“Privacy”.com–Yeah Right

Privacy.com is not about hiding your identity from authorities.<p>It&#x27;s mostly about hiding the fact that the same person, you, are paying to merchant A and merchant B. It allows you to easily have a card per merchant, and lock it to the merchant so that when its number is stolen, it can&#x27;t be used anywhere else.<p>The domain name is a bit lofty, yes.

In defense of Privacy.com, they&#x27;ve helped prevent me from being defrauded multiple times. I use them any time I&#x27;m buying from a website where I don&#x27;t trust they will keep my CC secure (like paying local utility bills).<p>Sure enough someone tried to use my one-time-use utility card multiple times. Once they charged it for 16 cents which how card runners test the cards to see if they are valid. Normally those won&#x27;t show up on any alerts you may have, because most banks don&#x27;t alert below $1.<p>But privacy.com does.<p>I actually prevented about 1000 stolen cards from being used because I was able to inform the local utility that their database had been breeched before they even knew about it, and they were able to let the CC companies know before the card runners could use them.

Privacy.com is a great service. I use them all the time to generate 1 time use card numbers for sites &amp; then cancel the card so they cannot mysteriously charge me. I&#x27;ve been with them for years &amp; their CEO is a wonderful &amp; smart person.<p>When you&#x27;re allowing strangers to perform financial transactions - you&#x27;re taking on risk that the money that is sent needs to actually be funded. They need to conform to KYC laws like all fintech providers - so yes, they will require knowing a little bit about you to operate in the United States like all financial institutions.

The use of third party KYC services like Onfido is widespread in the cryptocurrency space as well, where over-compliance is the norm right now. Consumers are given little choice as to which provider stewards their ID scans, bank statements, biometric data, etc.<p>This user experience has trained the most vulnerable, non-tech-savvy audiences to provide just about anything requested when asked for ID verification. Including to phishers.<p>If you push back too hard against arbitrary, invasive KYC requests, you start down a path towards becoming unbanked.<p>The USA is badly in need of modern consumer privacy regulations.

Ahhh FFS, this post is complaining about third party KYC providers. Give me a break, in what world can you get a visa or mastercard without KYC? They provide privacy not anonymity, payment privacy that is not hiding your identity privacy. Your payments are private. Your payment info can&#x27;t be easily tracked across the different cards you create. That&#x27;s it.

Rachel here, I lead Operations at Privacy.com. Wanted to clarify our data collection and retention process, and our position on privacy.<p>Our goal is to make sure that customer data spends as little time as possible with third-party providers like Onfido. Onfido’s general policy is that they will not save customer data longer than a year but they set up different contractual agreements based on what customers stipulate. We&#x27;ve stipulated that they delete data after 30 days.<p>The &quot;Privacy&quot; in our name is about making sure our customers’ personal and payment information is kept private from merchants and from fraudsters.<p>We offer a financial service that comes with legal and regulatory requirements and we have to gather details like address, social security number, and phone number to authenticate a user’s account. If you know of other KYC providers that have more privacy-forward policies, we’re open to exploring.<p>Happy to discuss more. You can drop me a note at rachel@lithic.com.

Privacy.com is great. I&#x27;ve been using it for years on the free plan. I use short-lived, vendor-specific cards a few times per month.<p>The author is complaining about the service&#x27;s name not matching <i>their</i> expectation of what the service is supposed to do. I don&#x27;t think that&#x27;s fair. The Privacy.com homepage summarizes the service very well in my opinion. You give Privacy.com your financial information so you don&#x27;t have to give it to a dozen other companies, and you get to control when and how those companies use that information by setting limits on spending or card duration.<p>The author was expecting this to be a cryptocurrency tumbler or what?

Sooner or later we&#x27;re going to need a federal dept of is-this-guy-who-he-says-he-is. No startup can solve this; it&#x27;s not profitable enough to do right. The last resort for authentication will always be &quot;go to a place and talk to a human&quot; and the gov&#x27;t is the only entity who is willing&#x2F;able to staff a brick-and-mortar office in reach of everyone in the country.<p>I know some people are afraid of the feds having a centralized and accurate registry of citizens, but the alternative (that every company who takes payments must have their own separate, partial, and inaccurate registry) causes a lot of problems.

privacy.com is one of my favorite companies.<p>They have saved me from fraud 2x in 3 years. Then I simply closed that &quot;card&quot; with the click of a button. No need to call my bank, cancel my debit card that I use at ATMs, and wait a week for a new card<p>I don&#x27;t have to worry about remembering to cancel free subscriptions. I set the card max at $1. This has saved me multiple times from the free trial scams that you need to opt out of. Free trials should be opt in after the trial. Opt out is a scam to trickle money into a company from non customers.<p>They stopped a contractor from charging me over $2k when I specifically told them they needed to tell me how much before charging me. Of course they didnt tell me and tried to run the charge. Privacy put a stop to their BS.<p>It is mostly automatic or easy to set up once you are using Privacy. Some banks have started to offer similar digital card numbers similar to Privacy.

Companies using Onfido [0], Stripe Identity[1] or other similar services, just want to move the &quot;trust&#x2F;fraud&quot; problem one layer away without throwing internal resources at it.<p>It is a hard problem, and using a 3rd party service is more cost effective than staffing a department to do manual verification.<p>[0] <a href="https:&#x2F;&#x2F;onfido.com" rel="nofollow">https:&#x2F;&#x2F;onfido.com</a><p>[1] <a href="https:&#x2F;&#x2F;stripe.com&#x2F;en-fr&#x2F;identity" rel="nofollow">https:&#x2F;&#x2F;stripe.com&#x2F;en-fr&#x2F;identity</a>

I worked in domain registrations in the early 2000s and it&#x27;s funny how we used to put stock into what sort of TLD a domain used. Like .com would clearly be a commercial entity, while .org would be more non-profits, open source, public domain and stuff like that.<p>Anyways, they&#x27;re probably harvesting your payments and selling that info. I&#x27;ve noticed that since the card issuers have such high security requirements, and audits, a lot of little businesses have cropped up who are trying to act as middlemen to your payments. Because they just found a backdoor to getting all your payment history without hacking your card issuer. I believe privacy.com is one such business.

I absolutely love Privacy.com for the service they provide. It&#x27;s fantastic to be able to create a one time use card for a web purchase. I even have one connected to my Walmart app that allows me to pay in store via the QR code.

I have the Apple credit card.<p>If you just want to generate 1-time credit card numbers to use once it&#x27;s the best experience imo - can easily do it in the Wallet app.<p>Also lots of these subscription websites now detect card generated from something like a Privacy.com is prepaid and will prevent you from using it which defeats the purpose. Not the case with Apple.

&gt; There must be a way to follow local laws and regulations to prevent financial fraud without violating their privacy to this extent, right?<p>Sadly no, there really isn&#x27;t, unless you lobby congress. These laws were written with law enforcement in mind, not privacy.

The first step to getting an account at privacy.com is to surrender your privacy --- including private access to your bank account login credentials.<p>To paraphrase Nancy Reagan, &quot;Just say no&quot;.

They actually don&#x27;t let me use my primary email as they specifically don&#x27;t allow accounts to use a Yandex email. They said the reasoning was to prevent non-US citizens from creating accounts, and that I would have to use another email address...

I use and like the service for what it does. Has anybody found a competing service?

It would have been funnier if they used privacy.org.<p>I never expected them to provide any privacy of any sort, but I don’t think they could make matters worse. Privacy.com has been extremely convenient for me, private or otherwise.

Onfido is state of the art service for ID verification and very trustworthy.

Lets break this abysmal post down into what appears to be the point:<p><pre><code> Privacy.com flagged you for some unknown reason and asked you to verify your identity. You learned that Onfido exists and googled the name and (LOL) decided you would spend 45s on Wikipedia and then read a privacy policy written not-for-you, and then post yourself on HN so you can &quot;inform others.&quot; </code></pre> Lets not even bother with the fact that flagging for further identification happens at every financial company that exists. People are flagged all the time for a number of reasons dictated by ML&#x2F;AI that is not always right. &quot;I&#x27;ve never had this happen before.&quot; That&#x27;s not how math works.<p><pre><code> As I am not a lawyer, I probably missed some more bits as well. </code></pre> We can tell. And you did. You missed the part where you have to read and comprehend more than three or four words at a time. That or you intentionally excluded the pieces that invalidated everything that got you to the front page of HN. I&#x27;d wager it&#x27;s the former. Allow me to do the research you pretended to do:<p>First and foremost, there are regulations on how PCI&#x2F;PII data can be stored. I&#x27;ll assume you read about reading about or pretended to read about PCI so I won&#x27;t go into the details you don&#x27;t care to understand (but should).<p><pre><code> Each of Onfido’s and&#x2F;or Provider’s third-party vendors may have access to the facial scan data </code></pre> When a company hosts with providers like AWS, GCP, etc, those are considered &quot;third party.&quot; If you curl the onfido website you can see that it&#x27;s hosted on S3 (or at least parts of it are). It&#x27;s very likely that onfido is storing data in S3 which <i>means a third party has access to store the data, make backups, etc</i>. You also excluded THE IMPORTANT PART on previous line that said <i>Onfido securely stores all selfies, videos, photos of identity documents, and facial scan data in an encrypted format.</i><p><pre><code> Onfido may disclose your personal information to an actual or potential buyer (note &quot;potential&quot;) </code></pre> I&#x27;m going to go out on a limb here and assume you&#x27;ve never owned a company who&#x27;s had an offer to exit. When company A purchases company B they first have to evaluate that business and decide if they want to buy it. Since you think like Twitter I&#x27;ll clear something up for you: acquisitions don&#x27;t happen by posting on twitter &quot;I want to buy Twitter.&quot; This is a standard bullet point in every privacy policy. When you are approached by a potential buyer you sign a slew of NDA&#x27;s and other <i>legally binding</i> documentation that prevents any party from sharing the details of the agreement.<p>Believe it or not, startups don&#x27;t have enough time, money, energy, resources to rewrite every little feature required to run a business. Visa and Mastercard also have their own ways of sharing your private information. Does that also mean to start a privacy focused fintech company you need to write the entire american payment system?<p><pre><code> Onfido may disclose your personal information... or other third party where we believe disclosure is necessary... to protect your vital interests or those of any other person </code></pre> Jesus Christ. I don&#x27;t even know how you pieced that together so I&#x27;ll _actually quote_ the document:<p><pre><code> To comply with laws. Onfido may disclose your personal information to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person; </code></pre> This is American and guess what: you have to comply with the law. I know in your fantasy world of impotence masquerading as activism you think you can &quot;privacy&quot; your way around it, but guess what? You can&#x27;t. Any company operating in &lt;insert country&gt; has to comply with the laws. &quot;I use Proton and they are privacy.&quot; I&#x27;m sure you do, and they&#x27;re privacy because the laws permit it until they don&#x27;t.<p>So what do you do? You try to deprive a company who&#x27;s actively trying to do what you pretend to do with your useless tantrum.

Mainly about managing debit cards...

Privacy.com was a perfect expression of “Your business is our feature”.<p>Practically every major card issuer provides native virtual numbers now.