electronic Crime Task Force, run by the Secret Service).

Regarding the domain registry info, it was just a matter of keeping it brief to avoid spam and other annoyances.

>2. Their terms of use abdicate all responsibility – Okay, so, surely, they’re going to take responsibility for the information, right? Much like a bank, there’s going to be some sort of insurance that if they lose my data, they’re going to pay for it, right?

I’ve yet to see any company/enterprise/government agency whose TOS states that they will take financial responsibility for lost data.

Our TOS states we’re not responsible for data loss to provide protection against potential user-caused losses. We want to avoid long, drawn-out legal battles over whose fault it was if someone gives out their password and their data is exposed. That said, we have complete faith in our security systems – and will happily answer any questions you or others might have about them.

>Even more important to my security spidey sense was their technical white paper about their security architecture. It’s worth a read – it’s just about the perfect document that could give someone who has never done any security a complete sense of false security.

This is a little too vague for me to respond to – I’m not sure exactly what you found in our “perfect document” that concerns you? Please feel free to contact me at wolbrom@keepyousafe.com so we can discuss further, if you like.

As someone who has spent their career in information security, protecting against privacy breaches, this site makes me shudder all the way down to my core.

Let’s see: I provide a copy of my social security number, birth certificate, passport and important banking information to a company that is both nameless AND faceless – note that on their website, there is absolutely NO identifying information about the principals of the company or who they are. Their domain registration is private, and their address is in a small town in New York state.

As an aside, there’s a great clause in their “terms of service”:

2. KEEPYOUSAFE.COM AND ITS SUBSIDIARIES, AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, INVESTORS, MEMBERS, PARTNERS AND LICENSORS MAKE NO WARRANTY … (vi) THAT THE DATA AND FILES YOU STORE IN YOUR ACCOUNT WILL NOT BE LOST OR DAMAGED OR EXPOSED;

In other words, store all of your private data with a company that doesn’t tell you who they are, and completely at your own risk.

If I was an identity thief, this would be a great way to gather information on a massive scale. I’m sure that Eric Wolbrom is an up-front guy, but this service is terrifyingly sketchy.

If you want a safe deposit box, go to a bank. Seriously.

I just wanted to thank you for the good words on your blog about our new service, KeepYouSafe Online Safe Deposit Box.

We really appreciate the vote of confidence!

Best Regards,
-Eric Wolbrom, Co-Founder
http://www.keepyousafe.com