Every time you go online, you face daunting security and privacy issues. Most browsers offer a choice of add-ons to help you create and manage strong, unique passwords, but that’s only half the battle. Giving your real email address, phone number, or credit card to a stranger exposes you to tracking and other privacy risks.
That’s the guiding principle behind MaskMe, a new online service from Boston-based Abine, which makes the privacy tool DoNotTrackMe. MaskMe combines privacy and security functions in a single tool that can be accessed via a browser or a mobile app. In the age of Big Data, it’s an idea whose time has arrived.
MaskMe works with Chrome and Firefox (sorry, IE users, you’ll have to wait a little longer). On mobile devices, it’s available as a full-featured iOS app and a slightly stripped-down Android app that should reach feature parity soon.
On the security side, MaskMe provides most of the security functions you’d expect from a password manager. When you visit eBay or Amazon or your bank’s website using a browser that has the MaskMe add-on installed, you get the option to save your login credentials locally in a highly encrypted blob that can only be decrypted with your unique (and hopefully very strong) MaskMe password. When you sign up for the first time at a new site, MaskMe will help you generate a new, unique, and very strong password for use there.
That’s the security side. But the real strength of MaskMe is on the privacy side. When you sign up at a web site, you’re typically asked to provide an email address, which functions as an ideal unique identifier to track your movements around the web. The trouble with using your “real” email address is not just tracking: it and other personally identifiable data can also be sold by the website owner, or the data can be stolen by hackers.
You can protect yourself by manually creating email aliases, but that’s a hassle. What MaskMe offers is an infinite number of on-the-fly email aliases. When you’re signing up for a new account, the MaskMe add-on automatically supplies an anonymous alias (in the opayq.com domain – opaque, get it?).
Any messages addressed to that alias are forwarded to the email address you registered with the MaskMe web service. The web site where you signed up sees only the alias, meaning your online activities aren’t correlated with your real email address. Any mail to your alias is automatically forwarded, and you can block the address, permanently, if it turns into a source of unwanted junk mail.
You manage saved logins and masked email addresses in a browser window or mobile app, using the local copy of your data.
MaskMe starts out as a basic free service that stores your encrypted data locally. An upgrade, also free, allows you to back up the data to a web-based service so you can access it from other devices. (All data is encrypted locally before it’s uploaded, using AES 256 encryption, and it’s only decrypted locally using your unique and private password. No one at the data center ever sees your unencrypted data, which means they can't steal it or give it away, even in response to a subpoena.)
The premium version of MaskMe costs $5 a month and adds the ability to sync data between devices. It also supports masking of phone numbers and credit card numbers.
The ability to mask calls is currently available only using the iPhone app. Instead of giving out your real phone number, you can assign a single alternate number that forwards to your real phone. If a recipient starts using that number for telemarketing or other annoying calls, you can block that number.
The other premium feature, available in supported browsers and on mobile devices, lets you create a virtual credit card number. Instead of using your real MasterCard/Visa/AmEx/Discover number with an untrusted merchant, you create a masked number with a specified limit; the MaskMe service processes the transaction using your actual card and then acts as intermediary with the other service. You can also give the virtual card number as a gift.
MaskMe’s password management features are similar to those you’ll find from other security-focused services, including RoboForm Everywhere, Dashlane, and LastPass. Most of those alternatives, in fact, have a more robust feature set, whereas MaskMe focuses on a simple, usable interface. You can access and manage stored logins locally, using a browser extension, or in a mobile app, or on the web by signing in at maskme.com. (One usability annoyance: with a premium account, syncing isn't automatic. You have to remember to click the Sync button if you make any changes or additions to your saved data.)
What MaskMe offers that helps it stand out from password-management services is the ability to obfuscate your online identity, so that registering for an online service doesn’t result in your movements being tracked, stored, and collated with other activity. It also gives you the tools to block annoying marketers who require that you give them an email address and then sell it to third parties or misuse it with unwanted mailings.
The biggest hurdle for any service like this, of course, is trust. Abine has a solid track record as a privacy-focused company (the company claims its DoNotTrackMe add-on now has 3 million users), but signing up for a web service to store your most private data requires a big leap of faith. Still, in a world where big businesses and spy agencies routinely capture every bit of data from your online movements, maybe that leap of faith is justified.