"This week Iâ€™m going to hit up a new service that aims at backing up your important physical data. KeepYouSafe.com has built a secure storage network for your vital personal information like medical records, drivers license copies, passports, wills, credit card copies, financial records, insurance papers, basically everything in your wallet and personal filing folders that you deem important.
The service allows you to scan and upload documentation to your Online Safe Deposit Box through a web browser. Is it secure? KeepYouSafe says they employ military grade encryption to keep data safe. There are also multiple servers worldwide so that if anything happens; there will always be a copy available."
Checking out KeepYouSafe.com, I noticed a few things that got my spidey sense tingling on a crazy level:
Nowhere on the site is there any identifying information - there's no information on the company founders, no information about the background of the company, and generally, no identifying information at all. And nothing in the domain registry info, either.
2. KEEPYOUSAFE.COM AND ITS SUBSIDIARIES, AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, INVESTORS, MEMBERS, PARTNERS AND LICENSORS MAKE NO WARRANTY â€¦ (vi) THAT THE DATA AND FILES YOU STORE IN YOUR ACCOUNT WILL NOT BE LOST OR DAMAGED OR EXPOSED;
Even more important to my security spidey sense was their technical white paper about their security architecture. It's worth a read - it's just about the perfect document that could give someone who has never done any security a complete sense of false security. (That said, I like their use of One Time Passwords, assuming that they did it right).
Seriously, I don't know these guys from Adam - this may very well be a legitmate service. My point is that it's impossible to know them, actually, since there's no identifying information. And that should be terrifying to anybody who uses them.
As far as I'm concerned, my secure documents are going in two places: close to me and in a location that has a good understanding of my need to transfer risk to them. This organization isn't actually allowing the transfer of risk - if they were, they'd be insured against any loss of personal info and they'd have the requirement to reimburse users for loss.
Of course, this would be a great idea for an identity theft scam:
"Please scan and send me all of your important data... I'll protect them, I promise. (But my terms of service say that I don't have to.)"
Gives me the willies.