2009 Here We Come

As the end of the year draws near, Passpack is taking stock of it’s 2008 hits and it’s 2008 misses. We’ve gotten past our growing pains and at 2 years old, I’d like to think we’ve had more hits than misses [ego-bump].

A Walk Down Memory Lane

We started 2008 with the announcement of Sharing and we’ll start 2009 with the release of Sharing (hooray!). We started 2008 introducing the help ticketing system and 2009 will start off with some self-service help and  automation. That should make things faster!

What Else?

Here are some highlights of everything in between. In 2008 Passpack:

Right now, while the recession raves on, Passpack like every other business world-wide is forced to cut back drastically on costs. So while we may be (alas, I know) running later than expected, we ask for a bit of patience on your part. So sit tight.

What’s in store for 2009?

You guessed it – milestones, challenges and of course more releases. We have a 2009 full of new stuff to roll out, especially during the first few months. We take all our user’s requests into consideration and the majority of them are great ideas but keep in mind that start ups need time to grow.

Passpack Holiday Tip

Start thinking of your New Year’s resolutions ahead of time and while you’re getting your last minute holiday gifts, don’t forget an important one this year…

Give the gift of privacy. Tell your friends about Passpack : )

Obama Gives Privacy the Spotlight

The 73% of Americans who use the web may be interested in reading just what tech-savvy President-elect Obama has planned for the future of the cloud and how it pertains to an all time Passpack favorite – privacy on the web.

Safeguarding Internet user’s right to privacy in Web 2.0 is not
always top of the agenda – after all the “social web” is somewhat
public ground, isn’t it?

You know how public information on the web can be if you:

  • post pictures to Facebook
  • tweet your mood on twitter
  • post opinion comments on blogs

But did you know this information could be just as public:

  • social security numbers
  • access codes
  • PIN numbers
  • emails/personal messages
  • confidential client info
  • passwords

All of this personally identifying information lives and circulates on the same web as do your holiday photos and favorite Amazon books.

That’s right, the new Chief Technology Officer that Obama will appoint has got his work cut out for him.

Sharing Privately

It may almost seem like a contradiction of terms but you already have an idea of how it works.

Let’s say you put your photos up on Flickr but don’t want everyone seeing them. You go to your Privacy Settings and decide who can read and see your stuff. Most social networking apps have privacy restrictions.

But there are some things that you want to share with everybody and some things that you want to share with fewer people or maybe just one person and no one else. Not even a server : )

*Remember you can limit your personal info down to networks, friends, individuals and even for your eyes only BUT any info you put on the Net, lives somewhere on a server. So how private can sharing really be?

Well, what if you made it so that anything you don’t want everyone seeing leaves your computer encrypted? So your driver’s license number, your PIN number or your passwords actually leave your browser encrypted, travel encrypted and get to your recipient encrypted so that the only person who will ever be able to read it is the person you are sending it to and no one else. Not even a server : )

Oh, shared host-proof hosting – you may have found your voice in the 44th US Presidency.

This Week in Privacy: Dec 12, 2008

Ars Technica

CDT to Obama: Advent of “the Cloud” Makes Privacy Laws Dated

The Center for Democracy and Technology issued a transition outlining measures president-elect Barack Obama should take to restore privacy safeguards… and to promote open discourse and innovation online.

Computer Finance

The value of Your Stolen Identity: About $120

The going rate for a “complete” identity (including name, address, passport, credit card info, driver’s license number, and even banking passwords): 120 bucks. That’s right – even passwords!

IT Pro

Councils Divided Over Data Detection

As many as 90 per cent of the UK’s largest city councils cannot guarantee that all sensitive data held on their laptops is encrypted, according to research released today.

And one more thing…

Happy 2nd Birthday Passpack!


December 12, 2008 marks the birthday of your favorite online password manager and mine – Passpack! We have come a long way in these 2 years and are planning to go much further…

What if no one even notices us? What if they notice us, and HATE us?

Does any of this sound familiar? If not, here is a glimpse back to memory lane – our Dec 12, 2006 blogpost announcing Passpack’s official launch. Oh the memories…

Well the good news is that you did notice us and so did a whole lot of other people along the way. And you don’t hate us after all : )

Passpack’s Baby (Beta) Pictures

What would a birthday be without the family showing off pictures of how much you’ve changed? Here is Passpack from when it was born.


Thank you all again for your support and for watching Passpack grow and for growing with us. We’d love to hear comments from old and new users and maybe share some ‘Passpack Beta’ stories with us!


Shared Host-Proof Hosting

In order to understand how shared host-proof hosting works, we need a quick overview of host-proof hosting – what it is and why it has gained such standing in online privacy matters.

The Need For Privacy Online

Whenever you send anything over the internet, your data is exposed. The sites you visit, emails you send, videos you watch all become part of the vast web. Your info travels across many networks until it finally reaches its destination but how safe is it really when via transit and when it reaches its recipient?

Rule of thumb – information that you send in a standard email is just like writing info on a postcard. It can be seen by anyone with the right tools and the wrong intentions.

The Need For Host-Proof Hosting

Some things can be written on a postcard:

  • appointment reminders
  • birthday wishes/friendly letters
  • casual documents

Some things can’t be written on a postcard:

  • confidential information
  • PIN numbers
  • passwords

This is where host-proof hosting comes in. Host-proof hosting is a security pattern which allows you to encrpyt your data before it even leaves your browser. Client-side encryption ensures 100% data privacy so sensitive info like your passwords, can have a safe trip across the web and remain just as safe on the server.

For more info on host-proof hosting, take a quick look at this post.

Sharing Privacy

It wouldn’t make much sense to have a web based on host-proof hosting or encryption, especially in a social web. Online identities are created by what we post to the net. There are certain things we want to share. There are certain things we want to keep private. And there are certain things that we want to share AND keep private.

Here’s where privacy and sharing become important

  • you and your colleague(s) need to access the same merchant accounts
  • you and your spouse both access online accounts for the ‘household’
  • you manage several different clients and you need to share certain web accounts

What do all of these scenarios have in common? Each one of them sees the need to share sensitive info in a secure way. How do you do that on the web without just sending a password or access code via email or skype?

Ideally you would find a way to send delicate info to one other person so that only you two can read it and no one else. How would that work?

Shared Host-Proof Hosting

Shared Host-Proof Hosting is the basis for Passpack Secure Messaging and Passpack Sending Password Entries where you can send passwords, password entries, notes and more in complete confidentiality. This means that only sender and recipient can read what is sent.

Shared Host-Proof Hosting is a security pattern based on Host-proof Hosting which uses both 1024 bit RSA public and private keys as well as AES 192bit encryption and it works more or less like this:

Jane wants to send Jack a message. First she needs to generate her set of RSA public and private keys and so does Jack. This may sound difficult but not to worry, it is all done automatically
just by pressing a button. Ah, the wonders of modern technology! She and he do this one time only and these keys are how sharing is made possible.

Then Jane needs to invite Jack to her Ring of Trust, a series of trusted contacts that Jane has chosen. Jane sends Jack the AES 192bit key they will use to exchange messages from that point on. She does this by using Jack’s RSA public key.

Once Jack receives this, he decrypts it using his RSA private key. Then both Jane and Jack have the same AES key to forever exchange messages. This means that all encryption is done on the client-side, as well as all decryption.

All of this generating, encrypting and decrypting happens ‘behind the scenes’ so don’t worry, neither Jane, Jack or you need a degree in cryptology in order to feel safe online : )

Say That Again?

In simple terms, if Jane wants to send something to Jack and doesn’t want anyone to read it in transit, or when it is on the server she sends the info encrypted.

Jack needs to decrypt the info Jane sends and vice versa in a way that only he can read it and no one else. So when they first decide to “be friends” and enter into each other’s Ring of Trust, they have personalized “keys” created which they will later use to decipher what the coded/encrypted/private message is they are receiving.

And from then on they are able to easily exchange sensitive info at liberty without worrying about who else can see it.

Now keep your friends close and your passwords closer. And start sharing the right info with the right people.

This Week In Privacy, Dec 5, 2008

CEO World Magazine

The Complete Guide to Internet Security and Privacy Issues!
51 fundamental useful links for anyone interested in privacy online and what it means, protecting yourself from identity theft and various other informative channels to security on the web. Certainly is a complete guide.

Market Watch

7 Steps to Worry Free Online Shopping
Here are seven easy steps to help avoid getting scammed while doing your holiday online shopping. And we couldn’t agree more with number 4 and number 5!

Network World

5 Must-Do Security Steps For Obama
Here’s an article that talks about the fragility of cyber infrastructure and what plans President Elect Obama has to strengthen it. A brief summary of the Obama plan.

This Week In Privacy, Nov 28, 2008

IT Security

The 25 Most Common Mistakes In Email Security
A well thought out list of common myths and mistakes of email users. Especially interesting are points: 12, 13, 14, 21, and of course 22 and 23! Yes 22 and 23 talk about passwords and encyrption.

Market Watch

Walling Data’s Top Ten Safety Tips For Online Shopping
With Thanksgiving out of the way, one of the biggest holiday shopping period is fast approaching. Many of us will do a good amount of shopping online – awakening hacker’s appetites.

Daily News | Money

Symantec Corp Study Finds Online Hackers Getting Savvier
Seems many of the posts this week focus on the online holiday shopping week ahead. It’s no surprise since this is prime time for hacking.

Protect your passwords and prevent holiday cybercrime.