Aviva Zacks of Safety Detectives sat down with Rob Shavell, CEO and Co-Founder of DeleteMe, and asked him about his product called Blur.
Safety Detective: What motivated you to start your company?
Rob Shavell: My co-founders and I started the company almost 10 years ago, around the time Facebook was going public. It was still a closed system, and the general technology industry was very excited about sharing data and social media and everything else alongside it. We thought that would create a set of problems for the cybersecurity industry that we thought was better described as a privacy problem rather than just pure security problems, although there’s a lot of overlap.
And during the last 10 years, we’ve learned a lot and the spaces have been changed, but I think the problems that cybersecurity and privacy deal with are unfortunately still growing.
SD: What would you say is the company’s flagship product?
RS: Our flagship product is called DeleteMe, and it’s a service that as simple as it sounds, you sign up; we go out and find where your personal information is on a bunch of data brokers. These are typically websites and marketing companies in all shapes, sizes, and forms that collate profiles about almost everyone across the globe and create personal information profiles about all of us without our permission and then go sell them.
So we go out, find where your information resides on these databases, and go about removing it from each one throughout the year.
SD: Can you tell me a little bit about some of your other products?
RS: The DeleteMe service is about cleaning up your information that’s already out there. The complement to that is a product that we call Blur because it’s meant to blur your identity when you’re online. I would emphasize that very few technologies could make you anonymous or erase you from the internet in the true sense of the word, but you can do a lot to clean up your data and to blur your data.
Blur stores all of our login information at every site and they typically advise us to use a unique password at every site. They’ll often generate a strange-looking set of characters when we click into the password fields.
Blur acts just like a typical password manager except when you get to the other fields that you have to fill in when you’re signing up for something online or whether you’re shopping for something you want to buy when you click into those other fields, it acts as your password manager but extends the concept of generating a unique password to your other identity credentials. Now, that’s very simple in practice when you’re using it when you click into an email form asking for your email. Just like a password manager, a little panel will pop up right underneath that email entry where you’re supposed to type in your real, personal, private email that you use and it will ask you if you want to generate a unique email for a website, sign up, or shopping cart, and if you select that option, Blur will generate you a unique email address used meant to be used mainly for just that website.
If you proceed further down the form, if it’s an e-commerce form and you’re shopping and you’re asked for your phone number, we will generate you a unique phone number. And when it comes to payment, we will actually generate you a unique Mastercard or Visa card with a limited amount of money on it so you can make a credit card unique for every transaction. The password manager, part of Blur, sits in the background and saves all that information so that when you go back to that website and you need to remember all that information again, your password, your email address, your phone number, what credit card you used, it’s available for you easily.
SD: What keeps your company ahead of the competition?
RS: The differences are interesting. Password managers have grown a lot in the last 10 years and they’re a core component of a person’s cybersecurity, and indeed corporations are generally requiring employees to use password managers as well. But what hasn’t happened yet is this notion of extending the security that a password manager gives you to the rest of your identity information, which we think is very important because as you know there are a lot of data breaches.
If you think about what happens after a data breach, if you use Blur and you create unique email addresses, credit cards, and phone numbers, and the company that you gave them to has a data breach, you literally go into your Blur dashboard and click a button and turn them off. You never have to worry about that information being used by hackers, spammers, or anybody else because you can literally just forget about it and create more information for the next website. So that’s a really powerful concept for cybersecurity that we think should have broader adoption.
Obviously, customers decide what they want to do. That’s the way the marketplace works but we’re still excited about the potential for more password managers and cybersecurity solutions to incorporate this technical approach.
We’re also very pleased that Apple has followed in this area by introducing the capability to not share your email address. They call it Relay in the new sign-in with Apple. When they’re signing up for new apps, iPhone users will get the option of masking—email masking, credit card masking, and phone masking. Apple will give everyone the option to relay their email and protect their real private email by creating a unique email address. So we do see the market adopting some of these ideas and it’s validating.
SD: What would you say are the worse cyberthreats out there today?
RS: I think that the worse cyberthreats are state and non-state governments hacking other governments and company’s networks as we’ve seen numerous times including the US government hack earlier this year with SolarWinds. I think those are certainly the most troubling kinds of cybersecurity incidents because the governments and very well-funded hacking groups are some of the smartest, most sneaky adversaries. And so, I think those are the things that I worry about more so than just hacking of my computer.
SD: Where do you think cybersecurity is headed now that we have been living through this pandemic?
RS: With a much larger group of people all over the world working from home, there are going to be all kinds of opportunities to better protect home computing, which has largely been done with VPNs and some access controls on the server-side. And I think there is a lot more that can be done, but it’s definitely a challenge for corporate cybersecurity professionals to figure out the right balance of security for their employees working from home. I think it’s a big opportunity for the industry.